From e9964c214145a013878532cc92c74e3186588d1f Mon Sep 17 00:00:00 2001 From: gregory hendrickson Date: Wed, 15 Mar 2023 11:40:32 -0700 Subject: [PATCH] commit new all --- main.tf | 31 +++++++++++ modules/backend/main.tf | 56 +++++++++++++++++++ modules/backend/startup-script.sh | 54 +++++++++++++++++++ modules/backend/variables.tf | 19 +++++++ modules/firewall/main.tf | 11 ++++ modules/firewall/variables.tf | 21 ++++++++ modules/frontend/main.tf | 31 +++++++++++ modules/frontend/variables.tf | 33 ++++++++++++ modules/network/main.tf | 41 ++++++++++++++ modules/network/outputs.tf | 19 +++++++ modules/network/variables.tf | 23 ++++++++ network.tf | 90 +++++++++++++++++++++++++++++++ provider.tf | 5 ++ variables.tf | 7 +++ 14 files changed, 441 insertions(+) create mode 100644 main.tf create mode 100644 modules/backend/main.tf create mode 100644 modules/backend/startup-script.sh create mode 100644 modules/backend/variables.tf create mode 100644 modules/firewall/main.tf create mode 100644 modules/firewall/variables.tf create mode 100644 modules/frontend/main.tf create mode 100644 modules/frontend/variables.tf create mode 100644 modules/network/main.tf create mode 100644 modules/network/outputs.tf create mode 100644 modules/network/variables.tf create mode 100644 network.tf create mode 100644 provider.tf create mode 100644 variables.tf diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..eca5172 --- /dev/null +++ b/main.tf @@ -0,0 +1,31 @@ +terraform { + backend "local" { + path = "terraform.tfstate" + } +} + +provider "google" { + project = var.project_id + region = var.region +} + +module "network" { + source = "./network" + project_id = var.project_id + region = var.region + network = var.network + subnet = var.subnet +} + +module "backend" { + source = "./backend" +} + +module "frontend" { + source = "./frontend" + project_id = var.project_id + region = var.region + instance_type = var.instance_type + backend_ip = module.network.backend_ip + subnet_ip = module.network.subnet_ip +} diff --git a/modules/backend/main.tf b/modules/backend/main.tf new file mode 100644 index 0000000..d01e39d --- /dev/null +++ b/modules/backend/main.tf @@ -0,0 +1,56 @@ +terraform { + required_providers { + google = { + source = "hashicorp/google" + version = "~> 3.5.0" + } + } +} + +provider "google" { + project = var.project_id + region = var.region +} + +resource "google_compute_instance" "backend" { + name = "backend" + machine_type = "n1-standard-1" + tags = ["backend"] + + boot_disk { + initialize_params { + image = var.image_name + } + } + + metadata_startup_script = file("${path.module}/startup-script.sh") + + network_interface { + network = google_compute_network.backend_network.self_link + access_config { + // Allocate a one-to-one NAT IP to allow SSH and HTTP access + } + } + + service_account { + email = var.sa_email + scopes = ["userinfo-email", "compute-ro", "storage-ro"] + } +} + +resource "google_compute_firewall" "backend_firewall" { + name = "allow-backend-internal" + network = google_compute_network.backend_network.self_link + + allow { + protocol = "tcp" + ports = ["8081-8082"] + } + + source_tags = ["backend"] + target_tags = ["backend"] +} + +output "backend_ip" { + value = google_compute_instance.backend.network_interface[0].access_config[0].nat_ip +} diff --git a/modules/backend/startup-script.sh b/modules/backend/startup-script.sh new file mode 100644 index 0000000..c0b296c --- /dev/null +++ b/modules/backend/startup-script.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +# Install logging monitor. The monitor will automatically pick up logs sent to +# syslog. +curl -s "https://storage.googleapis.com/signals-agents/logging/google-fluentd-install.sh" | bash +service google-fluentd restart & + +# Install dependencies from apt +apt-get update +apt-get install -yq ca-certificates git build-essential supervisor psmisc + +# Install nodejs +mkdir /opt/nodejs +curl https://nodejs.org/dist/v16.14.0/node-v16.14.0-linux-x64.tar.gz | tar xvzf - -C /opt/nodejs --strip-components=1 +ln -s /opt/nodejs/bin/node /usr/bin/node +ln -s /opt/nodejs/bin/npm /usr/bin/npm + +# Get the application source code from the Google Cloud Storage bucket. +mkdir /fancy-store +gsutil -m cp -r gs://fancy-store-${var.project_id}/monolith-to-microservices/microservices/* /fancy-store/ + +# Install app dependencies. +cd /fancy-store/ +npm install + +# Create a nodeapp user. The application will run as this user. +useradd -m -d /home/nodeapp nodeapp +chown -R nodeapp:nodeapp /fancy-store + +# Configure supervisor to run the node app. +cat >/etc/supervisor/conf.d/node-app.conf << EOF +[program:orders] +directory=/fancy-store/orders +command=npm start +autostart=true +autorestart=true +user=nodeapp +environment=HOME="/home/nodeapp",USER="nodeapp",NODE_ENV="production" +stdout_logfile=syslog +stderr_logfile=syslog + +[program:products] +directory=/fancy-store/products +command=npm start +autostart=true +autorestart=true +user=nodeapp +environment=HOME="/home/nodeapp",USER="nodeapp",NODE_ENV="production" +stdout_logfile=syslog +stderr_logfile=syslog +EOF + +supervisorctl reread +supervisorctl update diff --git a/modules/backend/variables.tf b/modules/backend/variables.tf new file mode 100644 index 0000000..3eb84cd --- /dev/null +++ b/modules/backend/variables.tf @@ -0,0 +1,19 @@ +variable "project_id" { + type = string + description = "The ID of the Google Cloud project to use for resources." +} + +variable "region" { + type = string + description = "The region to create resources in." +} + +variable "sa_email" { + type = string + description = "The email address of the service account to associate with the instance." +} + +variable "image_name" { + type = string + description = "The name of the image to use for the instance boot disk." +} diff --git a/modules/firewall/main.tf b/modules/firewall/main.tf new file mode 100644 index 0000000..acb588c --- /dev/null +++ b/modules/firewall/main.tf @@ -0,0 +1,11 @@ +resource "google_compute_firewall" "default" { + name = var.firewall_name + network = var.network_name + + allow { + protocol = "tcp" + ports = var.allowed_ports + } + + source_ranges = var.source_ranges +} diff --git a/modules/firewall/variables.tf b/modules/firewall/variables.tf new file mode 100644 index 0000000..84b16b5 --- /dev/null +++ b/modules/firewall/variables.tf @@ -0,0 +1,21 @@ +variable "firewall_name" { + description = "The name of the firewall" + type = string +} + +variable "network_name" { + description = "The name of the network to apply the firewall rule to" + type = string +} + +variable "allowed_ports" { + description = "The list of ports that are allowed by the firewall" + type = list(number) + default = [80, 443] +} + +variable "source_ranges" { + description = "The list of source IP ranges that are allowed by the firewall" + type = list(string) + default = ["0.0.0.0/0"] +} diff --git a/modules/frontend/main.tf b/modules/frontend/main.tf new file mode 100644 index 0000000..3f3eb01 --- /dev/null +++ b/modules/frontend/main.tf @@ -0,0 +1,31 @@ +provider "google" { + project = var.project_id + region = var.region +} + +resource "google_compute_instance" "frontend" { + name = "frontend" + machine_type = "e2-micro" + zone = var.zone + + boot_disk { + initialize_params { + image = "ubuntu-os-cloud/ubuntu-2004-lts" + } + } + + network_interface { + network = var.network_name + access_config { + // Allocate a one-to-one NAT IP to the instance + } + } + + metadata_startup_script = file(var.startup_script_path) + + tags = ["http-server"] +} + +output "frontend_ip" { + value = google_compute_instance.frontend.network_interface.0.access_config.0.nat_ip +} diff --git a/modules/frontend/variables.tf b/modules/frontend/variables.tf new file mode 100644 index 0000000..a9db251 --- /dev/null +++ b/modules/frontend/variables.tf @@ -0,0 +1,33 @@ +variable "project_id" { + description = "The ID of the Google Cloud project where resources will be created" +} + +variable "region" { + description = "The region in which to create the resources" +} + +variable "zone" { + description = "The zone in which to create the resources" +} + +variable "instance_name" { + description = "The name to assign to the Compute Engine instance" +} + +variable "machine_type" { + description = "The machine type of the Compute Engine instance" + default = "f1-micro" +} + +variable "image_name" { + description = "The name of the image to use for the Compute Engine instance boot disk" + default = "ubuntu-os-cloud/ubuntu-2004-lts" +} + +variable "network_name" { + description = "The name of the network to which the Compute Engine instance will be attached" +} + +variable "startup_script_path" { + description = "The local path to the startup script to be run on the Compute Engine instance" +} diff --git a/modules/network/main.tf b/modules/network/main.tf new file mode 100644 index 0000000..769e085 --- /dev/null +++ b/modules/network/main.tf @@ -0,0 +1,41 @@ +# Define VPC +resource "google_compute_network" "vpc_network" { + name = var.vpc_name + project = var.project_id + auto_create_subnetworks = false +} + +# Define subnetwork +resource "google_compute_subnetwork" "vpc_subnet" { + name = var.subnet_name + ip_cidr_range = var.subnet_cidr_range + region = var.region + network = google_compute_network.vpc_network.self_link +} + +# Define firewall rule for frontend instances +resource "google_compute_firewall" "frontend_firewall" { + name = "allow-frontend" + network = google_compute_network.vpc_network.self_link + + allow { + protocol = "tcp" + ports = ["8080"] + } + + target_tags = ["frontend"] +} + +# Define firewall rule for backend instances +resource "google_compute_firewall" "backend_firewall" { + name = "allow-backend" + network = google_compute_network.vpc_network.self_link + + allow { + protocol = "tcp" + ports = ["8081-8082"] + } + + target_tags = ["backend"] +} + diff --git a/modules/network/outputs.tf b/modules/network/outputs.tf new file mode 100644 index 0000000..60f9fa6 --- /dev/null +++ b/modules/network/outputs.tf @@ -0,0 +1,19 @@ +output "vpc_network_name" { + value = google_compute_network.vpc_network.name +} + +output "subnet_name" { + value = google_compute_subnetwork.vpc_subnet.name +} + +output "subnet_cidr_range" { + value = google_compute_subnetwork.vpc_subnet.ip_cidr_range +} + +output "frontend_firewall_name" { + value = google_compute_firewall.frontend_firewall.name +} + +output "backend_firewall_name" { + value = google_compute_firewall.backend_firewall.name +} diff --git a/modules/network/variables.tf b/modules/network/variables.tf new file mode 100644 index 0000000..61214c9 --- /dev/null +++ b/modules/network/variables.tf @@ -0,0 +1,23 @@ +variable "project_id" { + description = "The ID of the Google Cloud project to deploy resources to." +} + +variable "region" { + description = "The region where the resources will be created." + default = "us-central1" +} + +variable "vpc_name" { + description = "The name of the VPC network to be created." + default = "fancy-store-vpc" +} + +variable "subnet_name" { + description = "The name of the subnet to be created." + default = "fancy-store-subnet" +} + +variable "subnet_cidr_range" { + description = "The CIDR range of the subnet to be created." + default = "10.0.0.0/24" +} diff --git a/network.tf b/network.tf new file mode 100644 index 0000000..2f75856 --- /dev/null +++ b/network.tf @@ -0,0 +1,90 @@ +terraform { + required_providers { + google = { + source = "hashicorp/google" + version = "3.86.0" + } + } +} + +provider "google" { + project = var.project_id + region = var.region +} + +module "network" { + source = "./network" + project_id = var.project_id + region = var.region + network_cidr= var.network_cidr +} + +resource "google_compute_instance" "backend" { + name = "backend" + machine_type = "n1-standard-1" + zone = var.zone + + boot_disk { + initialize_params { + image = var.image + } + } + + network_interface { + network = module.network.network_name + + access_config { + // Ephemeral IP + } + } + + metadata_startup_script = var.startup_script + tags = ["backend"] +} + +resource "google_compute_instance" "frontend" { + name = "frontend" + machine_type = "n1-standard-1" + zone = var.zone + + boot_disk { + initialize_params { + image = var.image + } + } + + network_interface { + network = module.network.network_name + + access_config { + // Ephemeral IP + } + } + + metadata_startup_script = var.startup_script + tags = ["frontend"] +} + +resource "google_compute_firewall" "fw_fe" { + name = "fw-fe" + network = module.network.network_name + + allow { + protocol = "tcp" + ports = ["8080"] + } + + source_tags = ["frontend"] +} + +resource "google_compute_firewall" "fw_be" { + name = "fw-be" + network = module.network.network_name + + allow { + protocol = "tcp" + ports = ["8081-8082"] + } + + source_tags = ["backend"] +} diff --git a/provider.tf b/provider.tf new file mode 100644 index 0000000..9ff0ef1 --- /dev/null +++ b/provider.tf @@ -0,0 +1,5 @@ +provider "google" { + project = var.project_id + region = var.region + zone = var.zone +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..9d86f38 --- /dev/null +++ b/variables.tf @@ -0,0 +1,7 @@ +variable "project_id" {} +variable "region" { + default = "us-central1" +} +variable "zone" { + default = "us-central1-f" +}