config: use aws_ssm to store parameters

author: clarkzjw <[email protected]> 2022-12-11 15:16:17 -0800
committer: clarkzjw <[email protected]> 2022-12-11 15:16:17 -0800
commit: 90564c7d34006223bf2874b729a9af6e1c87c542 (patch)
tree: db2800b00bcc9d52adb0207d6102d6d778c17884
parent: 39317f1daab7771105878a4d0051d3d770425e19 (diff)
download: jinwei.me-90564c7d34006223bf2874b729a9af6e1c87c542.tar.gz
7 files changed, 72 insertions, 21 deletions
diff --git a/.gitignore b/.gitignore
index 4220221..86c0298 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,5 @@
 .idea/
-aws-rc
+admin-rc
 connect_mysql.sh
 # Local .terraform directories
 **/.terraform/*
diff --git a/jinwei.me/config/roles/wordpress/build.sh b/jinwei.me/config/roles/wordpress/build.sh
new file mode 100755
index 0000000..55d7c0e
--- /dev/null
+++ b/jinwei.me/config/roles/wordpress/build.sh
@@ -0,0 +1,5 @@
+docker_repo=docker.io/clarkzjw
+docker_image=wordpress
+docker_image_tag=$(date -u +%Y%m%d)
+sudo docker build -t $docker_repo/$docker_image:"$docker_image_tag" .
+sudo docker push $docker_repo/$docker_image:"$docker_image_tag"
diff --git a/jinwei.me/config/roles/wordpress/defaults/main.yaml b/jinwei.me/config/roles/wordpress/defaults/main.yaml
new file mode 100644
index 0000000..250e0a5
--- /dev/null
+++ b/jinwei.me/config/roles/wordpress/defaults/main.yaml
@@ -0,0 +1,4 @@
+wordpress_image: clarkzjw/wordpress
+wordpress_image_tag: 20221211
+wordpress_port: 30080
+wordpress_home: /opt/wordpress
diff --git a/jinwei.me/config/roles/wordpress/tasks/main.yaml b/jinwei.me/config/roles/wordpress/tasks/main.yaml
index 51e1a2b..3835145 100644
--- a/jinwei.me/config/roles/wordpress/tasks/main.yaml
+++ b/jinwei.me/config/roles/wordpress/tasks/main.yaml
@@ -3,27 +3,14 @@
    name: "{{ wordpress_image }}:{{ wordpress_image_tag }}"
    source: pull
+- name: render config file
+  template:
+    src: docker-compose.yaml.j2
+    dest: "{{ wordpress_home }}/docker-compose.yaml"
+    mode: 0644
 - name: Start wordpress container using docker-compose
  community.docker.docker_compose:
    project_name: wordpress
-    definition:
+    project_src: "{{ wordpress_home }}"
-      version: '3'
-      services:
-        cloudflared:
-          image: cloudflare/cloudflared
-          container_name: cloudflare-tunnel
-          restart: always
-          command: tunnel run
-          environment:
-            - TUNNEL_TOKEN={{ cloudflared_tunnel_token }}
-        wordpress:
-          image: "{{ wordpress_image }}:{{ wordpress_image_tag }}"
-          volumes:
-            - "{{ wordpress_home }}/wp-content:/var/www/html/wp-content"
-          restart: always
-          environment:
-            - WORDPRESS_DB_HOST={{ wordpress_db_host }}
-            - WORDPRESS_DB_USER={{ wordpress_db_user }}
-            - WORDPRESS_DB_PASSWORD={{ wordpress_db_password }}
-            - WORDPRESS_DB_NAME={{ wordpress_db_name }}
  register: output
diff --git a/jinwei.me/config/roles/wordpress/templates/docker-compose.yaml.j2 b/jinwei.me/config/roles/wordpress/templates/docker-compose.yaml.j2
new file mode 100644
index 0000000..be85fb4
--- /dev/null
+++ b/jinwei.me/config/roles/wordpress/templates/docker-compose.yaml.j2
@@ -0,0 +1,19 @@
+version: '3'
+services:
+    cloudflared:
+        image: cloudflare/cloudflared
+        container_name: cloudflare-tunnel
+        restart: always
+        command: tunnel run
+        environment:
+        - TUNNEL_TOKEN={{ lookup('aws_ssm', '/jinwei-me/cloudflare/tunnel_token') }}
+    wordpress:
+        image: "{{ wordpress_image }}:{{ wordpress_image_tag }}"
+        volumes:
+        - "{{ wordpress_home }}/wp-content:/var/www/html/wp-content"
+        restart: always
+        environment:
+        - WORDPRESS_DB_HOST={{ lookup('aws_ssm', '/jinwei-me/mysql/host') }}:{{ lookup('aws_ssm', '/jinwei-me/mysql/port') }}
+        - WORDPRESS_DB_USER={{ lookup('aws_ssm', '/jinwei-me/mysql/username') }}
+        - WORDPRESS_DB_PASSWORD={{ lookup('aws_ssm', '/jinwei-me/mysql/password') }}
+        - WORDPRESS_DB_NAME={{ lookup('aws_ssm', '/jinwei-me/mysql/name') }}
diff --git a/jinwei.me/infra/cloudflare.tf b/jinwei.me/infra/cloudflare.tf
index 6e9660e..5d81462 100644
--- a/jinwei.me/infra/cloudflare.tf
+++ b/jinwei.me/infra/cloudflare.tf
@@ -50,3 +50,9 @@ resource "cloudflare_tunnel_config" "tunnel_route" {
    }
  }
 }
+resource "aws_ssm_parameter" "cloudflare_tunnel_token" {
+  name  = "/${local.name}/cloudflare/tunnel_token"
+  type  = "SecureString"
+  value = cloudflare_argo_tunnel.tunnel.tunnel_token
+}
diff --git a/jinwei.me/infra/rds.tf b/jinwei.me/infra/rds.tf
index 381868e..3abac21 100644
--- a/jinwei.me/infra/rds.tf
+++ b/jinwei.me/infra/rds.tf
@@ -25,3 +25,33 @@ resource "random_password" "mysql_password" {
  length  = 16
  special = false
 }
+resource "aws_ssm_parameter" "wordpress_db_host" {
+  name  = "/${var.name}/mysql/host"
+  type  = "String"
+  value = aws_db_instance.jinwei-me.address
+}
+resource "aws_ssm_parameter" "wordpress_db_port" {
+  name  = "/${var.name}/mysql/port"
+  type  = "String"
+  value = aws_db_instance.jinwei-me.port
+}
+resource "aws_ssm_parameter" "wordpress_db_name" {
+  name  = "/${local.name}/mysql/name"
+  type  = "String"
+  value = aws_db_instance.jinwei-me.db_name
+}
+resource "aws_ssm_parameter" "wordpress_db_user" {
+  name  = "/${local.name}/mysql/username"
+  type  = "String"
+  value = aws_db_instance.jinwei-me.username
+}
+resource "aws_ssm_parameter" "wordpress_db_password" {
+  name  = "/${local.name}/mysql/password"
+  type  = "SecureString"
+  value = random_password.mysql_password.result
+}
author	clarkzjw <[email protected]>	2022-12-11 15:16:17 -0800
committer	clarkzjw <[email protected]>	2022-12-11 15:16:17 -0800
commit	90564c7d34006223bf2874b729a9af6e1c87c542 (patch)
tree	db2800b00bcc9d52adb0207d6102d6d778c17884
parent	39317f1daab7771105878a4d0051d3d770425e19 (diff)
download	jinwei.me-90564c7d34006223bf2874b729a9af6e1c87c542.tar.gz

diff --git a/.gitignore b/.gitignore index 4220221..86c0298 100644 --- a/.gitignore +++ b/.gitignore
@@ -1,5 +1,5 @@
1	.idea/	1	.idea/
2	aws-rc	2	admin-rc
3	connect_mysql.sh	3	connect_mysql.sh
4	# Local .terraform directories	4	# Local .terraform directories
5	*/.terraform/	5	*/.terraform/


diff --git a/jinwei.me/config/roles/wordpress/build.sh b/jinwei.me/config/roles/wordpress/build.sh new file mode 100755 index 0000000..55d7c0e --- /dev/null +++ b/jinwei.me/config/roles/wordpress/build.sh
@@ -0,0 +1,5 @@
		1	docker_repo=docker.io/clarkzjw
		2	docker_image=wordpress
		3	docker_image_tag=$(date -u +%Y%m%d)
		4	sudo docker build -t $docker_repo/$docker_image:"$docker_image_tag" .
		5	sudo docker push $docker_repo/$docker_image:"$docker_image_tag"


diff --git a/jinwei.me/config/roles/wordpress/defaults/main.yaml b/jinwei.me/config/roles/wordpress/defaults/main.yaml new file mode 100644 index 0000000..250e0a5 --- /dev/null +++ b/jinwei.me/config/roles/wordpress/defaults/main.yaml
@@ -0,0 +1,4 @@
		1	wordpress_image: clarkzjw/wordpress
		2	wordpress_image_tag: 20221211
		3	wordpress_port: 30080
		4	wordpress_home: /opt/wordpress


diff --git a/jinwei.me/config/roles/wordpress/tasks/main.yaml b/jinwei.me/config/roles/wordpress/tasks/main.yaml index 51e1a2b..3835145 100644 --- a/jinwei.me/config/roles/wordpress/tasks/main.yaml +++ b/jinwei.me/config/roles/wordpress/tasks/main.yaml
@@ -3,27 +3,14 @@
3	name: "{{ wordpress_image }}:{{ wordpress_image_tag }}"	3	name: "{{ wordpress_image }}:{{ wordpress_image_tag }}"
4	source: pull	4	source: pull
5		5
		6	- name: render config file
		7	template:
		8	src: docker-compose.yaml.j2
		9	dest: "{{ wordpress_home }}/docker-compose.yaml"
		10	mode: 0644
		11
6	- name: Start wordpress container using docker-compose	12	- name: Start wordpress container using docker-compose
7	community.docker.docker_compose:	13	community.docker.docker_compose:
8	project_name: wordpress	14	project_name: wordpress
9	definition:	15	project_src: "{{ wordpress_home }}"
10	version: '3'
11	services:
12	cloudflared:
13	image: cloudflare/cloudflared
14	container_name: cloudflare-tunnel
15	restart: always
16	command: tunnel run
17	environment:
18	- TUNNEL_TOKEN={{ cloudflared_tunnel_token }}
19	wordpress:
20	image: "{{ wordpress_image }}:{{ wordpress_image_tag }}"
21	volumes:
22	- "{{ wordpress_home }}/wp-content:/var/www/html/wp-content"
23	restart: always
24	environment:
25	- WORDPRESS_DB_HOST={{ wordpress_db_host }}
26	- WORDPRESS_DB_USER={{ wordpress_db_user }}
27	- WORDPRESS_DB_PASSWORD={{ wordpress_db_password }}
28	- WORDPRESS_DB_NAME={{ wordpress_db_name }}
29	register: output	16	register: output


diff --git a/jinwei.me/config/roles/wordpress/templates/docker-compose.yaml.j2 b/jinwei.me/config/roles/wordpress/templates/docker-compose.yaml.j2 new file mode 100644 index 0000000..be85fb4 --- /dev/null +++ b/jinwei.me/config/roles/wordpress/templates/docker-compose.yaml.j2
@@ -0,0 +1,19 @@
		1	version: '3'
		2	services:
		3	cloudflared:
		4	image: cloudflare/cloudflared
		5	container_name: cloudflare-tunnel
		6	restart: always
		7	command: tunnel run
		8	environment:
		9	- TUNNEL_TOKEN={{ lookup('aws_ssm', '/jinwei-me/cloudflare/tunnel_token') }}
		10	wordpress:
		11	image: "{{ wordpress_image }}:{{ wordpress_image_tag }}"
		12	volumes:
		13	- "{{ wordpress_home }}/wp-content:/var/www/html/wp-content"
		14	restart: always
		15	environment:
		16	- WORDPRESS_DB_HOST={{ lookup('aws_ssm', '/jinwei-me/mysql/host') }}:{{ lookup('aws_ssm', '/jinwei-me/mysql/port') }}
		17	- WORDPRESS_DB_USER={{ lookup('aws_ssm', '/jinwei-me/mysql/username') }}
		18	- WORDPRESS_DB_PASSWORD={{ lookup('aws_ssm', '/jinwei-me/mysql/password') }}
		19	- WORDPRESS_DB_NAME={{ lookup('aws_ssm', '/jinwei-me/mysql/name') }}


diff --git a/jinwei.me/infra/cloudflare.tf b/jinwei.me/infra/cloudflare.tf index 6e9660e..5d81462 100644 --- a/jinwei.me/infra/cloudflare.tf +++ b/jinwei.me/infra/cloudflare.tf
@@ -50,3 +50,9 @@ resource "cloudflare_tunnel_config" "tunnel_route" {
50	}	50	}
51	}	51	}
52	}	52	}
		53
		54	resource "aws_ssm_parameter" "cloudflare_tunnel_token" {
		55	name = "/${local.name}/cloudflare/tunnel_token"
		56	type = "SecureString"
		57	value = cloudflare_argo_tunnel.tunnel.tunnel_token
		58	}


diff --git a/jinwei.me/infra/rds.tf b/jinwei.me/infra/rds.tf index 381868e..3abac21 100644 --- a/jinwei.me/infra/rds.tf +++ b/jinwei.me/infra/rds.tf
@@ -25,3 +25,33 @@ resource "random_password" "mysql_password" {
25	length = 16	25	length = 16
26	special = false	26	special = false
27	}	27	}
		28
		29	resource "aws_ssm_parameter" "wordpress_db_host" {
		30	name = "/${var.name}/mysql/host"
		31	type = "String"
		32	value = aws_db_instance.jinwei-me.address
		33	}
		34
		35	resource "aws_ssm_parameter" "wordpress_db_port" {
		36	name = "/${var.name}/mysql/port"
		37	type = "String"
		38	value = aws_db_instance.jinwei-me.port
		39	}
		40
		41	resource "aws_ssm_parameter" "wordpress_db_name" {
		42	name = "/${local.name}/mysql/name"
		43	type = "String"
		44	value = aws_db_instance.jinwei-me.db_name
		45	}
		46
		47	resource "aws_ssm_parameter" "wordpress_db_user" {
		48	name = "/${local.name}/mysql/username"
		49	type = "String"
		50	value = aws_db_instance.jinwei-me.username
		51	}
		52
		53	resource "aws_ssm_parameter" "wordpress_db_password" {
		54	name = "/${local.name}/mysql/password"
		55	type = "SecureString"
		56	value = random_password.mysql_password.result
		57	}