From 63fb9ace6054f79eb45b8d79083afe0bbd9d9fbf Mon Sep 17 00:00:00 2001 From: exequielrafaela Date: Sun, 6 Dec 2020 07:25:18 -0300 Subject: [PATCH] BBL-445 | user-guide base-configuration + base-workflow improved --- .../repo-le-tf-infra-aws-tf-state.md | 25 -- .../repo-le-tf-infra-aws.md | 169 ++++++++----- .../base-workflow/repo-le-ansible-infra.md | 20 +- .../base-workflow/repo-le-dev-makefiles.md | 235 ++++++++++++++++++ .../base-workflow/repo-le-helm-infra.md | 12 +- .../repo-le-tf-infra-aws-tf-state.md | 63 +++++ .../base-workflow/repo-le-tf-infra-aws.md | 4 +- 7 files changed, 423 insertions(+), 105 deletions(-) delete mode 100644 docs/user-guide/base-configuration/repo-le-tf-infra-aws-tf-state.md create mode 100644 docs/user-guide/base-workflow/repo-le-dev-makefiles.md create mode 100644 docs/user-guide/base-workflow/repo-le-tf-infra-aws-tf-state.md diff --git a/docs/user-guide/base-configuration/repo-le-tf-infra-aws-tf-state.md b/docs/user-guide/base-configuration/repo-le-tf-infra-aws-tf-state.md deleted file mode 100644 index 18e510fe2..000000000 --- a/docs/user-guide/base-configuration/repo-le-tf-infra-aws-tf-state.md +++ /dev/null @@ -1,25 +0,0 @@ -# Terraform - S3 & DynamoDB for Remote State Storage & Locking - -## Overview -Use this terraform configuration files to create the **S3 bucket** & **DynamoDB** table needed to use Terraform Remote -State Storage & Locking. - -## Prerequisites -- Ensure you have `make` installed in your system -- Refer to [Configuration Pre-requisites](../base-configuration/repo-le-tf-infra-aws.md) to understand how to set up the - configuration files required for this layer. - -## Set up -- Run `make init` -- Run `make apply`, review the output and type `yes` if you are okay with that -- This should create a `terraform.tfstate` file in this directory but we don't want to push that to the repository so - let's push the state to the backend we just created -- Open `config.tf` and uncomment the following lines: -``` - # backend "s3" { - # key = "root/tf-backend/terraform.tfstate" - # } -``` -- Run `make init` and type `yes` when Terraform asks if you want to import the state to the S3 backend -- Done. You can remove `terraform.tfstate` now (and also `terraform.tfstate.backup` if available) - diff --git a/docs/user-guide/base-configuration/repo-le-tf-infra-aws.md b/docs/user-guide/base-configuration/repo-le-tf-infra-aws.md index dbc99a7b2..bced32601 100644 --- a/docs/user-guide/base-configuration/repo-le-tf-infra-aws.md +++ b/docs/user-guide/base-configuration/repo-le-tf-infra-aws.md @@ -27,58 +27,96 @@ Under every account folder you will see a service layer structure similar to the ``` . ├── apps-devstg -│   ├── 10_databases_mysql -- -│   ├── 10_databases_pgsql -- -│   ├── 1_tf-backend -│   ├── 2_identities -│   ├── 3_network -│   ├── 4_security -│   ├── 4_security_compliance -- -│   ├── 5_dns -│   ├── 6_notifications -│   ├── 7_cloud-nuke -│   ├── 8_k8s_eks -- -│   ├── 8_k8s_kops -- -│   ├── 9_backups -- -│   ├── 9_storage -- -│   └── config +│   ├── backups -- +│   ├── base-identities +│   ├── base-network +│   ├── base-tf-backend +│   ├── cdn-s3-frontend +│   ├── config +│   ├── databases-mysql -- +│   ├── databases-pgsql -- +│   ├── ec2-fleet-ansible -- +│   ├── k8s-eks -- +│   ├── k8s-kops -- +│   ├── notifications +│   ├── security-audit +│   ├── security-base +│   ├── security-certs +│   ├── security-compliance -- +│   ├── security-keys +│   ├── security-keys-dr +│   ├── storage +│   └── tools-cloud-nuke ├── apps-prd -│   ├── 1_tf-backend -- -│   ├── 2_identities -- -│   ├── 3_network -- -│   ├── 4_security -- -│   ├── 4_security_compliance -- -│   ├── 5_dns -- -│   ├── 6_notifications -- -│   ├── 9_backups -- -│   └── config -├── root-org -│   ├── 1_tf-backend -│   ├── 2_identities -│   ├── 3_organizations -│   ├── 4_security -│   ├── 4_security_compliance -- -│   ├── 5_cost-mgmt -│   ├── 6_notifications -│   └── config +│   ├── backups -- +│   ├── base-identities +│   ├── base-network +│   ├── base-tf-backend +│   ├── cdn-s3-frontend +│   ├── config +│   ├── ec2-fleet -- +│   ├── notifications +│   ├── security-audit +│   ├── security-base +│   ├── security-certs +│   ├── security-compliance -- +│   └── security-keys +├── @bin +│   ├── config +│   ├── makefiles +│   └── scripts +├── CHANGELOG.md +├── config +│   └── common.config +├── _config.yml +├── @doc +│   └── figures +├── LICENSE.md +├── Makefile +├── README.md +├── root +│   ├── base-identities +│   ├── base-tf-backend +│   ├── config +│   ├── cost-mgmt +│   ├── notifications +│   ├── organizations +│   ├── security-audit +│   ├── security-base +│   ├── security-compliance -- +│   ├── security-keys +│   ├── security-monitoring +│   └── security-monitoring-dr -- ├── security -│   ├── 1_tf-backend -│   ├── 2_identities -│   ├── 4_security -│   ├── 4_security_compliance -- -│   ├── 6_notifications -│   └── config +│   ├── base-identities +│   ├── base-tf-backend +│   ├── config +│   ├── notifications +│   ├── security-audit +│   ├── security-base +│   ├── security-compliance -- +│   ├── security-keys +│   ├── security-monitoring +│   └── security-monitoring-dr -- └── shared - ├── 1_tf-backend - ├── 2_identities - ├── 3_network - ├── 4_security - ├── 4_security_compliance -- - ├── 5_dns - ├── 6_notifications - ├── 7_vpn-server - ├── 8_container_registry - └── config + ├── base-dns + ├── base-identities + ├── base-network + ├── base-tf-backend + ├── config + ├── container-registry + ├── ec2-fleet -- + ├── infra_prometheus + ├── notifications + ├── security-audit + ├── security-base + ├── security-compliance -- + ├── security-keys + ├── storage + ├── tools-cloud-scheduler-stop-start + ├── tools-eskibana -- + ├── tools-jenkins -- + └── tools-vpn-server ``` **NOTE:** As a convention folders with the `--` suffix reflect that the resources are not currently @@ -99,10 +137,8 @@ each account. - You are encouraged to inspect those Makefiles to understand what's going on. ## Terraform -- Install terraform >= v0.12.28 - - Run `terraform version` to check - - **NOTE:** Most `Makefiles` already grant the recs via - [Dockerized cmds](https://hub.docker.com/repository/docker/binbash/terraform-awscli) +- [`Makefiles`](https://github.com/binbashar/le-dev-makefiles) already grant the recs via + [Dockerized Terraform cmds](https://hub.docker.com/repository/docker/binbash/terraform-awscli-slim) ## Remote State In the `tf-backend` folder you should find all setup scripts or configuration files that need to be run before @@ -111,17 +147,26 @@ In the `tf-backend` folder you should find all setup scripts or configuration fi **IMPORTANT:** THIS IS ONLY NEEDED IF THE BACKEND WAS NOT CREATED YET. IF THE BACKEND ALREADY EXISTS YOU JUST USE IT. !!! info "Read More" - * [x] [Terraform - S3 & DynamoDB for Remote State Storage & Locking](./repo-le-tf-infra-aws-tf-state.md) + * [x] [Terraform - S3 & DynamoDB for Remote State Storage & Locking](../base-workflow/repo-le-tf-infra-aws-tf-state.md) ## Configuration -- Config files can be found in under each 'config' folder. -- File `backend.config` contains TF variables that are mainly used to configure TF backend but since - `profile` and `region` are defined there, we also use them to inject those values into other TF commands. - - eg: [le-tf-infra-aws/config/common.config](https://github.com/binbashar/le-tf-infra-aws/blob/master/config/common.config) -- File `/config/common.config` contains global context TF variables that we inject to TF commands which are used by all - sub-directories such as plan or apply and which cannot be stored in `backend.config` due to TF. - - eg: [le-tf-infra-aws/shared/config/backend.config](https://github.com/binbashar/le-tf-infra-aws/blob/master/shared/config/backend.config) - + +!!! tips "Config files can be found under each `config` folders" + - :file_folder: **Global config file** + [`/config/common.config`](https://github.com/binbashar/le-tf-infra-aws/blob/master/config/common.config) + contains global context TF variables that we inject to TF commands which are used by all sub-directories such as + `make plan` or `make apply` and which cannot be stored in `backend.config` due to TF. + - :file_folder: **Account config files** + - [`backend.config`](https://github.com/binbashar/le-tf-infra-aws/blob/master/shared/config/backend.config) + contains TF variables that are mainly used to configure TF backend but since + `profile` and `region` are defined there, we also use them to inject those values into other TF commands. + - [`account.config`](https://github.com/binbashar/le-tf-infra-aws/blob/master/shared/config/account.config) + contains TF variables that are specific to an AWS account. + - :file_folder: **Makefile config file** + [`/@bin/config/base.mk`](https://github.com/binbashar/le-tf-infra-aws/blob/master/%40bin/config/base.mk) contains + global [makefile-lib](https://github.com/binbashar/le-dev-makefiles) variables + + ## AWS Profile - File `backend.config` will inject the profile name that TF will use to make changes on AWS. - Such profile is usually one that relies on another profile to assume a role to get access to each corresponding account. diff --git a/docs/user-guide/base-workflow/repo-le-ansible-infra.md b/docs/user-guide/base-workflow/repo-le-ansible-infra.md index 422a44d22..1e99d8971 100644 --- a/docs/user-guide/base-workflow/repo-le-ansible-infra.md +++ b/docs/user-guide/base-workflow/repo-le-ansible-infra.md @@ -1,13 +1,13 @@ # Workflow -### Makefile -- We rely on `Makefiles` as a wrapper to run terraform commands that consistently use the same config files. -- You are encouraged to inspect those Makefiles to understand what's going on. +!!! info "Makefile" + - We rely on `Makefiles` as a wrapper to run terraform commands that consistently use the same config files. + - You are encouraged to inspect those Makefiles to understand what's going on. -### Ansible -1. Get into the folder that you need to work with (e.g. `ansible-playbook-vpn-pritunl`) -2. Run `make init` to get all the necessary Ansible roles based on each `requirements.yml` -3. Run `init-ansible-py` (if necessary) -4. Make whatever changes you need to make as stated in each Playbook Documentation (check Documentation section above) -5. Run `make check` if you only mean to preview those changes -6. Run `make apply` if you want to apply those changes \ No newline at end of file +!!! example "![leverage-ansible](../../assets/images/logos/ansible.png "Leverage"){: style="width:20px"} [Ansible Infra](https://github.com/binbashar/le-ansible-infra)" + 1. Get into the folder that you need to work with (e.g. `ansible-playbook-vpn-pritunl`) + 2. Run `make init` to get all the necessary Ansible roles based on each `requirements.yml` + 3. Run `init-ansible-py` (if necessary) + 4. Make whatever changes you need to make as stated in each Playbook Documentation (check Documentation section above) + 5. Run `make check` if you only mean to preview those changes + 6. Run `make apply` if you want to apply those changes \ No newline at end of file diff --git a/docs/user-guide/base-workflow/repo-le-dev-makefiles.md b/docs/user-guide/base-workflow/repo-le-dev-makefiles.md new file mode 100644 index 000000000..fc640fff8 --- /dev/null +++ b/docs/user-guide/base-workflow/repo-le-dev-makefiles.md @@ -0,0 +1,235 @@ +# Makefiles used to operate Binbash Leverage repositories. + +## Overview + +In order to get the full automated potential of the +[Binbash Leverage DevOps Automation Code Library](https://leverage.binbash.com.ar/how-it-works/code-library/code-library/) +you should initialize all the necessary helper **Makefiles**. + +!!! faq "How?" + For all supported modules and infra components you must execute the `make init-makefiles` command at the root context + + ```shell + ╭─delivery at delivery-I7567 in ~/terraform/terraform-aws-backup-by-tags on master✔ 20-09-17 + ╰─⠠⠵ make + Available Commands: + - init-makefiles initialize makefiles + ``` + +!!! faq "Why?" + You'll get all the necessary commands to automatically operate this module via a dockerized approach, + example shown below for the different tech stack components + +### Terraform + +!!! tip "![leverage-terraform](../../assets/images/logos/terraform.png "Leverage"){: style="width:20px"} Modules" + ```shell + ╭─delivery at delivery-I7567 in ~/terraform/terraform-aws-backup-by-tags on master✔ 20-09-17 + ╰─⠠⠵ make + Available Commands: + - circleci-validate-config ## Validate A CircleCI Config (https + - format-check ## The terraform fmt is used to rewrite tf conf files to a canonical format and style. + - format ## The terraform fmt is used to rewrite tf conf files to a canonical format and style. + - tf-dir-chmod ## run chown in ./.terraform to gran that the docker mounted dir has the right permissions + - version ## Show terraform version + - init-makefiles ## initialize makefiles + ``` + + ```shell + ╭─delivery at delivery-I7567 in ~/terraform/terraform-aws-backup-by-tags on master✔ 20-09-17 + ╰─⠠⠵ make format-check + docker run --rm -v /home/delivery/Binbash/repos/Leverage/terraform/terraform-aws-backup-by-tags:"/go/src/project/":rw -v :/config -v /common.config:/common-config/common.config -v ~/.ssh:/root/.ssh -v ~/.gitconfig:/etc/gitconfig -v ~/.aws/bb:/root/.aws/bb -e AWS_SHARED_CREDENTIALS_FILE=/root/.aws/bb/credentials -e AWS_CONFIG_FILE=/root/.aws/bb/config --entrypoint=/bin/terraform -w "/go/src/project/" -it binbash/terraform-awscli-slim:0.12.28 fmt -check + ``` + +!!! tip "![leverage-terraform](../../assets/images/logos/terraform.png "Leverage"){: style="width:20px"} Infra" + ```shell + ╭─delivery at delivery-ops in ~/le-tf-infra-aws/apps-devstg/base-network on master✔ 2020-10-29 + ╰─⠠⠵ make + Available Commands: + - apply apply-cmd tf-dir-chmod ## Make terraform apply any changes with dockerized binary + - cost-estimate-plan ## Terraform plan output compatible with https + - cost-estimate-state ## Terraform state output compatible with https + - decrypt ## Decrypt secrets.tf via ansible-vault + - destroy ## Destroy all resources managed by terraform + - encrypt ## Encrypt secrets.dec.tf via ansible-vault + - force-unlock ## Manually unlock the terraform state, eg + - format-check ## The terraform fmt is used to rewrite tf conf files to a canonical format and style. + - format ## The terraform fmt is used to rewrite tf conf files to a canonical format and style. + - init init-cmd tf-dir-chmod ## Initialize terraform backend, plugins, and modules + - init-reconfigure init-reconfigure-cmd tf-dir-chmod ## Initialize and reconfigure terraform backend, plugins, and modules + - output ## Terraform output command is used to extract the value of an output variable from the state file. + - plan-detailed ## Preview terraform changes with a more detailed output + - plan ## Preview terraform changes + - shell ## Initialize terraform backend, plugins, and modules + - tf-dir-chmod ## run chown in ./.terraform to gran that the docker mounted dir has the right permissions + - tflint-deep ## TFLint is a Terraform linter for detecting errors that can not be detected by terraform plan (tf0.12 > 0.10.x). + - tflint ## TFLint is a Terraform linter for detecting errors that can not be detected by terraform plan (tf0.12 > 0.10.x). + - validate-tf-layout ## Validate Terraform layout to make sure it's set up properly + - version ## Show terraform version + ``` + + ```shell + ╭─delivery at delivery-ops in ~/le-tf-infra-aws/apps-devstg/base-network on master✔ 2020-10-29 + ╰─⠠⠵ make init + docker run --rm -v ~/le-tf-infra-aws/apps-devstg/base-network:"/go/src/project/":rw \ + -v ~/le-tf-infra-aws/apps-devstg/config:/config \ + -v ~/le-tf-infra-aws/config/common.config:/common-config/common.config \ + -v ~/.ssh:/root/.ssh -v ~/.gitconfig:/etc/gitconfig \ + -v ~/.aws/bb:/root/.aws/bb \ + -e AWS_SHARED_CREDENTIALS_FILE=/root/.aws/bb/credentials \ + -e AWS_CONFIG_FILE=/root/.aws/bb/config \ + --entrypoint=/bin/terraform \ + -w "/go/src/project/" \ + -it binbash/terraform-awscli-slim:0.13.2 init \ + -backend-config=/config/backend.config + Initializing modules... + + Initializing the backend... + + Initializing provider plugins... + - terraform.io/builtin/terraform is built in to Terraform + - Using previously-installed hashicorp/aws v3.9.0 + + Terraform has been successfully initialized! + + You may now begin working with Terraform. Try running "terraform plan" to see + any changes that are required for your infrastructure. All Terraform commands + should now work. + + If you ever set or change modules or backend configuration for Terraform, + rerun this command to reinitialize your working directory. If you forget, other + commands will detect it and remind you to do so if necessary. + LOCAL_OS_USER_ID: 1000 + LOCAL_OS_GROUP_ID: 1000 + sudo chown -R 1000:1000 ./.terraform + ``` + +### Ansible + +!!! tip "![leverage-ansible](../../assets/images/logos/ansible.png "Leverage"){: style="width:20px"} Roles" + ```shell + ╭─delivery at delivery-ops + ╰─⠠⠵ make + Available Commands: + - ansible-galaxy-import-role ## Run playbook tests w/ molecule using the local code + - init ## Install required ansible roles + - test-ansible-lint ## Ansible lint + - test-molecule-galaxy ## Run playbook tests w/ molecule pulling role from ansible galaxy + - test-molecule-local ## Run playbook tests w/ molecule using the local code + - circleci-validate-config ## Validate A CircleCI Config (https + - changelog-init ## git-chglog (https + - changelog-major ## git-chglog generation for major release + - changelog-minor ## git-chglog generation for minor release + - changelog-patch ## git-chglog generation for path release + - release-major ## releasing major (eg + - release-major-with-changelog-circleci ## make changelog-major && git add && git commit && make release-major + - release-major-with-changelog ## make changelog-major && git add && git commit && make release-major + - release-minor ## releasing minor (eg + - release-minor-with-changelog-circleci ## make changelog-minor && git add && git commit && make release-minor + - release-minor-with-changelog ## make changelog-minor && git add && git commit && make release-minor + - release-patch ## releasing patch (eg + - release-patch-with-changelog-circleci ## make changelog-patch && git add && git commit && make release-patch + - release-patch-with-changelog ## make changelog-patch && git add && git commit && make release-patch + - init-makefiles ## initialize makefiles + ``` + + ```shell + ╭─delivery at delivery-ops + ╰─⠠⠵ make test-molecule-local + ... + ------------------------------- + TESTING MODULE ON: ubuntu1804 + ------------------------------- + Using default tag: latest + latest: Pulling from geerlingguy/docker-ubuntu1804-ansible + Digest: sha256:1b47cbb66e819170fd3afee98db55176bc13cd12fabdbcf0183aff2582dc0254 + Status: Image is up to date for geerlingguy/docker-ubuntu1804-ansible:latest + docker.io/geerlingguy/docker-ubuntu1804-ansible:latest + ## Starting testing stages ## + --> Test matrix + + └── default + ├── dependency + ├── lint + ├── cleanup + ├── destroy + ├── syntax + ├── create + ├── prepare + ├── converge + ├── idempotence + ├── side_effect + ├── verify + ├── cleanup + └── destroy + + --> Scenario: 'default' + ... + + PLAY [Destroy] ***************************************************************** + + TASK [Destroy molecule instance(s)] ******************************************** + changed: [localhost] => (item=instance) + + TASK [Wait for instance(s) deletion to complete] ******************************* + FAILED - RETRYING: Wait for instance(s) deletion to complete (300 retries left). + changed: [localhost] => (item=None) + changed: [localhost] + + TASK [Delete docker network(s)] ************************************************ + + PLAY RECAP ********************************************************************* + localhost : ok=2 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + + --> Pruning extra files from scenario ephemeral directory + ------------------------------- + DONE + + ------------------------------- + TESTING MODULE ON: ubuntu1604 + ------------------------------- + ``` + +!!! tip "![leverage-ansible](../../assets/images/logos/ansible.png "Leverage"){: style="width:20px"} Infra" + ```shell + ╭─delivery at delivery-ops in ~/le-ansible-infra/vpn-pritunl on master✔ 20-10-21 + ╰─⠠⠵ make + Available Commands: + - apply ## run ansible-playbook + - check ## run ansible-playbook in Check Mode (“Dry Run”) + - decrypt ## Decrypt secrets.tf via ansible-vault + - decrypt-string ## Decrypt encrypted string via ansible-vault - e.g. make ARG="your_encrypted_srting" decrypt-string + - encrypt ## Encrypt secrets.dec.tf via ansible-vault + - init-ansible-py ## Install required ansible version + - init ## Install required ansible roles + - apply-users ## Run sec-users playbook on this host + ``` + + ```shell + ╭─delivery at delivery-ops in ~/le-ansible-infra/vpn-pritunl on master✔ 20-10-21 + ╰─⠠⠵ make check + ansible-playbook setup.yml --check + + PLAY [Provision OpenVPN Pritunl instance] **************************************************************************************************************************************************** + + TASK [Gathering Facts] *********************************************************************************************************************************************************************** + ok: [pritunl_private] + + TASK [Check ansible version] ***************************************************************************************************************************************************************** + ok: [pritunl_private] => { + "changed": false, + "msg": "All assertions passed" + } + + TASK [binbash_inc.ansible_role_common : Setup your server hostname] ************************************************************************************************************************** + ok: [pritunl_private] + ... + ``` + +### Helm + +!!! tip "![leverage-helm](../../assets/images/logos/helm.png "Leverage"){: style="width:20px"} Charts" + TODO + +!!! tip "![leverage-helm](../../assets/images/logos/helm.png "Leverage"){: style="width:20px"} Infra" + TODO \ No newline at end of file diff --git a/docs/user-guide/base-workflow/repo-le-helm-infra.md b/docs/user-guide/base-workflow/repo-le-helm-infra.md index fcff06aac..c66fdb416 100644 --- a/docs/user-guide/base-workflow/repo-le-helm-infra.md +++ b/docs/user-guide/base-workflow/repo-le-helm-infra.md @@ -1,8 +1,8 @@ # Typical Workflow -## Add or remove apps to an environment -- Go to the directory of the environment you need to work with (shared, devstg, prd, ...) -- Edit `helmsman.yaml` to add/remove any charts you need -- Run helmsman in plan mode to preview your changes: `make plan` -- Review the plan to make sure helmsman will apply the changes you expect -- Run helmsman in apply mode: `make apply` \ No newline at end of file +!!! example "![leverage-helm](../../assets/images/logos/helm.png "Leverage"){: style="width:20px"} Add or remove apps to an environment" + - Go to the directory of the environment you need to work with (shared, devstg, prd, ...) + - Edit `helmsman.yaml` to add/remove any charts you need + - Run helmsman in plan mode to preview your changes: `make plan` + - Review the plan to make sure helmsman will apply the changes you expect + - Run helmsman in apply mode: `make apply` \ No newline at end of file diff --git a/docs/user-guide/base-workflow/repo-le-tf-infra-aws-tf-state.md b/docs/user-guide/base-workflow/repo-le-tf-infra-aws-tf-state.md new file mode 100644 index 000000000..c8bae74eb --- /dev/null +++ b/docs/user-guide/base-workflow/repo-le-tf-infra-aws-tf-state.md @@ -0,0 +1,63 @@ +# Terraform - S3 & DynamoDB for Remote State Storage & Locking + +## Overview +Use this terraform configuration files to create the **S3 bucket** & **DynamoDB** table needed to use Terraform Remote +State Storage & Locking. + +![leverage-ref-arch-tf](../../assets/images/diagrams/terraform-aws-s3-backend.png "Leverage"){: style="width:350px"} + +
+Figure: Terraform remote state store & locking necessary AWS S3 bucket and DynamoDB table components. +(Source: Binbash Leverage, + +"Terraform Module: Terraform Backend", +Terraform modules registry, accessed December 3rd 2020). +
+ +## Prerequisites + +!!! example "Terraform repo structure + state backend initialization" + 1. Ensure you have `make` installed in your system + 2. Refer to [Configuration Pre-requisites](../base-configuration/repo-le-tf-infra-aws.md) to understand how to set up the + configuration files required for this layer. Where you must build your + [Terraform Reference Architecture account structure](../../how-it-works/organization/organization.md) + 3. Leveraged by the [DevOps Automation Code Library](../../how-it-works/code-library/code-library.md) through the + [terraform-aws-tfstate-backend module](https://registry.terraform.io/modules/binbashar/tfstate-backend/aws/latest) + - [/root/base-tf-backend](https://github.com/binbashar/le-tf-infra-aws/tree/master/root/base-tf-backend) + - [/security/base-tf-backend](https://github.com/binbashar/le-tf-infra-aws/tree/master/security/base-tf-backend) + - [/shared/base-tf-backend](https://github.com/binbashar/le-tf-infra-aws/tree/master/shared/base-tf-backend) + - [/apps-devstg/base-tf-backend](https://github.com/binbashar/le-tf-infra-aws/tree/master/apps-devstg/base-tf-backend) + - [/apps-prd/base-tf-backend](https://github.com/binbashar/le-tf-infra-aws/tree/master/apps-prd/base-tf-backend) + +## Set up + +!!! example "Steps to initialize your tf-backend" + 1. At the root context of the *Terraform Reference Architecture account structure* run `make init-makefiles` + ``` + ╭─delivery at delivery-ops in ~/Binbash/repos/Leverage/ref-architecture/le-tf-infra-aws on master✘✘✘ 20-12-02 - 10:30:31 + ╰─⠠⠵ make init-makefiles + ... + mkdir -p ./@bin/makefiles + git clone https://github.com/binbashar/le-dev-makefiles.git ./@bin/makefiles -q + cd ./@bin/makefiles && git checkout v0.1.7 -q + + ``` + 2. At the corresponding account dir, + eg: [/shared/base-tf-backend](https://github.com/binbashar/le-tf-infra-aws/tree/master/shared/base-tf-backend) then, + 3. Run `make init` + 4. Run `make plan`, review the output to understand the expected changes + 5. Run `make apply`, review the output once more and type `yes` if you are okay with that + 6. This should create a `terraform.tfstate` file in this directory but we don't want to push that to the repository so + let's push the state to the backend we just created + + - Open `config.tf` and uncomment the following lines: + ``` + # backend "s3" { + # key = "root/tf-backend/terraform.tfstate" + # } + ``` + - Run `make init` and type `yes` when Terraform asks if you want to import the state to the S3 backend + - Done. You can remove `terraform.tfstate` now (and also `terraform.tfstate.backup` if available) + +## Expected workflow after set up +[![asciicast](https://asciinema.org/a/377220.svg)](https://asciinema.org/a/377220) \ No newline at end of file diff --git a/docs/user-guide/base-workflow/repo-le-tf-infra-aws.md b/docs/user-guide/base-workflow/repo-le-tf-infra-aws.md index 93f5a1cf3..1f431f512 100644 --- a/docs/user-guide/base-workflow/repo-le-tf-infra-aws.md +++ b/docs/user-guide/base-workflow/repo-le-tf-infra-aws.md @@ -5,7 +5,7 @@ 1. Make sure you've read and prepare your local development environment following the [Overview base-configurations](../base-configuration/overview.md) section. 2. Review and assure you meet all the [pre-requisites](../base-configuration/repo-le-tf-infra-aws.md) - - [x] [Remote State](../base-configuration/repo-le-tf-infra-aws-tf-state.md) + - [x] [Remote State](repo-le-tf-infra-aws-tf-state.md) - [x] Configuration files - [x] [AWS Profile and credentials](../identities/credentials.md) 3. Get into the folder that you need to work with (e.g. `2_identities`) @@ -23,7 +23,7 @@ ## Running in Automation ![leverage-aws-terraform](../../assets/images/diagrams/aws-terraform-automation.png "Terraform"){: style="width:350"} -
**Figure:** Running terraform with AWS in automation (just as reference).
+
Figure: Running terraform with AWS in automation (just as reference).
## Read More