Terraform project that creates the infrastructure for the EQ project alpha.
The following programs must be installed:
- Git
- Ansible -
brew install ansible - AWS CLI -
brew install awscli
Install roles required by eq-messaging:
ansible-galaxy install -f -r survey-runner-queue/ansible-requirements.yml
-
Ensure you have been set up with an AWS account
-
Obtain your AWS credentials - http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-set-up.html#cli-signup
-
And configure them - http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
-
Install Terraform Version Manager -
brew install tfenv -
Install Terraform -
tfenv install -
In eu-west-1 (Ireland) region, generate an SSH key pair in AWS (Services > EC2 > Key Pairs > Create Key Pair) with a unique name (e.g. your name) and save it to the top level (eq-terraform) directory.
-
Restrict access to the key -
chmod 400 mykey.pem -
Copy
terraform.tfvars.exampletoterraform.tfvars.
env="" # your name (Do not use underscore)
aws_key_pair = "" # your name
# ask somebody on the team to send these values to you
aws_account_id=""
aws_assume_role_arn=""
ons_access_ips=""
certificate_arn=""
slack_webhook_path=""
- Run
aws configure. Add your AWS access key and secret key when prompted for S3. Use "eu-west-1" as your region name. Leave any other values as default.
-
Run
terraform initto import the different modules and set up remote state. When asked to provide a name for the state file choose the same name as theenvvalue in yourterraform.tfvars -
Run
terraform planto check the output of terraform -
Run
terraform applyto create your infrastructure environment -
Run
terraform destroyto destroy your infrastructure environment
After making changes to your terraform config you can update your environment rather than destroying and recreating:
-
Run
terraform get --updateto import the updated modules to your local .terraform dir -
Run
terraform planto check the output of terraform -
Run
terraform applyto apply the changes to your infrastructure environment
- You have to submit a github pull request for your branch
- Wait for the Travis build to pass
- Go to Docker Hub
- Copy your tag (should be your branch name)
- Open
developer_defaults.tf - Find the
survey_runner_tagvariable - Set the default to the docker tag you copied
- Run
terraform plan - Run
terraform apply
A webhook will need to be created for a new integration via https://api.slack.com/incoming-webhooks. Alternatively, your team may already have a webhook url configured to send messages to your slack.
Create a slack channel with the name eq-<your-env-name>-alerts, for example eq-preprod-alerts
Once Terraform has completed successfully, remove the security group provision-allow-ssh-REMOVE from the RabbitMQ machines to block their SSH access. This is used to allow provisioning via Ansible.
- If your build fails make sure the tmp directory has been deleted.
- If the build stalls on the ssh step waiting for user input set the following in your ~/.ssh/config file
UserKnownHostsFile /dev/null
cidr_block = 10.30.20.0/24
| Subnet | CIDR | Size |
|---|---|---|
| ENV-queue-subnet | 10.30.20.0/27 |
32 |
| ENV-ecs-application-subnet-1 | 10.30.20.32/28 |
16 |
| ENV-ecs-application-subnet-2 | 10.30.20.48/28 |
16 |
| ENV-ecs-application-subnet-3 | 10.30.20.64/28 |
16 |
| ENV-database-subnet-1 | 10.30.20.96/28 |
16 |
| ENV-database-subnet-2 | 10.30.20.112/28 |
16 |
| ENV-database-subnet-3 | 10.30.20.128/28 |
16 |
| ENV-public-subnet-1 | 10.30.20.144/28 |
16 |
| ENV-public-subnet-2 | 10.30.20.160/28 |
16 |
| ENV-public-subnet-3 | 10.30.20.176/28 |
16 |
| ENV-application-subnet-1 | 10.30.20.192/28 |
16 |
| ENV-application-subnet-2 | 10.30.20.208/28 |
16 |
| ENV-application-subnet-3 | 10.30.20.224/28 |
16 |