aboutsummaryrefslogtreecommitdiff
path: root/app/models
diff options
context:
space:
mode:
Diffstat (limited to 'app/models')
-rw-r--r--app/models/backends.rb3
-rw-r--r--app/models/backends/terraform_aws.rb4
-rw-r--r--app/models/backends/terraform_aws_using_ami.rb90
-rw-r--r--app/models/backends/terraform_aws_using_ami/backend_methods.rb146
-rw-r--r--app/models/backends/terraform_aws_using_ami/mini_environment_methods.rb117
5 files changed, 357 insertions, 3 deletions
diff --git a/app/models/backends.rb b/app/models/backends.rb
index 526ae76..2a3bceb 100644
--- a/app/models/backends.rb
+++ b/app/models/backends.rb
@@ -1,5 +1,5 @@
# GOV.UK Mini Environment Admin
-# Copyright © 2018 Christopher Baines <mail@cbaines.net>
+# Copyright © 2018, 2019 Christopher Baines <mail@cbaines.net>
#
# This file is part of the GOV.UK Mini Environment Admin.
#
@@ -26,6 +26,7 @@ module Backends
def self.classes
[
Backends::TerraformAws,
+ Backends::TerraformAwsUsingAmi,
Backends::TerraformLibvirt
]
end
diff --git a/app/models/backends/terraform_aws.rb b/app/models/backends/terraform_aws.rb
index d3d56d1..64d24ef 100644
--- a/app/models/backends/terraform_aws.rb
+++ b/app/models/backends/terraform_aws.rb
@@ -1,5 +1,5 @@
# GOV.UK Mini Environment Admin
-# Copyright © 2018 Christopher Baines <mail@cbaines.net>
+# Copyright © 2018, 2019 Christopher Baines <mail@cbaines.net>
#
# This file is part of the GOV.UK Mini Environment Admin.
#
@@ -47,7 +47,7 @@ class Backends::TerraformAws < ApplicationRecord
self.table_name = 'terraform_aws_backends'
def self.label
- 'Amazon Web Services'
+ 'Amazon Web Services (using EFS)'
end
def self.available?
diff --git a/app/models/backends/terraform_aws_using_ami.rb b/app/models/backends/terraform_aws_using_ami.rb
new file mode 100644
index 0000000..bb9f90d
--- /dev/null
+++ b/app/models/backends/terraform_aws_using_ami.rb
@@ -0,0 +1,90 @@
+# GOV.UK Mini Environment Admin
+# Copyright © 2018, 2019 Christopher Baines <mail@cbaines.net>
+#
+# This file is part of the GOV.UK Mini Environment Admin.
+#
+# The GOV.UK Mini Environment Admin is free software: you can
+# redistribute it and/or modify it under the terms of the GNU Affero
+# General Public License as published by the Free Software Foundation,
+# either version 3 of the License, or (at your option) any later
+# version.
+#
+# The GOV.UK Mini Environment Admin is distributed in the hope that it
+# will be useful, but WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# See the GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License along with the GOV.UK Mini Environment Admin. If not, see
+# <http://www.gnu.org/licenses/>.
+
+# == Schema Information
+#
+# Table name: terraform_aws_backends
+#
+# id :integer not null, primary key
+# label :string
+# aws_region :string
+# aws_access_key_id :string
+# aws_secret_access_key :string
+# created_at :datetime not null
+# updated_at :datetime not null
+# domain :string
+# route_53_zone_id :string not null
+# vpc_id :string not null
+# ssh_public_key :string
+# ssh_private_key :string
+#
+
+require 'ruby_terraform'
+
+class Backends::TerraformAwsUsingAmi < ApplicationRecord
+ include MiniEnvironmentMethods
+ include BackendMethods
+
+ has_many :mini_environments, as: :backend
+
+ self.table_name = 'terraform_aws_using_ami_backends'
+
+ def self.label
+ 'Amazon Web Services (using AMIs)'
+ end
+
+ def self.available?
+ File.exist? "#{ENV['PATH'].split(':').first}/terraform-provider-aws"
+ end
+
+ def type_and_id
+ "#{self.class.name}=#{id}"
+ end
+
+ def common_terraform_variables
+ {
+ aws_access_key: aws_access_key_id,
+ aws_secret_key: aws_secret_access_key,
+ aws_region: aws_region,
+ ssh_private_key: ssh_private_key,
+ aws_route_53_zone_id: route_53_zone_id
+ }
+ end
+
+ def build_remote_host
+ RemoteHost.new(
+ 'ubuntu',
+ backend_latest_terraform_state.output_value('guix_daemon_public_dns'),
+ ssh_private_key
+ )
+ end
+
+ def terraform_state_id
+ "backend/terraform_aws_using_ami/#{id}"
+ end
+
+ def guix_public_key
+ "(entry #{File.read("/etc/guix/signing-key.pub")} (tag (guix import)))"
+ rescue Errno::ENOENT
+ # This is optional, as if it doesn't exist, it means that `guix
+ # copy` won't be used
+ ''
+ end
+end
diff --git a/app/models/backends/terraform_aws_using_ami/backend_methods.rb b/app/models/backends/terraform_aws_using_ami/backend_methods.rb
new file mode 100644
index 0000000..10bf872
--- /dev/null
+++ b/app/models/backends/terraform_aws_using_ami/backend_methods.rb
@@ -0,0 +1,146 @@
+# GOV.UK Mini Environment Admin
+# Copyright © 2018, 2019 Christopher Baines <mail@cbaines.net>
+#
+# This file is part of the GOV.UK Mini Environment Admin.
+#
+# The GOV.UK Mini Environment Admin is free software: you can
+# redistribute it and/or modify it under the terms of the GNU Affero
+# General Public License as published by the Free Software Foundation,
+# either version 3 of the License, or (at your option) any later
+# version.
+#
+# The GOV.UK Mini Environment Admin is distributed in the hope that it
+# will be useful, but WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# See the GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License along with the GOV.UK Mini Environment Admin. If not, see
+# <http://www.gnu.org/licenses/>.
+
+module Backends::TerraformAwsUsingAmi::BackendMethods
+ def create_data_snapshot
+ GovukGuix::CreateDataSnapshotJob.enqueue(
+ backend_type: self.class.name,
+ backend_id: id
+ )
+ end
+
+ def backend_terraform_variables
+ public_ip_addresses = ENV[
+ 'GOVUK_MINI_ENVIRONMENT_ADMIN_PUBLIC_IP_ADDRESSES'
+ ].split(',')
+
+ raise 'missing public ip addresses' if public_ip_addresses.nil?
+
+ egress_cidr_blocks = public_ip_addresses.map { |x| "#{x}/32" }
+
+ common_terraform_variables.merge(
+ aws_vpc_id: vpc_id,
+ ssh_public_key: ssh_public_key,
+ backend_slug: label.parameterize,
+ mini_environment_admin_guix_public_key: guix_public_key,
+ mini_environment_admin_egress_cidr_blocks: egress_cidr_blocks
+ )
+ end
+
+ def deploy_backend
+ within_backend_terraform_working_directory do
+ RubyTerraform.apply(
+ vars: backend_terraform_variables,
+ auto_approve: true
+ )
+ end
+ end
+
+ def refresh_backend_state
+ within_backend_terraform_working_directory do
+ RubyTerraform.refresh(
+ vars: backend_terraform_variables
+ )
+ end
+ end
+
+ def destroy_backend
+ within_backend_terraform_working_directory do
+ RubyTerraform.destroy(
+ vars: backend_terraform_variables,
+ force: true
+ )
+ end
+ end
+
+ def stop_backend
+ within_backend_terraform_working_directory do
+ RubyTerraform.destroy(
+ vars: backend_terraform_variables,
+ target: 'aws_spot_instance_request.main',
+ force: true
+ )
+ end
+ end
+
+ def in_use_store_paths
+ [
+ GovukGuix::Revision.where(archived: false).pluck(:store_path),
+ available_data_snapshots.pluck(:store_path),
+ mini_environments
+ .where(archived: false)
+ .pluck(:backend_data)
+ .map { |x| x&.dig('build_output') }
+ ].flatten.compact
+ end
+
+ def update_guix_gcroots
+ GovukGuix::UpdateGcrootsDirectory.set_in_use_store_paths(
+ in_use_store_paths,
+ run_remotely_on_host: build_remote_host
+ )
+ end
+
+ def add_in_use_store_path(store_path)
+ GovukGuix::UpdateGcrootsDirectory.add_store_path(
+ store_path,
+ run_remotely_on_host: build_remote_host
+ )
+ end
+
+ def within_backend_terraform_working_directory(&block)
+ with_advisory_lock(
+ "terraform"
+ ) do
+ TerraformWorkingDirectory.new(
+ terraform_state_id,
+ 'terraform/aws_using_ami/backend'
+ ).within_working_directory(&block)
+ end
+ end
+
+ def available_data_snapshots
+ GovukGuix::DataSnapshot.where(backend: self)
+ end
+
+ def backend_terraform_states
+ TerraformState.where(
+ state_id: terraform_state_id
+ )
+ end
+
+ def backend_latest_terraform_state
+ backend_terraform_states.order(:id).last
+ end
+
+ def status
+ latest_terraform_state = backend_terraform_states.order(:id).last
+
+ running = (
+ latest_terraform_state &&
+ (latest_terraform_state.output_value('backend_up') == 'true')
+ )
+
+ {
+ running: running,
+ updated_at: latest_terraform_state.try(:created_at)
+ }
+ end
+end
diff --git a/app/models/backends/terraform_aws_using_ami/mini_environment_methods.rb b/app/models/backends/terraform_aws_using_ami/mini_environment_methods.rb
new file mode 100644
index 0000000..839bc3b
--- /dev/null
+++ b/app/models/backends/terraform_aws_using_ami/mini_environment_methods.rb
@@ -0,0 +1,117 @@
+# GOV.UK Mini Environment Admin
+# Copyright © 2018, 2019 Christopher Baines <mail@cbaines.net>
+#
+# This file is part of the GOV.UK Mini Environment Admin.
+#
+# The GOV.UK Mini Environment Admin is free software: you can
+# redistribute it and/or modify it under the terms of the GNU Affero
+# General Public License as published by the Free Software Foundation,
+# either version 3 of the License, or (at your option) any later
+# version.
+#
+# The GOV.UK Mini Environment Admin is distributed in the hope that it
+# will be useful, but WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# See the GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License along with the GOV.UK Mini Environment Admin. If not, see
+# <http://www.gnu.org/licenses/>.
+
+module Backends::TerraformAwsUsingAmi::MiniEnvironmentMethods
+ def build(mini_environment)
+ slug = mini_environment.name.parameterize
+
+ GovukGuix::BuildMiniEnvironment.build(
+ mini_environment.id,
+ services: mini_environment.services.map(&:build_argument_string),
+ arguments: {
+ type: 'aws-packer-ami',
+ base_os: 'aws',
+ ami_name: "govuk-mini-environment-admin-#{slug}",
+ app_domain: "#{slug}.#{domain}",
+ web_domain: "www.#{slug}.#{domain}",
+ use_https: 'certbot',
+ signon_instance_name: slug,
+ admin_environment_label: mini_environment.name,
+ use_error_pages: 'true',
+ origin_basic_auth: "#{slug}=#{slug}",
+ },
+ run_remotely_on_host: mini_environment.backend.build_remote_host
+ )
+ end
+
+ def start(mini_environment)
+ logger.info "Setting up #{mini_environment.name}"
+
+ within_terraform_working_directory(mini_environment) do
+ RubyTerraform.apply(
+ vars: terraform_variables(mini_environment),
+ auto_approve: true
+ )
+ end
+ end
+
+ def destroy(mini_environment)
+ within_terraform_working_directory(mini_environment) do
+ RubyTerraform.destroy(
+ vars: terraform_variables(mini_environment),
+ force: true
+ )
+ end
+ end
+
+ def refresh(mini_environment)
+ within_terraform_working_directory(mini_environment) do
+ RubyTerraform.refresh(
+ vars: terraform_variables(mini_environment)
+ )
+ end
+ end
+
+ def terraform_states(mini_environment)
+ TerraformState.where(
+ state_id: mini_environment_state_id(mini_environment)
+ )
+ end
+
+ def within_terraform_working_directory(mini_environment, &block)
+ with_advisory_lock(
+ "terraform"
+ ) do
+ TerraformWorkingDirectory.new(
+ mini_environment_state_id(mini_environment),
+ 'terraform/aws_using_ami/mini_environment'
+ ).within_working_directory(&block)
+ end
+ end
+
+ def mini_environment_state_id(mini_environment)
+ "mini_environment/#{mini_environment.id}"
+ end
+
+ def signon_url(mini_environment)
+ "https://signon.#{mini_environment.name.parameterize}.#{domain}"
+ end
+
+ def terraform_variables(mini_environment)
+ credentials = TerraformHttpBackendController.credentials
+
+ ami_id = mini_environment.backend_data['build_output'].split(' ')[1]
+
+ common_terraform_variables.merge(
+ slug: mini_environment.name.parameterize,
+ ami_id: ami_id,
+ backend_remote_state_address: (
+ Plek.new.external_url_for('mini-environment-admin') +
+ Rails
+ .application
+ .routes
+ .url_helpers
+ .terraform_http_backend_path(terraform_state_id)
+ ),
+ backend_remote_state_username: credentials[:name],
+ backend_remote_state_password: credentials[:password]
+ )
+ end
+end