Moved part of TF configuration to Ansible to use best of Jinja2

.gitignore

@@ -1,8 +1,3 @@
-.DS_Store
-
-# Testing
-/ignore.tfvars
-
 # Terraform State
 *.terraform*
 *terraform.tfstate.d*
@@ -10,11 +5,13 @@
 roles/main_infra/files/backend.tfvars
 roles/main_infra/files/remote-backend-selector.tf
 roles/main_infra/files/terraform.tfvars
+roles/main_infra/files/hosts.tf
+roles/main_infra/files/routing.tf
 *.backup
 
 # Sensitive information
-/*.privkey
-/*.tfvars
+*.privkey
+*.tfvars
 
 # Stack-specific information
 /PREFIX

clean.yml

@@ -10,3 +10,4 @@
         - roles/main_infra/files/terraform.tfstate.d
         - roles/main_infra/files/main.tfvars
         - roles/main_infra/files/backend.tfvars
+        - roles/main_infra/files/terraform.tfplan

group_vars/all.yml.example

@@ -57,6 +57,7 @@ chain_custom_environment:
     TXS_COUNT_CACHE_PERIOD: 7200 # Interval in seconds to restart the task, which calculates the total txs count.
     ADDRESS_WITH_BALANCES_UPDATE_INTERVAL: 1800 #Interval in seconds to restart the task, which calculates addresses with balances
     LINK_TO_OTHER_EXPLORERS: "false" # If true, links to other explorers are added in the footer
+    USE_PLACEMENT_GROUP: "false" # If true, BlockScout instance will be created in the placement group
 
 ## Region. It is recommended to deploy to us-east-1 as some of the other regions fails due to varied reasons
 region: "us-east-1"

group_vars/infrastructure.yml.example

@@ -34,9 +34,6 @@ pool_size: 30
 ## The following variable represents the elixir version that will be used to run BlockScout instance. Will be used to download the Elixir at the following link: https://github.com/elixir-lang/elixir/releases/download/{{ elixir_version }}/Precompiled.zip
 elixir_version: "v1.7.4"
 
-## Whether or not to use the placement group for the BlockScout instances.
-use_placement_group: false
-
 # DB related variables
 
 ## This value represents the name of the DB that will be created/attached. Must be unique. Will be prefixed with `prefix` variable.

roles/main_infra/files/deploy.tf

@@ -17,7 +17,7 @@ resource "aws_codedeploy_deployment_group" "explorer" {
   app_name              = "${aws_codedeploy_app.explorer.name}"
   deployment_group_name = "${var.prefix}-explorer-dg${count.index}"
   service_role_arn      = "${aws_iam_role.deployer.arn}"
-  autoscaling_groups    = ["${aws_autoscaling_group.explorer.*.id[count.index]}"]
+  autoscaling_groups    = ["${aws_launch_configuration.explorer.name}-asg-${element(var.chains,count.index)}"]
 
   deployment_style {
     deployment_option = "WITH_TRAFFIC_CONTROL"

roles/main_infra/files/rds.tf

@@ -5,6 +5,34 @@ resource "aws_ssm_parameter" "db_host" {
   type  = "String"
 }
 
+resource "aws_ssm_parameter" "db_port" {
+  count = "${length(var.chains)}"
+  name  = "/${var.prefix}/${element(var.chains,count.index)}/db_port"
+  value = "${aws_db_instance.default.*.port[count.index]}"
+  type  = "String"
+}
+
+resource "aws_ssm_parameter" "db_name" {
+  count = "${length(var.chains)}"
+  name  = "/${var.prefix}/${element(var.chains,count.index)}/db_name"
+  value = "${lookup(var.chain_db_name,element(var.chains,count.index))}"
+  type  = "String"
+}
+
+resource "aws_ssm_parameter" "db_username" {
+  count = "${length(var.chains)}"
+  name  = "/${var.prefix}/${element(var.chains,count.index)}/db_username"
+  value = "${lookup(var.chain_db_username,element(var.chains,count.index))}"
+  type  = "String"
+}
+
+resource "aws_ssm_parameter" "db_password" {
+  count = "${length(var.chains)}"
+  name  = "/${var.prefix}/${element(var.chains,count.index)}/db_password"
+  value = "${lookup(var.chain_db_password,element(var.chains,count.index))}"
+  type  = "String"
+}
+
 resource "aws_db_instance" "default" {
   count                  = "${length(var.chains)}"
   name                   = "${lookup(var.chain_db_name,element(var.chains,count.index))}"

roles/main_infra/files/variables.tf

@@ -7,15 +7,19 @@ variable "db_subnet_cidr" {}
 variable "dns_zone_name" {}
 variable "instance_type" {}
 variable "root_block_size" {}
-variable "pool_size" {}
+variable "pool_size" {
+  default = {} 
+}
 variable "elixir_version" {}
-variable "use_placement_group" {}
+variable "use_placement_group" {
+  default = {}
+}
 variable "key_content" {
   default = ""
 }
 
 variable "chains" {
-  default = {}
+  default = []
 }
 
 variable "chain_db_id" {
@@ -55,10 +59,12 @@ variable "chain_db_version" {
 }
 
 variable "secret_key_base" {
-default = {} 
+  default = {} 
 }
+
 variable "alb_ssl_policy" {}
 variable "alb_certificate_arn" {}
+
 variable "use_ssl" {
-default = {} 
+  default = {} 
 }

roles/main_infra/tasks/main.yml

@@ -35,6 +35,12 @@
     path: roles/main_infra/files/.terraform/
     state: absent
   when: stat_result.stat.exists == True
+
+- name: Generate Terraform files
+  template:
+    src: "{{ item.key }}"
+    dest: "{{ item.value }}"
+  with_dict: {hosts.tf.j2: roles/main_infra/files/hosts.tf,routing.tf.j2: roles/main_infra/files/routing.tf}
     
 #Workaround since terraform module return unexpected error.
 - name: Terraform plan construct
@@ -44,11 +50,12 @@
     chdir: "roles/main_infra/files"
   with_items:
     - "init{{ ' -backend-config=backend.tfvars' if backend|bool == true else '' }}"
-    - plan
+    - plan -out terraform.tfplan
+    - show terraform.tfplan -no-color
 
 - name: Show Terraform plan
   debug:
-    var: tf_plan.results[1].stdout_lines
+    var: tf_plan.results[2].stdout_lines
 
 - name: User prompt
   pause:
@@ -61,9 +68,10 @@
   loop_control:
     loop_var: chain
     index_var: index
+  when: user_answer.user_input|bool == True
 
 - name: Terraform provisioning
-  shell: "echo yes | {{ terraform_location }} apply" 
+  shell: "echo yes | {{ terraform_location }} apply terraform.tfplan" 
   args:
     chdir: "roles/main_infra/files"
   when: user_answer.user_input|bool == True 
@@ -84,5 +92,5 @@
 
 - name: Output info from Terraform
   debug:
-    value: output.stdout_lines.instructions.value
+    var: output.stdout_lines
   when: user_answer.user_input|bool == True

roles/main_infra/templates/hosts.tf.j2

@@ -18,7 +18,7 @@ data "aws_ami" "explorer" {
 }
 
 resource "aws_launch_configuration" "explorer" {
-  name_prefix                 = "${var.prefix}-explorer-launchconfig-"
+  name_prefix                 = "${var.prefix}-explorer-launchconfig"
   image_id                    = "${data.aws_ami.explorer.id}"
   instance_type               = "${var.instance_type}"
   security_groups             = ["${aws_security_group.app.id}"]
@@ -39,23 +39,24 @@ resource "aws_launch_configuration" "explorer" {
   }
 }
 
-resource "aws_placement_group" "explorer" {
-  count    = "${var.use_placement_group ? length(var.chains): 0}"
-  name     = "${var.prefix}-explorer-placement-group${count.index}"
+{% for key, value in chain_custom_environment.iteritems() %}
+resource "aws_placement_group" "explorer-{{key}}" {
+  name     = "${var.prefix}-{{key}}-explorer-pg"
   strategy = "cluster"
 }
+{% endfor %}
 
-resource "aws_autoscaling_group" "explorer" {
-  count                = "${length(var.chains)}"
-  name                 = "${aws_launch_configuration.explorer.name}-asg${count.index}"
-  max_size             = "${length(var.chains) * 4}"
-  min_size             = "${length(var.chains)}"
-  desired_capacity     = "${length(var.chains)}"
-  placement_group      = "${var.use_placement_group ? aws_placement_group.explorer.*.id[count.index] : "zero"}"
+{% for key, value in chain_custom_environment.iteritems() %}
+resource "aws_autoscaling_group" "explorer-{{key}}" {
+  name                 = "${aws_launch_configuration.explorer.name}-asg-{{key}}"
+  max_size             = "4"
+  min_size             = "1"
+  desired_capacity     = "1"
+{% if value['USE_PLACEMENT_GROUP'] == "true" %}  placement_group      = "${var.prefix}-{{key}}-explorer-pg" {% endif %}
   launch_configuration = "${aws_launch_configuration.explorer.name}"
   vpc_zone_identifier  = ["${aws_subnet.default.id}"]
   availability_zones   = ["${data.aws_availability_zones.available.names}"]
-  target_group_arns    = ["${aws_lb_target_group.explorer.*.arn[count.index]}"]
+  target_group_arns    = ["${aws_lb_target_group.explorer.*.arn[{{loop.index-1}}]}"]
 
   # Health checks are performed by CodeDeploy hooks
   health_check_type = "EC2"
@@ -69,7 +70,11 @@ resource "aws_autoscaling_group" "explorer" {
   ]
 
   depends_on = [
-    "aws_ssm_parameter.db_host"
+    "aws_ssm_parameter.db_host",
+    "aws_ssm_parameter.db_name",
+    "aws_ssm_parameter.db_port",
+    "aws_ssm_parameter.db_username",
+    "aws_ssm_parameter.db_password"
   ]
 
   lifecycle {
@@ -84,26 +89,25 @@ resource "aws_autoscaling_group" "explorer" {
 
   tag {
     key                 = "chain"
-    value               = "${element(var.chains,count.index)}"
+    value               = "{{ key }}"
     propagate_at_launch = true
   }
 }
 
 # TODO: These autoscaling policies are not currently wired up to any triggers
 resource "aws_autoscaling_policy" "explorer-up" {
-  count                  = "${length(var.chains)}"
-  name                   = "${var.prefix}-explorer-autoscaling-policy-up${count.index}"
-  autoscaling_group_name = "${element(aws_autoscaling_group.explorer.*.name, count.index)}"
+  name                   = "${var.prefix}-{{key}}-explorer-autoscaling-policy-up"
+  autoscaling_group_name = "${aws_autoscaling_group.explorer-{{key}}.name}"
   adjustment_type        = "ChangeInCapacity"
   scaling_adjustment     = 1
   cooldown               = 300
 }
 
 resource "aws_autoscaling_policy" "explorer-down" {
-  count                  = "${length(var.chains)}"
-  name                   = "${var.prefix}-explorer-autoscaling-policy-down${count.index}"
-  autoscaling_group_name = "${element(aws_autoscaling_group.explorer.*.name, count.index)}"
+  name                   = "${var.prefix}-{{key}}-explorer-autoscaling-policy-down"
+  autoscaling_group_name = "${aws_autoscaling_group.explorer-{{key}}.name}"
   adjustment_type        = "ChangeInCapacity"
   scaling_adjustment     = -1
   cooldown               = 300
 }
+{% endfor %}

roles/main_infra/templates/routing.tf.j2

@@ -58,30 +58,19 @@ resource "aws_lb_target_group" "explorer" {
   }
 }
 
-# The Listener for the ALB (HTTP protocol)
-resource "aws_alb_listener" "alb_listener_http" {
-  count             = "${var.use_ssl == "true" ? 0 : length(var.chains)}"
-  load_balancer_arn = "${aws_lb.explorer.*.arn[count.index]}"
-  port              = 80
-  protocol          = "HTTP"
-
+{% for key, value in chain_custom_environment.iteritems() %}
+resource "aws_alb_listener" "alb_listener{{loop.index-1}}" {
+  load_balancer_arn = "${aws_lb.explorer.*.arn[{{loop.index-1}}]}"
+  port              = "${lookup(var.use_ssl,element(var.chains,{{loop.index-1}})) ?  "443" : "80" }"
+  protocol          = "${lookup(var.use_ssl,element(var.chains,{{loop.index-1}})) ?  "HTTPS" : "HTTP" }"
+{% if value['ECTO_USE_SSL'] == "true" %}
+  ssl_policy        = "${lookup(var.use_ssl,element(var.chains,{{loop.index-1}})) ? var.alb_ssl_policy : "null" }"
+  certificate_arn   = "${lookup(var.use_ssl,element(var.chains,{{loop.index-1}})) ? var.alb_certificate_arn : "null" }"
+{% endif %}
   default_action {
     type = "forward"
-    target_group_arn = "${aws_lb_target_group.explorer.*.arn[count.index]}"
+    target_group_arn = "${aws_lb_target_group.explorer.*.arn[{{loop.index-1}}]}"
   }
 }
 
-# The Listener for the ALB (HTTPS protocol)
-resource "aws_alb_listener" "alb_listener_https" {
-  count             = "${var.use_ssl == "true" ? length(var.chains) : 0}"
-  load_balancer_arn = "${aws_lb.explorer.*.arn[count.index]}"
-  port              = 443
-  protocol          = "HTTPS"
-  ssl_policy        = "${var.alb_ssl_policy}"
-  certificate_arn   = "${var.alb_certificate_arn}"
-  
-  default_action {
-    type             = "forward"
-    target_group_arn = "${aws_lb_target_group.explorer.*.arn[count.index]}" 
-  }
-}
+{% endfor %}

roles/main_infra/templates/terraform.tfvars.j2

@@ -8,32 +8,31 @@ db_subnet_cidr        = "{{ db_subnet_cidr }}"
 dns_zone_name         = "{{ dns_zone_name }}"
 instance_type         = "{{ instance_type }}"
 root_block_size       = "{{ root_block_size }}"
-use_placement_group   = "{{ use_placement_group }}"
 alb_ssl_policy        = "{{ alb_ssl_policy }}"
 alb_certificate_arn   = "{{ alb_certificate_arn }}"
 elixir_version        = "{{ elixir_version }}"
 
 pool_size = {
 {% for key, value in chain_custom_environment.iteritems() %}
-{{ key }}={{ value['POOL_SIZE'] }}{% if not loop.last %},{% endif %}
+{{ key }}="{{ value['POOL_SIZE'] }}"{% if not loop.last %},{% endif %}
 {% endfor %}
 }
 
 secret_key_base = {
 {% for key, value in chain_custom_environment.iteritems() %}
-{{ key }}={{ value['SECRET_KEY_BASE'] }}{% if not loop.last %},{% endif %}
+{{ key }}="{{ value['SECRET_KEY_BASE'] }}"{% if not loop.last %},{% endif %}
 {% endfor %}
 }
 
 use_ssl = {
 {% for key, value in chain_custom_environment.iteritems() %}
-{{ key }}={{ value['ECTO_USE_SSL'] }}{% if not loop.last %},{% endif %}
+{{ key }}="{{ value['ECTO_USE_SSL'] }}"{% if not loop.last %},{% endif %}
 {% endfor %}
 }
 
 chains = [
-{% for key in chain_custom_environment.iteritems() %}
-{{ key }}{% if not loop.last %},{% endif %}
+{% for key,value in chain_custom_environment.iteritems() %}
+"{{ key }}"{% if not loop.last %},{% endif %}
 {% endfor %}
 ]
 

roles/main_software/tasks/main.yml

@@ -75,12 +75,18 @@
   vars:
     path: "/{{ prefix }}/{{ chain }}"
 
+- name: Make config variables lowercase
+  set_fact:
+    chain_lower_env: "{{ chain_lower_env | combine ({item.key|lower : item.value})  }}"
+  with_dict: "{{ chain_custom_environment_chain }}"
+  vars:
+    chain_lower_env: {}
+    chain_custom_environment_chain: "{{ chain_cec[chain] | default({}) }}"
+    chain_cec: "{{ chain_custom_environment | default ({}) }}"
+
 - name: Override env variables
   set_fact:
-    chain_env: "{{ chain_env | combine(chain_custom_environment_chain) }}"
-  vars:
-    chain_custom_environment_chain: "{{ chain_cec[chain] | default({}) }}"
-    chain_cec: "{{ chain_custom_environment | default ({}) }}"    
+    chain_env: "{{ chain_env | combine(chain_lower_env) }}"
 
 - name: Uppercase chain 
   set_fact:
@@ -135,7 +141,7 @@
     - "blockscout-{{ chain }}/apps/block_scout_web/assets/node_modules/"
     - "blockscout-{{ chain }}/apps/explorer/node_modules/"
     - "blockscout-{{ chain }}/logs/dev/"
-  when: user_answer.user_input|default(true)|bool != false 
+  when: user_answer.user_input|lower != "false" or user_answer.user_input|lower != "no"  
 
 - name: Fix bug with favicon 
   copy:
@@ -161,24 +167,16 @@
     prompt: "Do you want to update the Parameter Store variables? [Yes/No] Default: Yes"
   register: user_answer
 
-- name: Prepare variables for Parameter Store
-  set_fact:
-    chain_lower_env: "{{ chain_lower_env | combine ({item.key|lower : item.value})  }}"
-  with_dict: "{{ chain_upper_env }}"
-  vars:
-    chain_lower_env: {}
-  when: user_answer.user_input|default(true)|bool != false
-
 - name: Update chain variables
   aws_ssm_parameter_store:
     name: "/{{ prefix }}/{{ chain }}/{{ item.key }}" 
     value: "{{ item.value }}"
-  with_dict: "{{ chain_lower_env }}"
+  with_dict: "{{ chain_env }}"
   environment:
     AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
     AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
     AWS_REGION: "{{ region }}"
-  when: user_answer.user_input|default(true)|bool != false
+  when: user_answer.user_input|lower != "false" or user_answer.user_input|lower != "no"
 
 - name: User prompt
   pause:
@@ -187,7 +185,7 @@
 
 - name: Deploy Blockscout
   command: "{{ push_output.stdout_lines[1] }} --deployment-group-name {{ prefix }}-explorer-dg{{ index }} --deployment-config-name CodeDeployDefault.OneAtATime --description '{{ chain_upper_env['BLOCKSCOUT_VERSION']  }}'" 
-  when: user_answer.user_input|default(true)|bool != false
+  when: user_answer.user_input|lower != "false" or user_answer.user_input|lower != "no"
   environment:
     AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
     AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"