Skip to content

Commit

Permalink
Init
Browse files Browse the repository at this point in the history
  • Loading branch information
@bee7ch7
bee7ch7 committed Jul 27, 2024
0 parents commit daf466b
Show file tree
Hide file tree
Showing 21 changed files with 1,347 additions and 0 deletions.
75 changes: 75 additions & 0 deletions .github/workflows/ansible.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
name: 'Ansible - restore database - DEV'

on:
workflow_run:
workflows:
- "Terragrunt CI/CD Pipeline - DEV"
types:
- completed
branches:
- main

env:
APPLICATION_ENV: dev
APPLICATION_NAME: final

jobs:
mysql:
name: 'Ansible'
runs-on: ubuntu-latest
steps:

- name: Checkout
uses: actions/checkout@v4

- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-central-1

- uses: actions/setup-python@v5
with:
python-version: '3.12'

- name: Install Python packages
run: |
source /opt/pipx/venvs/ansible-core/bin/activate
python -m pip install cryptography pyOpenSSL botocore boto3
- name: Get RDS security group id
id: rds_sg
run: |
echo "RDS_SG_ID=$(aws ec2 describe-security-groups --query "SecurityGroups[?contains(GroupName, '$APPLICATION_ENV-$APPLICATION_NAME-db')].GroupId" --output text)" >> $GITHUB_OUTPUT
- name: Add ingress rule for security group
run: |
aws ec2 authorize-security-group-ingress \
--group-id $RDS_SG_ID \
--protocol tcp \
--port 3306 \
--cidr $(curl http://ifconfig.me)/32
env:
RDS_SG_ID: ${{ steps.rds_sg.outputs.RDS_SG_ID }}

- name: Run database restoration procedure
uses: dawidd6/action-ansible-playbook@v2
with:
# Required, playbook filepath
playbook: ansible/import_data.yaml
configuration: |
[defaults]
host_key_checking = false
inventory = ./hosts.txt
- name: Remove ingress rule for security group
if: always()
run: |
aws ec2 revoke-security-group-ingress \
--group-id $RDS_SG_ID \
--protocol tcp \
--port 3306 \
--cidr $(curl http://ifconfig.me)/32
env:
RDS_SG_ID: ${{ steps.rds_sg.outputs.RDS_SG_ID }}
62 changes: 62 additions & 0 deletions .github/workflows/terraform.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
name: "Terragrunt CI/CD Pipeline - DEV"

on:
push:
branches:
- main
paths:
- aws/final_project/dev-001/eu-central-1/**
pull_request:
branches:
- main
paths:
- aws/final_project/dev-001/eu-central-1/**
env:
WORKING_DIR: aws/final_project/dev-001/eu-central-1/

jobs:
iac:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-central-1

- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.7.3
terraform_wrapper: false

- name: Setup Terragrunt
uses: autero1/[email protected]
with:
terragrunt_version: 0.55.1

- name: Terragrunt Format
id: fmt
run: terragrunt hclfmt --terragrunt-working-dir $WORKING_DIR --terragrunt-check

- name: Terragrunt Init
id: init
run: terragrunt run-all init --terragrunt-working-dir $WORKING_DIR --terragrunt-non-interactive

- name: Terragrunt Validate
id: validate
run: terragrunt run-all validate -no-color --terragrunt-working-dir $WORKING_DIR --terragrunt-non-interactive

- name: Terragrunt Plan
id: plan
if: github.event_name == 'pull_request'
run: terragrunt run-all plan -no-color --terragrunt-working-dir $WORKING_DIR --terragrunt-non-interactive

- name: Terragrunt Apply
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
run: |
terragrunt run-all apply --terragrunt-working-dir $WORKING_DIR --terragrunt-non-interactive
41 changes: 41 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# Local .terraform directories
**/.terraform/*
**/.terragrunt-cache/*

# .tfstate files
*.tfstate
*.tfstate.*

# tfplan file
*tfplan

# .terraform.lock.hcl file
.terraform.lock.hcl

# Crash log files
crash.log
crash.*.log

# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
#*.tfvars
#*.tfvars.json

# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json

# Include override files you do wish to add to version control using negated pattern
# !example_override.tf

# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*

# Ignore CLI configuration files
.terraformrc
terraform.rc
34 changes: 34 additions & 0 deletions ansible/bash_import.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
#!/bin/bash

# Remote database credentials
ENV="dev"
APP_NAME="app1"

ALB_DNS=$(aws ssm get-parameter --name "/$ENV/alb-$APP_NAME/dns" --with-decryption --query "Parameter.Value" --output text)
DB_PASS=$(aws ssm get-parameter --name "/$ENV/db-$APP_NAME/password" --with-decryption --query "Parameter.Value" --output text)
DB_USER=$(aws ssm get-parameter --name "/$ENV/db-$APP_NAME/username" --with-decryption --query "Parameter.Value" --output text)
DB_HOST=$(aws ssm get-parameter --name "/$ENV/db-$APP_NAME/url" --with-decryption --query "Parameter.Value" --output text)
DB_NAME=$(aws ssm get-parameter --name "/$ENV/db-$APP_NAME/name" --with-decryption --query "Parameter.Value" --output text)
DB_PORT=3306

# Path to the SQL dump file
SQL_DUMP="wordpress.sql"

# Check if the SQL dump file exists
if [ ! -f "$SQL_DUMP" ]; then
echo "Error: SQL dump file not found: $SQL_DUMP"
exit 1
fi

# Replace occurrences of 'localhost' with 'ALB URL' in the dump file
sed -i "s/localhost/$ALB_URL/g" "$SQL_DUMP"

# Log in to MySQL/MariaDB on the remote server and restore the database
mysql -h "$DB_HOST" -P "$DB_PORT" -u "$DB_USER" -p"$DB_PASS" "$DB_NAME" < "$SQL_DUMP"

# Check the exit status of the mysql command
if [ $? -eq 0 ]; then
echo "Database restored successfully."
else
echo "Error: Database restore failed."
fi
55 changes: 55 additions & 0 deletions ansible/import_data.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
---
- name: Restore MariaDB database from SQL dump on AWS RDS
hosts: localhost # Assuming you run Ansible from your local machine

vars:
application_env: "{{ lookup('env', 'APPLICATION_ENV') }}"
application_name: "{{ lookup('env', 'APPLICATION_NAME') }}"
path_to_dump: "wordpress.sql"
db_port: "3306"
db_params:
- name: "/{{ application_env }}/db-{{ application_name }}/password"
fact_name: db_password
- name: "/{{ application_env }}/db-{{ application_name }}/username"
fact_name: db_username
- name: "/{{ application_env }}/db-{{ application_name }}/name"
fact_name: db_name
- name: "/{{ application_env }}/db-{{ application_name }}/url"
fact_name: db_url
- name: "/{{ application_env }}/alb-{{ application_name }}/dns"
fact_name: alb_dns

tasks:

- name: Current env
debug:
msg: "{{ application_env }}"

- name: Current app_name
debug:
msg: "{{ application_name }}"

- name: Get DB params from AWS Parameter store
set_fact:
"{{ item.fact_name }}": "{{ lookup('aws_ssm', item.name) }}"
loop: "{{ db_params }}"

- name: ALB dns name
debug:
msg: "{{ alb_dns }}"

- name: Replace 'localhost' with ALB Name
ansible.builtin.replace:
path: "{{ path_to_dump }}"
regexp: 'localhost'
replace: "{{ alb_dns }}"

- name: Restore database from SQL dump
ansible.builtin.shell: >
mysql -h "{{ db_url }}" -P "{{ db_port }}" -u "{{ db_username }}" -p"{{ db_password }}" "{{ db_name }}" < "{{ path_to_dump }}"
register: restore_result

- name: Print restore result
debug:
var: restore_result.stderr_lines

Loading

0 comments on commit daf466b

Please sign in to comment.