Page MenuHomePhabricator
Files F2997072

D12800.id42515.diff
No OneTemporary
Actions

D12800.id42515.diff
View Options

diff --git a/services/terraform/self-host/.gitignore b/services/terraform/self-host/.gitignore
--- a/services/terraform/self-host/.gitignore
+++ b/services/terraform/self-host/.gitignore
@@ -1,3 +1,5 @@
+.env
+
# Local .terraform directories
**/.terraform/*
diff --git a/services/terraform/self-host/aws_db.tf b/services/terraform/self-host/aws_db.tf
--- a/services/terraform/self-host/aws_db.tf
+++ b/services/terraform/self-host/aws_db.tf
@@ -1,3 +1,10 @@
+locals {
+ mariadb_database_name = local.local_with_default_environment_vars.COMM_DATABASE_DATABASE
+ mariadb_username = local.local_with_default_environment_vars.COMM_DATABASE_USER
+ mariadb_password = local.local_with_default_environment_vars.COMM_DATABASE_PASSWORD
+ mariadb_port = jsondecode(local.local_with_default_environment_vars.COMM_DATABASE_PORT)
+}
+
# MariaDB Security Group
resource "aws_security_group" "keyserver_mariadb_security_group" {
name = "keyserver-mariadb-sg"
@@ -6,15 +13,15 @@
# Inbound rules
ingress {
- from_port = 3307
- to_port = 3307
+ from_port = local.mariadb_port
+ to_port = local.mariadb_port
protocol = "tcp"
security_groups = [aws_security_group.keyserver_service.id]
}
ingress {
- from_port = 3307
- to_port = 3307
+ from_port = local.mariadb_port
+ to_port = local.mariadb_port
protocol = "tcp"
cidr_blocks = ["${var.allowed_ip}/32"]
}
@@ -40,12 +47,12 @@
instance_class = "db.m6g.large"
db_subnet_group_name = aws_db_subnet_group.public_db_subnet_group.name
vpc_security_group_ids = [aws_security_group.keyserver_mariadb_security_group.id]
- username = var.mariadb_username
- password = var.mariadb_password
+ username = local.mariadb_username
+ password = local.mariadb_password
parameter_group_name = aws_db_parameter_group.mariadb_parameter_group.name
storage_encrypted = true
publicly_accessible = true
- port = 3307
+ port = local.mariadb_port
skip_final_snapshot = true
}
@@ -103,11 +110,11 @@
provisioner "local-exec" {
command = <<EOT
- mysql --user=${var.mariadb_username} \
- --port=3307 \
+ mysql --user=${local.mariadb_username} \
+ --port=${local.mariadb_port} \
--host=${aws_db_instance.mariadb.address} \
- --execute="CREATE DATABASE IF NOT EXISTS comm;" \
- --password=${var.mariadb_password}
+ --execute="CREATE DATABASE IF NOT EXISTS ${local.mariadb_database_name};" \
+ --password=${local.mariadb_password}
EOT
}
}
diff --git a/services/terraform/self-host/env.tf b/services/terraform/self-host/env.tf
new file mode 100644
--- /dev/null
+++ b/services/terraform/self-host/env.tf
@@ -0,0 +1,23 @@
+data "dotenv" "local" {}
+
+locals {
+ default_environment_vars = {
+ "COMM_DATABASE_PORT" = "3307"
+ }
+
+ local_with_default_environment_vars = merge(
+ local.default_environment_vars,
+ data.dotenv.local.entries
+ )
+
+ aws_resource_environment_vars = {
+ "REDIS_URL" = "rediss://${aws_elasticache_serverless_cache.redis.endpoint[0].address}:6379"
+ "COMM_DATABASE_HOST" = "${aws_db_instance.mariadb.address}"
+ }
+
+ shared_environment_vars = merge(
+ local.local_with_default_environment_vars,
+ local.aws_resource_environment_vars
+ )
+}
+
diff --git a/services/terraform/self-host/keyserver_primary.tf b/services/terraform/self-host/keyserver_primary.tf
--- a/services/terraform/self-host/keyserver_primary.tf
+++ b/services/terraform/self-host/keyserver_primary.tf
@@ -2,6 +2,18 @@
keyserver_service_image_tag = "1.0.100"
keyserver_service_server_image = "commapp/keyserver:${local.keyserver_service_image_tag}"
keyserver_primary_container_name = "keyserver-primary"
+
+ primary_environment_vars = merge(local.shared_environment_vars,
+ {
+ "COMM_NODE_ROLE" = "primary"
+ })
+
+ primary_environment = [
+ for name, value in local.primary_environment_vars : {
+ name = name
+ value = value
+ }
+ ]
}
resource "aws_cloudwatch_log_group" "keyserver_primary_service" {
@@ -40,76 +52,7 @@
},
]
- environment = [
- {
- name = "REDIS_URL"
- value = "rediss://${aws_elasticache_serverless_cache.redis.endpoint[0].address}:6379"
- },
- {
- name = "COMM_NODE_ROLE"
- value = "primary"
- },
- {
- name = "COMM_LISTEN_ADDR"
- value = "0.0.0.0"
- },
- {
- name = "COMM_DATABASE_HOST"
- value = "${aws_db_instance.mariadb.address}"
- },
- {
- name = "COMM_DATABASE_DATABASE"
- value = "comm"
- },
- {
- name = "COMM_DATABASE_PORT"
- value = "3307"
- },
- {
- name = "COMM_DATABASE_USER"
- value = "${var.mariadb_username}"
- },
- {
- name = "COMM_DATABASE_PASSWORD"
- value = "${var.mariadb_password}"
- },
- {
- name = "COMM_JSONCONFIG_secrets_user_credentials"
- value = jsonencode(var.keyserver_user_credentials)
- },
- {
- name = "COMM_JSONCONFIG_facts_webapp_cors"
- value = jsonencode({
- "domain" : "https://web.comm.app"
- })
- },
- {
- name = "COMM_JSONCONFIG_facts_keyserver_url"
- value = jsonencode({
- "baseDomain" : "https://${var.domain_name}",
- "basePath" : "/",
- "baseRoutePath" : "/",
- "https" : true,
- "proxy" : "aws"
- })
- },
- {
- name = "COMM_JSONCONFIG_secrets_identity_service_config",
- value = jsonencode({
- "identitySocketAddr" : "${var.identity_socket_address}"
- })
- },
- {
- name = "COMM_JSONCONFIG_facts_authoritative_keyserver",
- value = jsonencode(var.authoritative_keyserver_config),
- },
- {
- name = "COMM_JSONCONFIG_facts_tunnelbroker",
- value = jsonencode({
- "url" : "${var.tunnelbroker_url}"
- })
- }
- ]
+ environment = local.primary_environment
logConfiguration = {
"logDriver" = "awslogs"
"options" = {
@@ -199,5 +142,3 @@
create_before_destroy = true
}
}
-
-
diff --git a/services/terraform/self-host/keyserver_secondary.tf b/services/terraform/self-host/keyserver_secondary.tf
--- a/services/terraform/self-host/keyserver_secondary.tf
+++ b/services/terraform/self-host/keyserver_secondary.tf
@@ -1,5 +1,17 @@
locals {
keyserver_secondary_container_name = "keyserver-secondary"
+
+ secondary_environment_vars = merge(local.shared_environment_vars,
+ {
+ "COMM_NODE_ROLE" = "secondary"
+ })
+
+ secondary_environment = [
+ for name, value in local.secondary_environment_vars : {
+ name = name
+ value = value
+ }
+ ]
}
resource "aws_cloudwatch_log_group" "keyserver_secondary_service" {
@@ -36,76 +48,7 @@
},
]
- environment = [
- {
- name = "REDIS_URL"
- value = "rediss://${aws_elasticache_serverless_cache.redis.endpoint[0].address}:6379"
- },
- {
- name = "COMM_NODE_ROLE"
- value = "secondary"
- },
- {
- name = "COMM_LISTEN_ADDR"
- value = "0.0.0.0"
- },
- {
- name = "COMM_DATABASE_HOST"
- value = "${aws_db_instance.mariadb.address}"
- },
- {
- name = "COMM_DATABASE_DATABASE"
- value = "comm"
- },
- {
- name = "COMM_DATABASE_PORT"
- value = "3307"
- },
- {
- name = "COMM_DATABASE_USER"
- value = "${var.mariadb_username}"
- },
- {
- name = "COMM_DATABASE_PASSWORD"
- value = "${var.mariadb_password}"
- },
- {
- name = "COMM_JSONCONFIG_secrets_user_credentials"
- value = jsonencode(var.keyserver_user_credentials)
- },
- {
- name = "COMM_JSONCONFIG_facts_keyserver_url"
- value = jsonencode({
- "baseDomain" : "https://${var.domain_name}",
- "basePath" : "/",
- "baseRoutePath" : "/",
- "https" : true,
- "proxy" : "aws"
- })
- },
- {
- name = "COMM_JSONCONFIG_facts_webapp_cors"
- value = jsonencode({
- "domain" : "https://web.comm.app"
- })
- },
- {
- name = "COMM_JSONCONFIG_facts_tunnelbroker",
- value = jsonencode({
- "url" : "${var.tunnelbroker_url}"
- })
- },
- {
- name = "COMM_JSONCONFIG_secrets_identity_service_config",
- value = jsonencode({
- "identitySocketAddr" : "${var.identity_socket_address}"
- })
- },
- {
- name = "COMM_JSONCONFIG_facts_authoritative_keyserver",
- value = jsonencode(var.authoritative_keyserver_config),
- }
- ]
+ environment = local.secondary_environment
logConfiguration = {
"logDriver" = "awslogs"
"options" = {
diff --git a/services/terraform/self-host/providers.tf b/services/terraform/self-host/providers.tf
--- a/services/terraform/self-host/providers.tf
+++ b/services/terraform/self-host/providers.tf
@@ -4,5 +4,9 @@
source = "hashicorp/aws"
version = "~> 5.32.0"
}
+ dotenv = {
+ source = "germanbrew/dotenv"
+ version = "1.1.2"
+ }
}
}
diff --git a/services/terraform/self-host/variables.tf b/services/terraform/self-host/variables.tf
--- a/services/terraform/self-host/variables.tf
+++ b/services/terraform/self-host/variables.tf
@@ -1,30 +1,8 @@
-variable "keyserver_user_credentials" {
- description = "Credentials for user authentication"
- type = object({
- username = string
- password = string
- usingIdentityCredentials = optional(bool)
- force = optional(bool)
- })
-}
-
variable "domain_name" {
description = "Domain name for your keyserver"
type = string
}
-variable "mariadb_username" {
- description = "MariaDB username"
- type = string
- sensitive = true
-}
-
-variable "mariadb_password" {
- description = "MariaDB password"
- type = string
- sensitive = true
-}
-
variable "region" {
description = "The AWS region to deploy your keyserver in"
type = string
@@ -40,14 +18,6 @@
description = "Use non-default vpc and subnets"
}
-variable "authoritative_keyserver_config" {
- description = "Authoritative keyserver user id"
- type = object({
- authoritativeKeyserverID = optional(string)
- })
- default = {}
-}
-
variable "availability_zone_1" {
description = "First availability zone for vpc subnet if user created vpc"
type = string
@@ -60,18 +30,6 @@
default = "us-west-1c"
}
-variable "identity_socket_address" {
- description = "The socket address to access the identity service"
- type = string
- default = "https://identity.commtechnologies.org:50054"
-}
-
-variable "tunnelbroker_url" {
- description = "The address to access the tunnelbroker service"
- type = string
- default = "wss://tunnelbroker.commtechnologies.org:51001"
-}
-
variable "db_instance_class" {
description = "The instance class for the MariaDB RDS instance"
type = string

File Metadata

Mime Type
text/plain
Expires
Fri, Oct 18, 5:10 PM (15 h, 16 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2318296
Default Alt Text
D12800.id42515.diff (11 KB)

Event Timeline