POC: separates infrastructure from apps

.gitignore

@@ -27,3 +27,17 @@ terraform/internet-gateway/.terraform/providers/registry.terraform.io/hashicorp/
 !application-deployments/dev/configs
 !application-deployments/prod/configs
 application-deployments/*/configs/*env
+terraform/application-wrapper/applications/echo-app/.terraform.lock.hcl
+terraform/application-wrapper/applications/echo-app/.terraform/providers/registry.terraform.io/hashicorp/aws/5.35.0/linux_arm64/terraform-provider-aws_v5.35.0_x5
+terraform/application-wrapper/applications/echo-app/.terraform/providers/registry.terraform.io/hashicorp/aws/5.36.0/linux_arm64/terraform-provider-aws_v5.36.0_x5
+terraform/application-wrapper/applications/echo-app/.terraform/providers/registry.terraform.io/hashicorp/random/3.6.0/linux_arm64/terraform-provider-random_v3.6.0_x5
+terraform/application-wrapper/applications/echo-app/providers/registry.terraform.io/hashicorp/aws/5.36.0/linux_arm64/terraform-provider-aws_v5.36.0_x5
+terraform/application-wrapper/applications/echo-app/providers/registry.terraform.io/hashicorp/random/3.6.0/linux_arm64/terraform-provider-random_v3.6.0_x5
+terraform/application-wrapper/applications/echo-app-2/providers/registry.terraform.io/hashicorp/aws/5.36.0/linux_arm64/terraform-provider-aws_v5.36.0_x5
+terraform/application-wrapper/applications/echo-app-2/providers/registry.terraform.io/hashicorp/random/3.6.0/linux_arm64/terraform-provider-random_v3.6.0_x5
+terraform/application-wrapper/applications/echo-app-2/tfplan
+terraform/remote-state-application/.terraform.lock.hcl
+terraform/remote-state-application/terraform.tfstate.backup
+terraform/remote-state-application/tfplan
+terraform/remote-state-application/.terraform/providers/registry.terraform.io/hashicorp/archive/2.4.2/linux_arm64/terraform-provider-archive_v2.4.2_x5
+terraform/remote-state-application/.terraform/providers/registry.terraform.io/hashicorp/random/3.6.0/linux_arm64/terraform-provider-random_v3.6.0_x5

Makefile

@@ -33,26 +33,25 @@ create-route:
 	docker-compose run app-deploy -cmd create-route
 
 delete-route:
-	docker-compose run app-deploy -cmd delete-route	
+	docker-compose run app-deploy -cmd delete-route
+
+create-application:
+	docker-compose run app-deploy -cmd create-application
+
+destroy-application:
+	docker-compose run app-deploy -cmd destroy-application
+
+create-remote-state-app:
+	docker-compose run app-deploy -cmd create-remote-state-app	
 
 deploy:
 	aws ecr get-login-password --profile ${AWS_PROFILE} --region ${AWS_DEFAULT_REGION} | docker login --username AWS --password-stdin ${ACCOUNT}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com
 	@echo "Deploying app"
-	cd $(WORKING_DIR)/terraform/application-wrapper/applications ; git clone "https://${APP_GIT_REPOSITORY}" app
-	cd $(WORKING_DIR)/terraform/application-wrapper/applications/app
-	cp $(WORKING_DIR)/terraform/application-wrapper/applications/app/${ENTRYPOINT} $(WORKING_DIR)/terraform/application-wrapper/${ENTRYPOINT}
-	cp $(WORKING_DIR)/terraform/application-wrapper/applications/app/Dockerfile $(WORKING_DIR)/terraform/application-wrapper/Dockerfile
-    ifeq ($(ENTRYPOINT),main.py)
-		cp $(WORKING_DIR)/terraform/application-wrapper/main.py.nf $(WORKING_DIR)/terraform/application-wrapper/main.nf
-		cp $(WORKING_DIR)/terraform/application-wrapper/applications/app/requirements.txt $(WORKING_DIR)/terraform/application-wrapper/requirements.txt
-    else ifeq ($(ENTRYPOINT),main.R)
-		cp $(WORKING_DIR)/terraform/application-wrapper/main.R.nf $(WORKING_DIR)/terraform/application-wrapper/main.nf
-		cp -R $(WORKING_DIR)/terraform/application-wrapper/applications/app/dependencies/* $(WORKING_DIR)/terraform/application-wrapper/dependencies
-    endif
-	rm -rf $(WORKING_DIR)/terraform/application-wrapper/applications/app
-	cd $(WORKING_DIR)/terraform/application-wrapper; docker buildx build --platform linux/amd64 --progress=plain -t pennsieve/app-wrapper .
-	docker tag pennsieve/app-wrapper ${APP_REPO}
+	cd $(WORKING_DIR)/terraform/application-wrapper/applications ; git clone -b ${APP_GIT_BRANCH} --single-branch "https://${APP_GIT_REPOSITORY}" app
+	cd $(WORKING_DIR)/terraform/application-wrapper/applications/app ; docker buildx build --platform linux/amd64 --progress=plain -t pennsieve/${APP_NAME} .
+	docker tag pennsieve/${APP_NAME} ${APP_REPO}
 	docker push ${APP_REPO}
+	rm -rf $(WORKING_DIR)/terraform/application-wrapper/applications/app
 	@echo "Deploying post processor"
 	cd $(WORKING_DIR)/terraform/post-processor; docker buildx build --platform linux/amd64 --progress=plain -t pennsieve/post-processor .
 	docker tag pennsieve/post-processor ${POST_PROCESSOR_REPO}

main.go

@@ -8,7 +8,9 @@ import (
 )
 
 var TerraformStateDirectory = "/service/terraform/remote-state"
+var TerraformAppStateDirectory = "/service/terraform/remote-state-application"
 var TerraformGatewayDirectory = "/service/terraform/internet-gateway"
+var TerraformApplicationDirectory = "/service/terraform/application-wrapper"
 
 func main() {
 	cmdPtr := flag.String("cmd", "plan", "command to execute")
@@ -25,6 +27,17 @@ func main() {
 		fmt.Println(output)
 	}
 
+	// Remote State Application Management
+	if *cmdPtr == "create-remote-state-app" || *cmdPtr == "remote-state-app" {
+		cmd := exec.Command("/bin/sh", "./scripts/remote-state-application.sh", TerraformAppStateDirectory, *cmdPtr)
+		out, err := cmd.Output()
+		if err != nil {
+			log.Fatalf("error %s", err)
+		}
+		output := string(out)
+		fmt.Println(output)
+	}
+
 	// Creating a route in route table (once-off)
 	if *cmdPtr == "create-route" || *cmdPtr == "delete-route" {
 		cmd := exec.Command("/bin/sh", "./scripts/routing-table.sh", TerraformGatewayDirectory, *cmdPtr)
@@ -47,5 +60,16 @@ func main() {
 		fmt.Println(output)
 	}
 
+	// application creation
+	if *cmdPtr == "create-application" || *cmdPtr == "destroy-application" {
+		cmd := exec.Command("/bin/sh", "./scripts/application.sh", TerraformApplicationDirectory, *cmdPtr)
+		out, err := cmd.Output()
+		output := string(out)
+		fmt.Println(output)
+		if err != nil {
+			log.Fatalf("error %s", err.Error())
+		}
+	}
+
 	log.Println("done")
 }

scripts/application.sh

@@ -0,0 +1,34 @@
+#!/bin/sh
+
+cd $1
+export TF_DATA_DIR="${1}/applications/${APP_NAME}"
+mkdir -p $TF_DATA_DIR
+echo $TF_DATA_DIR
+PLAN_FILE="$TF_DATA_DIR/tfplan"
+
+echo "Creating tfvars config"
+  /bin/cat > "${TF_DATA_DIR}/${APP_NAME}.tfvars" <<EOL
+region = "${AWS_DEFAULT_REGION}"
+environment = "${ENVIRONMENT}"
+app_name = "${APP_NAME}"
+app_cpu = "${APP_CPU:-2048}"
+app_memory = "${APP_MEMORY:-4096}"
+app_git_url = "${APP_GIT_REPOSITORY}"
+EOL
+
+echo "Creating backend config"
+  /bin/cat > "$TF_DATA_DIR/${APP_NAME}.tfbackend" <<EOL
+bucket  = "${APP_REMOTE_BUCKET}"
+key     = "${ENVIRONMENT}/${APP_GIT_REPOSITORY}/${APP_NAME}.tfstate"
+EOL
+
+if [ $2 = "create-application" ]; then
+  echo "creating ..."
+  terraform init -force-copy -backend-config="$TF_DATA_DIR/${APP_NAME}.tfbackend"
+  export TF_LOG=TRACE
+  terraform plan -out=$PLAN_FILE -var-file="$TF_DATA_DIR/${APP_NAME}.tfvars"
+  terraform apply $PLAN_FILE
+else
+  echo "deleting ..."
+  terraform apply -destroy -auto-approve -var-file="$TF_DATA_DIR/${APP_NAME}.tfvars"
+fi

scripts/remote-state-application.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+cd $1
+
+if [ $2 = "create-remote-state-app" ]; then
+  echo "creating ..."
+  terraform init
+  terraform plan -out=tfplan > plan.log
+  terraform apply tfplan > apply.log
+else
+  echo "deleting ..."
+  terraform apply -destroy -auto-approve
+fi

terraform/application-wrapper/backend.tf

@@ -0,0 +1,5 @@
+terraform {
+  backend "s3" {
+    region = "us-east-1"
+  }
+}

terraform/application-wrapper/data.tf

@@ -0,0 +1,10 @@
+data "terraform_remote_state" "compute_node" {
+    backend = "s3"
+
+    config = {
+        bucket  = "i3h-dev-terraform-state-v2"
+        key     = "dev/github.com/Penn-I3H/python-application-template/terraform.tfstate"
+        region  = "us-east-1" 
+    }
+
+}

terraform/application-wrapper/ecr.tf

@@ -0,0 +1,8 @@
+resource "aws_ecr_repository" "app" {
+  name                 = "${var.app_name}-${random_uuid.val.id}"
+  image_tag_mutability = "MUTABLE"
+
+  image_scanning_configuration {
+    scan_on_push = false # consider implications of setting to true
+  }
+}

terraform/application-wrapper/ecs.tf

@@ -0,0 +1,49 @@
+// ECS Task definition
+resource "aws_ecs_task_definition" "application" {
+  family                = "${var.app_name}-${random_uuid.val.id}"
+  requires_compatibilities = ["FARGATE"]
+  network_mode             = "awsvpc"
+  cpu                      = var.app_cpu
+  memory                   = var.app_memory
+  task_role_arn      = aws_iam_role.task_role_for_app.arn
+  execution_role_arn = aws_iam_role.execution_role_for_app.arn
+
+  container_definitions = jsonencode([
+    {
+      name      = "${var.app_name}-${random_uuid.val.id}"
+      image     = aws_ecr_repository.app.repository_url
+      essential = true
+      portMappings = [
+        {
+          containerPort = 8081
+          hostPort      = 8081
+        }
+      ]
+      mountPoints = [
+        {
+          sourceVolume = "${var.app_name}-storage-${random_uuid.val.id}"
+          containerPath = "/mnt/efs"
+          readOnly = false
+        }
+      ]
+      logConfiguration = {
+        logDriver = "awslogs"
+        options = {
+          awslogs-group = "/ecs/${var.app_name}/${random_uuid.val.id}"
+          awslogs-region = var.region
+          awslogs-stream-prefix = "ecs"
+          awslogs-create-group = "true"
+        }
+      }
+    }
+  ])
+
+  volume {
+    name = "${var.app_name}-storage-${random_uuid.val.id}"
+
+    efs_volume_configuration {
+      file_system_id          = data.terraform_remote_state.compute_node.outputs.efs_id
+      root_directory          = "/"
+    }
+  }
+}