Add complete SACC v4 infrastructure project
- Terraform modules: VPC, EC2, RDS, S3, CloudFront, Route53, Lambda, IAM, Security Groups - Ansible playbooks for server configuration - Scripts: create-test-environment.sh, destroy-test-environment.sh, validate-environment.sh - Documentation: README, QUICKSTART, AGENTS - Jenkins pipeline for automated deployment - Jenkins pipeline for environment destruction
This commit is contained in:
Jenkins CI
@@ -0,0 +1,339 @@
|
||||
# =============================================================================
|
||||
# SACC v4 - Entorno TEST en Cuenta 668889063715
|
||||
# =============================================================================
|
||||
# DUPLICA la infraestructura de produccion usando los modulos PRODUCCION
|
||||
# probados de terraform-sacc4/
|
||||
#
|
||||
# IMPORTANTE: Este archivo usa los modulos de produccion para garantizar
|
||||
# que el entorno de test sea IDENTICO al de produccion.
|
||||
#
|
||||
# Uso:
|
||||
# 1. cp terraform.tfvars.example terraform.tfvars
|
||||
# 2. Editar terraform.tfvars con valores reales
|
||||
# 3. terraform init
|
||||
# 4. terraform plan
|
||||
# 5. terraform apply
|
||||
# =============================================================================
|
||||
|
||||
terraform {
|
||||
required_version = ">= 1.5.0"
|
||||
|
||||
required_providers {
|
||||
aws = {
|
||||
source = "hashicorp/aws"
|
||||
version = "~> 5.0"
|
||||
}
|
||||
random = {
|
||||
source = "hashicorp/random"
|
||||
version = "~> 3.0"
|
||||
}
|
||||
}
|
||||
|
||||
# Backend S3 para estado (bucket creado por bootstrap)
|
||||
backend "s3" {
|
||||
bucket = "sacc4-terraform-state-test-668889063715"
|
||||
key = "sacc4-test/infrastructure/terraform.tfstate"
|
||||
region = "mx-central-1"
|
||||
encrypt = true
|
||||
dynamodb_table = "sacc4-terraform-locks-test-668889063715"
|
||||
}
|
||||
}
|
||||
|
||||
# Provider AWS - Región Mexico (mx-central-1)
|
||||
provider "aws" {
|
||||
region = var.aws_region
|
||||
|
||||
default_tags {
|
||||
tags = {
|
||||
Project = "sacc4"
|
||||
Environment = "test"
|
||||
ManagedBy = "terraform"
|
||||
Owner = "infra-team"
|
||||
AccountId = "668889063715"
|
||||
CostCenter = "test-environment"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Provider AWS para ACM (us-east-1 requerido por CloudFront)
|
||||
provider "aws" {
|
||||
alias = "us_east_1"
|
||||
region = "us-east-1"
|
||||
|
||||
default_tags {
|
||||
tags = {
|
||||
Project = "sacc4"
|
||||
Environment = "test"
|
||||
ManagedBy = "terraform"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# DATOS
|
||||
# =============================================================================
|
||||
|
||||
data "aws_caller_identity" "current" {}
|
||||
data "aws_region" "current" {}
|
||||
|
||||
# =============================================================================
|
||||
# LOCALES
|
||||
# =============================================================================
|
||||
|
||||
locals {
|
||||
name_prefix = "${var.project_name}-test"
|
||||
common_tags = {
|
||||
Project = var.project_name
|
||||
Environment = "test"
|
||||
ManagedBy = "terraform"
|
||||
}
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# MODULOS DE INFRAESTRUCTURA (usando modulos de produccion)
|
||||
# =============================================================================
|
||||
|
||||
module "vpc" {
|
||||
source = "../../../../terraform-sacc4/modules/vpc"
|
||||
|
||||
name_prefix = local.name_prefix
|
||||
vpc_cidr = var.vpc_cidr
|
||||
availability_zones = var.availability_zones
|
||||
public_subnet_cidrs = var.public_subnet_cidrs
|
||||
private_subnet_cidrs = var.private_subnet_cidrs
|
||||
tags = local.common_tags
|
||||
}
|
||||
|
||||
module "security_groups" {
|
||||
source = "../../../../terraform-sacc4/modules/security-groups"
|
||||
|
||||
name_prefix = local.name_prefix
|
||||
vpc_id = module.vpc.vpc_id
|
||||
vpc_cidr = module.vpc.vpc_cidr
|
||||
ssh_allowed_cidrs = var.ssh_allowed_cidrs
|
||||
tags = local.common_tags
|
||||
}
|
||||
|
||||
module "iam" {
|
||||
source = "../../../../terraform-sacc4/modules/iam"
|
||||
|
||||
name_prefix = local.name_prefix
|
||||
tags = local.common_tags
|
||||
}
|
||||
|
||||
module "ec2" {
|
||||
source = "../../../../terraform-sacc4/modules/ec2"
|
||||
|
||||
name_prefix = local.name_prefix
|
||||
instance_type = var.ec2_instance_type
|
||||
ami = var.ec2_ami
|
||||
subnet_id = module.vpc.public_subnet_ids[0]
|
||||
security_group_ids = [module.security_groups.ec2_security_group_id]
|
||||
root_volume_size = var.ec2_root_volume_size
|
||||
root_volume_type = var.ec2_root_volume_type
|
||||
root_volume_encrypted = var.ec2_root_volume_encrypted
|
||||
thoth_public_key = var.thoth_public_key
|
||||
osiris_public_key = var.osiris_public_key
|
||||
rds_endpoint = module.rds.rds_endpoint
|
||||
rds_db_name = var.rds_db_name
|
||||
rds_app_username = "sacc_app_user"
|
||||
rds_app_password = var.rds_master_password
|
||||
tags = local.common_tags
|
||||
}
|
||||
|
||||
module "rds" {
|
||||
source = "../../../../terraform-sacc4/modules/rds"
|
||||
|
||||
name_prefix = local.name_prefix
|
||||
instance_class = var.rds_instance_class
|
||||
engine = var.rds_engine
|
||||
engine_version = var.rds_engine_version
|
||||
allocated_storage = var.rds_allocated_storage
|
||||
max_allocated_storage = var.rds_max_allocated_storage
|
||||
db_name = var.rds_db_name
|
||||
master_username = var.rds_master_username
|
||||
master_password = var.rds_master_password
|
||||
backup_retention_period = var.rds_backup_retention_period
|
||||
backup_window = var.rds_backup_window
|
||||
maintenance_window = var.rds_maintenance_window
|
||||
subnet_ids = module.vpc.private_subnet_ids
|
||||
security_group_ids = [module.security_groups.rds_security_group_id]
|
||||
enable_replica = false
|
||||
tags = local.common_tags
|
||||
}
|
||||
|
||||
module "lambda_scheduler" {
|
||||
source = "../../../../terraform-sacc4/modules/lambda-scheduler"
|
||||
count = var.enable_scheduling ? 1 : 0
|
||||
|
||||
name_prefix = local.name_prefix
|
||||
ec2_instance_id = module.ec2.instance_id
|
||||
rds_instance_id = module.rds.db_instance_identifier
|
||||
schedule_timezone = var.schedule_timezone
|
||||
schedule_start_cron = var.schedule_start_cron
|
||||
schedule_stop_cron = var.schedule_stop_cron
|
||||
lambda_role_arn = module.iam.lambda_scheduler_role_arn
|
||||
scheduler_role_arn = module.iam.eventbridge_scheduler_role_arn
|
||||
tags = local.common_tags
|
||||
}
|
||||
|
||||
module "s3_cloudfront" {
|
||||
source = "../../../../terraform-sacc4/modules/s3-cloudfront"
|
||||
|
||||
name_prefix = local.name_prefix
|
||||
bucket_name = var.frontend_bucket_name
|
||||
cloudfront_price_class = var.cloudfront_price_class
|
||||
enable_logging = var.enable_cloudfront_logging
|
||||
domain_name = var.domain_name
|
||||
tags = local.common_tags
|
||||
}
|
||||
|
||||
module "route53" {
|
||||
source = "../../../../terraform-sacc4/modules/route53"
|
||||
|
||||
name_prefix = local.name_prefix
|
||||
domain_name = var.domain_name
|
||||
api_subdomain = var.api_subdomain
|
||||
api_public_ip = module.ec2.public_ip
|
||||
cloudfront_domain = module.s3_cloudfront.cloudfront_domain_name
|
||||
cloudfront_zone_id = module.s3_cloudfront.cloudfront_hosted_zone_id
|
||||
tags = local.common_tags
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# OUTPUTS
|
||||
# =============================================================================
|
||||
|
||||
output "vpc_id" {
|
||||
description = "ID de la VPC creada"
|
||||
value = module.vpc.vpc_id
|
||||
}
|
||||
|
||||
output "public_subnet_ids" {
|
||||
description = "IDs de subnets publicas"
|
||||
value = module.vpc.public_subnet_ids
|
||||
}
|
||||
|
||||
output "private_subnet_ids" {
|
||||
description = "IDs de subnets privadas"
|
||||
value = module.vpc.private_subnet_ids
|
||||
}
|
||||
|
||||
output "ec2_instance_id" {
|
||||
description = "ID de la instancia EC2"
|
||||
value = module.ec2.instance_id
|
||||
}
|
||||
|
||||
output "ec2_public_ip" {
|
||||
description = "IP publica de la instancia EC2"
|
||||
value = module.ec2.public_ip
|
||||
}
|
||||
|
||||
output "ec2_private_ip" {
|
||||
description = "IP privada de la instancia EC2"
|
||||
value = module.ec2.private_ip
|
||||
}
|
||||
|
||||
output "rds_endpoint" {
|
||||
description = "Endpoint de la base de datos RDS"
|
||||
value = module.rds.rds_endpoint
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
output "rds_port" {
|
||||
description = "Puerto de la base de datos RDS"
|
||||
value = module.rds.rds_port
|
||||
}
|
||||
|
||||
output "rds_db_name" {
|
||||
description = "Nombre de la base de datos"
|
||||
value = module.rds.db_name
|
||||
}
|
||||
|
||||
output "frontend_bucket_name" {
|
||||
description = "Nombre del bucket S3 del frontend"
|
||||
value = module.s3_cloudfront.bucket_name
|
||||
}
|
||||
|
||||
output "cloudfront_domain_name" {
|
||||
description = "Dominio de CloudFront"
|
||||
value = module.s3_cloudfront.cloudfront_domain_name
|
||||
}
|
||||
|
||||
output "cloudfront_distribution_id" {
|
||||
description = "ID de la distribucion CloudFront"
|
||||
value = module.s3_cloudfront.distribution_id
|
||||
}
|
||||
|
||||
output "api_gateway_url" {
|
||||
description = "URL del API Gateway"
|
||||
value = "https://${var.api_subdomain}"
|
||||
}
|
||||
|
||||
output "frontend_url" {
|
||||
description = "URL del frontend"
|
||||
value = "https://${var.domain_name}"
|
||||
}
|
||||
|
||||
output "lambda_start_function_name" {
|
||||
description = "Nombre de la funcion Lambda de inicio"
|
||||
value = var.enable_scheduling ? module.lambda_scheduler[0].start_function_name : null
|
||||
}
|
||||
|
||||
output "lambda_stop_function_name" {
|
||||
description = "Nombre de la funcion Lambda de apagado"
|
||||
value = var.enable_scheduling ? module.lambda_scheduler[0].stop_function_name : null
|
||||
}
|
||||
|
||||
output "route53_api_record" {
|
||||
description = "Nombre del registro DNS para API"
|
||||
value = module.route53.api_record_name
|
||||
}
|
||||
|
||||
output "route53_frontend_record" {
|
||||
description = "Nombre del registro DNS para frontend"
|
||||
value = module.route53.frontend_record_name
|
||||
}
|
||||
|
||||
output "route53_zone_id" {
|
||||
description = "ID de la zona Route53"
|
||||
value = module.route53.hosted_zone_id
|
||||
}
|
||||
|
||||
output "ansible_inventory" {
|
||||
description = "Inventario Ansible generado dinamicamente"
|
||||
value = <<-EOT
|
||||
[sacc4-test]
|
||||
${module.ec2.public_ip} ansible_user=ubuntu ansible_ssh_private_key_file=~/.ssh/sacc4-test-key.pem
|
||||
|
||||
[sacc4-test:vars]
|
||||
ansible_python_interpreter=/usr/bin/python3
|
||||
environment=test
|
||||
db_endpoint=${module.rds.rds_endpoint}
|
||||
s3_bucket=${module.s3_cloudfront.bucket_name}
|
||||
cloudfront_domain=${module.s3_cloudfront.cloudfront_domain_name}
|
||||
EOT
|
||||
sensitive = false
|
||||
}
|
||||
|
||||
output "deployment_commands" {
|
||||
description = "Comandos para desplegar la aplicacion"
|
||||
value = <<-EOT
|
||||
# =============================================================================
|
||||
# COMANDOS POST-DESPLIEGUE - SACC v4 TEST
|
||||
# =============================================================================
|
||||
# Conectar a la instancia
|
||||
ssh -i ~/.ssh/sacc4-test-key.pem ubuntu@${module.ec2.public_ip}
|
||||
|
||||
# Verificar servicios
|
||||
ssh -i ~/.ssh/sacc4-test-key.pem ubuntu@${module.ec2.public_ip} "sudo systemctl status nginx"
|
||||
ssh -i ~/.ssh/sacc4-test-key.pem ubuntu@${module.ec2.public_ip} "sudo systemctl status api-sacc4-*"
|
||||
|
||||
# Verificar health checks
|
||||
ssh -i ~/.ssh/sacc4-test-key.pem ubuntu@${module.ec2.public_ip} "curl -s http://localhost:8080/actuator/health"
|
||||
ssh -i ~/.ssh/sacc4-test-key.pem ubuntu@${module.ec2.public_ip} "curl -s http://localhost:8081/actuator/health"
|
||||
|
||||
# Base de datos
|
||||
mysql -h ${module.rds.rds_endpoint} -u sacc_app_user -p -e "SELECT 1;"
|
||||
EOT
|
||||
}
|
||||
Reference in New Issue
Block a user