Initial commit

3b79881c · Rolando Antonio Jimenez · 3b79881c · 3b79881c · 3b79881c · 3b79881c
Commit 3b79881c authored Sep 01, 2023 by Rolando Antonio Jimenez
21 changed files
--- a/ansible.cfg
+++ b/ansible.cfg
+[defaults] 
+#informamos que usaremos el plug de aws para usar el inventario dinamico 
+enable_plugins = aws_ec2 
+inventory = ./aws_ec2.yml 
+host_key_checking = false 
+remote_user = ec2-user 
+#la key a usar es la que se genera con terraform para poder hacer la conexión ssh 
+private_key_file = apache-key-pair 
+#indicamos la ruta de nuestros roles 
+roles_path = ./roles 
+timeout = 30 
+pipelining = False 
+[privilege_escalation] 
+become = true 
+become_method = sudo 
+become_user = root 
\ No newline at end of file
--- a/ansible/roles/apache/handlers/main.yml
+++ b/ansible/roles/apache/handlers/main.yml
+--- 
+# handlers file for apache 
+- name: Restart grafana 
+  ansible.builtin.service: 
+    name: grafana-server 
+    state: restarted 
\ No newline at end of file
--- a/ansible/roles/apache/tasks/add-fs.yml
+++ b/ansible/roles/apache/tasks/add-fs.yml
+--- 
+- name: create partition 
+  parted: 
+    device: /dev/{{ item }} 
+    number: 1 
+    flags: [ lvm ] 
+    state: present 
+  loop: 
+    - sdc 
+    - sdd 
+- name: install lvm2 dependency 
+  package: 
+    name: lvm2 
+    state: present 
+- name: create vg 
+  lvg: 
+    vg: "{{ item.vgn }}" 
+    pvs: /dev/{{ item.disk }} 
+    pesize: 16 
+  loop: 
+    - { vgn: 'code-vg', disk: 'nvme1n1p1' } 
+    - { vgn: 'log-vg', disk: 'nvme2n1p1' } 
+- name: create lv 
+  lvol: 
+    vg: "{{ item.vgn }}" 
+    lv: "{{ item.lvn }}" 
+    size: 100%FREE 
+    force: yes 
+  loop: 
+    - { vgn: 'code-vg', lvn: 'code-lv' } 
+    - { vgn: 'log-vg', lvn: 'log-lv' } 
+- name: format the xfs fs 
+  filesystem: 
+    fstype: xfs 
+    dev: /dev/{{ item.vgn }}/{{ item.lvn }} 
+  loop: 
+    - { vgn: 'code-vg', lvn: 'code-lv' } 
+    - { vgn: 'log-vg', lvn: 'log-lv' } 
+- name: mount the lv  
+  mount: 
+    path: /var/{{ item.patha }}/{{ item.pathb }} 
+    src: /dev/{{ item.vgn }}/{{ item.lvn }} 
+    fstype: xfs 
+    state: mounted 
+  loop: 
+    - { vgn: 'code-vg', lvn: 'code-lv', patha: 'www', pathb: 'html' } 
+    - { vgn: 'log-vg', lvn: 'log-lv', patha: 'log', pathb: 'httpd' } 
\ No newline at end of file
--- a/ansible/roles/apache/tasks/configure_https.yml
+++ b/ansible/roles/apache/tasks/configure_https.yml
+--- 
+- name: create openssl key rsa 2048 bits 
+  community.crypto.openssl_privatekey: 
+    path: /etc/pki/tls/private/httpd.pem 
+    size: 2048 
+- name: create self signed openssl certificate 
+  community.crypto.x509_certificate: 
+    path: /etc/pki/tls/certs/httpd.crt 
+    privatekey_path: /etc/pki/tls/private/httpd.pem 
+    provider: selfsigned 
+- name: Enable https protocol, add certificate 
+  replace: 
+    path: /etc/httpd/conf.d/ssl.conf 
+    regexp: '#SSLCertificateFile /etc/pki/tls/certs/localhost.crt' 
+    replace: 'SSLCertificateFile /etc/pki/tls/certs/httpd.crt' 
+- name: Enable https protocol, add private key 
+  replace: 
+    path: /etc/httpd/conf.d/ssl.conf 
+    regexp: '#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key' 
+    replace: ' SSLCertificateKeyFile /etc/pki/tls/private/httpd.key' 
+  notify: 
+  - Restart apache 
\ No newline at end of file
--- a/ansible/roles/apache/tasks/install-apache.yml
+++ b/ansible/roles/apache/tasks/install-apache.yml
+--- 
+- name: Install apache 
+  ansible.builtin.yum: 
+    name: httpd 
+    state: present 
+- name: Install mod_ssl 
+  ansible.builtin.yum: 
+    name: mod_ssl 
+    state: present 
+- name: Start apache 
+  ansible.builtin.service: 
+    name: httpd 
+    state: started 
\ No newline at end of file
--- a/ansible/roles/apache/tasks/main.yml
+++ b/ansible/roles/apache/tasks/main.yml
+--- 
+# tasks file for apache 
+- import_tasks: install-apche.yml 
+- import_tasks: add-fs.yml 
+- import_tasks: configure-https.yml 
\ No newline at end of file
--- a/aws_ec2.yml
+++ b/aws_ec2.yml
+plugin: aws_ec2 
+aws_access_key: your-key 
+aws_secret_key: your-secret-key 
+regions: 
+  - "us-east-1" 
+#se agrupa las instancias corriendo de acuerdo a su nombre dado en aws 
+keyed_groups: 
+  - key: tags.Name 
+filters: 
+  instance-state-name: running 
+compose: 
+  ansible_host: public_ip_address 
\ No newline at end of file
--- a/install-apache.yml
+++ b/install-apache.yml
+--- 
+- hosts: _apache-server 
+  tasks: 
+#esperemos a que la instancia esté disponible vía ssh en una espera total de 360 segundo 
+    - name: Wait for system to become reachable 
+      wait_for_connection: 
+      delay: 60 
+      timeout: 300 
+#instalamos dependencias para el uso de tls/ssl 
+    - name: install dependencies 
+      ansible.builtin.yum: 
+        name: gcc 
+        state: latest 
+    - name: install dependencies 
+      ansible.builtin.yum: 
+        name: openssl-devel 
+        state: latest 
+    - name: install dependencies 
+      ansible.builtin.yum: 
+        name: libffi-devel 
+        state: latest 
+    - name: install dependencies 
+      ansible.builtin.yum: 
+        name: python-devel 
+        state: latest 
+    - name: install crypto pip 
+      pip: 
+        state: latest 
+        name:  
+          - pyOpenSSL 
+          - cryptography 
+    - name: install apache 
+      ansible.builtin.include_role: 
+        name: apache 
\ No newline at end of file
--- a/start.sh
+++ b/start.sh
+#!/bin/bash 
+##función para desplegarnos la url para consultar el servicio apache un avez terminado la instalación 
+url_out(){ 
+    sal=$(jq '.outputs.server_public_ipv4.value' terraform/terraform.tfstate) 
+    sal2=$(echo "${sal%?}") 
+    sal3=$(echo "${sal2#?}") 
+    port=":443" 
+    protocol="https://" 
+    gurl="$protocol$sal3$port" 
+    echo "" 
+    echo "" 
+    echo " ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓" 
+    echo " ▓▒░ You may consult grafana's dashboard in the next url ░▒▓" 
+    echo " ▓ ▓" 
+    echo " $gurl" 
+    echo "" 
+    echo "" 
+    echo "" 
+} 
+##función para crear el ambiente virtual 
+kvenv(){ 
+    python3 -m venv env 
+    source env/bin/activate 
+} 
+##función para instalar ansible y dependencias de los roles 
+install_dependencies(){ 
+    echo "Installing ansible" 
+    pip3 install ansible-core 
+    echo "" 
+    echo "" 
+    echo "Installing terraform" 
+    pip3 install terraform-compliance 
+    echo "" 
+    echo "" 
+    echo "Installing aws pluging" 
+    pip3 install boto3 botocore 
+    echo "" 
+    echo "" 
+    echo "Installing galaxy dependecies" 
+    ansible-galaxy collection install community.crypto 
+    ansible-galaxy collection install amazon.aws 
+    ansible-galaxy collection install community.general 
+    ansible-galaxy collection install ansible.posix 
+} 
+mkvenv 
+install_dependencies 
+terraform -chdir=terraform/ init 
+terraform -chdir=terraform/ apply -auto-approve 
+cp terraform/apache-key-pair. 
+chmod 400 apache-key-pair 
+ansible-playbook install-apache.yml  
+url_out 
\ No newline at end of file
--- a/terraform/aws_ebs.tf
+++ b/terraform/aws_ebs.tf
+resource "aws_ebs_volume" "datalog" {
+  availability_zone = var.AV_ZONE
+  size              = var.SIZE_DISK
+  tags = {
+    Name = "datalog"
+  }
+}
+resource "aws_ebs_volume" "datacode" {
+  availability_zone = var.AV_ZONE
+  size              = var.SIZE_DISK
+  tags = {
+    Name = "datacode"
+  }
+}
+resource "aws_volume_attachment" "datafs-log" {
+  device_name = "/dev/sdc"
+  volume_id   = aws_ebs_volume.datalog.id
+  instance_id = aws_instance.apache-server.id
+}
+resource "aws_volume_attachment" "datafs-code" {
+  device_name = "/dev/sdd"
+  volume_id   = aws_ebs_volume.datacode.id
+  instance_id = aws_instance.apache-server.id
+} 
\ No newline at end of file
--- a/terraform/aws_ec2.tf
+++ b/terraform/aws_ec2.tf
+resource "aws_instance" "apache-server" {
+  ami                         = var.AMI_SELECT
+  instance_type               = var.INSTA_TYPE
+  availability_zone           = var.AV_ZONE
+  associate_public_ip_address = true
+  key_name                    = "apache-key-pair"
+  security_groups             = ["${aws_security_group.apache_sg.id}"]
+  tags = {
+    Name = "apache-server"
+  }
+  subnet_id = aws_subnet.apache_subnet.id
+} 
\ No newline at end of file
--- a/terraform/aws_eip.tf
+++ b/terraform/aws_eip.tf
+resource "aws_eip" "apache_eip" {
+  instance = aws_instance.apache-server.id
+  vpc      = "true"
+} 
\ No newline at end of file
--- a/terraform/aws_internet_gw.tf
+++ b/terraform/aws_internet_gw.tf
+resource "aws_internet_gateway" "apache_gw" {
+  vpc_id = aws_vpc.apache_vpc.id
+  tags = {
+    Name = "apache_gw"
+  }
+} 
\ No newline at end of file
--- a/terraform/aws_key_pair.tf
+++ b/terraform/aws_key_pair.tf
+resource "aws_key_pair" "apache-key-pair" {
+  key_name   = "apache-key-pair"
+  public_key = tls_private_key.rsa.public_key_openssh
+}
+resource "tls_private_key" "rsa" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+resource "local_file" "apache-key" {
+  content  = tls_private_key.rsa.private_key_pem
+  filename = "apache-key-pair"
+} 
\ No newline at end of file
--- a/terraform/aws_route_table.tf
+++ b/terraform/aws_route_table.tf
+resource "aws_route_table" "apache_rtb" {
+  vpc_id = aws_vpc.apache_vpc.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.apache_gw.id
+  }
+  tags = {
+    Name = "apache_rtb"
+  }
+}
+resource "aws_route_table_association" "apache_rtb_as" {
+  subnet_id      = aws_subnet.apache_subnet.id
+  route_table_id = aws_route_table.apache_rtb.id
+} 
\ No newline at end of file
--- a/terraform/aws_security_group.tf
+++ b/terraform/aws_security_group.tf
+locals {
+  ports_in  = [22, 443]
+  ports_out = [0]
+}
+resource "aws_security_group" "apache_sg" {
+  name        = "apache_sg"
+  description = "Allow TLS inbound traffic"
+  vpc_id      = aws_vpc.apache_vpc.id
+  dynamic "ingress" {
+    for_each = toset(local.ports_in)
+    content {
+      description = "tls from VPC"
+      from_port   = ingress.value
+      to_port     = ingress.value
+      protocol    = "tcp"
+      cidr_blocks = ["0.0.0.0/0"]
+    }
+  }
+  dynamic "egress" {
+    for_each = toset(local.ports_out)
+    content {
+      description = "tls from VPC"
+      from_port   = egress.value
+      to_port     = egress.value
+      protocol    = "-1"
+      cidr_blocks = ["0.0.0.0/0"]
+    }
+  }
+  tags = {
+    Name = "allow_tls"
+  }
+} 
\ No newline at end of file
--- a/terraform/aws_subnet.tf
+++ b/terraform/aws_subnet.tf
+resource "aws_subnet" "apache_subnet" {
+  vpc_id            = aws_vpc.apache_vpc.id
+  cidr_block        = cidrsubnet(aws_vpc.apache_vpc.cidr_block, 3, 1)
+  availability_zone = var.AV_ZONE
+  tags = {
+    Name = "apache_subnet"
+  }
+} 
\ No newline at end of file
--- a/terraform/aws_vpc.tf
+++ b/terraform/aws_vpc.tf
+resource "aws_vpc" "apache_vpc" {
+  cidr_block           = "172.16.0.0/16"
+  enable_dns_hostnames = "true"
+  enable_dns_support   = "true"
+  instance_tenancy     = "default"
+  tags = {
+    Name = "apache_vpc"
+  }
+} 
\ No newline at end of file
--- a/terraform/outputs.tf
+++ b/terraform/outputs.tf
+output "server_public_ipv4" {
+  description = "Public ip to connect"
+  value       = aws_eip.apache_eip.public_ip
+}
+output "instance_id" {
+  description = "EC2 id instance"
+  value       = aws_instance.apache-server.id
+}
+output "public_dns" {
+  description = "DNS public to access"
+  value       = aws_eip.apache_eip.public_dns
+} 
\ No newline at end of file
--- a/terraform/provider.tf
+++ b/terraform/provider.tf
+provider "aws" {
+  region     = var.REGION_AWS
+  access_key = "your-access-key"
+  secret_key = "your-secret-key"
+  default_tags {
+    tags = {
+      Server     = "apache-web"
+      Department = "online bank"
+    }
+  }
+} 
\ No newline at end of file
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
+variable "REGION_AWS" {
+  #Dependera de la región de dónde estén tus usuarios 
+  default = "us-east-1"
+}
+variable "AV_ZONE" {
+  default = "us-east-1a"
+}
+variable "INSTA_TYPE" {
+  default = "t2.micro"
+}
+variable "AMI_SELECT" {
+  default = " ami-0453898e98046c639"
+}
+variable "SIZE_DISK" {
+  default = "4"
+} 
\ No newline at end of file