diff --git a/.gitignore b/.gitignore index 8f276a5..27dcc55 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,5 @@ data/ .infra/ssh/frey-tusd.pem node_modules/ .DS_Store + +.infra/env.devinfra.sh diff --git a/.infra/Frey-state-terraform.tfstate b/.infra/Frey-state-terraform.tfstate index 48dc2b9..1df8207 100644 --- a/.infra/Frey-state-terraform.tfstate +++ b/.infra/Frey-state-terraform.tfstate @@ -1,8 +1,8 @@ { "version": 3, "terraform_version": "0.7.3", - "serial": 28, - "lineage": "deedcad1-a3e9-4e02-9135-c347bbbe0be0", + "serial": 5, + "lineage": "317b7812-b33a-495e-b08e-0021be934e90", "modules": [ { "path": [ @@ -12,56 +12,77 @@ "endpoint": { "sensitive": false, "type": "string", - "value": "http://master.tus.io:80/" + "value": "http://tus.transloadit.academy:80/" }, "public_address": { "sensitive": false, "type": "string", - "value": "ec2-54-166-147-2.compute-1.amazonaws.com" + "value": "ec2-52-201-254-175.compute-1.amazonaws.com" }, "public_addresses": { "sensitive": false, "type": "string", - "value": "ec2-54-166-147-2.compute-1.amazonaws.com" + "value": "ec2-52-201-254-175.compute-1.amazonaws.com" } }, "resources": { "aws_instance.tusd": { "type": "aws_instance", - "depends_on": [], + "depends_on": [ + "aws_key_pair.infra-tusd" + ], "primary": { - "id": "i-16ef798d", + "id": "i-05b661e26171f3070", "attributes": { - "ami": "ami-9bce7af0", + "ami": "ami-8fe79998", "availability_zone": "us-east-1d", "disable_api_termination": "false", "ebs_block_device.#": "0", "ebs_optimized": "false", "ephemeral_block_device.#": "0", "iam_instance_profile": "", - "id": "i-16ef798d", + "id": "i-05b661e26171f3070", "instance_state": "running", - "instance_type": "c3.large", + "instance_type": "t2.micro", "key_name": "infra-tusd", "monitoring": "false", - "network_interface_id": "", - "private_dns": "ip-10-99-128-27.ec2.internal", - "private_ip": "10.99.128.27", - "public_dns": "ec2-54-166-147-2.compute-1.amazonaws.com", - "public_ip": "54.166.147.2", + "network_interface_id": "eni-46d66d40", + "private_dns": "ip-172-31-14-111.ec2.internal", + "private_ip": "172.31.14.111", + "public_dns": "ec2-52-201-254-175.compute-1.amazonaws.com", + "public_ip": "52.201.254.175", "root_block_device.#": "1", "root_block_device.0.delete_on_termination": "true", "root_block_device.0.iops": "100", "root_block_device.0.volume_size": "8", "root_block_device.0.volume_type": "gp2", - "security_groups.#": "1", - "security_groups.1898427277": "fw-tusd-main", + "security_groups.#": "0", "source_dest_check": "true", - "subnet_id": "", + "subnet_id": "subnet-1adf3953", "tags.%": "1", - "tags.Name": "master.tus.io", + "tags.Name": "tus.transloadit.academy", "tenancy": "default", - "vpc_security_group_ids.#": "0" + "vpc_security_group_ids.#": "1", + "vpc_security_group_ids.977706528": "sg-efcac894" + }, + "meta": { + "schema_version": "1" + }, + "tainted": false + }, + "deposed": [], + "provider": "" + }, + "aws_key_pair.infra-tusd": { + "type": "aws_key_pair", + "depends_on": [], + "primary": { + "id": "infra-tusd", + "attributes": { + "fingerprint": "c8:2d:93:d0:0a:71:c1:e2:c7:43:37:a9:e4:78:03:4c", + "id": "infra-tusd", + "key_name": "infra-tusd", + "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDb0fMw6fF2ct31UvChO/r17kXAn6AdPS0TLl4QZauvnEd1jyCekxCwJ3ApafapiQo/Z29zy3Uz0KQxvHvMNaYq6JY4qEyfQIlEhBRjrMlQKvNnQcFlX5ETSy6r8qPhYi2ly0GWB17Er5t2UMt2yKQrcPCWGNy0zOIjymdTdWaQlcjO/76XJr64790Y0+BfLyxPkZ0z39EM/9crLdpUq4SMAyup/mKG5daQbh/MpYEoXe6oyHVK/z1aESBO7EAKnoGauHXgzNYGTxqFnzjU/srmKUY/vR2GAqFqZYweZyNiAuhQ5jfkciGSSR2UeMXZ/y3XI8ATQQJJOnrY2OQ9WKKh kvz@tusd.freyproject.io" }, "meta": { "schema_version": "1" @@ -77,18 +98,18 @@ "aws_instance.tusd" ], "primary": { - "id": "Z3IT8X6U91XY1P_master.tus.io_CNAME", + "id": "Z3V9RXR2M8085J_tus.transloadit.academy_CNAME", "attributes": { - "fqdn": "master.tus.io", + "fqdn": "tus.transloadit.academy", "health_check_id": "", - "id": "Z3IT8X6U91XY1P_master.tus.io_CNAME", - "name": "master.tus.io", + "id": "Z3V9RXR2M8085J_tus.transloadit.academy_CNAME", + "name": "tus.transloadit.academy", "records.#": "1", - "records.3871998453": "ec2-54-166-147-2.compute-1.amazonaws.com", + "records.3180824470": "ec2-52-201-254-175.compute-1.amazonaws.com", "set_identifier": "", "ttl": "300", "type": "CNAME", - "zone_id": "Z3IT8X6U91XY1P" + "zone_id": "Z3V9RXR2M8085J" }, "meta": { "schema_version": "2" @@ -98,15 +119,23 @@ "deposed": [], "provider": "" }, - "aws_security_group.fw-tusd-main": { + "aws_security_group.fw-tusd": { "type": "aws_security_group", "depends_on": [], "primary": { - "id": "sg-60cc290d", + "id": "sg-29386d53", "attributes": { "description": "Infra tusd", - "egress.#": "0", - "id": "sg-60cc290d", + "egress.#": "1", + "egress.482069346.cidr_blocks.#": "1", + "egress.482069346.cidr_blocks.0": "0.0.0.0/0", + "egress.482069346.from_port": "0", + "egress.482069346.prefix_list_ids.#": "0", + "egress.482069346.protocol": "-1", + "egress.482069346.security_groups.#": "0", + "egress.482069346.self": "false", + "egress.482069346.to_port": "0", + "id": "sg-29386d53", "ingress.#": "3", "ingress.2214680975.cidr_blocks.#": "1", "ingress.2214680975.cidr_blocks.0": "0.0.0.0/0", @@ -129,10 +158,10 @@ "ingress.516175195.security_groups.#": "0", "ingress.516175195.self": "false", "ingress.516175195.to_port": "8080", - "name": "fw-tusd-main", - "owner_id": "402421253186", + "name": "fw-tusd", + "owner_id": "618066538640", "tags.%": "0", - "vpc_id": "" + "vpc_id": "vpc-cea030a9" }, "meta": {}, "tainted": false diff --git a/.infra/Frey-state-terraform.tfstate.backup b/.infra/Frey-state-terraform.tfstate.backup index 48dc2b9..1df8207 100644 --- a/.infra/Frey-state-terraform.tfstate.backup +++ b/.infra/Frey-state-terraform.tfstate.backup @@ -1,8 +1,8 @@ { "version": 3, "terraform_version": "0.7.3", - "serial": 28, - "lineage": "deedcad1-a3e9-4e02-9135-c347bbbe0be0", + "serial": 5, + "lineage": "317b7812-b33a-495e-b08e-0021be934e90", "modules": [ { "path": [ @@ -12,56 +12,77 @@ "endpoint": { "sensitive": false, "type": "string", - "value": "http://master.tus.io:80/" + "value": "http://tus.transloadit.academy:80/" }, "public_address": { "sensitive": false, "type": "string", - "value": "ec2-54-166-147-2.compute-1.amazonaws.com" + "value": "ec2-52-201-254-175.compute-1.amazonaws.com" }, "public_addresses": { "sensitive": false, "type": "string", - "value": "ec2-54-166-147-2.compute-1.amazonaws.com" + "value": "ec2-52-201-254-175.compute-1.amazonaws.com" } }, "resources": { "aws_instance.tusd": { "type": "aws_instance", - "depends_on": [], + "depends_on": [ + "aws_key_pair.infra-tusd" + ], "primary": { - "id": "i-16ef798d", + "id": "i-05b661e26171f3070", "attributes": { - "ami": "ami-9bce7af0", + "ami": "ami-8fe79998", "availability_zone": "us-east-1d", "disable_api_termination": "false", "ebs_block_device.#": "0", "ebs_optimized": "false", "ephemeral_block_device.#": "0", "iam_instance_profile": "", - "id": "i-16ef798d", + "id": "i-05b661e26171f3070", "instance_state": "running", - "instance_type": "c3.large", + "instance_type": "t2.micro", "key_name": "infra-tusd", "monitoring": "false", - "network_interface_id": "", - "private_dns": "ip-10-99-128-27.ec2.internal", - "private_ip": "10.99.128.27", - "public_dns": "ec2-54-166-147-2.compute-1.amazonaws.com", - "public_ip": "54.166.147.2", + "network_interface_id": "eni-46d66d40", + "private_dns": "ip-172-31-14-111.ec2.internal", + "private_ip": "172.31.14.111", + "public_dns": "ec2-52-201-254-175.compute-1.amazonaws.com", + "public_ip": "52.201.254.175", "root_block_device.#": "1", "root_block_device.0.delete_on_termination": "true", "root_block_device.0.iops": "100", "root_block_device.0.volume_size": "8", "root_block_device.0.volume_type": "gp2", - "security_groups.#": "1", - "security_groups.1898427277": "fw-tusd-main", + "security_groups.#": "0", "source_dest_check": "true", - "subnet_id": "", + "subnet_id": "subnet-1adf3953", "tags.%": "1", - "tags.Name": "master.tus.io", + "tags.Name": "tus.transloadit.academy", "tenancy": "default", - "vpc_security_group_ids.#": "0" + "vpc_security_group_ids.#": "1", + "vpc_security_group_ids.977706528": "sg-efcac894" + }, + "meta": { + "schema_version": "1" + }, + "tainted": false + }, + "deposed": [], + "provider": "" + }, + "aws_key_pair.infra-tusd": { + "type": "aws_key_pair", + "depends_on": [], + "primary": { + "id": "infra-tusd", + "attributes": { + "fingerprint": "c8:2d:93:d0:0a:71:c1:e2:c7:43:37:a9:e4:78:03:4c", + "id": "infra-tusd", + "key_name": "infra-tusd", + "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDb0fMw6fF2ct31UvChO/r17kXAn6AdPS0TLl4QZauvnEd1jyCekxCwJ3ApafapiQo/Z29zy3Uz0KQxvHvMNaYq6JY4qEyfQIlEhBRjrMlQKvNnQcFlX5ETSy6r8qPhYi2ly0GWB17Er5t2UMt2yKQrcPCWGNy0zOIjymdTdWaQlcjO/76XJr64790Y0+BfLyxPkZ0z39EM/9crLdpUq4SMAyup/mKG5daQbh/MpYEoXe6oyHVK/z1aESBO7EAKnoGauHXgzNYGTxqFnzjU/srmKUY/vR2GAqFqZYweZyNiAuhQ5jfkciGSSR2UeMXZ/y3XI8ATQQJJOnrY2OQ9WKKh kvz@tusd.freyproject.io" }, "meta": { "schema_version": "1" @@ -77,18 +98,18 @@ "aws_instance.tusd" ], "primary": { - "id": "Z3IT8X6U91XY1P_master.tus.io_CNAME", + "id": "Z3V9RXR2M8085J_tus.transloadit.academy_CNAME", "attributes": { - "fqdn": "master.tus.io", + "fqdn": "tus.transloadit.academy", "health_check_id": "", - "id": "Z3IT8X6U91XY1P_master.tus.io_CNAME", - "name": "master.tus.io", + "id": "Z3V9RXR2M8085J_tus.transloadit.academy_CNAME", + "name": "tus.transloadit.academy", "records.#": "1", - "records.3871998453": "ec2-54-166-147-2.compute-1.amazonaws.com", + "records.3180824470": "ec2-52-201-254-175.compute-1.amazonaws.com", "set_identifier": "", "ttl": "300", "type": "CNAME", - "zone_id": "Z3IT8X6U91XY1P" + "zone_id": "Z3V9RXR2M8085J" }, "meta": { "schema_version": "2" @@ -98,15 +119,23 @@ "deposed": [], "provider": "" }, - "aws_security_group.fw-tusd-main": { + "aws_security_group.fw-tusd": { "type": "aws_security_group", "depends_on": [], "primary": { - "id": "sg-60cc290d", + "id": "sg-29386d53", "attributes": { "description": "Infra tusd", - "egress.#": "0", - "id": "sg-60cc290d", + "egress.#": "1", + "egress.482069346.cidr_blocks.#": "1", + "egress.482069346.cidr_blocks.0": "0.0.0.0/0", + "egress.482069346.from_port": "0", + "egress.482069346.prefix_list_ids.#": "0", + "egress.482069346.protocol": "-1", + "egress.482069346.security_groups.#": "0", + "egress.482069346.self": "false", + "egress.482069346.to_port": "0", + "id": "sg-29386d53", "ingress.#": "3", "ingress.2214680975.cidr_blocks.#": "1", "ingress.2214680975.cidr_blocks.0": "0.0.0.0/0", @@ -129,10 +158,10 @@ "ingress.516175195.security_groups.#": "0", "ingress.516175195.self": "false", "ingress.516175195.to_port": "8080", - "name": "fw-tusd-main", - "owner_id": "402421253186", + "name": "fw-tusd", + "owner_id": "618066538640", "tags.%": "0", - "vpc_id": "" + "vpc_id": "vpc-cea030a9" }, "meta": {}, "tainted": false diff --git a/.infra/Freyfile.hcl b/.infra/Freyfile.hcl index f86a85f..ca9166d 100644 --- a/.infra/Freyfile.hcl +++ b/.infra/Freyfile.hcl @@ -24,7 +24,7 @@ infra variable { amis { type = "map" default { - "us-east-1" = "ami-9bce7af0" + "us-east-1" = "ami-8fe79998" } } region { @@ -33,32 +33,34 @@ infra variable { } infra output { - public_address { - value = "${aws_instance.tusd.0.public_dns}" - } - public_addresses { - value = "${join("\n", aws_instance.tusd.*.public_dns)}" - } - endpoint { - value = "http://${aws_route53_record.www.name}:80/" - } + public_address { value = "${aws_instance.tusd.0.public_dns}" } + public_addresses { value = "${join("\n", aws_instance.tusd.*.public_dns)}" } + endpoint { value = "http://${aws_route53_record.www.name}:80/" } } -infra resource aws_instance tusd { - ami = "${lookup(var.amis, var.region)}" - instance_type = "c3.large" - key_name = "infra-tusd" - security_groups = ["fw-tusd-main"] +infra resource aws_key_pair "infra-tusd" { + key_name = "infra-tusd" + public_key = "${file("{{{config.global.ssh.publickey_file}}}")}" +} + +infra resource aws_instance "tusd" { + ami = "${lookup(var.amis, var.region)}" + instance_type = "t2.micro" + key_name = "${aws_key_pair.infra-tusd.key_name}" + // vpc_security_group_ids = ["aws_security_group.fw-tusd.id"] + subnet_id = "subnet-1adf3953" + connection { key_file = "{{{config.global.ssh.privatekey_file}}}" user = "{{{config.global.ssh.user}}}" } + tags { - "Name" = "${var.FREY_DOMAIN}" + Name = "${var.FREY_DOMAIN}" } } -infra resource "aws_route53_record" www { +infra resource aws_route53_record "www" { name = "${var.FREY_DOMAIN}" records = ["${aws_instance.tusd.public_dns}"] ttl = "300" @@ -66,57 +68,76 @@ infra resource "aws_route53_record" www { zone_id = "${var.FREY_AWS_ZONE_ID}" } -infra resource aws_security_group "fw-tusd-main" { +infra resource aws_security_group "fw-tusd" { description = "Infra tusd" - name = "fw-tusd-main" + name = "fw-tusd" + vpc_id = "vpc-cea030a9" + ingress { cidr_blocks = ["0.0.0.0/0"] - from_port = 8080 protocol = "tcp" + from_port = 8080 to_port = 8080 } + ingress { cidr_blocks = ["0.0.0.0/0"] - from_port = 80 protocol = "tcp" + from_port = 80 to_port = 80 } + ingress { cidr_blocks = ["0.0.0.0/0"] - from_port = 22 protocol = "tcp" + from_port = 22 to_port = 22 } + + // This is for outbound internet access + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = [ "0.0.0.0/0" ] + } } install { playbooks { hosts = "tusd" name = "Install tusd" + roles { role = "{{{init.paths.roles_dir}}}/apt/v1.0.0" apt_packages = ["apg", "build-essential", "curl", "git-core", "htop", "iotop", "libpcre3", "logtail", "mlocate", "mtr", "psmisc", "telnet", "vim", "wget"] } + roles { role = "{{{init.paths.roles_dir}}}/unattended-upgrades/v1.2.0" } + tasks { lineinfile = "dest=/home/{{{config.global.ssh.user}}}/.bashrc line=\"alias wtf='sudo tail -f /var/log/*{log,err} /var/log/{dmesg,messages,*{,/*}{log,err}}'\" owner={{{config.global.ssh.user}}} group={{{config.global.ssh.user}}} mode=0644 backup=yes" name = "Common | Add convenience shortcut wtf" } + tasks { lineinfile = "dest=/home/{{{config.global.ssh.user}}}/.bashrc line=\"cd {{{config.global.approot}}}/current || true\" owner={{{config.global.ssh.user}}} group={{{config.global.ssh.user}}} mode=0644 backup=yes" name = "Common | Install login" } + tasks { name = "Common | Set motd" copy = "content='Welcome to {{lookup('env', 'FREY_DOMAIN')}}' dest=/etc/motd owner=root group=root mode=0644 backup=yes" } + tasks { name = "Common | Set timezone variables" copy = "content='Etc/UTC' dest=/etc/timezone owner=root group=root mode=0644 backup=yes" notify = ["Common | Update timezone"] } + handlers { name = "Common | Update timezone" command = "dpkg-reconfigure --frontend noninteractive tzdata" @@ -128,6 +149,7 @@ setup { playbooks { hosts = "tusd" name = "Setup tusd" + roles { role = "{{{init.paths.roles_dir}}}/upstart/v1.0.0" upstart_command = "./tusd -port=8080 -dir=/mnt/tusd-data -store-size=10737418240" @@ -139,6 +161,7 @@ setup { upstart_runtime_root = "{{{config.global.approot}}}/current/tusd_linux_amd64" upstart_user = "www-data" } + roles { role = "{{{init.paths.roles_dir}}}/rsyslog/v3.0.1" rsyslog_rsyslog_d_files "49-tusd" { @@ -149,14 +172,17 @@ setup { } } } + roles { role = "{{{init.paths.roles_dir}}}/fqdn/v1.0.0" fqdn = "{{lookup('env', 'FREY_DOMAIN')}}" } + tasks { file = "path=/mnt/tusd-data state=directory owner=www-data group=ubuntu mode=ug+rwX,o= recurse=yes" name = "tusd | Create tusd data dir" } + tasks { name = "tusd | Create purger crontab (clean up >24h (1400minutes) files)" cron { @@ -172,6 +198,7 @@ deploy { playbooks { hosts = "tusd" name = "Deploy tusd" + roles { role = "{{{init.paths.roles_dir}}}/deploy/v1.4.0" ansistrano_get_url = "https://github.com/tus/tusd/releases/download/0.5.2/tusd_linux_amd64.tar.gz" @@ -179,6 +206,7 @@ deploy { ansistrano_deploy_via = "download_unarchive" ansistrano_group = "ubuntu" } + tasks { name = "tusd | Set file attributes" file = "path={{{config.global.approot}}}/current/tusd_linux_amd64/tusd mode=0755 owner=www-data group=www-data" @@ -190,10 +218,12 @@ restart { playbooks { hosts = "tusd" name = "Restart tusd" + tasks { shell = "iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080" name = "tusd | Redirect HTTP traffic to tusd" } + tasks { action = "service name=tusd state=restarted" name = "tusd | Restart" diff --git a/.infra/ssh/frey-tusd.pem.cast5 b/.infra/ssh/frey-tusd.pem.cast5 index 215171f..8331f12 100644 Binary files a/.infra/ssh/frey-tusd.pem.cast5 and b/.infra/ssh/frey-tusd.pem.cast5 differ diff --git a/.infra/ssh/frey-tusd.pub b/.infra/ssh/frey-tusd.pub index e69de29..1d1b744 100644 --- a/.infra/ssh/frey-tusd.pub +++ b/.infra/ssh/frey-tusd.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDb0fMw6fF2ct31UvChO/r17kXAn6AdPS0TLl4QZauvnEd1jyCekxCwJ3ApafapiQo/Z29zy3Uz0KQxvHvMNaYq6JY4qEyfQIlEhBRjrMlQKvNnQcFlX5ETSy6r8qPhYi2ly0GWB17Er5t2UMt2yKQrcPCWGNy0zOIjymdTdWaQlcjO/76XJr64790Y0+BfLyxPkZ0z39EM/9crLdpUq4SMAyup/mKG5daQbh/MpYEoXe6oyHVK/z1aESBO7EAKnoGauHXgzNYGTxqFnzjU/srmKUY/vR2GAqFqZYweZyNiAuhQ5jfkciGSSR2UeMXZ/y3XI8ATQQJJOnrY2OQ9WKKh kvz@tusd.freyproject.io