first commit

cloudreach · Nov 24, 2017 · b510a76 · b510a76
commit b510a76
Show file tree

Hide file tree

Showing 43 changed files with 2,273 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,102 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+*/.serverless
+*/.plan.out
+**/*.tfstate.backup
+**/*terraform.tfstate
+**/.terraform
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*,cover
+.hypothesis/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# dotenv
+.env
+
+# virtualenv
+.venv/
+venv/
+ENV/
+
+# Spyder project settings
+.spyderproject
+
+# Rope project settings
+.ropeproject
+
+
+
+# Module directory
+**/.terraform/modules/
+**/.terraform/plugins/
diff --git a/AUTHORS.rst b/AUTHORS.rst
@@ -0,0 +1,8 @@
+=======
+Credits
+=======
+
+Owner
+-----
+
+* Giulio Calzolari `@giuliocalzo <https://github.com/giuliocalzolari)>`_
diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
@@ -0,0 +1,119 @@
+============
+Contributing
+============
+
+Hello! Thank you for choosing to help contribute to one of the Cloudreach OpenSource projects. There are many ways you can contribute and help is always welcome.  We simply ask that you follow the following contribution policies.
+
+- `How to Contribute`_
+
+  - `Report Bugs`_
+  - `Enhancement Proposal`_
+  - `Contributing Code`_
+
+- `Get Started`_
+- `Credits`_
+
+
+How to Contribute
+-----------------
+
+Report Bugs
+***********
+
+Note: DO NOT include your credentials in ANY code examples, descriptions, or media you make public.
+
+
+Before submitting a bug, please check our `issues page <https://github.com/cloudreach/awsloft-terraform-ci/issues>`_ to see if it's already been reported.
+
+When reporting a bug, fill out the required template, and please include as much detail as possible as it helps us resolve issues faster.
+
+
+Enhancement Proposal
+********************
+
+Enhancement proposals should:
+
+* Use a descriptive title.
+* Provide a step-by-step description of the suggested enhancement.
+* Provide specific examples to demonstrate the steps.
+* Describe the current behaviour and explain which behaviour you expected to see instead.
+* Keep the scope as narrow as possible, to make it easier to implement.
+
+Remember that this is a volunteer-driven project, and that contributions are welcome.
+
+
+Contributing Code
+*****************
+
+Contributions should be made in response to a particular GitHub Issue. We find it easier to review code if we've already discussed what it should do, and assessed if it fits with the wider codebase.
+
+Beginner friendly issues are marked with the ``beginner friendly`` tag. We'll endeavour to write clear instructions on what we want to do, why we want to do it, and roughly how to do it. Feel free to ask us any questions that may arise.
+
+A good pull request:
+
+* Is clear.
+* Works across all supported version of Python.
+* Complies with the existing codebase style (`flake8 <http://flake8.pycqa.org/en/latest/>`_, `pylint <https://www.pylint.org/>`_).
+* Includes `docstrings <https://www.python.org/dev/peps/pep-0257/>`_ and comments for unintuitive sections of code.
+* Includes documentation for new features.
+* Includes tests cases that demonstrates the previous flaw that now passes with the included patch, or demonstrates the newly added feature. Tests should have 100% code coverage.
+* Is appropriately licensed (Apache 2.0).
+
+
+
+
+Get Started
+-----------
+
+1. Fork the ``awsloft-terraform-ci`` repository on GitHub.
+2. Clone your fork locally::
+
+    $ git clone git@github.org:your_name_here/awsloft-terraform-ci.git
+
+3. Install your local copy into a `virtual environment <http://docs.python-guide.org/en/latest/dev/virtualenvs/>`_. Assuming you have virtualenv installed, this is how you set up your fork for local development:
+
+.. code-block:: shell
+
+    $ cd awsloft-terraform-ci/
+    $ # Enable your virtual environment
+    $ virtualenv env
+    $ source env/bin/activate
+    $ # Install python requirements
+    $ pip install -r requirements.txt
+
+4. Create a branch for local development:
+
+.. code-block:: shell
+
+    $ git checkout -b <GitHub issue number>-<short description>
+
+5. When you're done making changes, check that your changes pass flake8 and the tests, including testing other Python versions with tox:
+
+.. code-block:: shell
+
+    $ make lint
+    $ make test-all
+    $ make coverage  # coverage should be 100%
+
+6. Make sure the changes comply with the pull request guidelines in the section on `Contributing Code`_.
+
+7. Commit your changes:
+
+.. code-block:: shell
+
+    $ git add .
+    $ git commit
+
+Commit messages should follow `these guidelines <https://github.com/erlang/otp/wiki/Writing-good-commit-messages>`_.
+
+Push your branch to GitHub::
+
+    $ git push origin <description of pull request>
+
+8. Submit a pull request through the GitHub website.
+
+
+Credits
+-------
+
+This document took inspiration from the CONTRIBUTING files of the `Atom <https://github.com/atom/atom/blob/abccce6ee9079fdaefdecb018e72ea64000e52ef/CONTRIBUTING.md>`_ and `Boto3 <https://github.com/boto/boto3/blob/e85febf46a819d901956f349afef0b0eaa4d906d/CONTRIBUTING.rst>`_ projects.
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,15 @@
+Apache Software License 2.0
+
+Copyright 2017 Cloudreach Europe Limited or its affiliates. All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/README.rst b/README.rst
@@ -0,0 +1,106 @@
+==================================================
+DevOps with Terraform
+==================================================
+
+Overview
+--------
+During our session at AWS Loft in Munich on November 22nd we presented “How to deploy AWS Infrastructure in a true DevOps fashion” using Terraform, AWS Codepipeline and AWS Codebuild.
+
+As best practise Cloudreach suggests to deploy infrastructure as a code using AWS Cloudformation, AWS CLI or our tool `Sceptre <https://www.cloudreach.com/cloudreach-sceptre/>`_. For the purpose of this article we will focus on Terraform in order to evaluate a different tool.
+
+Terraform is a general purpose infrastructure construction tool which supports multiple public cloud providers. Although it’s not an abstraction layer allowing users to create infrastructure on any cloud provider using the same code, it is powerful in that the same syntax can be used to create resources in multiple public cloud providers.
+
+Terraform uses its own configuration format (TF) to describe desired infrastructure resources. The TF format also provides for variables, conditionals, and iterators while still being readable. JSON is also supported, as an alternative to the TF format. JSON allows for other tools and languages to leverage Terraform’s wide array of features.
+
+One of Terraform’s most attractive features is how it tracks and maintains its configuration data. Configurations are tracked through the “terraform.tfstate” file, which can be stored locally or in a shared location (e.g. S3 bucket) for collaborative efforts. In the latter case, Terraform provides for execution locks so that the target environment is only manipulated by one Terraform execution at a time, preventing overlapping errors. In those cases where infrastructure resources have been modified outside of Terraform, Terraform provides facilities to safely ingest new/modified resources or delete non-existent resources from the terraform.tfstate file.
+
+Terraform is an active open source project, where the community keeps the tool up to date with new features quickly. The source code can be found here.
+
+Architecture
+For the scope of this demonstration we will deploy the followings architecture
+
+
+
+Diagram
+*******
+
+.. image:: resources/architecture.jpeg
+   :align: center
+
+
+
+
+Pipeline
+********
+
+Dedicated pipeline defined in Cloudformation template will provide the automatic deployment of the full environment.
+This pipeline allows:
+
+- Use of AWS technology only (such as CodePipeline, CodeCommit, CodeBuild, SNS)
+- No use of Jenkins to orchestrate deployments
+- Reduction of costs
+- Performing a full deployment on every “git commit”
+
+
+.. image:: resources/pipeline.jpeg
+   :align: center
+
+
+Technology
+----------
+
+CodeDeploy
+**********
+AWS CodeDeploy is a service that automates the deployment of an application code to EC2 instances (or to servers running on-premises). CodeDeploy can be configured to deploy according to various methods (e.g. all at once or a specified percentage / number of instances at a time), and it can track application health during the deployment process and rollback to previous versions if needed. It integrates with other CI/CD products, including Jenkins and CodePipeline.
+
+
+CodePipeline
+************
+AWS CodePipeline is a CI/CD service that allows defining processes for application and infrastructure updates. CodePipeline integrates with code repositories (e.g. AWS CodeCommit, GitHub), build systems (e.g. Jenkins), testing products, deployment tools (e.g. AWS CodeDeploy). It also orchestrates the inputs, actions, and outputs of each step in the process. CodePipeline comes with pre-built plugins and, if needed, custom plugins can be created to integrate with other third-party tools.
+
+
+Getting Started
+---------------
+
+How to initialize Parameters store
+
+.. code:: bash
+
+    $ aws ssm put-parameter --name 'dev.db.password' --value 'WordpressSecretPassword-234'  --type SecureString --region eu-central-1
+    $ aws ssm put-parameter --name 'dev.db.username' --value 'wordpress_user' --type String --region eu-central-1
+
+    $ aws ssm put-parameter --name 'prod.db.password' --value 'WordpressSecretPassword-567'  --type SecureString --region eu-central-1
+    $ aws ssm put-parameter --name 'prod.db.username' --value 'wordpress_user_prod' --type String --region eu-central-1
+
+    $ aws ssm put-parameter --name 'common.base_ami' --value 'ami-c7ee5ca8' --type String --region eu-central-1
+
+
+How to bootstrap AWS pipeline using AWS Cloudformation
+
+.. code:: bash
+
+    $  ./deploy-cfn.sh
+    Enter the GitHub OAuth Token:
+
+Please read the official `GitHub documentation <https://github.com/settings/tokens>`_ to retrieve your OAuth Token and the related `AWS documentation <http://docs.aws.amazon.com/codepipeline/latest/userguide/troubleshooting.html#troubleshooting-gs2>`_
+
+
+
+
+How to Contribute
+*****************
+
+We encourage contribution to our projects, please see our `CONTRIBUTING <CONTRIBUTING.rst>`_ guide for details.
+
+
+License
+-------
+
+
+**awsloft-terraform-ci** is licensed under the `Apache Software License 2.0 <LICENSE>`_.
+
+Thanks
+------
+
+
+Keep It Cloudy (`@CloudreachKIC <https://www.cloudreach.com/>`_)
diff --git a/buildspec-dev.yml b/buildspec-dev.yml
@@ -0,0 +1,44 @@
+version: 0.2
+
+env:
+  variables:
+    TF_VERSION: "0.10.7"
+phases:
+
+  install:
+    commands:
+      # install required binary
+      - "curl -s -qL -o /usr/bin/jq https://stedolan.github.io/jq/download/linux64/jq"
+      - "chmod +x /usr/bin/jq"
+      - "cd /usr/bin"
+      - "curl -s -qL -o terraform.zip https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_linux_amd64.zip"
+      - "unzip -o terraform.zip"
+
+  pre_build:
+    commands:
+      # Workaround until TF supports creds via Task Roles when running on ECS or CodeBuild
+      # See: https://github.com/hashicorp/terraform/issues/8746
+      - export AWS_RAW_CRED=$(curl --silent http://169.254.170.2:80$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI)
+      - export AWS_ACCESS_KEY_ID=$(echo $AWS_RAW_CRED | jq -r '.AccessKeyId')
+      - export AWS_SECRET_ACCESS_KEY=$(echo $AWS_RAW_CRED | jq -r '.SecretAccessKey')
+      - export AWS_SESSION_TOKEN=$(echo $AWS_RAW_CRED | jq -r '.Token')
+
+
+
+  build:
+    commands:
+      - cd "$CODEBUILD_SRC_DIR"
+      - cd "environments/$TF_ENV/"
+      - echo " building $TF_ENV"
+      - terraform init -no-color
+      - terraform plan -no-color
+      - terraform apply -no-color
+
+  post_build:
+    commands:
+      - echo "terraform completed on `date`"
+
+
+artifacts:
+  files:
+    - '**/*'