Skip to content
This repository has been archived by the owner on Aug 22, 2020. It is now read-only.

Automates HK News server provisioning and configurations. Made with ❤

License

Notifications You must be signed in to change notification settings

ayltai/hknews-infrastructure

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Warning

This repository is deprecated. Please check out hknews.

HK News Infrastructure

CircleCI Docker Cloud Build Status CII Best Practices Maintenance Release License

Automates HK News server provisioning and configurations. Made with ❤

Features

  • Use Terraform to provision AWS EC2 instances
  • Use Ansible to setup application server, database, SSL certificate and system monitoring tools

Prerequisites

You will need Terraform and Ansible to run the scripts in this repository.

Installing Terraform

Follow the official documentation to install Terraform.

Installing Ansible

Follow the official documentation to install Ansible.

AWS permissions

You will need the following policies attached to the AWS user account used to run the scripts:

  • AmazonEC2FullAccess
  • AmazonVPCFullAccess
  • CloudWatchActionsEC2Access

AWS Access Key and Secret Key

You will need AWS Access Key and Secret Key to manage resources of your AWS account.

  1. Create an IAM group with the required permissions described above
  2. Create an IAM user for programmatic access
  3. Follow the instruction to get your Access Key and Secret Key
  4. Export the keys as environment variables:
    export TF_VAR_access_key=abc123
    export TF_VAR_secret_key=xyz789

SSH key pairs

You will need a key pair for connecting the newly provisioned instance using SSH. Currently Terraform does not support creating key pairs so you have to supply your own.

  1. Follow AWS documentation to create your key pair
  2. Save your private key to ~/.ssh/hknews.pem (or as specified in variables.tf)
  3. Save your public key to ~/.ssh/hknews.pub (or as specified in variables.tf)
  4. Change the variables defined in variables.tf and playbook.yml to fit your needs

Ansible Vault password

The SSH certificate password is encrypted by Ansible Vault. You will need to specify a Vault password file in order to decrypt the password during the Ansible automation process. The file path is defined in Let's Encrypt role.

DNS

We prefer to use an external DNS provider instead of AWS Route53 to manage the server public domain.

The Elastic public IPv4 address of the EC2 instance created will be printed out in your console during the Terraform automation process. You are expected to configure your DNS to resolve the domain name to this IP address. Let's Encrypt role will wait for at most 30 minutes for this.

Provisioning

  1. Go to terraform directory
cd terraform
  1. Initialize Terraform backend and plugins
terraform init
  1. Plan for the changes
terraform plan -out main
  1. If the potential changes look fine, apply them
terraform apply main

HK News Backend

hknews-backend

HK News Frontend

hknews-android hknews-web