Initial commit: Terraform infrastructure, pipelines, docs and scripts
This commit is contained in:
Evert Daniel Romero Garrido
Executable
+122
@@ -0,0 +1,122 @@
|
||||
#!/usr/bin/env bash
|
||||
# ===============================================================================================================
|
||||
# user-data.sh - Script de inicialización de la EC2 para proyectosacc
|
||||
# Descripción:
|
||||
# Configura la instancia EC2 al primer boot: instala dependencias,
|
||||
# crea usuarios, configura Nginx como proxy de API, y prepara
|
||||
# directorios de despliegue.
|
||||
#
|
||||
# Autor: Área de Tecnología y Desarrollo - CCsoft
|
||||
# ===============================================================================================================
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
# -------------------------------------------------------------------------------
|
||||
# Variables
|
||||
# -------------------------------------------------------------------------------
|
||||
PIPELINE_PUBLIC_KEY="${pipeline_public_key}"
|
||||
|
||||
# -------------------------------------------------------------------------------
|
||||
# Actualizar sistema e instalar dependencias
|
||||
# -------------------------------------------------------------------------------
|
||||
apt-get update -y
|
||||
apt-get install -y nginx openjdk-21-jdk awscli curl jq
|
||||
|
||||
# -------------------------------------------------------------------------------
|
||||
# Crear usuarios del sistema
|
||||
# -------------------------------------------------------------------------------
|
||||
useradd -m -s /bin/bash thoth || true
|
||||
useradd -m -s /bin/bash osiris || true
|
||||
|
||||
# -------------------------------------------------------------------------------
|
||||
# Configurar SSH para el pipeline (usuario thoth)
|
||||
# -------------------------------------------------------------------------------
|
||||
mkdir -p /home/thoth/.ssh
|
||||
chmod 700 /home/thoth/.ssh
|
||||
|
||||
echo "$PIPELINE_PUBLIC_KEY" > /home/thoth/.ssh/authorized_keys
|
||||
chmod 600 /home/thoth/.ssh/authorized_keys
|
||||
chown -R thoth:thoth /home/thoth/.ssh
|
||||
|
||||
# -------------------------------------------------------------------------------
|
||||
# Crear estructura de directorios de despliegue
|
||||
# -------------------------------------------------------------------------------
|
||||
mkdir -p /home/thoth/deploy/artifacts/{backup,current,logs,pids}
|
||||
mkdir -p /home/thoth/deploy/{scripts,setup}
|
||||
chown -R thoth:thoth /home/thoth/deploy
|
||||
|
||||
mkdir -p /var/log/proyectosacc/proyectosacc-app
|
||||
chown -R osiris:osiris /var/log/proyectosacc
|
||||
|
||||
# -------------------------------------------------------------------------------
|
||||
# Configurar Nginx como proxy inverso SOLO para la API
|
||||
# -------------------------------------------------------------------------------
|
||||
cat > /etc/nginx/sites-available/proyectosacc-api <<'NGINX_EOF'
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
server_name _;
|
||||
|
||||
location /api/ {
|
||||
proxy_pass http://localhost:8080/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
proxy_read_timeout 60s;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 404;
|
||||
}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
}
|
||||
NGINX_EOF
|
||||
|
||||
rm -f /etc/nginx/sites-enabled/default
|
||||
ln -sf /etc/nginx/sites-available/proyectosacc-api /etc/nginx/sites-enabled/proyectosacc-api
|
||||
|
||||
nginx -t
|
||||
systemctl enable nginx
|
||||
systemctl restart nginx
|
||||
|
||||
# -------------------------------------------------------------------------------
|
||||
# Crear servicio systemd template para la API (será sobrescrito por deploy.sh)
|
||||
# -------------------------------------------------------------------------------
|
||||
cat > /etc/systemd/system/proyectosacc-app.service <<'SYSTEMD_EOF'
|
||||
[Unit]
|
||||
Description=Proyecto SACC App Service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=osiris
|
||||
Group=osiris
|
||||
WorkingDirectory=/home/thoth/deploy/artifacts/current
|
||||
ExecStart=/usr/bin/java -jar /home/thoth/deploy/artifacts/current/proyectosacc-app.jar
|
||||
SuccessExitStatus=143
|
||||
Restart=on-failure
|
||||
RestartSec=10
|
||||
StandardOutput=append:/var/log/proyectosacc/proyectosacc-app/proyectosacc-app-service.log
|
||||
StandardError=append:/var/log/proyectosacc/proyectosacc-app/proyectosacc-app-service.log
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
SYSTEMD_EOF
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl enable proyectosacc-app.service || true
|
||||
|
||||
# -------------------------------------------------------------------------------
|
||||
# Ajustar permisos finales
|
||||
# -------------------------------------------------------------------------------
|
||||
usermod -aG osiris thoth || true
|
||||
chown -R osiris:osiris /home/thoth/deploy/artifacts
|
||||
chmod 750 /home/thoth/deploy/artifacts
|
||||
Reference in New Issue
Block a user