gregandev/terraform-demo
gregandev/terraform-demo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ajout Dockerfile pour automatisation

Browse Source
This commit is contained in:
greglebreton 2023-03-19 23:34:01 +01:00
parent 16f6df29cc
commit bc26ed8889
8 changed files with 143 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
README.md
View File

@ -1,9 +1,17 @@
# TERRAFORM / GCP # TERRAFORM / GCP
Demo Terraform déployant une application Flask dans un conteneur Docker sur GCP
## PRE REQUIS ## PRE REQUIS
- [COMPTE GCP](https://cloud.google.com/?hl=fr) - [COMPTE GCP](https://cloud.google.com/?hl=fr)
- [TERRAFORM](https://www.terraform.io/) - [TERRAFORM](https://www.terraform.io/)
## PREPARATION
### MACHINE LOCALE
- Installer Terraform:
```bash ```bash
# LINUX INSTALL # LINUX INSTALL
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
@ -11,7 +19,13 @@ sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(l
sudo apt-get update && sudo apt-get install terraform sudo apt-get update && sudo apt-get install terraform
``` ```
## PREPARATION - Créer une paire de clé ssh dédiée pour Terraform
```bash
# NOMMER LE CLE TERRAFORM
ssh-keygen -t rsa -b 4096
```
### DASHBOARD GCP
- Créer un projet "terraform-demo" - Créer un projet "terraform-demo"
- Séletionner le projet créé puis créer un compte de service dans l'onglet [IAM et administration](https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts?hl=fr) de la console GCP - Séletionner le projet créé puis créer un compte de service dans l'onglet [IAM et administration](https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts?hl=fr) de la console GCP
@ -23,56 +37,28 @@ sudo apt-get update && sudo apt-get install terraform
![SERVICES ACCOUNT](docs/service-account.png) ![SERVICES ACCOUNT](docs/service-account.png)
- Créer une clé au sein du compte de service avec les droits sur le compute engine (pour créer les VMs), et télécharger le fichier json contenant la clé pour le mettre dans le dossier auth - Créer une clé au sein du compte de service avec les droits sur le compute engine (pour créer les VMs), et télécharger le fichier json contenant la clé pour le mettre dans le dossier auth/
- Modifier l'id du projet ainsi que le chemin du fichier json contenant la clef dans le fichier variables.tf
### TERRAFORM.TFVARS
- Modifier le fichier terraform.tfvars en fonction de votre environnement
## UTILISATION ## UTILISATION
- Lançer Terraform: - Lançer Terraform:
```bash ```bash
terraform init terraform init
``` ```
- Lançer Terraform: - Lançer Terraform:
```bash ```bash
terraform plan terraform plan
``` ```
- Lançer Terraform: - Lançer Terraform:
```bash ```bash
terraform apply terraform apply
# Saisir yes quand demandé # Saisir yes quand demandé
``` ```
> L'adresse public de la VM est fournie en output du terraform apply http://public-ip:5000
- Se connecter en SSH à la VM pour créer l'application Flask:
```bash
nano app.py
from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello_cloud():
return 'Hello Cloud!'
app.run(host='0.0.0.0')
```
- Installer Flask:
```bash
python3 -m pip install flask
```
- Lançer l'application:
```bash
python3 app.py
```
> Visiter l'adresse fournie en output du terraform apply > Visiter l'adresse fournie en output du terraform apply

13
app/Dockerfile Normal file
View File

@ -0,0 +1,13 @@
FROM python:3.8-slim-bullseye
WORKDIR /python-docker
COPY ./requirements.txt requirements.txt
RUN python3 -m pip install -r requirements.txt
COPY ./ .
EXPOSE 5000
CMD [ "python3", "-m" , "flask", "run", "--host=0.0.0.0"]

8
app/app.py Normal file
View File

@ -0,0 +1,8 @@
from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello_cloud():
return 'Hello Cloud!'
app.run(host='0.0.0.0')

9
app/deploy.sh Normal file
View File

@ -0,0 +1,9 @@
#!/bin/bash
sudo apt-get update
sudo apt-get install -yq docker.io
sudo docker build --network=host -t flaskapp .
sudo docker run -d -p 5000:5000 flaskapp:latest
#python3 -m pip install flask
#python3 app.py >> log.txt 2>&1 &
#nohup python3 -u ./app.py > output.log &

1
app/requirements.txt Normal file
View File

@ -0,0 +1 @@
flask

97
main.tf
View File

@ -24,31 +24,6 @@ resource "google_compute_subnetwork" "default" {
network = google_compute_network.vpc_network.id network = google_compute_network.vpc_network.id
} }
# VM
resource "google_compute_instance" "default" {
name = "flask-vm"
machine_type = "e2-micro"
zone = var.gcp_zone
tags = ["ssh"]
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
## INSTALL FLASK
metadata_startup_script = "sudo apt-get update; sudo apt-get install -yq build-essential python3-pip rsync; pip install flask"
network_interface {
subnetwork = google_compute_subnetwork.default.id
access_config {
# Include this section to give the VM an external IP address
}
}
}
## FIREWALL ## FIREWALL
### SSH ### SSH
resource "google_compute_firewall" "ssh" { resource "google_compute_firewall" "ssh" {
@ -76,6 +51,78 @@ resource "google_compute_firewall" "flask" {
source_ranges = ["0.0.0.0/0"] source_ranges = ["0.0.0.0/0"]
} }
## VM
resource "google_compute_instance" "default" {
name = "flask-vm"
machine_type = "e2-micro"
zone = var.gcp_zone
tags = ["ssh"]
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
metadata = {
ssh-keys = "${var.gcp_ssh_user}:${file(var.gcp_ssh_pub_key_file)}"
}
network_interface {
subnetwork = google_compute_subnetwork.default.id
access_config {
#### TO HAVE A PUBLIC IP ADRESS
}
}
### COPY APP.PY + DEPLOY.SH - NOT WORKING
# provisioner "file" {
# source = "app/deploy.sh"
# destination = "deploy.sh"
# connection {
# host = google_compute_instance.default.network_interface.0.access_config.0.nat_ip
# type = "ssh"
# user = var.gcp_ssh_user
# timeout = "500s"
# private_key = "${file(var.gcp_ssh_priv_key_file)}"
# }
# }
provisioner "file" {
source = "app/"
destination = "./"
connection {
host = google_compute_instance.default.network_interface.0.access_config.0.nat_ip
type = "ssh"
user = var.gcp_ssh_user
timeout = "500s"
private_key = "${file(var.gcp_ssh_priv_key_file)}"
}
}
# provisioner "local-exec" {
# command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u {var.gcp_ssh_user} -i '${self.ipv4_address},' --private-key ${var.gcp_ssh_priv_key_file} playbook.yml"
# }
### START DEPLOY.SH
provisioner "remote-exec" {
inline = [
"chmod +x ~/deploy.sh",
"cd ~",
"./deploy.sh"
]
connection {
host = google_compute_instance.default.network_interface.0.access_config.0.nat_ip
type = "ssh"
user = var.gcp_ssh_user
timeout = "500s"
private_key = "${file(var.gcp_ssh_priv_key_file)}"
}
}
}
## GET VM PUBLIC IP ## GET VM PUBLIC IP
output "Web-server-URL" { output "Web-server-URL" {
value = join("",["http://",google_compute_instance.default.network_interface.0.access_config.0.nat_ip,":5000"]) value = join("",["http://",google_compute_instance.default.network_interface.0.access_config.0.nat_ip,":5000"])

7
terraform.tfvars
View File

@ -1,5 +1,8 @@
# GCP Settings # GCP Settings
gcp_project_id = "terraform-demo-381114" gcp_project_id = "terraform-demo-381114" # A MODIFIER
gcp_region = "europe-west9" gcp_region = "europe-west9"
gcp_zone = "europe-west9-a" gcp_zone = "europe-west9-a"
gcp_auth_file = "./auth/terraform-demo-381114-158cfce10778.json" gcp_auth_file = "./auth/terraform-demo-381114-158cfce10778.json" # A MODIFIER
gcp_ssh_user = "devops" # A MODIFIER OU PAS
gcp_ssh_pub_key_file = "~/.ssh/terraform.pub"
gcp_ssh_priv_key_file = "~/.ssh/terraform"

15
variables.tf
View File

@ -21,3 +21,18 @@ variable "gcp_zone" {
type = string type = string
description = "GCP zone" description = "GCP zone"
} }
variable "gcp_ssh_user" {
type = string
description = "SSH user"
}
variable "gcp_ssh_pub_key_file" {
type = string
description = "SSH public key file path"
}
variable "gcp_ssh_priv_key_file" {
type = string
description = "SSH private key file path"
}