From 80ee6dab3475c2d89ab9537e8a89aa917333dcbd Mon Sep 17 00:00:00 2001 From: EzzioMoreira Date: Sun, 11 Sep 2022 11:45:21 -0300 Subject: [PATCH 01/10] feat: adiciona pipeline iac --- .github/workflows/cicd.yml | 90 +++++-------------- .gitignore | 36 ++++++++ .trivyignore | 14 +++ iac/.tfsec/config.yml | 4 + iac/container_definitions.json | 47 ++++++++++ iac/terrafile.tf | 157 +++++++++++++++++++++++++++++++++ web/settings.py | 1 + 7 files changed, 283 insertions(+), 66 deletions(-) create mode 100644 .trivyignore create mode 100644 iac/.tfsec/config.yml create mode 100644 iac/container_definitions.json create mode 100644 iac/terrafile.tf diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 5864bbfd..4a94d864 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -1,70 +1,28 @@ -name: CI +name: "Pipeline para build de imagem docker" +on: + push: + release: + types: [created] -on: [ push, pull_request ] +env: + TF_VAR_image: ezmom/mariaquiteria:latest jobs: - build: - runs-on: ubuntu-18.04 - steps: - - uses: actions/checkout@v2 - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.8 - - name: Install Dependencies - run: | - python -m pip install --upgrade pip - pip install -r dev_requirements.txt - - name: Lint - run: | - black --check . - flake8 . - - name: Check migrations - env: - DJANGO_SETTINGS_MODULE: "web.settings" - DATABASE_URL: "postgres://postgres:postgres@localhost:5432/mariaquiteria" - run: python manage.py makemigrations --check - - name: Run Tests - env: - DJANGO_SETTINGS_MODULE: "web.settings" - DJANGO_CONFIGURATION: "Test" - DATABASE_URL: "postgres://postgres:postgres@localhost:5432/mariaquiteria" - run: | - python manage.py collectstatic - pytest - services: - postgres: - image: library/postgres:11-alpine - env: - POSTGRES_PASSWORD: postgres - POSTGRES_DB: mariaquiteria - ports: - - 5432:5432 - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 5s - --health-retries 5 - rabbitmq: - image: rabbitmq - env: - RABBITMQ_DEFAULT_USER: guest - RABBITMQ_DEFAULT_PASS: guest - ports: - - 5672:5672 - deploy: - runs-on: ubuntu-18.04 - if: github.ref == 'refs/heads/main' + docker: + uses: "mentoriaiac/cicd_centralizado/.github/workflows/docker_build.yaml@v1" + with: + image: leofl94/mariaquiteria + push_image: ${{github.event_name == 'release'}} + secrets: + docker_user: ${{secrets.DOCKER_LOGIN}} + docker_password: ${{secrets.TOKEN_DOCKERHUB}} - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Push to dokku - uses: dokku/github-action@v1.0.2 - with: - branch: main - ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }} - git_remote_url: ${{ secrets.DOKKU_REMOTE_URL }} - ssh_host_key: ${{ secrets.SSH_HOST_KEY }} - needs: [build] + terraform: + needs: docker + uses: "mentoriaiac/cicd_centralizado/.github/workflows/terraform.yaml@v1" + with: + plan: true + apply: true + working_directory: ./iac + workspace: default + secrets: inherit diff --git a/.gitignore b/.gitignore index 93081098..c506deba 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ __pycache__ # data *.json +!container_definitions.json !**/fixtures/*.json *.csv *.xls @@ -22,3 +23,38 @@ __pycache__ # scrapy files/ + +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc diff --git a/.trivyignore b/.trivyignore new file mode 100644 index 00000000..7450bc2b --- /dev/null +++ b/.trivyignore @@ -0,0 +1,14 @@ +CVE-2022-1304 +CVE-2021-3999 +CVE-2019-8457 +CVE-2021-33560 +CVE-2022-2509 +CVE-2022-29458 +CVE-2022-1586 +CVE-2022-1587 +CVE-2022-2097 +CVE-2020-16156 +CVE-2022-34265 +CVE-2017-14158 +CVE-2022-37434 +CVE-2022-36359 diff --git a/iac/.tfsec/config.yml b/iac/.tfsec/config.yml new file mode 100644 index 00000000..6f22aef4 --- /dev/null +++ b/iac/.tfsec/config.yml @@ -0,0 +1,4 @@ +--- +exclude: + - AWS099 + - aws-iam-no-policy-wildcards diff --git a/iac/container_definitions.json b/iac/container_definitions.json new file mode 100644 index 00000000..52105c53 --- /dev/null +++ b/iac/container_definitions.json @@ -0,0 +1,47 @@ +[ + { + "cpu": 256, + "image": "${IMAGE}", + "memory": 512, + "name": "api", + "networkMode": "awsvpc", + "portMappings": [ + { + "containerPort": 8000, + "hostPort": 8000 + } + ], + "secrets": [ + { + "name": "POSTGRES_ENDPOINT", + "valueFrom": "arn:aws:ssm:us-east-1:238346160346:parameter/mariaquiteria/postgres_endpoint" + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": "arn:aws:ssm:us-east-1:238346160346:parameter/mariaquiteria/postgres_password" + }, + { + "name": "POSTGRES_NAME", + "valueFrom": "arn:aws:ssm:us-east-1:238346160346:parameter/mariaquiteria/postgres_name" + }, + { + "name": "POSTGRES_USER", + "valueFrom": "arn:aws:ssm:us-east-1:238346160346:parameter/mariaquiteria/postgres_user" + } + ], + "environment": [ + { + "name": "AWESOME_ENV_VAR", + "value": "/mariaquiteria/aws_s3_region" + } + ], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": "mentoria-log", + "awslogs-region": "us-east-1", + "awslogs-stream-prefix": "myawesomeapp" + } + } + } +] diff --git a/iac/terrafile.tf b/iac/terrafile.tf new file mode 100644 index 00000000..7db25c30 --- /dev/null +++ b/iac/terrafile.tf @@ -0,0 +1,157 @@ +provider "aws" { + region = "us-east-1" +} + +terraform { + backend "s3" { + bucket = "maria-quiteria-tfstate" + key = "iac/terraform.tfstate" + region = "us-east-1" + } +} + +data "template_file" "container_definitions" { + template = file("./container_definitions.json") + vars = { + IMAGE = var.image + } +} + +module "ecs_mentoria" { + source = "git::https://github.com/mentoriaiac/iac-modulo-aws-ecs.git" + create_cluster = true + app_count = 1 + fargate_cpu = 256 + fargate_memory = 512 + subnet_ids = ["subnet-02341d1bbc03aa7de", "subnet-0b02c179f5a6ab207"] + vpc_id = "vpc-01d88d19d7e84312b" + protocol = "HTTP" + family_name = "mentoria" + service_name = "mentoria" + cluster_name = "mentoria" + container1_name = "api" + container1_port = 8000 + container_definitions = data.template_file.container_definitions.rendered + depends_on = ["module.rds_mariaquiteria"] + + tags = { + Env = "production" + Team = "tematico-terraform" + System = "api-tika" + CreationWith = "terraform" + Repository = "https://github.com/mentoriaiac/iac-modulo-aws-ecs" + } +} + +output "load_balancer_dns_name" { + value = "http://${module.ecs_mentoria.loadbalance_dns_name}" +} + +output "security_group_id" { + value = module.ecs_mentoria.security_group_id +} + +variable "image" { + type = string + description = "Nome da Imagem" +} + +terraform { + required_version = ">= 1.0.0" + +} + +module "rds_mariaquiteria" { + source = "git::https://github.com/mentoriaiac/iac-modulo-aws-rds.git" + subnet_ids = ["subnet-02341d1bbc03aa7de", "subnet-0b02c179f5a6ab207"] + proj_name = "mariaquiteria" + vpc_id = "vpc-01d88d19d7e84312b" + port = 5432 + storage = 20 + storage_type = "gp2" + engine = "postgres" + engine_version = "12.7" + instance_type = "db.t2.micro" + db_name = "mariaquiteria" + db_username = "mariaquiteriaadmin" + identifier = "database-mariaquiteria" + parameter_group_name = "default.postgres12" + snapshot = true + publicly_accessible_rds = true + default_tags = { + Name : "RDS_mariaquiteria", + Team : "Mentoria-IAC", + Application : "maria-quiteria", + Environment : "Production", + Terraform : "Yes", + Owner : "Mentoria-IAC" + } + parameters = [{ + name = "sentry_dsn", + description = "Parâmetro referente à variável de ambiente SENTRY_DSN", + type = "String", + value = " " + }, + { + name = "spidermon_telegram_fake", + description = "Parâmetro referente à variável de ambiente SPIDERMON_TELEGRAM_FAKE" + type = "String" + value = " " + }, + { + name = "spidermon_sentry_fake", + description = "Parâmetro referente à variável de ambiente SPIDERMON_SENTRY_FAKE" + type = "String" + value = " " + }, + { + name = "django_settings_module", + description = "Parâmetro referente à variável de ambiente DJANGO_SETTINGS_MODULE" + type = "String" + value = " " + + }, + { + name = "django_configuration", + description = "Parâmetro referente à variável de ambiente DJANGO_CONFIGURATION" + type = "String" + value = " " + }, + { + name = "django_secret_key", + description = "Parâmetro referente à variável de ambiente DJANGO_SECRET_KEY" + type = "String" + value = " " + }, + { + name = "access_token_lifetime_in_minutes", + description = "Parâmetro referente à variável de ambiente ACCESS_TOKEN_LIFETIME_IN_MINUTES" + type = "String" + value = " " + }, + { + name = "refresh_token_lifetime_in_minutes", + description = "Parâmetro referente à variável de ambiente REFRESH_TOKEN_LIFETIME_IN_MINUTES" + type = "String" + value = " " + + }, + { + name = "aws_s3_bucket", + description = "Parâmetro referente à variável de ambiente AWS_S3_BUCKET" + type = "String" + value = "maria-quiteria" + }, + { + name = "aws_s3_bucket_folder", + description = "Parâmetro referente à variável de ambiente AWS_S3_BUCKET_FOLDER" + type = "String" + value = "teste" + }, + { + name = "aws_s3_region", + description = "Parâmetro referente à variável de ambiente AWS_S3_REGION" + type = "String" + value = "us-east-1" + }] +} diff --git a/web/settings.py b/web/settings.py index 93b70e2c..774c6c56 100644 --- a/web/settings.py +++ b/web/settings.py @@ -73,6 +73,7 @@ class Common(Configuration): WSGI_APPLICATION = "web.wsgi.application" + # Precisamos alterar para variavel de ambiente: default_db = postgres://POSTGRES_USER:$POSTGRES_PASSWORD@POSTGRES_ENDPOINT:5432/POSTGRES_NAME default_db = "postgres://postgres:postgres@db:5432/mariaquiteria" DATABASES = {"default": dj_database_url.config(default=default_db)} From babdc81eb5c82cc719d46955e5eec57e6594fafd Mon Sep 17 00:00:00 2001 From: EzzioMoreira Date: Sun, 11 Sep 2022 11:48:42 -0300 Subject: [PATCH 02/10] feat: add template PR --- .github/pull_request_template.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/pull_request_template.md diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 00000000..22ebee45 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,31 @@ +# Titulo + + + +- [ ] Garanta que seu **topic/feature/bugfix branch** tenha uma branch nomeada e não a sua branch main esteja no PR +- [ ] Dê um titulo que expresse o objetivo do PR +- [ ] Associe seu PR a uma Issue criada no repositósito. Caso seja uma correção de linguagem ou pequenas correções, não é necessário +- [ ] Descreva o objetivo do PR +- [ ] Inclua links relevantes para a sua modificação/sugestão/correção +- [ ] Descreva um passo-a-passo para testar o seu PR + +## Issue + + + +## Objetivo + + + +## Referências + + + +## Como testar + + + + From 788a4f9f831d57ee784f7eff3f0187bce436187e Mon Sep 17 00:00:00 2001 From: EzzioMoreira Date: Sun, 11 Sep 2022 13:31:57 -0300 Subject: [PATCH 03/10] test: teste de deploy --- .github/workflows/cicd.yml | 2 +- iac/container_definitions.json | 8 ++++---- iac/terrafile.tf | 18 +++++++++--------- web/settings.py | 2 +- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 4a94d864..62ac6897 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -11,7 +11,7 @@ jobs: docker: uses: "mentoriaiac/cicd_centralizado/.github/workflows/docker_build.yaml@v1" with: - image: leofl94/mariaquiteria + image: ezmom/mariaquiteria push_image: ${{github.event_name == 'release'}} secrets: docker_user: ${{secrets.DOCKER_LOGIN}} diff --git a/iac/container_definitions.json b/iac/container_definitions.json index 52105c53..b78a2e64 100644 --- a/iac/container_definitions.json +++ b/iac/container_definitions.json @@ -14,19 +14,19 @@ "secrets": [ { "name": "POSTGRES_ENDPOINT", - "valueFrom": "arn:aws:ssm:us-east-1:238346160346:parameter/mariaquiteria/postgres_endpoint" + "valueFrom": "arn:aws:ssm:us-east-1:733824474891:parameter/mariaquiteria/postgres_endpoint" }, { "name": "POSTGRES_PASSWORD", - "valueFrom": "arn:aws:ssm:us-east-1:238346160346:parameter/mariaquiteria/postgres_password" + "valueFrom": "arn:aws:ssm:us-east-1:733824474891:parameter/mariaquiteria/postgres_password" }, { "name": "POSTGRES_NAME", - "valueFrom": "arn:aws:ssm:us-east-1:238346160346:parameter/mariaquiteria/postgres_name" + "valueFrom": "arn:aws:ssm:us-east-1:733824474891:parameter/mariaquiteria/postgres_name" }, { "name": "POSTGRES_USER", - "valueFrom": "arn:aws:ssm:us-east-1:238346160346:parameter/mariaquiteria/postgres_user" + "valueFrom": "arn:aws:ssm:us-east-1:733824474891:parameter/mariaquiteria/postgres_user" } ], "environment": [ diff --git a/iac/terrafile.tf b/iac/terrafile.tf index 7db25c30..5fcd88a5 100644 --- a/iac/terrafile.tf +++ b/iac/terrafile.tf @@ -4,7 +4,7 @@ provider "aws" { terraform { backend "s3" { - bucket = "maria-quiteria-tfstate" + bucket = "maria-quiteria-tfstate1" key = "iac/terraform.tfstate" region = "us-east-1" } @@ -23,8 +23,8 @@ module "ecs_mentoria" { app_count = 1 fargate_cpu = 256 fargate_memory = 512 - subnet_ids = ["subnet-02341d1bbc03aa7de", "subnet-0b02c179f5a6ab207"] - vpc_id = "vpc-01d88d19d7e84312b" + subnet_ids = ["subnet-07e64bae35c703e59", "subnet-076661f11f71e2c7e"] + vpc_id = "vpc-0ca967f989c37ad90" protocol = "HTTP" family_name = "mentoria" service_name = "mentoria" @@ -63,9 +63,9 @@ terraform { module "rds_mariaquiteria" { source = "git::https://github.com/mentoriaiac/iac-modulo-aws-rds.git" - subnet_ids = ["subnet-02341d1bbc03aa7de", "subnet-0b02c179f5a6ab207"] + subnet_ids = ["subnet-07e64bae35c703e59", "subnet-076661f11f71e2c7e"] proj_name = "mariaquiteria" - vpc_id = "vpc-01d88d19d7e84312b" + vpc_id = "vpc-0ca967f989c37ad90" port = 5432 storage = 20 storage_type = "gp2" @@ -73,8 +73,8 @@ module "rds_mariaquiteria" { engine_version = "12.7" instance_type = "db.t2.micro" db_name = "mariaquiteria" - db_username = "mariaquiteriaadmin" - identifier = "database-mariaquiteria" + db_username = "postgres" + identifier = "mariaquiteria" parameter_group_name = "default.postgres12" snapshot = true publicly_accessible_rds = true @@ -140,13 +140,13 @@ module "rds_mariaquiteria" { name = "aws_s3_bucket", description = "Parâmetro referente à variável de ambiente AWS_S3_BUCKET" type = "String" - value = "maria-quiteria" + value = "maria-quiteria-tfstate1" }, { name = "aws_s3_bucket_folder", description = "Parâmetro referente à variável de ambiente AWS_S3_BUCKET_FOLDER" type = "String" - value = "teste" + value = " " }, { name = "aws_s3_region", diff --git a/web/settings.py b/web/settings.py index 774c6c56..c8c42482 100644 --- a/web/settings.py +++ b/web/settings.py @@ -74,7 +74,7 @@ class Common(Configuration): WSGI_APPLICATION = "web.wsgi.application" # Precisamos alterar para variavel de ambiente: default_db = postgres://POSTGRES_USER:$POSTGRES_PASSWORD@POSTGRES_ENDPOINT:5432/POSTGRES_NAME - default_db = "postgres://postgres:postgres@db:5432/mariaquiteria" + default_db = "postgres://postgres:postgres@mariaquiteria.c4rmfbajkjko.us-east-1.rds.amazonaws.com/mariaquiteria" DATABASES = {"default": dj_database_url.config(default=default_db)} AUTH_PASSWORD_VALIDATORS = [ From 6dbf195de1bc21cfa3777fb3fa9df0baf57c38f7 Mon Sep 17 00:00:00 2001 From: EzzioMoreira Date: Sun, 11 Sep 2022 13:57:43 -0300 Subject: [PATCH 04/10] fix: ajsute allorhost e variaveis banco --- Dockerfile | 2 ++ web/settings.py | 14 +++++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0be22dcc..03a75efd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,3 +18,5 @@ RUN apt-get update && \ COPY . . RUN python manage.py collectstatic --no-input + +CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"] diff --git a/web/settings.py b/web/settings.py index c8c42482..e20f22aa 100644 --- a/web/settings.py +++ b/web/settings.py @@ -74,8 +74,16 @@ class Common(Configuration): WSGI_APPLICATION = "web.wsgi.application" # Precisamos alterar para variavel de ambiente: default_db = postgres://POSTGRES_USER:$POSTGRES_PASSWORD@POSTGRES_ENDPOINT:5432/POSTGRES_NAME - default_db = "postgres://postgres:postgres@mariaquiteria.c4rmfbajkjko.us-east-1.rds.amazonaws.com/mariaquiteria" - DATABASES = {"default": dj_database_url.config(default=default_db)} + #default_db = "postgres://postgres:postgres@mariaquiteria.c4rmfbajkjko.us-east-1.rds.amazonaws.com/mariaquiteria" + DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.postgresql', + 'POSTGRES_ENDPOINT': os.getenv('POSTGRES_ENDPOINT'), + 'POSTGRES_NAME': os.getenv('POSTGRES_NAME'), + 'POSTGRES_USER': os.getenv('POSTGRES_USER'), + 'POSTGRES_PASSWORD': os.getenv('POSTGRES_PASSWORD'), + } + } AUTH_PASSWORD_VALIDATORS = [ { @@ -154,7 +162,7 @@ class Common(Configuration): class Dev(Common): DEBUG = True - ALLOWED_HOSTS = ["localhost", "127.0.0.1", "[::1]", "0.0.0.0"] + ALLOWED_HOSTS = ["localhost", "127.0.0.1", "[::1]", "0.0.0.0", "load-balance-mentoria-1815320676.us-east-1.elb.amazonaws.com"] INSTALLED_APPS = Common.INSTALLED_APPS + ["debug_toolbar"] From 9925cb6f87cae50b4ecf9ecce59564bfc7107bdb Mon Sep 17 00:00:00 2001 From: Ezzio Moreira Date: Mon, 19 Sep 2022 18:36:23 -0300 Subject: [PATCH 05/10] =?UTF-8?q?fiz:=20ajuste=20nome=20reposit=C3=B3rio?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Luiz Aoqui --- iac/container_definitions.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iac/container_definitions.json b/iac/container_definitions.json index b78a2e64..e7a5ee51 100644 --- a/iac/container_definitions.json +++ b/iac/container_definitions.json @@ -40,7 +40,7 @@ "options": { "awslogs-group": "mentoria-log", "awslogs-region": "us-east-1", - "awslogs-stream-prefix": "myawesomeapp" + "awslogs-stream-prefix": "maria-quiteria" } } } From 64e7507ac5a75c28bfe2bfb8a18ad6bd68568b9f Mon Sep 17 00:00:00 2001 From: Ezzio Moreira Date: Mon, 19 Sep 2022 18:37:33 -0300 Subject: [PATCH 06/10] fix: ajuste module source Co-authored-by: Luiz Aoqui --- iac/terrafile.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iac/terrafile.tf b/iac/terrafile.tf index 5fcd88a5..5cd671f2 100644 --- a/iac/terrafile.tf +++ b/iac/terrafile.tf @@ -18,7 +18,7 @@ data "template_file" "container_definitions" { } module "ecs_mentoria" { - source = "git::https://github.com/mentoriaiac/iac-modulo-aws-ecs.git" + source = "git::https://github.com/mentoriaiac/iac-modulo-aws-ecs.git?ref=ebfe0d63e4afa387b390cc91f44e12c89ba3bdea" create_cluster = true app_count = 1 fargate_cpu = 256 From c05ef8898bc048784ba8c0d5d5f7783f8999219f Mon Sep 17 00:00:00 2001 From: Ezzio Moreira Date: Mon, 19 Sep 2022 18:38:09 -0300 Subject: [PATCH 07/10] fix: ajuste terrafile Co-authored-by: Luiz Aoqui --- iac/terrafile.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/iac/terrafile.tf b/iac/terrafile.tf index 5cd671f2..838fbe5c 100644 --- a/iac/terrafile.tf +++ b/iac/terrafile.tf @@ -79,12 +79,12 @@ module "rds_mariaquiteria" { snapshot = true publicly_accessible_rds = true default_tags = { - Name : "RDS_mariaquiteria", - Team : "Mentoria-IAC", - Application : "maria-quiteria", - Environment : "Production", - Terraform : "Yes", - Owner : "Mentoria-IAC" + Name = "RDS_mariaquiteria", + Team = "Mentoria-IAC", + Application = "maria-quiteria", + Environment = "Production", + Terraform = "Yes", + Owner = "Mentoria-IAC" } parameters = [{ name = "sentry_dsn", From e585c0cfaca8e4e29c6c7cbb526a54cecc402f5e Mon Sep 17 00:00:00 2001 From: Ezzio Moreira Date: Mon, 19 Sep 2022 18:38:41 -0300 Subject: [PATCH 08/10] fix: remove linha terrafile Co-authored-by: Luiz Aoqui --- iac/terrafile.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/iac/terrafile.tf b/iac/terrafile.tf index 838fbe5c..bf239065 100644 --- a/iac/terrafile.tf +++ b/iac/terrafile.tf @@ -109,7 +109,6 @@ module "rds_mariaquiteria" { description = "Parâmetro referente à variável de ambiente DJANGO_SETTINGS_MODULE" type = "String" value = " " - }, { name = "django_configuration", From 904287f6133f490b07322fbd7ab42944ded76879 Mon Sep 17 00:00:00 2001 From: Ezzio Moreira Date: Mon, 19 Sep 2022 18:47:45 -0300 Subject: [PATCH 09/10] fix: remove linha terrafile Co-authored-by: Luiz Aoqui --- iac/terrafile.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/iac/terrafile.tf b/iac/terrafile.tf index bf239065..3a124795 100644 --- a/iac/terrafile.tf +++ b/iac/terrafile.tf @@ -133,7 +133,6 @@ module "rds_mariaquiteria" { description = "Parâmetro referente à variável de ambiente REFRESH_TOKEN_LIFETIME_IN_MINUTES" type = "String" value = " " - }, { name = "aws_s3_bucket", From 03da86b46575c59a19dfe002b6a12389381adef8 Mon Sep 17 00:00:00 2001 From: Ezzio Moreira Date: Sun, 25 Sep 2022 15:10:50 -0300 Subject: [PATCH 10/10] test/teste deploy stg (#1) --- .gitignore | 1 + iac/container_definitions.json | 76 ++++++++++++++++++++++++++++++++-- iac/terrafile.tf | 13 +++--- 3 files changed, 80 insertions(+), 10 deletions(-) diff --git a/.gitignore b/.gitignore index c506deba..9e1a1e02 100644 --- a/.gitignore +++ b/.gitignore @@ -41,6 +41,7 @@ crash.*.log # to change depending on the environment. *.tfvars *.tfvars.json +*.lock.hcl # Ignore override files as they are usually used to override resources locally and so # are not checked in diff --git a/iac/container_definitions.json b/iac/container_definitions.json index e7a5ee51..361714fa 100644 --- a/iac/container_definitions.json +++ b/iac/container_definitions.json @@ -14,25 +14,41 @@ "secrets": [ { "name": "POSTGRES_ENDPOINT", - "valueFrom": "arn:aws:ssm:us-east-1:733824474891:parameter/mariaquiteria/postgres_endpoint" + "valueFrom": "arn:aws:ssm:us-east-1:877563618566:parameter/mariaquiteria/postgres_endpoint" }, { "name": "POSTGRES_PASSWORD", - "valueFrom": "arn:aws:ssm:us-east-1:733824474891:parameter/mariaquiteria/postgres_password" + "valueFrom": "arn:aws:ssm:us-east-1:877563618566:parameter/mariaquiteria/postgres_password" }, { "name": "POSTGRES_NAME", - "valueFrom": "arn:aws:ssm:us-east-1:733824474891:parameter/mariaquiteria/postgres_name" + "valueFrom": "arn:aws:ssm:us-east-1:877563618566:parameter/mariaquiteria/postgres_name" }, { "name": "POSTGRES_USER", - "valueFrom": "arn:aws:ssm:us-east-1:733824474891:parameter/mariaquiteria/postgres_user" + "valueFrom": "arn:aws:ssm:us-east-1:877563618566:parameter/mariaquiteria/postgres_user" + }, + { + "name": "DATABASE_URL", + "valueFrom": "arn:aws:ssm:us-east-1:877563618566:parameter/mariaquiteria/database_url" } ], "environment": [ { "name": "AWESOME_ENV_VAR", "value": "/mariaquiteria/aws_s3_region" + }, + { + "name": "DJANGO_CONFIGURATION", + "value": "Prod" + }, + { + "name": "DJANGO_SECRET_KEY", + "value": "dont-tell-anybody" + }, + { + "name": "DJANGO_ALLOWED_HOSTS", + "value": "load-balance-mentoria-1704459434.us-east-1.elb.amazonaws.com" } ], "logConfiguration": { @@ -43,5 +59,57 @@ "awslogs-stream-prefix": "maria-quiteria" } } + }, + { + "cpu": 256, + "image": "${IMAGE}", + "command": ["celery", "-A", "web", "worker", "-l", "INFO", "--without-heartbeat", "--without-gossip", "--without-mingle"], + "memory": 512, + "name": "worker", + "networkMode": "awsvpc", + "secrets": [ + { + "name": "POSTGRES_ENDPOINT", + "valueFrom": "arn:aws:ssm:us-east-1:877563618566:parameter/mariaquiteria/postgres_endpoint" + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": "arn:aws:ssm:us-east-1:877563618566:parameter/mariaquiteria/postgres_password" + }, + { + "name": "POSTGRES_NAME", + "valueFrom": "arn:aws:ssm:us-east-1:877563618566:parameter/mariaquiteria/postgres_name" + }, + { + "name": "POSTGRES_USER", + "valueFrom": "arn:aws:ssm:us-east-1:877563618566:parameter/mariaquiteria/postgres_user" + }, + { + "name": "DATABASE_URL", + "valueFrom": "arn:aws:ssm:us-east-1:877563618566:parameter/mariaquiteria/database_url" + } + ], + "environment": [ + { + "name": "AWESOME_ENV_VAR", + "value": "/mariaquiteria/aws_s3_region" + }, + { + "name": "DJANGO_CONFIGURATION", + "value": "Prod" + }, + { + "name": "DJANGO_SECRET_KEY", + "value": "dont-tell-anybody" + } + ], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": "mentoria-log", + "awslogs-region": "us-east-1", + "awslogs-stream-prefix": "maria-worker" + } + } } ] diff --git a/iac/terrafile.tf b/iac/terrafile.tf index 3a124795..6d1a07cc 100644 --- a/iac/terrafile.tf +++ b/iac/terrafile.tf @@ -21,10 +21,10 @@ module "ecs_mentoria" { source = "git::https://github.com/mentoriaiac/iac-modulo-aws-ecs.git?ref=ebfe0d63e4afa387b390cc91f44e12c89ba3bdea" create_cluster = true app_count = 1 - fargate_cpu = 256 - fargate_memory = 512 - subnet_ids = ["subnet-07e64bae35c703e59", "subnet-076661f11f71e2c7e"] - vpc_id = "vpc-0ca967f989c37ad90" + fargate_cpu = 1024 + fargate_memory = 2048 + subnet_ids = ["subnet-03d379403b182fead", "subnet-0c7aaf51c80df183e"] + vpc_id = "vpc-0e919332ff389ff9a" protocol = "HTTP" family_name = "mentoria" service_name = "mentoria" @@ -53,6 +53,7 @@ output "security_group_id" { variable "image" { type = string + default = "ezmo/maria-quiteria:v1.4" description = "Nome da Imagem" } @@ -63,9 +64,9 @@ terraform { module "rds_mariaquiteria" { source = "git::https://github.com/mentoriaiac/iac-modulo-aws-rds.git" - subnet_ids = ["subnet-07e64bae35c703e59", "subnet-076661f11f71e2c7e"] + subnet_ids = ["subnet-03d379403b182fead", "subnet-0c7aaf51c80df183e"] proj_name = "mariaquiteria" - vpc_id = "vpc-0ca967f989c37ad90" + vpc_id = "vpc-0e919332ff389ff9a" port = 5432 storage = 20 storage_type = "gp2"