From cd71eb07881666d3ceb3468330984a5c4e248864 Mon Sep 17 00:00:00 2001
From: Okesanya Odunayo <94924061+DrInTech22@users.noreply.github.com>
Date: Wed, 11 Dec 2024 12:57:26 +0100
Subject: [PATCH] modify terraform files and workflow

---
 .github/workflows/ansible-monitoring.yml      | 34 ++++++++++++
 .github/workflows/terraform-apply.yml         | 27 +++++++++-
 .github/workflows/terraform-plan.yml          |  2 +-
 ...nitoring.yml.j2 => compose.monitoring.yml} | 53 +++++++++++++++++++
 ansible/roles/copy_files/tasks/main.yml       | 34 ++++--------
 ansible/roles/docker_compose/tasks/main.yml   |  2 +-
 ansible/roles/file_structure/tasks/main.yml   |  2 -
 terraform/ansible.tf                          | 18 +------
 8 files changed, 125 insertions(+), 47 deletions(-)
 create mode 100644 .github/workflows/ansible-monitoring.yml
 rename ansible/{compose.monitoring.yml.j2 => compose.monitoring.yml} (62%)

diff --git a/.github/workflows/ansible-monitoring.yml b/.github/workflows/ansible-monitoring.yml
new file mode 100644
index 0000000..b287389
--- /dev/null
+++ b/.github/workflows/ansible-monitoring.yml
@@ -0,0 +1,34 @@
+name: Ansible Monitoring
+
+on:
+  repository_dispatch:
+    types:
+      - ansible-monitoring
+
+jobs:
+  monitoring-stack-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Download Ansible Inventory
+        uses: actions/download-artifact@v3
+        with:
+          name: ansible_inventory
+
+      - name: Verify Ansible Inventory
+        run: |
+          cat inventory.ini
+
+      - name: "Install Ansible"
+        uses: alex-oleshkevich/setup-ansible@v1.0.1
+        with:
+          version: "9.3.0"
+
+      - name: Run Ansible Playbook
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory.ini ./ansible/playbook.yml \
+              --extra-vars "frontend_domain=${{ vars.TF_FRONTEND_DOMAIN }} \
+                traefik_domain=${{ vars.TF_TRAEFIK_DOMAIN }} \
+                cert_email=${{ secrets.TF_CERT_EMAIL }}"
diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml
index d457f0b..0b2b5e6 100644
--- a/.github/workflows/terraform-apply.yml
+++ b/.github/workflows/terraform-apply.yml
@@ -1,5 +1,5 @@
 name: Terraform Apply
-run-name: ${{ github.actor }} triggered the pipeline
+# run-name: ${{ github.actor }} triggered the pipeline
 
 on:
   workflow_dispatch:
@@ -62,7 +62,32 @@ jobs:
           if [ "${{ github.event.inputs.operation }}" = "destroy" ]; then
             terraform destroy --auto-approve
           else
+            terraform destroy --auto-approve
             terraform apply --auto-approve
           fi
         working-directory: ./terraform
+        - name: Upload Ansible Inventory
+          uses: actions/upload-artifact@v3
+          with:
+            name: ansible_inventory
+            path: ./inventory.ini
+          working-directory: ./terraform
+        - name: Save Public IP 
+          run: |
+            echo "public_ip=$(terraform output -raw instance_public_ip)" > public_ip_env.txt
+          working-directory: ./terraform
+        - name: Upload Public_IP
+          uses: actions/upload-artifact@v3
+          with:
+            name: Public_IP
+            path: |
+              ./public_ip_env.txt
+          working-directory: ./terraform
+        - name: Trigger Ansible Monitoring Workflow
+          uses: peter-evans/repository-dispatch@v2
+          with:
+            event-type: ansible-monitoring
+
+
+
  
\ No newline at end of file
diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml
index 5a31f5d..bb6f133 100644
--- a/.github/workflows/terraform-plan.yml
+++ b/.github/workflows/terraform-plan.yml
@@ -1,5 +1,5 @@
 name: Terraform Plan and Cost Estimation
-run-name: ${{ github.actor }} triggered the pipeline
+# run-name: ${{ github.actor }} triggered the pipeline
 
 on:
   workflow_dispatch:
diff --git a/ansible/compose.monitoring.yml.j2 b/ansible/compose.monitoring.yml
similarity index 62%
rename from ansible/compose.monitoring.yml.j2
rename to ansible/compose.monitoring.yml
index 8691fc1..ce117dd 100644
--- a/ansible/compose.monitoring.yml.j2
+++ b/ansible/compose.monitoring.yml
@@ -1,3 +1,5 @@
+name: gitops
+
 services:
   prometheus:
     image: prom/prometheus
@@ -95,6 +97,57 @@ services:
       - ./monitoring/promtail-config.yml:/etc/promtail/promtail-config.yaml
     depends_on:
       - loki
+      
+  traefik:
+    image: traefik:v2.10.1
+    restart: unless-stopped
+    command:
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedByDefault=false"
+      - "--api"
+      - "--certificatesresolvers.letsencryptresolver.acme.email={{ cert_email }}"
+      - "--certificatesresolvers.letsencryptresolver.acme.storage=/acme.json"
+      - "--certificatesresolvers.letsencryptresolver.acme.tlschallenge=true"
+      - "--accesslog=true"
+      - "--log.level=ERROR"
+    ports:
+      - 80:80
+      - 443:443
+    expose:
+      - "8080"
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./traefik/acme.json:/acme.json
+    labels:
+      - "traefik.enable=true"
+      # HTTP Router
+      - "traefik.http.routers.traefik-http.rule=Host(`{{ traefik_domain }}`) || Host(`www.{{ traefik_domain }}`)"
+      - "traefik.http.routers.traefik-http.entrypoints=web"
+      - "traefik.http.services.traefik-http.loadbalancer.server.port=8080"
+      # www to non-www redirect
+      - "traefik.http.routers.traefik-https.middlewares=www-to-non-www"
+      # HTTP to HTTPS redirect
+      - "traefik.http.middlewares.www-to-non-www.redirectregex.regex=^https?://www\\.(.+)"
+      - "traefik.http.middlewares.www-to-non-www.redirectregex.replacement=https://$1"
+      - "traefik.http.middlewares.www-to-non-www.redirectregex.permanent=true"
+      # HTTPS Router
+      - "traefik.http.routers.traefik-https.rule=Host(`{{ traefik_domain }}`) || Host(`www.{{ traefik_domain }}`)"
+      - "traefik.http.routers.traefik-https.entrypoints=websecure"
+      - "traefik.http.routers.traefik-https.service=api@internal"
+      - "traefik.http.routers.traefik-https.tls.certresolver=letsencryptresolver"
+    networks:
+      - app-network
+      - monitor-network
 
+networks:
+  app-network:
+    external: true
+  monitor-network:
+    external: true
 volumes:
   grafana:
\ No newline at end of file
diff --git a/ansible/roles/copy_files/tasks/main.yml b/ansible/roles/copy_files/tasks/main.yml
index dcad025..c7a4cd2 100644
--- a/ansible/roles/copy_files/tasks/main.yml
+++ b/ansible/roles/copy_files/tasks/main.yml
@@ -1,37 +1,21 @@
 ---
-- name: Copy the main Docker Compose file
-  template:
-    src: compose.yml.j2
-    dest: /home/ubuntu/compose.yml
-    force: yes
-
 - name: Copy the monitoring Docker Compose file
   template:
-    src: compose.monitoring.yml.j2
+    src: compose.monitoring.yml
     dest: /home/ubuntu/compose.monitoring.yml
     force: yes
 
-- name: Copy frontend environment file
-  template:
-    src: ../frontend/.env
-    dest: /home/ubuntu/frontend/.env
-
-- name: Copy backend environment file
-  copy:
-    src: ../backend/.env
-    dest: /home/ubuntu/backend/.env
-
 - name: Copy monitoring configurations
   copy:
     src: ../monitoring/
     dest: /home/ubuntu/monitoring/
     force: yes
 
-- name: Copy postgres password file
-  copy:
-    src: ../POSTGRES_PASSWORD.txt
-    dest: /home/ubuntu/POSTGRES_PASSWORD.txt
-    mode: '0600'
-    owner: ubuntu
-    group: ubuntu
-    force: yes
+# - name: Copy postgres password file
+#   copy:
+#     src: ../POSTGRES_PASSWORD.txt
+#     dest: /home/ubuntu/POSTGRES_PASSWORD.txt
+#     mode: '0600'
+#     owner: ubuntu
+#     group: ubuntu
+#     force: yes
diff --git a/ansible/roles/docker_compose/tasks/main.yml b/ansible/roles/docker_compose/tasks/main.yml
index 86dbf95..9c4ebe7 100644
--- a/ansible/roles/docker_compose/tasks/main.yml
+++ b/ansible/roles/docker_compose/tasks/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: Run main Docker Compose
-  shell: docker compose up -d
+  shell: docker compose -f compose.monitoring.yml up -d
   args:
     chdir: /home/ubuntu
diff --git a/ansible/roles/file_structure/tasks/main.yml b/ansible/roles/file_structure/tasks/main.yml
index 38ad412..fd912d8 100644
--- a/ansible/roles/file_structure/tasks/main.yml
+++ b/ansible/roles/file_structure/tasks/main.yml
@@ -6,8 +6,6 @@
     mode: '0755'
   loop:
     - /home/ubuntu/monitoring
-    - /home/ubuntu/frontend
-    - /home/ubuntu/backend
     - /home/ubuntu/traefik
 
 - name: Ensure acme.json file exists
diff --git a/terraform/ansible.tf b/terraform/ansible.tf
index 9d6279c..3be976e 100644
--- a/terraform/ansible.tf
+++ b/terraform/ansible.tf
@@ -1,24 +1,8 @@
 # Create Ansible inventory file
 resource "local_file" "ansible_inventory" {
-  filename = "../ansible/inventory.ini"
+  filename = "inventory.ini"
   content  = <<EOF
 [web_servers]
 ${aws_instance.ec2.public_ip} ansible_user=ubuntu ansible_ssh_private_key_file=${var.private_key_path}
 EOF
 }
-
-# Run the Ansible playbook
-resource "null_resource" "run_ansible" {
-  depends_on = [
-    aws_route53_record.frontend_record,
-    aws_route53_record.www_frontend_record,
-    aws_route53_record.db_record,
-    aws_route53_record.www_db_record,
-    aws_route53_record.traefik_record,
-    aws_route53_record.www_traefik_record,
-    local_file.ansible_inventory
-  ]
-  provisioner "local-exec" {
-    command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ../ansible/inventory.ini ../ansible/playbook.yml --extra-vars 'frontend_domain=${var.frontend_domain} db_domain=${var.db_domain} traefik_domain=${var.traefik_domain} cert_email=${var.cert_email}'"
-  }
-}