Update 1.test terraform configuration

Author: pilgrimstack

.gitignore

@@ -4,5 +4,4 @@
 **/terraform.tfvars
 **/terraform.tfstate*
 **/.terraform
-1.test/main.tf
-2.prod/main.tf
+**/conf/*

1.test/main.tf.sample

@@ -1,9 +1,6 @@
-ll
-. openrc.sh
-nova list
-python ../ovh-tools/show-servers-attached-test.py
 vi main.tf # show 2 modules
 terraform get
+terraform init
 terraform apply -target openstack_compute_keypair_v2.gw -target module.app
 vi terraform-modules/app/main.tf # show variables, openstack ressources, instances with yaml, count, flavor, metadata
 vi terraform-modules/app/frontweb.yaml # show add/del scripts, metadata, runcmd
@@ -13,4 +10,3 @@ vi terraform-modules/stress/main.tf # show variables, block_device
 vi terraform-modules/stress/master.yaml # mount
 terraform-modules/stress/injector.yaml # ssh
 nova list
-python ../ovh-tools/show-servers-attached-test.py

1.test/openrc.sh.sample

@@ -28,8 +28,8 @@ runcmd:
  - service nfs-kernel-server restart
  - wget  https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
  - chmod +x /usr/local/bin/wp
- - cd /srv/www/html/ && /usr/local/bin/wp --allow-root core download --path=/srv/www/html/
+ - cd /srv/www/html/ && /usr/local/bin/wp --allow-root core download --path=/srv/www/html/ --version="4.8.1"
  - cd /srv/www/html/ && /usr/local/bin/wp --allow-root core config --dbname=wordpress --dbuser=v9bK6weA --dbhost=10.1.254.254 --dbpass=$p
  - cd /srv/www/html/ && /usr/local/bin/wp --allow-root db create
- - cd /srv/www/html/ && /usr/local/bin/wp --allow-root core install --url=test-infra-as-code.pilgrimstack.com --title="Infrastructure As Code" --admin_user=wpcli --admin_password=$p --admin_email=support@ovh.net
- - chown -R www-data:www-data /srv/www 
+ - chown -R www-data:www-data /srv/www
+ - apt-get purge -y apache2

1.test/script-up

@@ -18,95 +18,46 @@ packages:
  - mariadb-client
  - php5-curl
  - nfs-common
- - python-pip
- - python-dev
  - curl
  - jq
 
 write_files:
  - content: |
-       #!/usr/bin/python
-       import ovh
-       from netifaces import interfaces, ifaddresses, AF_INET
-       client = ovh.Client()
-       params = {}
-       params['address'] = ifaddresses('eth0').setdefault(AF_INET, [{'addr':'No IP addr'}] )[0]['addr']
-       params['status'] = 'active'
-       result = client.post('/ipLoadbalancing/--IPLB--/server', **params)
-       params = {}
-       params['serverId'] = result['id']
-       params['probe'] = 'true'
-       result = client.post('/ipLoadbalancing/--IPLB--/backend/--BACKEND--/server', **params)
-       params = {}
-       params['zone'] = 'gra'
-       result = client.post('/ipLoadbalancing/--IPLB--/refresh', **params)
-   path: /root/ovh-add-in-iplb.py
+       #!/bin/bash
+       ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@--IPLB-- "echo '    server $(hostname) --MYIP--:80 maxconn 32' >> /etc/haproxy/haproxy.cfg; service haproxy restart"
+   path: /root/ovh-add-in-iplb
    owner: root:root
    permissions: '0755'
  - content: |
-       #!/usr/bin/python
-       import ovh
-       from netifaces import interfaces, ifaddresses, AF_INET
-       client = ovh.Client()
-       params = {}
-       params['address'] = ifaddresses('eth0').setdefault(AF_INET, [{'addr':'No IP addr'}] )[0]['addr']
-       result = client.get('/ipLoadbalancing/--IPLB--/server', **params)
-       id = result[0]
-       params = {}
-       result = client.get('/ipLoadbalancing/--IPLB--/backend/--BACKEND--/server', **params)
-       for i in result:
-           params = {}
-           result_to_delete = client.get('/ipLoadbalancing/--IPLB--/backend/--BACKEND--/server/' + str(i), **params)
-           if result_to_delete['serverId'] == id:
-               params = {}
-               client.delete('/ipLoadbalancing/--IPLB--/backend/--BACKEND--/server/' + str(i), **params)
-               client.delete('/ipLoadbalancing/--IPLB--/server/' + str(result_to_delete['serverId']), **params)
-       params = {}
-       params['zone'] = 'gra'
-       result = client.post('/ipLoadbalancing/--IPLB--/refresh', **params)
-   path: /root/ovh-del-in-iplb.py
+       #!/bin/bash
+       ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@--IPLB-- "sed -i -re /$(hostname)/d /etc/haproxy/haproxy.cfg; service haproxy restart"
+   path: /root/ovh-del-in-iplb
    owner: root:root
    permissions: '0755'
  - content: |
        [Unit]
-       Description=Subscribe to the IPLB at OVH with the local public IP on eth0
+       Description=Subscribe to the loadbalancer with the local public IP on eth0
        Wants=cloud-init.service
        
        [Service]
        Type=oneshot
        RemainAfterExit=yes
-       ExecStart=/root/ovh-add-in-iplb.py
-       ExecStop=/root/ovh-del-in-iplb.py
+       ExecStart=/root/ovh-add-in-iplb
+       ExecStop=/root/ovh-del-in-iplb
        
        [Install]
        WantedBy=multi-user.target
    path: /etc/systemd/system/ovh-iplb-subscription.service
    owner: root:root
    permissions: '0644'
- - content: |
-       #!/bin/bash
-       cat > /etc/ovh.conf <<EOF
-       [default]
-       endpoint=ovh-eu
-       
-       [ovh-eu]
-       EOF
-       echo "application_key=$(curl -s http://169.254.169.254/openstack/latest/meta_data.json | jq .meta.application_key | sed s'/\"//g')" >> /etc/ovh.conf
-       echo "application_secret=$(curl -s http://169.254.169.254/openstack/latest/meta_data.json | jq .meta.application_secret| sed s'/\"//g')" >> /etc/ovh.conf
-       echo "consumer_key=$(curl -s http://169.254.169.254/openstack/latest/meta_data.json | jq .meta.consumer_key | sed s'/\"//g')" >> /etc/ovh.conf
-   path: /root/ovh-api-confgen
-   owner: root:root
-   permissions: '0755'
 
 runcmd:
- - pip install ovh
- - pip install netifaces
- - /root/ovh-api-confgen
  - iplb=$(curl -s http://169.254.169.254/openstack/latest/meta_data.json | jq .meta.iplb | sed s'/\"//g')
- - iplbbackend=$(curl -s http://169.254.169.254/openstack/latest/meta_data.json | jq .meta.iplbbackend | sed s'/\"//g')
- - sed -i -re "s/--IPLB--/$iplb/g" /root/ovh-del-in-iplb.py /root/ovh-add-in-iplb.py
- - sed -i -re "s/--BACKEND--/$iplbbackend/g" /root/ovh-del-in-iplb.py /root/ovh-add-in-iplb.py
+ - myip=$(curl ifconfig.me)
+ - sed -i -re "s/--IPLB--/$iplb/g" /root/ovh-del-in-iplb /root/ovh-add-in-iplb
+ - sed -i -re "s/--MYIP--/$myip/g" /root/ovh-del-in-iplb /root/ovh-add-in-iplb
  - systemctl enable ovh-iplb-subscription.service
  - systemctl start ovh-iplb-subscription.service
  - service apache2 restart
  - rm -f /var/www/html/index.html
+ - mount -a

terraform-modules/app/backend.yaml

@@ -0,0 +1,48 @@
+#cloud-config
+
+apt_update: true
+
+packages:
+ - haproxy
+
+write_files:
+ - content: |
+       global
+           log /dev/log    local0
+           log /dev/log    local1 notice
+           chroot /var/lib/haproxy
+           stats socket /run/haproxy/admin.sock mode 660 level admin
+           stats timeout 30s
+           user haproxy
+           group haproxy
+           daemon
+           ca-base /etc/ssl/certs
+           crt-base /etc/ssl/private
+           ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
+           ssl-default-bind-options no-sslv3
+       defaults
+           log     global
+           mode    http
+           option  httplog
+           option  dontlognull
+           timeout connect 5000
+           timeout client  50000
+           timeout server  50000
+           errorfile 400 /etc/haproxy/errors/400.http
+           errorfile 403 /etc/haproxy/errors/403.http
+           errorfile 408 /etc/haproxy/errors/408.http
+           errorfile 500 /etc/haproxy/errors/500.http
+           errorfile 502 /etc/haproxy/errors/502.http
+           errorfile 503 /etc/haproxy/errors/503.http
+           errorfile 504 /etc/haproxy/errors/504.http
+       listen http-in
+           bind *:80
+           stats enable
+           stats show-node
+           stats uri /stats
+   path: /etc/haproxy/haproxy.cfg
+   owner: root:root
+   permissions: '0644'
+
+runcmd:
+ - service haproxy restart

terraform-modules/app/frontweb.yaml

@@ -1,15 +1,14 @@
-variable "iplb" {}
-variable "iplbbackend" {}
-variable "application_key" {}
-variable "application_secret" {}
-variable "consumer_key" {}
-variable "vlan_id" {}
 variable "count" {
   default = 1
 }
 
+resource "openstack_networking_network_v2" "privatenet-test" {
+  name           = "privatenet-test"
+  admin_state_up = "true"
+}
+
 resource "openstack_networking_subnet_v2" "internal" {
-  network_id = "${var.vlan_id}"
+  network_id = "${openstack_networking_network_v2.privatenet-test.id}"
   cidr = "10.0.0.0/8"
   allocation_pools {
     start = "10.0.0.2"
@@ -18,47 +17,101 @@ resource "openstack_networking_subnet_v2" "internal" {
 }
 
 resource "openstack_compute_instance_v2" "backend" {
-  region = "GRA1"
   name = "backend"
   image_name = "Debian 8"
-  flavor_name = "sp-60-ssd"
+  flavor_name = "b2-15"
   key_pair = "gw"
   security_groups = ["default"]
   network {
     name = "Ext-Net"
     access_network = true
   } 
   network {
-    name = "VLAN"
+    name = "${openstack_networking_network_v2.privatenet-test.name}"
     fixed_ip_v4 = "10.1.254.254"
   }
   user_data = "${file("${path.module}/backend.yaml")}"
 } 
 
+resource "openstack_compute_instance_v2" "loadbalancer" {
+  name = "loadbalancer"
+  image_name = "Debian 8"
+  flavor_name = "s1-2"
+  key_pair = "gw"
+  security_groups = ["default"]
+  network {
+    name = "Ext-Net"
+    access_network = true
+  } 
+  provisioner "local-exec" {
+    command = "rm -f conf/shared_key && ssh-keygen -t rsa -N '' -f conf/shared_key -q"
+  }
+  provisioner "file" {
+    source      = "conf/shared_key.pub"
+    destination = "/home/debian/authorized_keys"
+    connection {
+      type     = "ssh"
+      user     = "debian"
+      private_key = "${file("~/.ssh/id_rsa")}"
+    }
+  }
+  provisioner "remote-exec" {
+    inline = [
+      "sudo mv /home/debian/authorized_keys /root/.ssh/",
+      "sudo chmod 600 /root/.ssh/authorized_keys",
+      "sudo chown root:root /root/.ssh/authorized_keys",
+    ]
+    connection {
+      type     = "ssh"
+      user     = "debian"
+      private_key = "${file("~/.ssh/id_rsa")}"
+    }
+  }
+  user_data = "${file("${path.module}/loadbalancer.yaml")}"
+} 
 
 resource "openstack_compute_instance_v2" "frontweb" {
-  depends_on = ["openstack_compute_instance_v2.backend"]
+  depends_on = [
+    "openstack_compute_instance_v2.backend",
+    "openstack_compute_instance_v2.loadbalancer",
+  ]
   count = "${var.count}"
   stop_before_destroy = true
-  region = "GRA1"
   name = "${format("frontweb-%02d", count.index+1)}"
   image_name = "Debian 8"
-  flavor_name = "eg-7-ssd"
+  flavor_name = "b2-7"
   key_pair = "gw"
   security_groups = ["default"]
   network {
     name = "Ext-Net"
     access_network = true
   } 
   network {
-    name = "VLAN"
+    name = "${openstack_networking_network_v2.privatenet-test.name}"
+  }
+  provisioner "file" {
+    source      = "conf/shared_key"
+    destination = "/home/debian/id_rsa"
+    connection {
+      type     = "ssh"
+      user     = "debian"
+      private_key = "${file("~/.ssh/id_rsa")}"
+    }
+  }
+  provisioner "remote-exec" {
+    inline = [
+      "sudo mv /home/debian/id_rsa /root/.ssh/",
+      "sudo chmod 600 /root/.ssh/id_rsa",
+      "sudo chown root:root /root/.ssh/id_rsa",
+    ]
+    connection {
+      type     = "ssh"
+      user     = "debian"
+      private_key = "${file("~/.ssh/id_rsa")}"
+    }
   }
   user_data = "${file("${path.module}/frontweb.yaml")}"
   metadata {
-    application_key = "${var.application_key}"
-    application_secret = "${var.application_secret}"
-    consumer_key = "${var.consumer_key}"
-    iplb = "${var.iplb}"
-    iplbbackend = "${var.iplbbackend}"
+    iplb = "${openstack_compute_instance_v2.loadbalancer.access_ip_v4}"
   }
 }