Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/voronenko/wordpress-classic-app-demo

Approach for combining terraform and ansible to deploy lamp server with wordpress application
https://github.com/voronenko/wordpress-classic-app-demo

ansible oops-to-devops terraform wordpress

Last synced: 12 days ago
JSON representation

Approach for combining terraform and ansible to deploy lamp server with wordpress application

Host: GitHub
URL: https://github.com/voronenko/wordpress-classic-app-demo
Owner: Voronenko
Created: 2019-03-06T22:44:56.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-01-24T23:19:55.000Z (almost 2 years ago)
Last Synced: 2024-04-16T00:38:23.033Z (7 months ago)
Topics: ansible, oops-to-devops, terraform, wordpress
Language: PHP
Size: 600 KB
Stars: 2
Watchers: 2
Forks: 1
Open Issues: 31
Metadata Files:
- Readme: Readme.md

Awesome Lists containing this project

README

# Demo: using ansible and terraform to deploy wordpress application

In this demo from oops-to-devops services https://github.com/topics/oops-to-devops we provide
example, how ansible and terraform flows might be splitted between infrastructure deployment
and business logic deployment.

Folders structure:

## providers//

Under providers we put terraform logic, that will create necessary infrastructure for us.
As your project might be deployed to multiple clouds, you can end with separate terraform scenarios
for those activities, thus it can be reasonable, to put project under folder, named by cloud provider,
like `providers/digitalocean/...`

## provisioners/shared/

Here we collect knowledge needed to deploy your project. In particular,

### provisioners/env/

This is shared folder for environment overrides, i.e. specific parameters, that differ across
deployments - like fqdn, passwords, options etc.

Here and below ENV stands for environment name, like prod, staging, dev and so on.

Note that this is the place, where you can inject encrypted secrets, for example using ansible vault.
Order of proving overrides is following:

- env-ENV-vars.yml
- env-default-vars.yml

### provisioners/providers/

Idea close to what we have with environments, but here you can put specific
to cloud provider used. Note, that you also can encrypt sensitive data here with ansible vault.

overrides will be searched in the following order (first found will be picked up):

```
- PROVIDER-ENV-vars.yml
- PROVIDER-vars.yml
```

### provisioners/files/

Any fixed file artifacts you might have - team ssh keys, etc

### provisioners/inventory/

Under this directory, terraform script will generate inventory files for ansible, basing
on information about resources created.

Typical structure you will see here

```
inventory/prod/...
inventory/staging/...

...

inventory/default/...
```

You can explore inventory with `ansible-inventory`

```
ansible-inventory -i default/ --graph
@all:
|--@aws_ec2:
|--@ungrouped:
```

### Deployment environment

also it is assumed, that following environment variables are set:

INFRASTRUCTURE_ROOT_DIR, which defaults to root project of the solution,
ANSIBLE_VAULT_IDENTITY_LIST, which hels ansible to decrypt encrypted values

```
export INFRASTRUCTURE_ROOT_DIR=$PWD
export ANSIBLE_VAULT_IDENTITY_LIST="@$HOME/path/to/vault"
```

also you should provide any other environment variables needed for provisioning.
For example, for this demo we will be using digitalocean token to create resources,
and godaddy key pair to create DNS entry.

```
export DIGITALOCEAN_TOKEN=hihi
export GD_KEY=haha
export GD_SECRET=hehe
```

## Provisioning considerations

Server roles used are proposed to be stored under `provisioners/-box` with a
specific structure for environment variables:

```
BOX_ADDRESS - address of the box, or path to inventory
BOX_PROVIDER - provider used (digitalocean, aws, etc)
BOX_DEPLOY_USER - user used to connect to server for provisioning
BOX_DEPLOY_PASS - provisioning user password, if any
ENVIRONMENT - current environment, like prod, staging, dev

REMOTE_USER_INITIAL - only for fresh instance, not prepared for deployment yet
REMOTE_PASSWORD_INITIAL - only for fresh instance, not prepared for deployment yet
```

Typical provisioning script would be

```bash

# Static parameters
WORKSPACE=$(
cd $(dirname "$0")
pwd
)

BOX_PLAYBOOK=$WORKSPACE/.yml
BOX_NAME=
BOX_ADDRESS=$REMOTE_HOST
BOX_USER=$REMOTE_USER_INITIAL
BOX_PWD=$REMOTE_PASSWORD_INITIAL
BOX_PROVIDER=${BOX_PROVIDER:-}
ENVIRONMENT=${ENVIRONMENT:-default}

prudentia ssh <