diff --git a/.infra/Frey-state-terraform.tfstate b/.infra/Frey-state-terraform.tfstate index 5a2828e..48dc2b9 100644 --- a/.infra/Frey-state-terraform.tfstate +++ b/.infra/Frey-state-terraform.tfstate @@ -1,24 +1,40 @@ { - "version": 1, - "serial": 25, + "version": 3, + "terraform_version": "0.7.3", + "serial": 28, + "lineage": "deedcad1-a3e9-4e02-9135-c347bbbe0be0", "modules": [ { "path": [ "root" ], "outputs": { - "endpoint": "http://master.tus.io:80/", - "public_address": "ec2-54-166-147-2.compute-1.amazonaws.com", - "public_addresses": "ec2-54-166-147-2.compute-1.amazonaws.com" + "endpoint": { + "sensitive": false, + "type": "string", + "value": "http://master.tus.io:80/" + }, + "public_address": { + "sensitive": false, + "type": "string", + "value": "ec2-54-166-147-2.compute-1.amazonaws.com" + }, + "public_addresses": { + "sensitive": false, + "type": "string", + "value": "ec2-54-166-147-2.compute-1.amazonaws.com" + } }, "resources": { "aws_instance.tusd": { "type": "aws_instance", + "depends_on": [], "primary": { "id": "i-16ef798d", "attributes": { "ami": "ami-9bce7af0", "availability_zone": "us-east-1d", + "disable_api_termination": "false", "ebs_block_device.#": "0", "ebs_optimized": "false", "ephemeral_block_device.#": "0", @@ -28,28 +44,32 @@ "instance_type": "c3.large", "key_name": "infra-tusd", "monitoring": "false", + "network_interface_id": "", "private_dns": "ip-10-99-128-27.ec2.internal", "private_ip": "10.99.128.27", "public_dns": "ec2-54-166-147-2.compute-1.amazonaws.com", "public_ip": "54.166.147.2", "root_block_device.#": "1", "root_block_device.0.delete_on_termination": "true", - "root_block_device.0.iops": "24", + "root_block_device.0.iops": "100", "root_block_device.0.volume_size": "8", "root_block_device.0.volume_type": "gp2", "security_groups.#": "1", "security_groups.1898427277": "fw-tusd-main", "source_dest_check": "true", "subnet_id": "", - "tags.#": "1", + "tags.%": "1", "tags.Name": "master.tus.io", "tenancy": "default", "vpc_security_group_ids.#": "0" }, "meta": { "schema_version": "1" - } - } + }, + "tainted": false + }, + "deposed": [], + "provider": "" }, "aws_route53_record.www": { "type": "aws_route53_record", @@ -59,7 +79,6 @@ "primary": { "id": "Z3IT8X6U91XY1P_master.tus.io_CNAME", "attributes": { - "failover": "", "fqdn": "master.tus.io", "health_check_id": "", "id": "Z3IT8X6U91XY1P_master.tus.io_CNAME", @@ -69,13 +88,19 @@ "set_identifier": "", "ttl": "300", "type": "CNAME", - "weight": "-1", "zone_id": "Z3IT8X6U91XY1P" - } - } + }, + "meta": { + "schema_version": "2" + }, + "tainted": false + }, + "deposed": [], + "provider": "" }, "aws_security_group.fw-tusd-main": { "type": "aws_security_group", + "depends_on": [], "primary": { "id": "sg-60cc290d", "attributes": { @@ -106,12 +131,17 @@ "ingress.516175195.to_port": "8080", "name": "fw-tusd-main", "owner_id": "402421253186", - "tags.#": "0", + "tags.%": "0", "vpc_id": "" - } - } + }, + "meta": {}, + "tainted": false + }, + "deposed": [], + "provider": "" } - } + }, + "depends_on": [] } ] } diff --git a/.infra/Frey-state-terraform.tfstate.backup b/.infra/Frey-state-terraform.tfstate.backup index 2904501..48dc2b9 100644 --- a/.infra/Frey-state-terraform.tfstate.backup +++ b/.infra/Frey-state-terraform.tfstate.backup @@ -1,24 +1,40 @@ { - "version": 1, - "serial": 24, + "version": 3, + "terraform_version": "0.7.3", + "serial": 28, + "lineage": "deedcad1-a3e9-4e02-9135-c347bbbe0be0", "modules": [ { "path": [ "root" ], "outputs": { - "endpoint": "http://master.tus.io:80/", - "public_address": "ec2-54-166-147-2.compute-1.amazonaws.com", - "public_addresses": "ec2-54-166-147-2.compute-1.amazonaws.com" + "endpoint": { + "sensitive": false, + "type": "string", + "value": "http://master.tus.io:80/" + }, + "public_address": { + "sensitive": false, + "type": "string", + "value": "ec2-54-166-147-2.compute-1.amazonaws.com" + }, + "public_addresses": { + "sensitive": false, + "type": "string", + "value": "ec2-54-166-147-2.compute-1.amazonaws.com" + } }, "resources": { "aws_instance.tusd": { "type": "aws_instance", + "depends_on": [], "primary": { "id": "i-16ef798d", "attributes": { "ami": "ami-9bce7af0", "availability_zone": "us-east-1d", + "disable_api_termination": "false", "ebs_block_device.#": "0", "ebs_optimized": "false", "ephemeral_block_device.#": "0", @@ -28,28 +44,32 @@ "instance_type": "c3.large", "key_name": "infra-tusd", "monitoring": "false", + "network_interface_id": "", "private_dns": "ip-10-99-128-27.ec2.internal", "private_ip": "10.99.128.27", "public_dns": "ec2-54-166-147-2.compute-1.amazonaws.com", "public_ip": "54.166.147.2", "root_block_device.#": "1", "root_block_device.0.delete_on_termination": "true", - "root_block_device.0.iops": "24", + "root_block_device.0.iops": "100", "root_block_device.0.volume_size": "8", "root_block_device.0.volume_type": "gp2", "security_groups.#": "1", "security_groups.1898427277": "fw-tusd-main", "source_dest_check": "true", "subnet_id": "", - "tags.#": "1", + "tags.%": "1", "tags.Name": "master.tus.io", "tenancy": "default", "vpc_security_group_ids.#": "0" }, "meta": { "schema_version": "1" - } - } + }, + "tainted": false + }, + "deposed": [], + "provider": "" }, "aws_route53_record.www": { "type": "aws_route53_record", @@ -59,7 +79,6 @@ "primary": { "id": "Z3IT8X6U91XY1P_master.tus.io_CNAME", "attributes": { - "failover": "", "fqdn": "master.tus.io", "health_check_id": "", "id": "Z3IT8X6U91XY1P_master.tus.io_CNAME", @@ -69,13 +88,19 @@ "set_identifier": "", "ttl": "300", "type": "CNAME", - "weight": "-1", "zone_id": "Z3IT8X6U91XY1P" - } - } + }, + "meta": { + "schema_version": "2" + }, + "tainted": false + }, + "deposed": [], + "provider": "" }, "aws_security_group.fw-tusd-main": { "type": "aws_security_group", + "depends_on": [], "primary": { "id": "sg-60cc290d", "attributes": { @@ -90,6 +115,13 @@ "ingress.2214680975.security_groups.#": "0", "ingress.2214680975.self": "false", "ingress.2214680975.to_port": "80", + "ingress.2541437006.cidr_blocks.#": "1", + "ingress.2541437006.cidr_blocks.0": "0.0.0.0/0", + "ingress.2541437006.from_port": "22", + "ingress.2541437006.protocol": "tcp", + "ingress.2541437006.security_groups.#": "0", + "ingress.2541437006.self": "false", + "ingress.2541437006.to_port": "22", "ingress.516175195.cidr_blocks.#": "1", "ingress.516175195.cidr_blocks.0": "0.0.0.0/0", "ingress.516175195.from_port": "8080", @@ -97,23 +129,19 @@ "ingress.516175195.security_groups.#": "0", "ingress.516175195.self": "false", "ingress.516175195.to_port": "8080", - "ingress.614077637.cidr_blocks.#": "3", - "ingress.614077637.cidr_blocks.0": "62.163.187.106/32", - "ingress.614077637.cidr_blocks.1": "84.146.0.0/16", - "ingress.614077637.cidr_blocks.2": "24.134.75.132/32", - "ingress.614077637.from_port": "22", - "ingress.614077637.protocol": "tcp", - "ingress.614077637.security_groups.#": "0", - "ingress.614077637.self": "false", - "ingress.614077637.to_port": "22", "name": "fw-tusd-main", "owner_id": "402421253186", - "tags.#": "0", + "tags.%": "0", "vpc_id": "" - } - } + }, + "meta": {}, + "tainted": false + }, + "deposed": [], + "provider": "" } - } + }, + "depends_on": [] } ] } diff --git a/.infra/Freyfile.hcl b/.infra/Freyfile.hcl new file mode 100644 index 0000000..ba7bcbd --- /dev/null +++ b/.infra/Freyfile.hcl @@ -0,0 +1,194 @@ +global { + appname = "tusd" + approot = "/srv/tusd" + ssh { + key_dir = "./ssh" + } + ansiblecfg { + privilege_escalation { + become = true + } + defaults { + host_key_checking = false + } + } +} + +infra provider aws { + access_key = "${var.FREY_AWS_ACCESS_KEY}" + region = "us-east-1" + secret_key = "${var.FREY_AWS_SECRET_KEY}" +} + +infra variable { + amis { + type = "map" + default { + "us-east-1" = "ami-9bce7af0" + } + } + region { + default = "us-east-1" + } +} + +infra output { + public_address { + value = "${aws_instance.tusd.0.public_dns}" + } + public_addresses { + value = "${join("\n", aws_instance.tusd.*.public_dns)}" + } + endpoint { + value = "http://${aws_route53_record.www.name}:80/" + } +} + +infra resource aws_instance tusd { + ami = "${lookup(var.amis, var.region)}" + instance_type = "c3.large" + key_name = "infra-tusd" + security_groups = ["fw-tusd-main"] + connection { + key_file = "{{{config.global.ssh.privatekey_file}}}" + user = "{{{config.global.ssh.user}}}" + } + tags { + "Name" = "${var.FREY_DOMAIN}" + } +} + +infra resource "aws_route53_record" www { + name = "${var.FREY_DOMAIN}" + records = ["${aws_instance.tusd.public_dns}"] + ttl = "300" + type = "CNAME" + zone_id = "${var.FREY_AWS_ZONE_ID}" +} + +infra resource aws_security_group "fw-tusd-main" { + description = "Infra tusd" + name = "fw-tusd-main" + ingress { + cidr_blocks = ["0.0.0.0/0"] + from_port = 8080 + protocol = "tcp" + to_port = 8080 + } + ingress { + cidr_blocks = ["0.0.0.0/0"] + from_port = 80 + protocol = "tcp" + to_port = 80 + } + ingress { + cidr_blocks = ["0.0.0.0/0"] + from_port = 22 + protocol = "tcp" + to_port = 22 + } +} + +install { + playbooks { + hosts = "tusd" + name = "Install tusd" + roles { + role = "{{{init.paths.roles_dir}}}/apt/v1.0.0" + apt_packages = ["apg", "build-essential", "curl", "git-core", "htop", "iotop", "libpcre3", "logtail", "mlocate", "mtr", "psmisc", "telnet", "vim", "wget"] + } + roles { + role = "{{{init.paths.roles_dir}}}/unattended-upgrades/v1.2.0" + } + tasks { + lineinfile = "dest=/home/{{{config.global.ssh.user}}}/.bashrc line=\"alias wtf='sudo tail -f /var/log/*{log,err} /var/log/{dmesg,messages,*{,/*}{log,err}}'\" owner={{{config.global.ssh.user}}} group={{{config.global.ssh.user}}} mode=0644 backup=yes" + name = "Common | Add convenience shortcut wtf" + } + tasks { + lineinfile = "dest=/home/{{{config.global.ssh.user}}}/.bashrc line=\"cd {{{config.global.approot}}}/current || true\" owner={{{config.global.ssh.user}}} group={{{config.global.ssh.user}}} mode=0644 backup=yes" + name = "Common | Install login" + } + tasks { + name = "Common | Set motd" + copy = "content='Welcome to {{lookup('env', 'FREY_DOMAIN')}}' dest=/etc/motd owner=root group=root mode=0644 backup=yes" + } + tasks { + name = "Common | Set timezone variables" + copy = "content='Etc/UTC' dest=/etc/timezone owner=root group=root mode=0644 backup=yes" + notify = ["Common | Update timezone"] + } + handlers { + name = "Common | Update timezone" + command = "dpkg-reconfigure --frontend noninteractive tzdata" + } + } +} + +setup { + playbooks { + hosts = "tusd" + name = "Setup tusd" + roles { + role = "{{{init.paths.roles_dir}}}/upstart/v1.0.0" + upstart_command = "./tusd -port=8080 -dir=/mnt/tusd-data -store-size=10737418240" + upstart_description = "tusd server" + upstart_name = "{{{config.global.appname}}}" + upstart_pidfile_path = "{{{config.global.approot}}}/shared/{{{config.global.appname}}}.pid" + upstart_respawn = true + upstart_respawn_limit = true + upstart_runtime_root = "{{{config.global.approot}}}/current/tusd_linux_amd64" + upstart_user = "www-data" + } + roles { + role = "{{{init.paths.roles_dir}}}/rsyslog/v3.0.1" + rsyslog_rsyslog_d_files "49-tusd" { + directives = ["& stop"] + rules { + rule = ":programname, startswith, \"{{{config.global.appname}}}\"" + logpath = "{{{config.global.approot}}}/shared/logs/{{{config.global.appname}}}.log" + } + } + } + roles { + role = "{{{init.paths.roles_dir}}}/fqdn/v1.0.0" + fqdn = "{{lookup('env', 'FREY_DOMAIN')}}" + } + tasks { + file = "path=/mnt/tusd-data state=directory owner=www-data group=www-data mode=0755 recurse=yes" + name = "tusd | Create tusd data dir" + } + } +} + +deploy { + playbooks { + hosts = "tusd" + name = "Deploy tusd" + roles { + role = "{{{init.paths.roles_dir}}}/deploy/v1.4.0" + ansistrano_get_url = "https://github.com/tus/tusd/releases/download/0.1.2/tusd_linux_amd64.tar.gz" + ansistrano_deploy_to = "{{{config.global.approot}}}" + ansistrano_deploy_via = "download_unarchive" + ansistrano_group = "ubuntu" + } + tasks { + name = "tusd | Set file attributes" + file = "path={{{config.global.approot}}}/current/tusd_linux_amd64/tusd mode=0755 owner=www-data group=www-data" + } + } +} + +restart { + playbooks { + hosts = "tusd" + name = "Restart tusd" + tasks { + shell = "iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080" + name = "tusd | Redirect HTTP traffic to tusd" + } + tasks { + action = "service name=tusd state=restarted" + name = "tusd | Restart" + } + } +} diff --git a/.infra/Freyfile.toml b/.infra/Freyfile.toml deleted file mode 100644 index 248cca5..0000000 --- a/.infra/Freyfile.toml +++ /dev/null @@ -1,175 +0,0 @@ -[global] - appname = "tusd" - approot = "/srv/tusd" - -[global.ssh] - key_dir = "./ssh" - -[global.ansiblecfg.privilege_escalation] - become = true - -[global.ansiblecfg.defaults] - host_key_checking = false - -[infra.provider.aws] - access_key = "${var.FREY_AWS_ACCESS_KEY}" - region = "us-east-1" - secret_key = "${var.FREY_AWS_SECRET_KEY}" - -[infra.variable.ami.default] - us-east-1 = "ami-9bce7af0" -[infra.variable.region] - default = "us-east-1" - -[infra.output.public_address] - value = "${aws_instance.tusd.0.public_dns}" -[infra.output.public_addresses] - value = "${join(\"\n\", aws_instance.tusd.*.public_dns)}" -[infra.output.endpoint] - value = "http://${aws_route53_record.www.name}:80/" - -[infra.resource.aws_instance.tusd] - ami = "${lookup(var.ami, var.region)}" - instance_type = "c3.large" - key_name = "infra-tusd" - security_groups = ["fw-tusd-main"] - [infra.resource.aws_instance.tusd.connection] - key_file = "{{{config.global.ssh.privatekey_file}}}" - user = "{{{config.global.ssh.user}}}" - [infra.resource.aws_instance.tusd.tags] - Name = "${var.FREY_DOMAIN}" - -[infra.resource.aws_route53_record.www] - name = "${var.FREY_DOMAIN}" - records = ["${aws_instance.tusd.public_dns}"] - ttl = "300" - type = "CNAME" - zone_id = "${var.FREY_AWS_ZONE_ID}" - -[infra.resource.aws_security_group.fw-tusd-main] - description = "Infra tusd" - name = "fw-tusd-main" - [[infra.resource.aws_security_group.fw-tusd-main.ingress]] - cidr_blocks = [ "0.0.0.0/0" ] - from_port = 8080 - protocol = "tcp" - to_port = 8080 - [[infra.resource.aws_security_group.fw-tusd-main.ingress]] - cidr_blocks = [ "0.0.0.0/0" ] - from_port = 80 - protocol = "tcp" - to_port = 80 - [[infra.resource.aws_security_group.fw-tusd-main.ingress]] - cidr_blocks = [ "0.0.0.0/0" ] - from_port = 22 - protocol = "tcp" - to_port = 22 - -[[install.playbooks]] - hosts = "tusd" - name = "Install tusd" - - [[install.playbooks.roles]] - role = "{{{init.paths.roles_dir}}}/apt/v1.0.0" - apt_packages = [ - "apg", - "build-essential", - "curl", - "git-core", - "htop", - "iotop", - "libpcre3", - "logtail", - "mlocate", - "mtr", - "psmisc", - "telnet", - "vim", - "wget", - ] - - [[install.playbooks.roles]] - role = "{{{init.paths.roles_dir}}}/unattended-upgrades/v1.2.0" - - [[install.playbooks.tasks]] - lineinfile = "dest=/home/{{{config.global.ssh.user}}}/.bashrc line=\"alias wtf='sudo tail -f /var/log/*{log,err} /var/log/{dmesg,messages,*{,/*}{log,err}}'\" owner={{{config.global.ssh.user}}} group={{{config.global.ssh.user}}} mode=0644 backup=yes" - name = "Common | Add convenience shortcut wtf" - - [[install.playbooks.tasks]] - lineinfile = "dest=/home/{{{config.global.ssh.user}}}/.bashrc line=\"cd {{{config.global.approot}}}/current || true\" owner={{{config.global.ssh.user}}} group={{{config.global.ssh.user}}} mode=0644 backup=yes" - name = "Common | Install login" - - [[install.playbooks.tasks]] - name = "Common | Set motd" - copy = "content='Welcome to {{lookup('env', 'FREY_DOMAIN')}}' dest=/etc/motd owner=root group=root mode=0644 backup=yes" - - [[install.playbooks.tasks]] - name = "Common | Set timezone variables" - copy = "content='Etc/UTC' dest=/etc/timezone owner=root group=root mode=0644 backup=yes" - notify = [ "Common | Update timezone" ] - - [[install.playbooks.handlers]] - name = "Common | Update timezone" - command = "dpkg-reconfigure --frontend noninteractive tzdata" - - -[[setup.playbooks]] - hosts = "tusd" - name = "Setup tusd" - - [[setup.playbooks.roles]] - role = "{{{init.paths.roles_dir}}}/upstart/v1.0.0" - upstart_command = "./tusd -port=8080 -dir=/mnt/tusd-data -store-size=10737418240" - upstart_description = "tusd server" - upstart_name = "{{{config.global.appname}}}" - upstart_pidfile_path = "{{{config.global.approot}}}/shared/{{{config.global.appname}}}.pid" - upstart_respawn = true - upstart_respawn_limit = true - upstart_runtime_root = "{{{config.global.approot}}}/current/tusd_linux_amd64" - upstart_user = "www-data" - - [[setup.playbooks.roles]] - role = "{{{init.paths.roles_dir}}}/rsyslog/v3.0.1" - [setup.playbooks.roles.rsyslog_rsyslog_d_files.49-tusd] - # Send {{{config.global.appname}}} messages to a dedicated logfile - directives = [ "& stop" ] - [[setup.playbooks.roles.rsyslog_rsyslog_d_files.49-tusd.rules]] - rule = ":programname, startswith, \"{{{config.global.appname}}}\"" - logpath = "{{{config.global.approot}}}/shared/logs/{{{config.global.appname}}}.log" - - [[setup.playbooks.roles]] - role = "{{{init.paths.roles_dir}}}/fqdn/v1.0.0" - fqdn = "{{lookup('env', 'FREY_DOMAIN')}}" - - [[setup.playbooks.tasks]] - file = "path=/mnt/tusd-data state=directory owner=www-data group=www-data mode=0755 recurse=yes" - name = "tusd | Create tusd data dir" - -[[deploy.playbooks]] - hosts = "tusd" - name = "Deploy tusd" - - [[deploy.playbooks.roles]] - # @todo On travis, we could directly use the generated - # /home/travis/gopath/src/github.com/tus/tusd/snapshot/tusd_linux_amd64.tar.gz - role = "{{{init.paths.roles_dir}}}/deploy/v1.4.0" - ansistrano_get_url = "https://github.com/tus/tusd/releases/download/0.1.2/tusd_linux_amd64.tar.gz" - ansistrano_deploy_to = "{{{config.global.approot}}}" - ansistrano_deploy_via = "download_unarchive" - ansistrano_group = "ubuntu" - - [[deploy.playbooks.tasks]] - name = "tusd | Set file attributes" - file = "path={{{config.global.approot}}}/current/tusd_linux_amd64/tusd mode=0755 owner=www-data group=www-data" - -[[restart.playbooks]] - hosts = "tusd" - name = "Restart tusd" - - [[restart.playbooks.tasks]] - shell = "iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080" - name = "tusd | Redirect HTTP traffic to tusd" - - [[restart.playbooks.tasks]] - action = "service name=tusd state=restarted" - name = "tusd | Restart" diff --git a/.infra/env.infra.example.sh b/.infra/env.infra.example.sh index e961ab3..90da35e 100644 --- a/.infra/env.infra.example.sh +++ b/.infra/env.infra.example.sh @@ -1,4 +1,5 @@ -source env.sh +__dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "${__dir}/env.sh" # export FREY_AWS_ACCESS_KEY="***" # export FREY_AWS_SECRET_KEY="***" diff --git a/Makefile b/Makefile index 0b86608..a654832 100644 --- a/Makefile +++ b/Makefile @@ -1,24 +1,25 @@ -FREY_VERSION := 0.3.13 +FREY_VERSION := 0.3.23 .PHONY: frey frey: - @grep $(FREY_VERSION) node_modules/frey/package.json 2>&1 > /dev/null || npm install frey@$(FREY_VERSION) + @cd .infra && mkdir -p node_modules + @cd .infra && (grep $(FREY_VERSION) node_modules/frey/package.json 2>&1 > /dev/null || npm install frey@$(FREY_VERSION)) .PHONY: provision provision: frey - @source env.sh && node_modules/.bin/frey install + @cd .infra && source env.sh && node_modules/.bin/frey install .PHONY: deploy -deploy: - @cd .infra && source env.sh && frey setup +deploy: frey + @cd .infra && source env.sh && node_modules/.bin/frey setup .PHONY: launch -launch: - @cd .infra && source env.infra.sh && frey infra +launch: frey + @cd .infra && source env.infra.sh && node_modules/.bin/frey infra .PHONY: console -console: - @cd .infra && source env.sh && frey remote +console: frey + @cd .infra && source env.sh && node_modules/.bin/frey remote .PHONY: deploy-localfrey deploy-localfrey: