From d4f157cc8d4cec4e54b449ce0db8080f45e47a6e Mon Sep 17 00:00:00 2001 From: Krisjanis Lejejs Date: Thu, 12 Sep 2024 16:43:13 +0300 Subject: [PATCH 01/14] Add deployment configuration for Stun server --- stun_server/dns.tf | 11 +++++ stun_server/ecs.tf | 87 ++++++++++++++++++++++++++++++++++++++++ stun_server/main.tf | 18 +++++++++ stun_server/network.tf | 26 ++++++++++++ stun_server/outputs.tf | 4 ++ stun_server/variables.tf | 9 +++++ stun_server/versions.tf | 19 +++++++++ 7 files changed, 174 insertions(+) create mode 100644 stun_server/dns.tf create mode 100644 stun_server/ecs.tf create mode 100644 stun_server/main.tf create mode 100644 stun_server/network.tf create mode 100644 stun_server/outputs.tf create mode 100644 stun_server/variables.tf create mode 100644 stun_server/versions.tf diff --git a/stun_server/dns.tf b/stun_server/dns.tf new file mode 100644 index 0000000..6527651 --- /dev/null +++ b/stun_server/dns.tf @@ -0,0 +1,11 @@ +data "cloudflare_zone" "dns_zone" { + name = var.domain_name +} + +resource "cloudflare_record" "instance_dns" { + zone_id = data.cloudflare_zone.dns_zone.id + name = "" # TODO: Add the subdomain + content = data.aws_network_interface.stun_server_interface.association[0].public_ip + type = "A" + proxied = true +} diff --git a/stun_server/ecs.tf b/stun_server/ecs.tf new file mode 100644 index 0000000..fed0a29 --- /dev/null +++ b/stun_server/ecs.tf @@ -0,0 +1,87 @@ +resource "aws_ecs_service" "stun-server" { + name = "stun-server" + + cluster = data.tfe_outputs.infrastructure.values.ecs_cluster + task_definition = aws_ecs_task_definition.stun-server.arn + count = 1 + desired_count = 1 + + deployment_minimum_healthy_percent = 100 + deployment_maximum_percent = 200 + health_check_grace_period_seconds = 90 + launch_type = "FARGATE" + + # Required to fetch the public IP address of the ECS service + enable_ecs_managed_tags = true + wait_for_steady_state = true + + network_configuration { + assign_public_ip = true + security_groups = [aws_security_group.stun_sg.id] + subnets = [ + data.tfe_outputs.infrastructure.values.public_subnets[0], + data.tfe_outputs.infrastructure.values.public_subnets[1] + ] + } +} + +data "aws_network_interface" "stun_server_interface" { + filter { + name = "tag:aws:ecs:serviceName" + values = [aws_ecs_service.stun-server.name] + } +} + +resource "aws_cloudwatch_log_group" "aws_logs" { + name = "/ecs/stun-server" + retention_in_days = 14 +} + +resource "aws_ecs_task_definition" "stun-server" { + family = "stun-server" + + count = 1 + cpu = 2048 + memory = 4096 + + execution_role_arn = aws_iam_role.ecs_task_execution_role.arn + network_mode = "awsvpc" + requires_compatibilities = ["FARGATE"] + + runtime_platform { + operating_system_family = "LINUX" + cpu_architecture = "ARM64" + } + + container_definitions = jsonencode([ + { + name = "stun-server" + image = "ghcr.io/home-assistant/stun:${var.image_tag}" + cpu = 2048 + memory = 4096 + essential = true + + portMappings = [ + { + containerPort = 3478 + hostPort = 3478 + protocol = "tcp" + }, + { + containerPort = 3478 + hostPort = 3478 + protocol = "udp" + } + ], + + logConfiguration = { + logDriver = "awslogs" + options = { + "awslogs-group" = "/ecs/stun-server" + "awslogs-region" = "us-east-1" + "awslogs-stream-prefix" = "ecs" + } + } + } + ]) +} diff --git a/stun_server/main.tf b/stun_server/main.tf new file mode 100644 index 0000000..66d58ec --- /dev/null +++ b/stun_server/main.tf @@ -0,0 +1,18 @@ +terraform { + cloud { + organization = "home_assistant" + + workspaces { + name = "infrastructure" + } + } +} + +provider "aws" { + region = "us-east-1" +} + +data "tfe_outputs" "infrastructure" { + organization = "home_assistant" + workspace = "infrastructure" +} diff --git a/stun_server/network.tf b/stun_server/network.tf new file mode 100644 index 0000000..8bc9278 --- /dev/null +++ b/stun_server/network.tf @@ -0,0 +1,26 @@ +resource "aws_security_group" "stun_sg" { + vpc_id = data.tfe_outputs.infrastructure.values["us-east-1"].network_id + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + description = "Allow STUN traffic TCP" + from_port = 3478 + to_port = 3478 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + description = "Allow STUN traffic UDF" + from_port = 3478 + to_port = 3478 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + } +} diff --git a/stun_server/outputs.tf b/stun_server/outputs.tf new file mode 100644 index 0000000..e32a571 --- /dev/null +++ b/stun_server/outputs.tf @@ -0,0 +1,4 @@ +output "stun_server_ip" { + description = "The public IP address of the stun server" + value = data.aws_network_interface.stun_server_interface.association[0].public_ip +} diff --git a/stun_server/variables.tf b/stun_server/variables.tf new file mode 100644 index 0000000..9f49cbe --- /dev/null +++ b/stun_server/variables.tf @@ -0,0 +1,9 @@ +variable "domain_name" { + description = "The base domain name" + type = string +} + +variable "image_tag" { + description = "Version of the Stun server to deploy" + type = string +} diff --git a/stun_server/versions.tf b/stun_server/versions.tf new file mode 100644 index 0000000..f019d63 --- /dev/null +++ b/stun_server/versions.tf @@ -0,0 +1,19 @@ +terraform { + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.0" + } + + tfe = { + source = "hashicorp/tfe" + version = "~> 0.58.0" + } + + cloudflare = { + source = "cloudflare/cloudflare" + version = "~> 4.0" + } + } +} From 1a0a308e09ed6a79383944793b25908595367f29 Mon Sep 17 00:00:00 2001 From: Krisjanis Lejejs Date: Mon, 23 Sep 2024 13:09:37 +0300 Subject: [PATCH 02/14] Update stun_server/main.tf MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Joakim Sørensen --- stun_server/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stun_server/main.tf b/stun_server/main.tf index 66d58ec..10ca2e3 100644 --- a/stun_server/main.tf +++ b/stun_server/main.tf @@ -3,7 +3,7 @@ terraform { organization = "home_assistant" workspaces { - name = "infrastructure" + name = "stun_server" } } } From e2671fbcbc6a6e99c005efeb105b69bc4e55c3e0 Mon Sep 17 00:00:00 2001 From: Krisjanis Lejejs Date: Mon, 23 Sep 2024 18:04:57 +0300 Subject: [PATCH 03/14] Migrate to using service module, support multiple regions --- .modules/service/ecs.tf | 2 +- .modules/webservice/dns.tf | 4 +- stun_server/ecs.tf | 87 ----------------------------- stun_server/main.tf | 28 +++++++++- stun_server/{ => region}/dns.tf | 4 +- stun_server/region/ecs.tf | 30 ++++++++++ stun_server/region/module.tf | 37 ++++++++++++ stun_server/{ => region}/network.tf | 2 +- stun_server/region/variables.tf | 19 +++++++ 9 files changed, 117 insertions(+), 96 deletions(-) delete mode 100644 stun_server/ecs.tf rename stun_server/{ => region}/dns.tf (59%) create mode 100644 stun_server/region/ecs.tf create mode 100644 stun_server/region/module.tf rename stun_server/{ => region}/network.tf (86%) create mode 100644 stun_server/region/variables.tf diff --git a/.modules/service/ecs.tf b/.modules/service/ecs.tf index d01de91..0ce4efe 100644 --- a/.modules/service/ecs.tf +++ b/.modules/service/ecs.tf @@ -56,4 +56,4 @@ resource "aws_ecs_task_definition" "task" { } }, var.container_definitions) ]) -} \ No newline at end of file +} diff --git a/.modules/webservice/dns.tf b/.modules/webservice/dns.tf index 2515168..77e9e63 100644 --- a/.modules/webservice/dns.tf +++ b/.modules/webservice/dns.tf @@ -5,8 +5,8 @@ data "cloudflare_zone" "dns_zone" { resource "cloudflare_record" "instance_dns" { zone_id = data.cloudflare_zone.dns_zone.id name = coalesce(var.subdomain, lower(var.service_name)) - value = lower(aws_alb.main.dns_name) + content = lower(aws_alb.main.dns_name) type = "CNAME" ttl = 1 proxied = var.cloudflare_proxy -} \ No newline at end of file +} diff --git a/stun_server/ecs.tf b/stun_server/ecs.tf deleted file mode 100644 index fed0a29..0000000 --- a/stun_server/ecs.tf +++ /dev/null @@ -1,87 +0,0 @@ -resource "aws_ecs_service" "stun-server" { - name = "stun-server" - - cluster = data.tfe_outputs.infrastructure.values.ecs_cluster - task_definition = aws_ecs_task_definition.stun-server.arn - count = 1 - desired_count = 1 - - deployment_minimum_healthy_percent = 100 - deployment_maximum_percent = 200 - health_check_grace_period_seconds = 90 - launch_type = "FARGATE" - - # Required to fetch the public IP address of the ECS service - enable_ecs_managed_tags = true - wait_for_steady_state = true - - network_configuration { - assign_public_ip = true - security_groups = [aws_security_group.stun_sg.id] - subnets = [ - data.tfe_outputs.infrastructure.values.public_subnets[0], - data.tfe_outputs.infrastructure.values.public_subnets[1] - ] - } -} - -data "aws_network_interface" "stun_server_interface" { - filter { - name = "tag:aws:ecs:serviceName" - values = [aws_ecs_service.stun-server.name] - } -} - -resource "aws_cloudwatch_log_group" "aws_logs" { - name = "/ecs/stun-server" - retention_in_days = 14 -} - -resource "aws_ecs_task_definition" "stun-server" { - family = "stun-server" - - count = 1 - cpu = 2048 - memory = 4096 - - execution_role_arn = aws_iam_role.ecs_task_execution_role.arn - network_mode = "awsvpc" - requires_compatibilities = ["FARGATE"] - - runtime_platform { - operating_system_family = "LINUX" - cpu_architecture = "ARM64" - } - - container_definitions = jsonencode([ - { - name = "stun-server" - image = "ghcr.io/home-assistant/stun:${var.image_tag}" - cpu = 2048 - memory = 4096 - essential = true - - portMappings = [ - { - containerPort = 3478 - hostPort = 3478 - protocol = "tcp" - }, - { - containerPort = 3478 - hostPort = 3478 - protocol = "udp" - } - ], - - logConfiguration = { - logDriver = "awslogs" - options = { - "awslogs-group" = "/ecs/stun-server" - "awslogs-region" = "us-east-1" - "awslogs-stream-prefix" = "ecs" - } - } - } - ]) -} diff --git a/stun_server/main.tf b/stun_server/main.tf index 10ca2e3..4b8378e 100644 --- a/stun_server/main.tf +++ b/stun_server/main.tf @@ -12,7 +12,29 @@ provider "aws" { region = "us-east-1" } -data "tfe_outputs" "infrastructure" { - organization = "home_assistant" - workspace = "infrastructure" +module "us_east_1" { + source = "./region" + + region = "us-east-1" + domain_name = var.domain_name + subdomain = "stun-us" + image_tag = var.image_tag +} + +module "eu_central_1" { + source = "./region" + + region = "eu-central-1" + domain_name = var.domain_name + subdomain = "stun-eu" + image_tag = var.image_tag +} + +module "ap_southeast_1" { + source = "./region" + + region = "ap-southeast-1" + domain_name = var.domain_name + subdomain = "stun-ap" + image_tag = var.image_tag } diff --git a/stun_server/dns.tf b/stun_server/region/dns.tf similarity index 59% rename from stun_server/dns.tf rename to stun_server/region/dns.tf index 6527651..1a65dee 100644 --- a/stun_server/dns.tf +++ b/stun_server/region/dns.tf @@ -4,8 +4,8 @@ data "cloudflare_zone" "dns_zone" { resource "cloudflare_record" "instance_dns" { zone_id = data.cloudflare_zone.dns_zone.id - name = "" # TODO: Add the subdomain - content = data.aws_network_interface.stun_server_interface.association[0].public_ip + name = var.subdomain + content = module.stun_server.aws_network_interface.stun_server_interface.association[0].public_ip type = "A" proxied = true } diff --git a/stun_server/region/ecs.tf b/stun_server/region/ecs.tf new file mode 100644 index 0000000..321c0e4 --- /dev/null +++ b/stun_server/region/ecs.tf @@ -0,0 +1,30 @@ +resource "aws_ecs_service" "stun-server" { + name = local.service_name + cluster = data.tfe_outputs.infrastructure.values[var.region].ecs_cluster + task_definition = module.stun_server.task_definition + desired_count = 1 + deployment_minimum_healthy_percent = 100 + deployment_maximum_percent = 200 + health_check_grace_period_seconds = 90 + launch_type = local.launch_type + + # Required to fetch the public IP address of the ECS service + enable_ecs_managed_tags = true + wait_for_steady_state = true + + network_configuration { + assign_public_ip = true + security_groups = [aws_security_group.stun_sg.id] + subnets = [ + data.tfe_outputs.infrastructure.values.public_subnets[0], + data.tfe_outputs.infrastructure.values.public_subnets[1] + ] + } +} + +data "aws_network_interface" "stun_server_interface" { + filter { + name = "tag:aws:ecs:serviceName" + values = [aws_ecs_service.stun-server.name] + } +} diff --git a/stun_server/region/module.tf b/stun_server/region/module.tf new file mode 100644 index 0000000..d02d639 --- /dev/null +++ b/stun_server/region/module.tf @@ -0,0 +1,37 @@ +locals { + service_name = "stun-server" + launch_type = "FARGATE" +} + +data "tfe_outputs" "infrastructure" { + organization = "home_assistant" + workspace = "infrastructure" +} + +module "stun_server" { + source = "../../.modules/service" + + service_name = local.service_name + container_image = "ghcr.io/home-assistant/stun-server" + container_version = var.image_tag + launch_type = local.launch_type + region = var.region + ecs_cpu = 2048 + ecs_memory = 4096 + container_definitions = { + portMappings = [ + { + containerPort = 3478 + hostPort = 3478 + protocol = "tcp" + }, + { + containerPort = 3478 + hostPort = 3478 + protocol = "udp" + } + ], + } + webservice = true + rolling_updates = true +} diff --git a/stun_server/network.tf b/stun_server/region/network.tf similarity index 86% rename from stun_server/network.tf rename to stun_server/region/network.tf index 8bc9278..c7edf76 100644 --- a/stun_server/network.tf +++ b/stun_server/region/network.tf @@ -1,5 +1,5 @@ resource "aws_security_group" "stun_sg" { - vpc_id = data.tfe_outputs.infrastructure.values["us-east-1"].network_id + vpc_id = data.tfe_outputs.infrastructure.values[var.region].network_id egress { from_port = 0 diff --git a/stun_server/region/variables.tf b/stun_server/region/variables.tf new file mode 100644 index 0000000..5a74545 --- /dev/null +++ b/stun_server/region/variables.tf @@ -0,0 +1,19 @@ +variable "region" { + description = "The region to deploy the STUN server to" + type = string + +} + +variable "domain_name" { + description = "The base domain name" + type = string +} + +variable "subdomain" { + description = "The subdomain to use for the STUN server" + type = string +} +variable "image_tag" { + description = "Version of the Stun server to deploy" + type = string +} From d19aa7ddbb987ebd671e6c6556bc93d0247c9884 Mon Sep 17 00:00:00 2001 From: Krisjanis Lejejs Date: Wed, 25 Sep 2024 16:11:59 +0300 Subject: [PATCH 04/14] PR review fixes --- .modules/service/ecs.tf | 2 +- .modules/webservice/dns.tf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.modules/service/ecs.tf b/.modules/service/ecs.tf index 0ce4efe..d01de91 100644 --- a/.modules/service/ecs.tf +++ b/.modules/service/ecs.tf @@ -56,4 +56,4 @@ resource "aws_ecs_task_definition" "task" { } }, var.container_definitions) ]) -} +} \ No newline at end of file diff --git a/.modules/webservice/dns.tf b/.modules/webservice/dns.tf index 77e9e63..2515168 100644 --- a/.modules/webservice/dns.tf +++ b/.modules/webservice/dns.tf @@ -5,8 +5,8 @@ data "cloudflare_zone" "dns_zone" { resource "cloudflare_record" "instance_dns" { zone_id = data.cloudflare_zone.dns_zone.id name = coalesce(var.subdomain, lower(var.service_name)) - content = lower(aws_alb.main.dns_name) + value = lower(aws_alb.main.dns_name) type = "CNAME" ttl = 1 proxied = var.cloudflare_proxy -} +} \ No newline at end of file From 8063b5c2d48eee3b0b38946e0f4faa8d9b164985 Mon Sep 17 00:00:00 2001 From: Krisjanis Lejejs Date: Wed, 25 Sep 2024 18:49:51 +0300 Subject: [PATCH 05/14] Add required Terraform version --- stun_server/region/variables.tf | 1 - stun_server/versions.tf | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/stun_server/region/variables.tf b/stun_server/region/variables.tf index 5a74545..907f569 100644 --- a/stun_server/region/variables.tf +++ b/stun_server/region/variables.tf @@ -1,7 +1,6 @@ variable "region" { description = "The region to deploy the STUN server to" type = string - } variable "domain_name" { diff --git a/stun_server/versions.tf b/stun_server/versions.tf index f019d63..f9a7eb1 100644 --- a/stun_server/versions.tf +++ b/stun_server/versions.tf @@ -1,4 +1,5 @@ terraform { + required_version = "= 1.9.6" required_providers { aws = { From 015d7d42856535a1f1561ea5e9a7b94f3638c276 Mon Sep 17 00:00:00 2001 From: Krisjanis Lejejs Date: Thu, 26 Sep 2024 11:21:56 +0300 Subject: [PATCH 06/14] Started using AWS region variable, fixed missing AWS provider issue --- stun_server/region/ecs.tf | 2 +- stun_server/region/module.tf | 9 +++++++-- stun_server/region/network.tf | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/stun_server/region/ecs.tf b/stun_server/region/ecs.tf index 321c0e4..6a1028a 100644 --- a/stun_server/region/ecs.tf +++ b/stun_server/region/ecs.tf @@ -1,6 +1,6 @@ resource "aws_ecs_service" "stun-server" { name = local.service_name - cluster = data.tfe_outputs.infrastructure.values[var.region].ecs_cluster + cluster = data.tfe_outputs.infrastructure.values[aws_region.current.name].ecs_cluster task_definition = module.stun_server.task_definition desired_count = 1 deployment_minimum_healthy_percent = 100 diff --git a/stun_server/region/module.tf b/stun_server/region/module.tf index d02d639..53bae5e 100644 --- a/stun_server/region/module.tf +++ b/stun_server/region/module.tf @@ -3,19 +3,24 @@ locals { launch_type = "FARGATE" } +provider "aws" { + region = var.region +} + data "tfe_outputs" "infrastructure" { organization = "home_assistant" workspace = "infrastructure" } +data "aws_region" "current" {} + module "stun_server" { source = "../../.modules/service" service_name = local.service_name container_image = "ghcr.io/home-assistant/stun-server" container_version = var.image_tag - launch_type = local.launch_type - region = var.region + region = aws_region.current.name ecs_cpu = 2048 ecs_memory = 4096 container_definitions = { diff --git a/stun_server/region/network.tf b/stun_server/region/network.tf index c7edf76..6cd37b4 100644 --- a/stun_server/region/network.tf +++ b/stun_server/region/network.tf @@ -1,5 +1,5 @@ resource "aws_security_group" "stun_sg" { - vpc_id = data.tfe_outputs.infrastructure.values[var.region].network_id + vpc_id = data.tfe_outputs.infrastructure.values[aws_region.current.name].network_id egress { from_port = 0 From 17afaa18788dfdfe8c217bf3db664dd303b0e855 Mon Sep 17 00:00:00 2001 From: Krisjanis Lejejs Date: Thu, 26 Sep 2024 11:30:49 +0300 Subject: [PATCH 07/14] Fix image URL, make subdomain be constructed from region --- stun_server/main.tf | 6 +++--- stun_server/region/dns.tf | 2 +- stun_server/region/module.tf | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stun_server/main.tf b/stun_server/main.tf index 4b8378e..532b1ce 100644 --- a/stun_server/main.tf +++ b/stun_server/main.tf @@ -17,7 +17,7 @@ module "us_east_1" { region = "us-east-1" domain_name = var.domain_name - subdomain = "stun-us" + subdomain = "stun" image_tag = var.image_tag } @@ -26,7 +26,7 @@ module "eu_central_1" { region = "eu-central-1" domain_name = var.domain_name - subdomain = "stun-eu" + subdomain = "stun" image_tag = var.image_tag } @@ -35,6 +35,6 @@ module "ap_southeast_1" { region = "ap-southeast-1" domain_name = var.domain_name - subdomain = "stun-ap" + subdomain = "stun" image_tag = var.image_tag } diff --git a/stun_server/region/dns.tf b/stun_server/region/dns.tf index 1a65dee..cc6f238 100644 --- a/stun_server/region/dns.tf +++ b/stun_server/region/dns.tf @@ -4,7 +4,7 @@ data "cloudflare_zone" "dns_zone" { resource "cloudflare_record" "instance_dns" { zone_id = data.cloudflare_zone.dns_zone.id - name = var.subdomain + name = join("-", [var.subdomain, data.aws_region.current.name]) content = module.stun_server.aws_network_interface.stun_server_interface.association[0].public_ip type = "A" proxied = true diff --git a/stun_server/region/module.tf b/stun_server/region/module.tf index 53bae5e..57f5ab1 100644 --- a/stun_server/region/module.tf +++ b/stun_server/region/module.tf @@ -18,7 +18,7 @@ module "stun_server" { source = "../../.modules/service" service_name = local.service_name - container_image = "ghcr.io/home-assistant/stun-server" + container_image = "ghcr.io/home-assistant/stun" container_version = var.image_tag region = aws_region.current.name ecs_cpu = 2048 From d720513ca1059a0a6af18a2f5702710cca4d995f Mon Sep 17 00:00:00 2001 From: Krisjanis Lejejs Date: Thu, 26 Sep 2024 11:55:12 +0300 Subject: [PATCH 08/14] TF config fixes --- stun_server/outputs.tf | 16 +++++++++++++--- stun_server/region/dns.tf | 2 +- stun_server/region/ecs.tf | 6 +++--- stun_server/region/module.tf | 2 +- stun_server/region/network.tf | 2 +- stun_server/region/outputs.tf | 4 ++++ stun_server/region/versions.tf | 19 +++++++++++++++++++ stun_server/versions.tf | 10 ---------- 8 files changed, 42 insertions(+), 19 deletions(-) create mode 100644 stun_server/region/outputs.tf create mode 100644 stun_server/region/versions.tf diff --git a/stun_server/outputs.tf b/stun_server/outputs.tf index e32a571..c93c4c8 100644 --- a/stun_server/outputs.tf +++ b/stun_server/outputs.tf @@ -1,4 +1,14 @@ -output "stun_server_ip" { - description = "The public IP address of the stun server" - value = data.aws_network_interface.stun_server_interface.association[0].public_ip +output "stun_server_ip-us_east_1" { + description = "The public IP address of the stun server in us-east-1" + value = module.us_east_1.stun_server_ip +} + +output "stun_server_ip-eu_central_1" { + description = "The public IP address of the stun server in eu-central-1" + value = module.eu_central_1.stun_server_ip +} + +output "stun_server_ip-ap_southeast_1" { + description = "The public IP address of the stun server in ap-southeast-1" + value = module.ap_southeast_1.stun_server_ip } diff --git a/stun_server/region/dns.tf b/stun_server/region/dns.tf index cc6f238..8853183 100644 --- a/stun_server/region/dns.tf +++ b/stun_server/region/dns.tf @@ -5,7 +5,7 @@ data "cloudflare_zone" "dns_zone" { resource "cloudflare_record" "instance_dns" { zone_id = data.cloudflare_zone.dns_zone.id name = join("-", [var.subdomain, data.aws_region.current.name]) - content = module.stun_server.aws_network_interface.stun_server_interface.association[0].public_ip + content = data.aws_network_interface.stun_server_interface.association[0].public_ip type = "A" proxied = true } diff --git a/stun_server/region/ecs.tf b/stun_server/region/ecs.tf index 6a1028a..661b94b 100644 --- a/stun_server/region/ecs.tf +++ b/stun_server/region/ecs.tf @@ -1,6 +1,6 @@ resource "aws_ecs_service" "stun-server" { name = local.service_name - cluster = data.tfe_outputs.infrastructure.values[aws_region.current.name].ecs_cluster + cluster = data.tfe_outputs.infrastructure.values[data.aws_region.current.name].ecs_cluster task_definition = module.stun_server.task_definition desired_count = 1 deployment_minimum_healthy_percent = 100 @@ -16,8 +16,8 @@ resource "aws_ecs_service" "stun-server" { assign_public_ip = true security_groups = [aws_security_group.stun_sg.id] subnets = [ - data.tfe_outputs.infrastructure.values.public_subnets[0], - data.tfe_outputs.infrastructure.values.public_subnets[1] + data.tfe_outputs.infrastructure.values[data.aws_region.current.name].public_subnets[0], + data.tfe_outputs.infrastructure.values[data.aws_region.current.name].public_subnets[1] ] } } diff --git a/stun_server/region/module.tf b/stun_server/region/module.tf index 57f5ab1..de5b257 100644 --- a/stun_server/region/module.tf +++ b/stun_server/region/module.tf @@ -20,7 +20,7 @@ module "stun_server" { service_name = local.service_name container_image = "ghcr.io/home-assistant/stun" container_version = var.image_tag - region = aws_region.current.name + region = data.aws_region.current.name ecs_cpu = 2048 ecs_memory = 4096 container_definitions = { diff --git a/stun_server/region/network.tf b/stun_server/region/network.tf index 6cd37b4..c62490e 100644 --- a/stun_server/region/network.tf +++ b/stun_server/region/network.tf @@ -1,5 +1,5 @@ resource "aws_security_group" "stun_sg" { - vpc_id = data.tfe_outputs.infrastructure.values[aws_region.current.name].network_id + vpc_id = data.tfe_outputs.infrastructure.values[data.aws_region.current.name].network_id egress { from_port = 0 diff --git a/stun_server/region/outputs.tf b/stun_server/region/outputs.tf new file mode 100644 index 0000000..e32a571 --- /dev/null +++ b/stun_server/region/outputs.tf @@ -0,0 +1,4 @@ +output "stun_server_ip" { + description = "The public IP address of the stun server" + value = data.aws_network_interface.stun_server_interface.association[0].public_ip +} diff --git a/stun_server/region/versions.tf b/stun_server/region/versions.tf new file mode 100644 index 0000000..f019d63 --- /dev/null +++ b/stun_server/region/versions.tf @@ -0,0 +1,19 @@ +terraform { + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.0" + } + + tfe = { + source = "hashicorp/tfe" + version = "~> 0.58.0" + } + + cloudflare = { + source = "cloudflare/cloudflare" + version = "~> 4.0" + } + } +} diff --git a/stun_server/versions.tf b/stun_server/versions.tf index f9a7eb1..89ae572 100644 --- a/stun_server/versions.tf +++ b/stun_server/versions.tf @@ -6,15 +6,5 @@ terraform { source = "hashicorp/aws" version = "~> 4.0" } - - tfe = { - source = "hashicorp/tfe" - version = "~> 0.58.0" - } - - cloudflare = { - source = "cloudflare/cloudflare" - version = "~> 4.0" - } } } From 05e8f2bb46ca441ecbff7be96255907aa7400e6f Mon Sep 17 00:00:00 2001 From: Krisjanis Lejejs Date: Thu, 26 Sep 2024 11:57:23 +0300 Subject: [PATCH 09/14] Add region tag to resources --- stun_server/region/ecs.tf | 4 ++++ stun_server/region/network.tf | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/stun_server/region/ecs.tf b/stun_server/region/ecs.tf index 661b94b..6240e27 100644 --- a/stun_server/region/ecs.tf +++ b/stun_server/region/ecs.tf @@ -20,6 +20,10 @@ resource "aws_ecs_service" "stun-server" { data.tfe_outputs.infrastructure.values[data.aws_region.current.name].public_subnets[1] ] } + + tags = { + region = data.aws_region.current.name + } } data "aws_network_interface" "stun_server_interface" { diff --git a/stun_server/region/network.tf b/stun_server/region/network.tf index c62490e..5fb7620 100644 --- a/stun_server/region/network.tf +++ b/stun_server/region/network.tf @@ -23,4 +23,8 @@ resource "aws_security_group" "stun_sg" { protocol = "udp" cidr_blocks = ["0.0.0.0/0"] } + + tags = { + region = data.aws_region.current.name + } } From d9220ed70e8d9595f2de60f0ce6c666d46cc00b4 Mon Sep 17 00:00:00 2001 From: Krisjanis Lejejs Date: Thu, 26 Sep 2024 17:31:04 +0300 Subject: [PATCH 10/14] Code improvements based on PR suggestions --- stun_server/main.tf | 3 --- stun_server/outputs.tf | 20 +++++++------------- stun_server/region/dns.tf | 2 +- stun_server/region/ecs.tf | 8 ++++---- stun_server/region/module.tf | 4 ++-- stun_server/region/network.tf | 2 +- stun_server/region/variables.tf | 4 ---- 7 files changed, 15 insertions(+), 28 deletions(-) diff --git a/stun_server/main.tf b/stun_server/main.tf index 532b1ce..f524393 100644 --- a/stun_server/main.tf +++ b/stun_server/main.tf @@ -17,7 +17,6 @@ module "us_east_1" { region = "us-east-1" domain_name = var.domain_name - subdomain = "stun" image_tag = var.image_tag } @@ -26,7 +25,6 @@ module "eu_central_1" { region = "eu-central-1" domain_name = var.domain_name - subdomain = "stun" image_tag = var.image_tag } @@ -35,6 +33,5 @@ module "ap_southeast_1" { region = "ap-southeast-1" domain_name = var.domain_name - subdomain = "stun" image_tag = var.image_tag } diff --git a/stun_server/outputs.tf b/stun_server/outputs.tf index c93c4c8..82b4460 100644 --- a/stun_server/outputs.tf +++ b/stun_server/outputs.tf @@ -1,14 +1,8 @@ -output "stun_server_ip-us_east_1" { - description = "The public IP address of the stun server in us-east-1" - value = module.us_east_1.stun_server_ip -} - -output "stun_server_ip-eu_central_1" { - description = "The public IP address of the stun server in eu-central-1" - value = module.eu_central_1.stun_server_ip -} - -output "stun_server_ip-ap_southeast_1" { - description = "The public IP address of the stun server in ap-southeast-1" - value = module.ap_southeast_1.stun_server_ip +output "stun_server_ip" { + description = "The public IP address of the stun server" + value = { + "us-east-1" = module.us_east_1.stun_server_ip + "eu-central-1" = module.eu_central_1.stun_server_ip + "ap-southeast-1" = module.ap_southeast_1.stun_server_ip + } } diff --git a/stun_server/region/dns.tf b/stun_server/region/dns.tf index 8853183..f8ba9af 100644 --- a/stun_server/region/dns.tf +++ b/stun_server/region/dns.tf @@ -4,7 +4,7 @@ data "cloudflare_zone" "dns_zone" { resource "cloudflare_record" "instance_dns" { zone_id = data.cloudflare_zone.dns_zone.id - name = join("-", [var.subdomain, data.aws_region.current.name]) + name = join("-", ["stun", data.aws_region.current.name]) content = data.aws_network_interface.stun_server_interface.association[0].public_ip type = "A" proxied = true diff --git a/stun_server/region/ecs.tf b/stun_server/region/ecs.tf index 6240e27..daad9f1 100644 --- a/stun_server/region/ecs.tf +++ b/stun_server/region/ecs.tf @@ -1,12 +1,12 @@ resource "aws_ecs_service" "stun-server" { name = local.service_name - cluster = data.tfe_outputs.infrastructure.values[data.aws_region.current.name].ecs_cluster + cluster = local.infrastructure_region_outputs.ecs_cluster task_definition = module.stun_server.task_definition desired_count = 1 deployment_minimum_healthy_percent = 100 deployment_maximum_percent = 200 health_check_grace_period_seconds = 90 - launch_type = local.launch_type + launch_type = "FARGATE" # Required to fetch the public IP address of the ECS service enable_ecs_managed_tags = true @@ -16,8 +16,8 @@ resource "aws_ecs_service" "stun-server" { assign_public_ip = true security_groups = [aws_security_group.stun_sg.id] subnets = [ - data.tfe_outputs.infrastructure.values[data.aws_region.current.name].public_subnets[0], - data.tfe_outputs.infrastructure.values[data.aws_region.current.name].public_subnets[1] + local.infrastructure_region_outputs.public_subnets[0], + local.infrastructure_region_outputs.public_subnets[1] ] } diff --git a/stun_server/region/module.tf b/stun_server/region/module.tf index de5b257..33d58d9 100644 --- a/stun_server/region/module.tf +++ b/stun_server/region/module.tf @@ -1,6 +1,6 @@ locals { - service_name = "stun-server" - launch_type = "FARGATE" + service_name = "stun-server" + infrastructure_region_outputs = data.tfe_outputs.infrastructure.values[data.aws_region.current.name] } provider "aws" { diff --git a/stun_server/region/network.tf b/stun_server/region/network.tf index 5fb7620..2caa5c5 100644 --- a/stun_server/region/network.tf +++ b/stun_server/region/network.tf @@ -1,5 +1,5 @@ resource "aws_security_group" "stun_sg" { - vpc_id = data.tfe_outputs.infrastructure.values[data.aws_region.current.name].network_id + vpc_id = local.infrastructure_region_outputs.network_id egress { from_port = 0 diff --git a/stun_server/region/variables.tf b/stun_server/region/variables.tf index 907f569..ec10294 100644 --- a/stun_server/region/variables.tf +++ b/stun_server/region/variables.tf @@ -8,10 +8,6 @@ variable "domain_name" { type = string } -variable "subdomain" { - description = "The subdomain to use for the STUN server" - type = string -} variable "image_tag" { description = "Version of the Stun server to deploy" type = string From 6034c274940da5ecf4fa2219b56d74d21746c431 Mon Sep 17 00:00:00 2001 From: Krisjanis Lejejs Date: Thu, 26 Sep 2024 18:23:30 +0300 Subject: [PATCH 11/14] Change stun server IP output key --- stun_server/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stun_server/outputs.tf b/stun_server/outputs.tf index 82b4460..916ea9a 100644 --- a/stun_server/outputs.tf +++ b/stun_server/outputs.tf @@ -1,4 +1,4 @@ -output "stun_server_ip" { +output "ip" { description = "The public IP address of the stun server" value = { "us-east-1" = module.us_east_1.stun_server_ip From 84fa32ea5a0b167c5e85627087bee89558b33a4f Mon Sep 17 00:00:00 2001 From: Krisjanis Lejejs Date: Fri, 27 Sep 2024 12:55:17 +0300 Subject: [PATCH 12/14] More PR improvements --- stun_server/region/ecs.tf | 5 +---- stun_server/region/module.tf | 7 +++---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/stun_server/region/ecs.tf b/stun_server/region/ecs.tf index daad9f1..d5d78c6 100644 --- a/stun_server/region/ecs.tf +++ b/stun_server/region/ecs.tf @@ -15,10 +15,7 @@ resource "aws_ecs_service" "stun-server" { network_configuration { assign_public_ip = true security_groups = [aws_security_group.stun_sg.id] - subnets = [ - local.infrastructure_region_outputs.public_subnets[0], - local.infrastructure_region_outputs.public_subnets[1] - ] + subnets = local.infrastructure_region_outputs.public_subnets } tags = { diff --git a/stun_server/region/module.tf b/stun_server/region/module.tf index 33d58d9..c6e56f1 100644 --- a/stun_server/region/module.tf +++ b/stun_server/region/module.tf @@ -21,8 +21,8 @@ module "stun_server" { container_image = "ghcr.io/home-assistant/stun" container_version = var.image_tag region = data.aws_region.current.name - ecs_cpu = 2048 - ecs_memory = 4096 + ecs_cpu = 512 + ecs_memory = 1024 container_definitions = { portMappings = [ { @@ -37,6 +37,5 @@ module "stun_server" { } ], } - webservice = true - rolling_updates = true + webservice = true } From 71502979770d0e68996678fadde7a9358bc6f0bc Mon Sep 17 00:00:00 2001 From: Krisjanis Lejejs Date: Fri, 27 Sep 2024 12:57:05 +0300 Subject: [PATCH 13/14] Upgrade AWS provider version --- stun_server/region/versions.tf | 2 +- stun_server/versions.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stun_server/region/versions.tf b/stun_server/region/versions.tf index f019d63..d704bc8 100644 --- a/stun_server/region/versions.tf +++ b/stun_server/region/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } tfe = { diff --git a/stun_server/versions.tf b/stun_server/versions.tf index 89ae572..a1b2c49 100644 --- a/stun_server/versions.tf +++ b/stun_server/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } From 5395e460d055ecf604507da389c4cf389920f513 Mon Sep 17 00:00:00 2001 From: Krisjanis Lejejs Date: Fri, 27 Sep 2024 14:35:30 +0300 Subject: [PATCH 14/14] Add dependencies between ECS service, network interface filter and Cloudflare DNS --- stun_server/region/dns.tf | 11 ++++++----- stun_server/region/ecs.tf | 1 + 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/stun_server/region/dns.tf b/stun_server/region/dns.tf index f8ba9af..e832e2d 100644 --- a/stun_server/region/dns.tf +++ b/stun_server/region/dns.tf @@ -3,9 +3,10 @@ data "cloudflare_zone" "dns_zone" { } resource "cloudflare_record" "instance_dns" { - zone_id = data.cloudflare_zone.dns_zone.id - name = join("-", ["stun", data.aws_region.current.name]) - content = data.aws_network_interface.stun_server_interface.association[0].public_ip - type = "A" - proxied = true + zone_id = data.cloudflare_zone.dns_zone.id + name = join("-", ["stun", data.aws_region.current.name]) + content = data.aws_network_interface.stun_server_interface.association[0].public_ip + type = "A" + proxied = true + depends_on = [data.aws_network_interface.stun_server_interface] } diff --git a/stun_server/region/ecs.tf b/stun_server/region/ecs.tf index d5d78c6..760a9ff 100644 --- a/stun_server/region/ecs.tf +++ b/stun_server/region/ecs.tf @@ -28,4 +28,5 @@ data "aws_network_interface" "stun_server_interface" { name = "tag:aws:ecs:serviceName" values = [aws_ecs_service.stun-server.name] } + depends_on = [aws_ecs_service.stun-server] }