diff --git a/terraform/app.tf b/terraform/app.tf index a6a659f..1846d00 100644 --- a/terraform/app.tf +++ b/terraform/app.tf @@ -22,16 +22,11 @@ resource "cloudfoundry_app" "app" { space_name = var.cf_space_name org_name = local.cf_org_name - path = data.archive_file.src.output_path - source_code_hash = data.archive_file.src.output_base64sha256 - buildpacks = ["ruby_buildpack"] - strategy = "rolling" - instances = var.web_instances - memory = var.web_memory - command = "./bin/rake cf:on_first_instance db:migrate && exec env HTTP_PORT=$PORT ./bin/thrust ./bin/rails server" - health_check_http_endpoint = "/up" - health_check_type = "http" - routes = [{ route = "${local.host_name}.${local.domain}" }] + path = data.archive_file.src.output_path + source_code_hash = data.archive_file.src.output_base64sha256 + buildpacks = ["ruby_buildpack"] + strategy = "rolling" + routes = [{ route = "${local.host_name}.${local.domain}" }] environment = { no_proxy = "apps.internal,s3-fips.us-gov-west-1.amazonaws.com" @@ -41,20 +36,22 @@ resource "cloudfoundry_app" "app" { RAILS_SERVE_STATIC_FILES = "true" } - # processes = [ - # # { - # # type = "worker" - # # instances = var.worker_instances - # # memory = var.worker_memory - # # command = "bundle exec sidekiq" - # # }, - # { - # type = "web" - # instances = var.web_instances - # memory = var.web_memory - # command = "./bin/rake cf:on_first_instance db:migrate && exec env HTTP_PORT=$PORT ./bin/thrust ./bin/rails server" - # } - # ] + processes = [ + # { + # type = "worker" + # instances = var.worker_instances + # memory = var.worker_memory + # command = "bundle exec sidekiq" + # }, + { + type = "web" + instances = var.web_instances + memory = var.web_memory + health_check_http_endpoint = "/up" + health_check_type = "http" + command = "./bin/rake cf:on_first_instance db:migrate && exec env HTTP_PORT=$PORT ./bin/thrust ./bin/rails server" + } + ] service_bindings = [ { service_instance = "egress-proxy-${var.env}-credentials" }, diff --git a/terraform/bootstrap/main.tf b/terraform/bootstrap/main.tf index 92af772..6681e13 100644 --- a/terraform/bootstrap/main.tf +++ b/terraform/bootstrap/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry/cloudfoundry" - version = "1.1.0" + version = "1.2.0" } } } @@ -36,7 +36,7 @@ locals { s3_plan_name = "basic-sandbox" } module "mgmt_space" { - source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.0.2" + source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.1.0" cf_org_name = local.org_name cf_space_name = var.mgmt_space_name @@ -44,7 +44,7 @@ module "mgmt_space" { } module "s3" { - source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v2.0.2" + source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v2.1.0" cf_space_id = module.mgmt_space.space_id name = "continuous_monitoring-terraform-state" diff --git a/terraform/main.tf b/terraform/main.tf index 5316887..e40c412 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -5,24 +5,18 @@ locals { } module "app_space" { - source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.0.2" - - cf_org_name = local.cf_org_name - cf_space_name = var.cf_space_name - allow_ssh = var.allow_space_ssh - deployers = local.space_deployers - developers = var.space_developers -} -# temporary method for setting egress rules until terraform provider supports it and cg_space module is updated -data "external" "set-app-space-egress" { - program = ["/bin/sh", "set_space_egress.sh", "-t", "-s", var.cf_space_name, "-o", local.cf_org_name] - working_dir = path.module - # depends_on line is required only for initial creation and destruction. It can be commented out for updates if you see unwanted cascading effects - depends_on = [module.app_space] + source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.1.0" + + cf_org_name = local.cf_org_name + cf_space_name = var.cf_space_name + allow_ssh = var.allow_space_ssh + deployers = local.space_deployers + developers = var.space_developers + security_group_names = ["trusted_local_networks_egress"] } module "database" { - source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v2.0.2" + source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v2.1.0" cf_space_id = module.app_space.space_id name = "${local.app_name}-rds-${var.env}" @@ -32,7 +26,7 @@ module "database" { } # module "redis" { -# source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v2.0.2" +# source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v2.1.0" # cf_space_id = module.app_space.space_id # name = "${local.app_name}-redis-${var.env}" @@ -52,7 +46,7 @@ module "database" { ########################################################################### module "domain" { count = (var.custom_domain_name == null ? 0 : 1) - source = "github.com/gsa-tts/terraform-cloudgov//domain?ref=v2.0.2" + source = "github.com/gsa-tts/terraform-cloudgov//domain?ref=v2.1.0" cf_org_name = local.cf_org_name cf_space = module.app_space.space @@ -64,23 +58,18 @@ module "domain" { } module "egress_space" { - source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.0.2" - - cf_org_name = local.cf_org_name - cf_space_name = "${var.cf_space_name}-egress" - allow_ssh = var.allow_space_ssh - deployers = local.space_deployers - developers = var.space_developers -} -# temporary method for setting egress rules until terraform provider supports it and cg_space module is updated -data "external" "set-egress-space-egress" { - program = ["/bin/sh", "set_space_egress.sh", "-p", "-s", module.egress_space.space_name, "-o", local.cf_org_name] - working_dir = path.module - depends_on = [module.egress_space] + source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.1.0" + + cf_org_name = local.cf_org_name + cf_space_name = "${var.cf_space_name}-egress" + allow_ssh = var.allow_space_ssh + deployers = local.space_deployers + developers = var.space_developers + security_group_names = ["public_networks_egress"] } module "egress_proxy" { - source = "github.com/gsa-tts/terraform-cloudgov//egress_proxy?ref=v2.0.2" + source = "github.com/gsa-tts/terraform-cloudgov//egress_proxy?ref=v2.1.0" cf_org_name = local.cf_org_name cf_egress_space = module.egress_space.space diff --git a/terraform/providers.tf b/terraform/providers.tf index 882cb1a..00b85d4 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry/cloudfoundry" - version = "1.1.0" + version = "1.2.0" } cloudfoundry-community = { source = "cloudfoundry-community/cloudfoundry" diff --git a/terraform/sandbox_bot/main.tf b/terraform/sandbox_bot/main.tf index d202054..590e211 100644 --- a/terraform/sandbox_bot/main.tf +++ b/terraform/sandbox_bot/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { cloudfoundry = { source = "cloudfoundry/cloudfoundry" - version = "1.1.0" + version = "1.2.0" } } backend "local" {} diff --git a/terraform/set_space_egress.sh b/terraform/set_space_egress.sh deleted file mode 100755 index c44b6ea..0000000 --- a/terraform/set_space_egress.sh +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/sh - -usage=" -$0: Set egress rules for given space - -Usage: - $0 -h - $0 -s -o [-p] [-t] - -Options: --h: show help and exit --s : configure the space to act on. Required --o : configure the organization to act on. Required --p: Add the public egress rules --t: Add the trusted egress rules -" - -set -e - -space="" -org="" -public=false -trusted=false - -while getopts ":hs:o:pt" opt; do - case "$opt" in - s) - space=${OPTARG} - ;; - o) - org=${OPTARG} - ;; - p) - public=true - ;; - t) - trusted=true - ;; - h) - echo "$usage" - exit 0 - ;; - esac -done - -if [[ "$space" = "" ]] || [[ "$org" = "" ]]; then - echo "$usage" - exit 1 -fi - -if [[ $public = true ]]; then - cf bind-security-group public_networks_egress "$org" --space "$space" > /dev/null -fi - -if [[ $trusted = true ]]; then - cf bind-security-group trusted_local_networks_egress "$org" --space "$space" > /dev/null -fi - -cat << EOF -{ "success": "true" } -EOF