mozilla
/
partinfra-terraform
зеркало из https://github.com/mozilla/partinfra-terraform.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Add infrastructure for Mozillians 

- Production slaves
- Production DB
- Staging ES/EC
This commit is contained in:
Yousef Alam 2017-05-10 14:29:17 +01:00
Родитель a804b61539
Коммит 42101cf469
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 10B7403F339660D9
5 изменённых файлов: 263 добавлений и 1 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
.gitignore поставляемый
Просмотреть файл

@ -2,3 +2,4 @@ terraform.tfstate
terraform.tfstate.backup
terraform.tfvars
.terraform/*
plan.out

85
db.tf
Просмотреть файл

@ -1,15 +1,29 @@
variable "mysql-shared-db_password" {}
variable "postgres-shared-db_password" {}
variable "mysql-mozillians-db_password" {}
resource "aws_db_subnet_group" "apps-shared-rds-subnetgroup" {
name = "apps-shared-rds-subnetgroup"
description = "RDS subnet group for shared VPC"
subnet_ids = ["${aws_subnet.apps-shared-1a.id}", "${aws_subnet.apps-shared-1c.id}", "${aws_subnet.apps-shared-1d.id}"]
subnet_ids = ["${aws_subnet.apps-shared-1a.id}",
"${aws_subnet.apps-shared-1c.id}",
"${aws_subnet.apps-shared-1d.id}"]
tags {
Name = "apps-shared-rds-subnetgroup"
}
}
resource "aws_db_subnet_group" "apps-production-rds-subnetgroup" {
name = "apps-production-rds-subnetgroup"
description = "RDS subnet group for production VPC"
subnet_ids = ["${aws_subnet.apps-production-1a.id}",
"${aws_subnet.apps-production-1c.id}",
"${aws_subnet.apps-production-1d.id}"]
tags {
Name = "apps-production-rds-subnetgroup"
}
}
resource "aws_security_group" "shared-rds-sg" {
name = "shared-rds-sg"
description = "Shared RDS SG"
@ -124,3 +138,72 @@ resource "aws_route53_record" "postgres-shared-dns" {
ttl = 300
records = ["${aws_db_instance.postgres-shared-db.address}"]
}
# Mozillians production DB
resource "aws_security_group" "mozillians-prod-rds-sg" {
name = "mozillians-prod-rds-sg"
description = "Mozillians production RDS SG"
vpc_id = "${aws_vpc.apps-production-vpc.id}"
}
resource "aws_security_group_rule" "mozillians-rds-sg-allowmysqlfromprod" {
type = "ingress"
from_port = 3306
to_port = 3306
protocol = "tcp"
source_security_group_id = "${aws_security_group.mozillians-slave-ec2-sg.id}"
security_group_id = "${aws_security_group.mozillians-prod-rds-sg.id}"
}
resource "aws_db_instance" "mysql-mozillians-db" {
allocated_storage = 5
engine = "mysql"
engine_version = "5.6.27"
instance_class = "db.t2.small"
publicly_accessible = false
backup_retention_period = 14
apply_immediately = true
multi_az = true
storage_type = "gp2"
final_snapshot_identifier = "mysql-mozillians-db-final"
name = "mozilliansdb"
username = "root"
password = "${var.mysql-mozillians-db_password}"
vpc_security_group_ids = ["${aws_security_group.mozillians-prod-rds-sg.id}"]
db_subnet_group_name = "${aws_db_subnet_group.apps-production-rds-subnetgroup.name}"
parameter_group_name = "default.mysql5.6"
tags {
Name = "mysql-mozillians-db"
app = "mysql"
env = "production"
project = "mozillians"
}
}
resource "aws_db_instance" "mysql-mozillians-db-rr" {
replicate_source_db = "${aws_db_instance.mysql-mozillians-db.identifier}"
allocated_storage = 5
engine = "mysql"
engine_version = "5.6.27"
instance_class = "db.t2.small"
publicly_accessible = false
backup_retention_period = 14
apply_immediately = true
multi_az = true
storage_type = "gp2"
final_snapshot_identifier = "mysql-mozillians-db-rr-final"
name = "mozilliansdb-rr"
username = "root"
password = "${var.mysql-mozillians-db_password}"
vpc_security_group_ids = ["${aws_security_group.mozillians-prod-rds-sg.id}"]
db_subnet_group_name = "${aws_db_subnet_group.apps-production-rds-subnetgroup.name}"
parameter_group_name = "default.mysql5.6"
tags {
Name = "mysql-mozillians-db-rr"
app = "mysql"
env = "production"
project = "mozillians"
}
}

5
modules/mesos-cluster/main.tf
Просмотреть файл

@ -181,6 +181,11 @@ resource "aws_autoscaling_group" "mesos-slave-as" {
value = "mesosslave"
propagate_at_launch = true
}
tag {
key = "cluster"
value = "generic"
propagate_at_launch = true
}
lifecycle {
create_before_destroy = true
}

47
modules/mozillians/main.tf Normal file
Просмотреть файл

@ -0,0 +1,47 @@
variable "environment" {}
variable "vpc_id" {}
variable "service_security_group_id" {}
variable "elasticache_instance_size" {}
variable "elasticache_subnet_group" {}
resource "aws_security_group" "mozillians-redis-sg" {
name = "mozillians-redis-${var.environment}-sg"
description = "mozillians ${var.environment} elasticache SG"
vpc_id = "${var.vpc_id}"
}
resource "aws_security_group_rule" "mozillians-redis-sg-allowredisfromslaves" {
type = "ingress"
from_port = 6379
to_port = 6379
protocol = "tcp"
source_security_group_id = "${var.service_security_group_id}"
security_group_id = "${aws_security_group.mozillians-redis-sg.id}"
}
resource "aws_security_group_rule" "mozillians-redis-sg-allowegress" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
source_security_group_id = "${var.service_security_group_id}"
security_group_id = "${aws_security_group.mozillians-redis-sg.id}"
}
resource "aws_elasticache_cluster" "mozillians-redis-ec" {
cluster_id = "mozillians-${var.environment}"
engine = "redis"
engine_version = "2.8.24"
node_type = "${var.elasticache_instance_size}"
port = 6379
num_cache_nodes = 1
parameter_group_name = "default.redis2.8"
subnet_group_name = "${var.elasticache_subnet_group}"
security_group_ids = ["${aws_security_group.mozillians-redis-sg.id}"]
tags {
Name = "mozillians-${var.environment}-redis"
app = "redis"
env = "${var.environment}"
project = "mozillians"
}
}

126
mozillians.tf Normal file
Просмотреть файл

@ -0,0 +1,126 @@
resource "aws_security_group" "mozillians-slave-ec2-sg" {
name = "mozillians-slave-production-ec2-sg"
description = "mozillians slave production SG"
vpc_id = "${aws_vpc.apps-production-vpc.id}"
}
resource "aws_security_group_rule" "mozillians-slave-ec2-sg-allowallfrommaster" {
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
source_security_group_id = "${module.mesos-cluster-production.mesos-cluster-master-sg-id}"
security_group_id = "${aws_security_group.mozillians-slave-ec2-sg.id}"
}
resource "aws_security_group_rule" "mozillians-slave-ec2-sg-allowall" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.mozillians-slave-ec2-sg.id}"
}
resource "aws_security_group_rule" "mozillians-slave-ec2-sg-allowallfromshared" {
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["${aws_vpc.apps-shared-vpc.cidr_block}"]
security_group_id = "${aws_security_group.mozillians-slave-ec2-sg.id}"
}
resource "aws_launch_configuration" "mozillians-slave-ec2-lc" {
name_prefix = "mozillians-slave-production-lc"
image_id = "${lookup(var.aws_amis, var.aws_region)}"
instance_type = "t2.medium"
key_name = "ansible"
security_groups = ["${aws_security_group.mozillians-slave-ec2-sg.id}"]
associate_public_ip_address = true
root_block_device {
volume_size = 20
}
lifecycle {
create_before_destroy = true
}
}
resource "aws_autoscaling_group" "mozillians-slave-as" {
name = "mozillians-slave-production-as"
launch_configuration = "${aws_launch_configuration.mozillians-slave-ec2-lc.id}"
availability_zones = ["${split(",", lookup(var.aws_availibility_zones, var.aws_region))}"]
max_size = "2"
desired_capacity = "2"
min_size = "2"
vpc_zone_identifier = ["${aws_subnet.apps-production-1a.id}", "${aws_subnet.apps-production-1c.id}", "${aws_subnet.apps-production-1d.id}"]
tag {
key = "Name"
value = "mesosslave"
propagate_at_launch = true
}
tag {
key = "app"
value = "mesosslaveproduction"
propagate_at_launch = true
}
tag {
key = "env"
value = "production"
propagate_at_launch = true
}
tag {
key = "project"
value = "mozillians"
propagate_at_launch = true
}
tag {
key = "cluster"
value = "mozillians"
propagate_at_launch = true
}
lifecycle {
create_before_destroy = true
}
}
module "mozillians-staging" {
source = "./modules/mozillians"
environment = "staging"
vpc_id = "${aws_vpc.apps-staging-vpc.id}"
elasticache_instance_size = "cache.t2.micro"
service_security_group_id = "${module.mesos-cluster-staging.mesos-cluster-slave-sg-id}"
elasticache_subnet_group = "${aws_elasticache_subnet_group.elasticache-staging-subnet-group.name}"
}
resource "aws_elasticsearch_domain" "mozillians-es" {
domain_name = "mozillians-shared-es"
elasticsearch_version = "2.3"
ebs_options {
ebs_enabled = true
volume_type = "standard"
volume_size = 10
}
cluster_config {
instance_count = 3
instance_type = "t2.micro.elasticsearch"
dedicated_master_enabled = false
zone_awareness_enabled = false
}
snapshot_options {
automated_snapshot_start_hour = 23
}
tags {
Domain = "mozillians-shared-es"
app = "elasticsearch"
env = "shared"
project = "mozillians"
}
}