diff options
Diffstat (limited to 'app/models/backends/terraform_aws.rb')
-rw-r--r-- | app/models/backends/terraform_aws.rb | 72 |
1 files changed, 63 insertions, 9 deletions
diff --git a/app/models/backends/terraform_aws.rb b/app/models/backends/terraform_aws.rb index d45dfc7..c50e2de 100644 --- a/app/models/backends/terraform_aws.rb +++ b/app/models/backends/terraform_aws.rb @@ -55,11 +55,19 @@ class Backends::TerraformAws < ApplicationRecord GovukGuix::BuildJob.enqueue( mini_environment.id, - %w(whitehall government-frontend), - type: 'container-start-script', - app_domain: "#{slug}.#{domain}", - web_domain: "www.#{slug}.#{domain}", - use_https: 'certbot' + services: %w(whitehall government-frontend), + arguments: { + type: 'container-start-script', + app_domain: "#{slug}.#{domain}", + web_domain: "www.#{slug}.#{domain}", + use_https: 'certbot', + http_ports_mode: 'alternative', + read_bundle_install_input_as_tar_archive: true, + signon_instance_name: slug, + admin_environment_label: mini_environment.name, + read_bundle_install_input_as_tar_archive: 'true' + }, + run_remotely_on_host: "ubuntu@guix-daemon.#{domain}" ) end @@ -83,10 +91,33 @@ class Backends::TerraformAws < ApplicationRecord end end + def deploy_backend + public_ip_address = ENV[ + 'GOVUK_MINI_ENVIRONMENT_ADMIN_PUBLIC_IP_ADDRESS' + ] + + raise 'missing public ip address' if public_ip_address.nil? + + TerraformWorkingDirectory.new( + terraform_state_id, + 'terraform/aws/backend' + ).within_working_directory do + RubyTerraform.apply( + vars: common_terraform_variables.merge( + aws_vpc_id: vpc_id, + ssh_public_key: ssh_public_key, + mini_environment_admin_guix_public_key: guix_public_key, + mini_environment_admin_public_ip_address: public_ip_address + ), + auto_approve: true + ) + end + end + def within_terraform_working_directory(mini_environment, &block) TerraformWorkingDirectory.new( "mini_environment/#{mini_environment.id}", - 'terraform/aws' + 'terraform/aws/mini_environment' ).within_working_directory(&block) end @@ -94,18 +125,41 @@ class Backends::TerraformAws < ApplicationRecord "https://signon.#{mini_environment.name.parameterize}.#{domain}" end - def terraform_variables(mini_environment) + def common_terraform_variables { aws_access_key: aws_access_key_id, aws_secret_key: aws_secret_access_key, aws_region: aws_region, - slug: mini_environment.name.parameterize, ssh_public_key: ssh_public_key, - start_command: mini_environment.backend_data['build_output'] + aws_route_53_zone_id: route_53_zone_id, + aws_efs_file_system_id: efs_file_system_id } end + def terraform_variables(mini_environment) + common_terraform_variables.merge( + slug: mini_environment.name.parameterize, + start_command: mini_environment.backend_data['build_output'], + backend_remote_state_address: ( + 'http://localhost:3000' + + Rails + .application + .routes + .url_helpers + .terraform_http_backend_path(terraform_state_id) + ) + ) + end + + def terraform_state_id + "backend/terraform_aws/#{id}" + end + def ssh_public_key File.open("#{ENV['HOME']}/.ssh/id_rsa.pub", &:readline) end + + def guix_public_key + "(entry #{File.read("/etc/guix/signing-key.pub")} (tag (guix import)))" + end end |