ajout Dockerfile pour automatisation

2 years ago · bc26ed8889
parent 16f6df29cc
commit bc26ed8889
8 changed files with 143 additions and 61 deletions
--- a/README.md
+++ b/README.md
@ -1,9 +1,17 @@
 # TERRAFORM / GCP
 Demo Terraform déployant une application Flask dans un conteneur Docker sur GCP
 ## PRE REQUIS
 - [COMPTE GCP](https://cloud.google.com/?hl=fr)
 - [TERRAFORM](https://www.terraform.io/)
 ## PREPARATION
 ### MACHINE LOCALE
 - Installer Terraform:
 ```bash
 # LINUX INSTALL
 curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
@ -11,7 +19,13 @@ sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(l
 sudo apt-get update && sudo apt-get install terraform
 ```
-## PREPARATION
+- Créer une paire de clé ssh dédiée pour Terraform
 ```bash
 # NOMMER LE CLE TERRAFORM
 ssh-keygen -t rsa -b 4096
 ```
 ### DASHBOARD GCP
 - Créer un projet "terraform-demo"
 - Séletionner le projet créé puis créer un compte de service dans l'onglet [IAM et administration](https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts?hl=fr) de la console GCP
@ -23,56 +37,28 @@ sudo apt-get update && sudo apt-get install terraform
 ![SERVICES ACCOUNT](docs/service-account.png)
- Créer une clé au sein du compte de service avec les droits sur le compute engine (pour créer les VMs), et télécharger le fichier json contenant la clé pour le mettre dans le dossier auth
+- Créer une clé au sein du compte de service avec les droits sur le compute engine (pour créer les VMs), et télécharger le fichier json contenant la clé pour le mettre dans le dossier auth/
- Modifier l'id du projet ainsi que le chemin du fichier json contenant la clef dans le fichier variables.tf
+
 ### TERRAFORM.TFVARS
 - Modifier le fichier terraform.tfvars en fonction de votre environnement
 ## UTILISATION
 - Lançer Terraform:
 ```bash
 terraform init
 ```
 - Lançer Terraform:
 ```bash
 terraform plan
 ```
 - Lançer Terraform:
 ```bash
 terraform apply
 # Saisir yes quand demandé
 ```
 > L'adresse public de la VM est fournie en output du terraform apply http://public-ip:5000 
 - Se connecter en SSH à la VM pour créer l'application Flask:
 ```bash
 nano app.py
 from flask import Flask
 app = Flask(__name__)
@app.route('/')
 def hello_cloud():
  return 'Hello Cloud!'
 app.run(host='0.0.0.0')
 ```
 - Installer Flask:
 ```bash
 python3 -m pip install flask
 ```
 - Lançer l'application:
 ```bash
 python3 app.py
 ```
 > Visiter l'adresse fournie en output du terraform apply
--- a/app/Dockerfile
+++ b/app/Dockerfile
@ -0,0 +1,13 @@
 FROM python:3.8-slim-bullseye
 WORKDIR /python-docker
 COPY ./requirements.txt requirements.txt
 RUN python3 -m pip install -r requirements.txt
 COPY ./ .
 EXPOSE 5000
 CMD [ "python3", "-m" , "flask", "run", "--host=0.0.0.0"]
--- a/app/app.py
+++ b/app/app.py
@ -0,0 +1,8 @@
 from flask import Flask
 app = Flask(__name__)
@app.route('/')
 def hello_cloud():
  return 'Hello Cloud!'
 app.run(host='0.0.0.0')
--- a/app/deploy.sh
+++ b/app/deploy.sh
@ -0,0 +1,9 @@
 #!/bin/bash
 sudo apt-get update
 sudo apt-get install -yq docker.io
 sudo docker build --network=host -t flaskapp .
 sudo docker run -d -p 5000:5000 flaskapp:latest
 #python3 -m pip install flask
 #python3 app.py >> log.txt 2>&1 &
 #nohup python3 -u ./app.py > output.log &
--- a/app/requirements.txt
+++ b/app/requirements.txt
@ -0,0 +1 @@
 flask
--- a/main.tf
+++ b/main.tf
@ -24,31 +24,6 @@ resource "google_compute_subnetwork" "default" {
  network       = google_compute_network.vpc_network.id
 }
 # VM
 resource "google_compute_instance" "default" {
  name         = "flask-vm"
  machine_type = "e2-micro"
  zone         = var.gcp_zone
  tags         = ["ssh"]
  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
    }
  }
  ## INSTALL FLASK
  metadata_startup_script = "sudo apt-get update; sudo apt-get install -yq build-essential python3-pip rsync; pip install flask"
  network_interface {
    subnetwork = google_compute_subnetwork.default.id
    access_config {
      # Include this section to give the VM an external IP address
    }
  }
 }
 ## FIREWALL
 ### SSH
 resource "google_compute_firewall" "ssh" {
@ -76,6 +51,78 @@ resource "google_compute_firewall" "flask" {
  source_ranges = ["0.0.0.0/0"]
 }
 ## VM
 resource "google_compute_instance" "default" {
  name         = "flask-vm"
  machine_type = "e2-micro"
  zone         = var.gcp_zone
  tags         = ["ssh"]
  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
    }
  }
  metadata = {
    ssh-keys = "${var.gcp_ssh_user}:${file(var.gcp_ssh_pub_key_file)}"
  }
  network_interface {
    subnetwork = google_compute_subnetwork.default.id
    access_config {
      #### TO HAVE A PUBLIC IP ADRESS
    }
  }
  ### COPY APP.PY + DEPLOY.SH - NOT WORKING
  # provisioner "file" {
  #     source = "app/deploy.sh"
  #     destination = "deploy.sh"
  #     connection {
  #         host = google_compute_instance.default.network_interface.0.access_config.0.nat_ip
  #         type = "ssh"
  #         user = var.gcp_ssh_user
  #         timeout = "500s"
  #         private_key = "${file(var.gcp_ssh_priv_key_file)}"
  #     }
  # }
  provisioner "file" {
      source = "app/"
      destination = "./"
      connection {
          host = google_compute_instance.default.network_interface.0.access_config.0.nat_ip
          type = "ssh"
          user = var.gcp_ssh_user
          timeout = "500s"
          private_key = "${file(var.gcp_ssh_priv_key_file)}"
      }
  }
  # provisioner "local-exec" {
  #   command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u {var.gcp_ssh_user} -i '${self.ipv4_address},' --private-key ${var.gcp_ssh_priv_key_file} playbook.yml"
  # }
  ### START DEPLOY.SH
  provisioner "remote-exec" {
      inline = [
        "chmod +x ~/deploy.sh",
        "cd ~",
        "./deploy.sh"
      ]
      connection {
          host = google_compute_instance.default.network_interface.0.access_config.0.nat_ip
          type = "ssh"
          user = var.gcp_ssh_user
          timeout = "500s"
          private_key = "${file(var.gcp_ssh_priv_key_file)}"
      }
  }
 }
 ## GET VM PUBLIC IP
 output "Web-server-URL" {
 value = join("",["http://",google_compute_instance.default.network_interface.0.access_config.0.nat_ip,":5000"])
--- a/terraform.tfvars
+++ b/terraform.tfvars
@ -1,5 +1,8 @@
 # GCP Settings
-gcp_project_id = "terraform-demo-381114"
+gcp_project_id = "terraform-demo-381114" # A MODIFIER
 gcp_region = "europe-west9"
 gcp_zone = "europe-west9-a"
-gcp_auth_file = "./auth/terraform-demo-381114-158cfce10778.json"
+gcp_auth_file = "./auth/terraform-demo-381114-158cfce10778.json" # A MODIFIER
 gcp_ssh_user = "devops" # A MODIFIER OU PAS
 gcp_ssh_pub_key_file = "~/.ssh/terraform.pub"
 gcp_ssh_priv_key_file = "~/.ssh/terraform"
--- a/variables.tf
+++ b/variables.tf
@ -21,3 +21,18 @@ variable "gcp_zone" {
  type        = string
  description = "GCP zone"
 }
 variable "gcp_ssh_user" {
  type        = string
  description = "SSH user"    
 }
 variable "gcp_ssh_pub_key_file" {
  type        = string
  description = "SSH public key file path"    
 }
 variable "gcp_ssh_priv_key_file" {
  type        = string
  description = "SSH private key file path"    
 }