From 90564c7d34006223bf2874b729a9af6e1c87c542 Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Sun, 11 Dec 2022 15:16:17 -0800 Subject: config: use aws_ssm to store parameters --- .gitignore | 2 +- jinwei.me/config/roles/wordpress/build.sh | 5 ++++ .../config/roles/wordpress/defaults/main.yaml | 4 +++ jinwei.me/config/roles/wordpress/tasks/main.yaml | 27 +++++-------------- .../wordpress/templates/docker-compose.yaml.j2 | 19 ++++++++++++++ jinwei.me/infra/cloudflare.tf | 6 +++++ jinwei.me/infra/rds.tf | 30 ++++++++++++++++++++++ 7 files changed, 72 insertions(+), 21 deletions(-) create mode 100755 jinwei.me/config/roles/wordpress/build.sh create mode 100644 jinwei.me/config/roles/wordpress/defaults/main.yaml create mode 100644 jinwei.me/config/roles/wordpress/templates/docker-compose.yaml.j2 diff --git a/.gitignore b/.gitignore index 4220221..86c0298 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ .idea/ -aws-rc +admin-rc connect_mysql.sh # Local .terraform directories **/.terraform/* diff --git a/jinwei.me/config/roles/wordpress/build.sh b/jinwei.me/config/roles/wordpress/build.sh new file mode 100755 index 0000000..55d7c0e --- /dev/null +++ b/jinwei.me/config/roles/wordpress/build.sh @@ -0,0 +1,5 @@ +docker_repo=docker.io/clarkzjw +docker_image=wordpress +docker_image_tag=$(date -u +%Y%m%d) +sudo docker build -t $docker_repo/$docker_image:"$docker_image_tag" . +sudo docker push $docker_repo/$docker_image:"$docker_image_tag" diff --git a/jinwei.me/config/roles/wordpress/defaults/main.yaml b/jinwei.me/config/roles/wordpress/defaults/main.yaml new file mode 100644 index 0000000..250e0a5 --- /dev/null +++ b/jinwei.me/config/roles/wordpress/defaults/main.yaml @@ -0,0 +1,4 @@ +wordpress_image: clarkzjw/wordpress +wordpress_image_tag: 20221211 +wordpress_port: 30080 +wordpress_home: /opt/wordpress diff --git a/jinwei.me/config/roles/wordpress/tasks/main.yaml b/jinwei.me/config/roles/wordpress/tasks/main.yaml index 51e1a2b..3835145 100644 --- a/jinwei.me/config/roles/wordpress/tasks/main.yaml +++ b/jinwei.me/config/roles/wordpress/tasks/main.yaml @@ -3,27 +3,14 @@ name: "{{ wordpress_image }}:{{ wordpress_image_tag }}" source: pull +- name: render config file + template: + src: docker-compose.yaml.j2 + dest: "{{ wordpress_home }}/docker-compose.yaml" + mode: 0644 + - name: Start wordpress container using docker-compose community.docker.docker_compose: project_name: wordpress - definition: - version: '3' - services: - cloudflared: - image: cloudflare/cloudflared - container_name: cloudflare-tunnel - restart: always - command: tunnel run - environment: - - TUNNEL_TOKEN={{ cloudflared_tunnel_token }} - wordpress: - image: "{{ wordpress_image }}:{{ wordpress_image_tag }}" - volumes: - - "{{ wordpress_home }}/wp-content:/var/www/html/wp-content" - restart: always - environment: - - WORDPRESS_DB_HOST={{ wordpress_db_host }} - - WORDPRESS_DB_USER={{ wordpress_db_user }} - - WORDPRESS_DB_PASSWORD={{ wordpress_db_password }} - - WORDPRESS_DB_NAME={{ wordpress_db_name }} + project_src: "{{ wordpress_home }}" register: output diff --git a/jinwei.me/config/roles/wordpress/templates/docker-compose.yaml.j2 b/jinwei.me/config/roles/wordpress/templates/docker-compose.yaml.j2 new file mode 100644 index 0000000..be85fb4 --- /dev/null +++ b/jinwei.me/config/roles/wordpress/templates/docker-compose.yaml.j2 @@ -0,0 +1,19 @@ +version: '3' +services: + cloudflared: + image: cloudflare/cloudflared + container_name: cloudflare-tunnel + restart: always + command: tunnel run + environment: + - TUNNEL_TOKEN={{ lookup('aws_ssm', '/jinwei-me/cloudflare/tunnel_token') }} + wordpress: + image: "{{ wordpress_image }}:{{ wordpress_image_tag }}" + volumes: + - "{{ wordpress_home }}/wp-content:/var/www/html/wp-content" + restart: always + environment: + - WORDPRESS_DB_HOST={{ lookup('aws_ssm', '/jinwei-me/mysql/host') }}:{{ lookup('aws_ssm', '/jinwei-me/mysql/port') }} + - WORDPRESS_DB_USER={{ lookup('aws_ssm', '/jinwei-me/mysql/username') }} + - WORDPRESS_DB_PASSWORD={{ lookup('aws_ssm', '/jinwei-me/mysql/password') }} + - WORDPRESS_DB_NAME={{ lookup('aws_ssm', '/jinwei-me/mysql/name') }} diff --git a/jinwei.me/infra/cloudflare.tf b/jinwei.me/infra/cloudflare.tf index 6e9660e..5d81462 100644 --- a/jinwei.me/infra/cloudflare.tf +++ b/jinwei.me/infra/cloudflare.tf @@ -50,3 +50,9 @@ resource "cloudflare_tunnel_config" "tunnel_route" { } } } + +resource "aws_ssm_parameter" "cloudflare_tunnel_token" { + name = "/${local.name}/cloudflare/tunnel_token" + type = "SecureString" + value = cloudflare_argo_tunnel.tunnel.tunnel_token +} diff --git a/jinwei.me/infra/rds.tf b/jinwei.me/infra/rds.tf index 381868e..3abac21 100644 --- a/jinwei.me/infra/rds.tf +++ b/jinwei.me/infra/rds.tf @@ -25,3 +25,33 @@ resource "random_password" "mysql_password" { length = 16 special = false } + +resource "aws_ssm_parameter" "wordpress_db_host" { + name = "/${var.name}/mysql/host" + type = "String" + value = aws_db_instance.jinwei-me.address +} + +resource "aws_ssm_parameter" "wordpress_db_port" { + name = "/${var.name}/mysql/port" + type = "String" + value = aws_db_instance.jinwei-me.port +} + +resource "aws_ssm_parameter" "wordpress_db_name" { + name = "/${local.name}/mysql/name" + type = "String" + value = aws_db_instance.jinwei-me.db_name +} + +resource "aws_ssm_parameter" "wordpress_db_user" { + name = "/${local.name}/mysql/username" + type = "String" + value = aws_db_instance.jinwei-me.username +} + +resource "aws_ssm_parameter" "wordpress_db_password" { + name = "/${local.name}/mysql/password" + type = "SecureString" + value = random_password.mysql_password.result +} -- cgit v1.2.3