Skip to content

Commit

Permalink
consolidate the multiple terraform deployments at src/core/* into a s…
Browse files Browse the repository at this point in the history
…ingle deployment at src/terraform (Azure#268)
  • Loading branch information
glennmusa authored Jun 29, 2021
1 parent c3f54f3 commit 9edf8ba
Show file tree
Hide file tree
Showing 140 changed files with 2,339 additions and 31,935 deletions.
5 changes: 0 additions & 5 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,5 @@
version: 2
updates:
- package-ecosystem: "pip"
directory: "src/front"
schedule:
interval: "daily"

- package-ecosystem: "github-actions"
directory: "/"
schedule:
Expand Down
18 changes: 5 additions & 13 deletions .github/workflows/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,13 @@ For more on workflows: <https://docs.github.com/en/actions/reference/workflow-sy

1. Checks out the .devcontainer from a private container registry for common tools

1. Recursively validates and lints all the terraform referenced at src/core
1. Recursively validates and lints all the terraform referenced at src/terraform

## Configuration Prerequisites

1. MLZ Setup

To apply terraform at all, locally, or from this automation, `src/scripts/config/create_mlz_configuration_resources.sh` must be run to create the storage accounts to store Terraform state and create the Service Principal with authorization to deploy resources into the configured subscription(s).
To apply terraform at all, locally, or from this automation, `src/scripts/config/create_required_resources.sh` must be run to create the storage accounts to store Terraform state and create the Service Principal with authorization to deploy resources into the configured subscription(s).

See the root README's [Configure the Terraform Backend](#../..//README.md/#Configure-the-Terraform-Backend) on how to do this.

Expand All @@ -46,12 +46,8 @@ For more on workflows: <https://docs.github.com/en/actions/reference/workflow-sy

File Name | Value
------------ | -------------
mlz.config | An MLZ Configuration file that comes from create_mlz_configuration_resources.sh
globals.tfvars | Global MLZ terraform values
saca-hub.tfvars | SACA Hub MLZ terraform values
tier-0.tfvars | Tier 0 MLZ terraform values
tier-1.tfvars | Tier 1 MLZ terraform values
tier-2.tfvars | Tier 2 MLZ terraform values
mlz.config | An MLZ Configuration file that comes from create_required_resources.sh
mlz.tfvars | MLZ terraform values

Running this from your local machine, you can provide these files yourself, but, today, for automation these files are stored in an Azure Storage Account and retrieved at workflow execution time. See [build/get_vars.sh](../../build/get_vars.sh) to see how we retrieve

Expand All @@ -60,11 +56,7 @@ For more on workflows: <https://docs.github.com/en/actions/reference/workflow-sy
# pulls down these files:
vars/mlz.config
vars/globals.tfvars
vars/saca-hub.tfvars
vars/tier-0.tfvars
vars/tier-1.tfvars
vars/tier-2.tfvars
vars/mlz.tfvars
```
1. Secret store and minimally scoped Service Principal
Expand Down
12 changes: 2 additions & 10 deletions .github/workflows/apply-and-destroy-terraform.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,21 +40,13 @@ jobs:
cd src/build
./apply_tf.sh \
vars/mlz.config \
vars/globals.tfvars \
vars/saca-hub.tfvars \
vars/tier-0.tfvars \
vars/tier-1.tfvars \
vars/tier-2.tfvars \
vars/mlz.tfvars \
n
- name: destroy terraform
run : |
cd src/build
./destroy_tf.sh \
vars/mlz.config \
vars/globals.tfvars \
vars/saca-hub.tfvars \
vars/tier-0.tfvars \
vars/tier-1.tfvars \
vars/tier-2.tfvars \
vars/mlz.tfvars \
n
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
*.tfvars
*.terraform
*.tfstate
*.tfstate.backup
*.tfstate.*
terraform-provider-azurerm_v*
terraform-provider-random_v*
*.terraform.lock.hcl
Expand Down
3 changes: 0 additions & 3 deletions src/.dockerignore

This file was deleted.

100 changes: 0 additions & 100 deletions src/Dockerfile

This file was deleted.

18 changes: 5 additions & 13 deletions src/build/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,31 +30,23 @@ There's an [optional argument to display terraform output](#Optionally-display-T
```shell
usage() {
echo "apply_tf.sh: Automation that calls apply terraform given a MLZ configuration and some tfvars"
error_log "usage: apply_tf.sh <mlz config> <globals.tfvars> <saca.tfvars> <tier0.tfvars> <tier1.tfvars> <tier2.tfvars> <display terraform output (y/n)>"
error_log "usage: apply_tf.sh <mlz config> <mlz.tfvars> <display terraform output (y/n)>"
}
```

```shell
# assuming src/scripts/config/create_mlz_configuration_resources.sh has been run before...
# assuming src/scripts/config/create_required_resources.sh has been run before...
./apply_tf.sh \
./path-to/mlz.config \
./path-to/globals.tfvars \
./path-to/saca-hub.tfvars \
./path-to/tier-0.tfvars \
./path-to/tier-1.tfvars \
./path-to/tier-2.tfvars \
./path-to/mlz.tfvars
y
```

```shell
# assuming src/scripts/config/create_mlz_configuration_resources.sh has been run before...
# assuming src/scripts/config/create_required_resources.sh has been run before...
./destroy_tf.sh \
./path-to/mlz.config \
./path-to/globals.tfvars \
./path-to/saca-hub.tfvars \
./path-to/tier-0.tfvars \
./path-to/tier-1.tfvars \
./path-to/tier-2.tfvars \
./path-to/mlz.tfvars \
y
```

Expand Down
63 changes: 27 additions & 36 deletions src/build/apply_tf.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
# SC1090: Can't follow non-constant source. Use a directive to specify location.
# SC2154: "var is referenced but not assigned". These values come from an external file.
#
# Automation that calls apply terraform given a MLZ configuration and some globals.tfvars
# Automation that calls apply terraform given a MLZ configuration

set -e

Expand All @@ -17,45 +17,39 @@ error_log() {

usage() {
echo "apply_tf.sh: Automation that calls apply terraform given a MLZ configuration and some tfvars"
error_log "usage: apply_tf.sh <mlz config> <globals.tfvars> <saca.tfvars> <tier0.tfvars> <tier1.tfvars> <tier2.tfvars> <display terraform output (y/n)>"
error_log "usage: apply_tf.sh <mlz config> <mlz.tfvars> <display terraform output (y/n)>"
}

if [[ "$#" -lt 6 ]]; then
if [[ "$#" -lt 2 ]]; then
usage
exit 1
fi

# take some valid, well known, mlz_config and vars as input
mlz_config=$1
globals=$2
saca_vars=$3
tier0_vars=$4
tier1_vars=$5
tier2_vars=$6
display_tf_output=${7:-n}
# take some valid, well known, mlz_config and tfvars as input
mlz_config=$(realpath "${1}")
mlz_tfvars=$(realpath "${2}")
display_tf_output=${3:-n}

# reference paths
this_script_path=$(realpath "${BASH_SOURCE%/*}")
src_dir=$(dirname "${this_script_path}")
core_path="${src_dir}/core/"
scripts_path="${src_dir}/scripts/"
terraform_dir="${src_dir}/terraform/"
scripts_dir="${src_dir}/scripts/"

# apply function
apply() {
name=$1
tier_sub=$2
path=$3
vars=$4
sub_id=$1
tf_dir=$2
vars=$3

# generate config.vars based on MLZ Config and Terraform module
. "${scripts_path}/config/generate_vars.sh" \
. "${scripts_dir}/config/generate_vars.sh" \
"${mlz_config}" \
"${tier_sub}" \
"${name}" \
"${path}"
"${sub_id}" \
"${tf_dir}"

# remove any existing terraform initialzation
rm -rf "${path}/.terraform"
rm -rf "${tf_dir}/.terraform"

# copy input vars to temporary file
input_vars=$(realpath "${vars}")
Expand All @@ -64,26 +58,26 @@ apply() {
touch "${temp_vars}"
cp "${input_vars}" "${temp_vars}"

# remove any configuration tfvars and subtitute it with input vars
tf_vars="${path}/$(basename "${vars}")"
# remove any tfvars and subtitute it with input vars
tf_vars="${tf_dir}/$(basename "${vars}")"
rm -f "${tf_vars}"
touch "${tf_vars}"
cp "${temp_vars}" "${tf_vars}"
rm -f "${temp_vars}"

# set the target subscription
az account set \
--subscription "${tier_sub}" \
--subscription "${sub_id}" \
--output none

# attempt to apply $max_attempts times before giving up waiting between attempts
# attempt to apply $max_attempts times before giving up
# (race conditions, transient errors etc.)
apply_success="false"
attempts=1
max_attempts=5

apply_command="${scripts_path}/terraform/apply_terraform.sh ${globals} ${path} ${tf_vars} y"
destroy_command="${scripts_path}/terraform/destroy_terraform.sh ${globals} ${path} ${tf_vars} y"
apply_command="${scripts_dir}/terraform/apply_terraform.sh ${tf_dir} ${tf_vars} y"
destroy_command="${scripts_dir}/terraform/destroy_terraform.sh ${tf_dir} ${tf_vars} y"

if [[ $display_tf_output == "n" ]]; then
apply_command+=" &>/dev/null"
Expand All @@ -92,24 +86,24 @@ apply() {

while [ $apply_success == "false" ]
do
echo "INFO: applying ${name} (${attempts}/${max_attempts})..."
echo "INFO: applying Terraform at ${tf_dir} (${attempts}/${max_attempts})..."

if ! eval "$apply_command";
then
# if we fail, run terraform destroy and try again
error_log "ERROR: failed to apply ${name} (${attempts}/${max_attempts}). Trying some manual clean-up and Terraform destroy..."
error_log "ERROR: failed to apply ${tf_dir} (${attempts}/${max_attempts}). Trying some manual clean-up and Terraform destroy..."
eval "$destroy_command"

((attempts++))

if [[ $attempts -gt $max_attempts ]]; then
error_log "ERROR: failed ${max_attempts} times to apply ${name}. Exiting."
error_log "ERROR: failed ${max_attempts} times to apply ${tf_dir}. Exiting."
exit 1
fi
else
# if we succeed meet the base case
apply_success="true"
echo "INFO: finished applying ${name}!"
echo "INFO: finished applying ${tf_dir}!"
fi
done
}
Expand All @@ -118,7 +112,4 @@ apply() {
. "${mlz_config}"

# call apply()
apply "saca-hub" "${mlz_saca_subid}" "${core_path}/saca-hub" "${saca_vars}"
apply "tier-0" "${mlz_tier0_subid}" "${core_path}/tier-0" "${tier0_vars}"
apply "tier-1" "${mlz_tier1_subid}" "${core_path}/tier-1" "${tier1_vars}"
apply "tier-2" "${mlz_tier2_subid}" "${core_path}/tier-2" "${tier2_vars}"
apply "${mlz_saca_subid}" "${terraform_dir}/mlz" "${mlz_tfvars}"
Loading

0 comments on commit 9edf8ba

Please sign in to comment.