Skip to content

Added Terraform and Ansible code to automate the infra and configurations. #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rcheeez wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Added Terraform and Ansible code to automate the infra and configurations. #3

rcheeez wants to merge 2 commits into from

Conversation

@rcheeez
Copy link

@rcheeez rcheeez commented Mar 2, 2025
edited by coderabbitai bot
Loading

Description:

This PR introduces Terraform and Ansible automation for provisioning infrastructure and configuring the environment.

Key Changes:

  • Added Terraform scripts to automate cloud infrastructure deployment.
  • Integrated Ansible playbooks for server configuration and application setup.
  • Ensured modular and reusable code for better maintainability.
  • Updated documentation (README.md) with deployment steps.

How to Test:

  1. Navigate to the terraform/ directory and initialize Terraform: 
    terraform init
terraform plan
terraform apply
  2. Once infrastructure is provisioned, run the Ansible playbook: 
    ansible-playbook -i /etc/ansible/hosts playbook.yml

Checklist:

  • Terraform code is properly structured and modular.
  • Ansible playbook runs without errors.
  • Documentation is updated.

#Open to feedback and suggestions! 🚀

Summary by CodeRabbit

  • Documentation

    • Installation documentation has been updated with streamlined setup instructions featuring Terraform and Ansible.
    • Updated details include new steps for configuring AWS CLI, Jenkins (Master and Worker), Bastion Host, and an updated AWS region (Mumbai) while removing deprecated commands.

  • New Features

    • Introduced automation scripts for provisioning and configuring master and worker nodes with essential tools like Java, Docker, kubectl, SonarQube, and ArgoCD.
    • Added comprehensive infrastructure configurations to deploy an EKS cluster.
    • Updated the frontend dependency management with a local package reference.

rcheeez and others added 2 commits March 3, 2025 00:23
@rcheeez
Feat: Added Terraform and Ansible configurations to automate the infr…
1db6678 
…a and configurations
@rcheeez
Merge pull request #1 from rcheeez/dev
6af4575 
Feat: Added Terraform and Ansible configurations to automate the infr…
@coderabbitai
Copy link

coderabbitai bot commented Mar 2, 2025
edited
Loading

Walkthrough

The changes update the project’s documentation and deployment scripts by introducing Terraform and Ansible into the tech stack. The README now reflects new installation instructions for AWS CLI, Jenkins Master/Worker, and Bastion Host while updating the AWS region. Two new Ansible playbooks have been added—one for worker nodes and one for the master node—to automate the installation and configuration of tools such as Java, Docker, AWS CLI, and more. Additionally, new Terraform files provision the AWS infrastructure for an EKS cluster, and a local dependency has been added to the frontend.

Changes

File(s) Change Summary
README.md Updated documentation with new tech stack details including Terraform for EKS provisioning and Ansible for configuration management. Revamped installation instructions for AWS CLI, Jenkins Master/Worker, and Bastion Host, updated AWS region to ap-south-1, and removed Docker/eksctl installation commands.
ansible/agent_server_play.yml, ansible/master_server_play.yml Added two new Ansible playbooks. The agent playbook installs and configures Java, Docker, AWS CLI, Trivy, and Kubectl on worker nodes. The master playbook installs Jenkins, Docker, AWS CLI, Kubectl, SonarQube (via Docker), and ArgoCD CLI on the master node along with necessary startup and configuration tasks.
frontend/package.json Added a new dependency "frontend": "file:" to reference a local package dependency, affecting dependency resolution during installation and development.
terraform/main.tf, terraform/providers.tf, terraform/variables.tf Introduced new Terraform configuration files to provision AWS resources for an EKS cluster. This includes creating a default VPC, subnets, security groups, IAM roles, policies, the EKS cluster resource, and an EKS node group. The provider is configured with a variable for the AWS region, and deployment-related variables are defined for customization.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Terraform
    participant AWS
    participant AnsibleMaster
    participant AnsibleWorker

    User->>Terraform: Run Terraform provisioning
    Terraform->>AWS: Create VPC, subnets, security groups, and IAM roles
    AWS-->>Terraform: Resources provisioned
    Terraform->>AWS: Deploy EKS cluster and node group
    AWS-->>Terraform: EKS cluster created

    User->>AnsibleMaster: Execute master node playbook
    AnsibleMaster->>AWS: Install Jenkins, Docker, AWS CLI, Kubectl, SonarQube, ArgoCD CLI
    AWS-->>AnsibleMaster: Master node configured

    User->>AnsibleWorker: Execute worker node playbook
    AnsibleWorker->>AWS: Install Java, Docker, AWS CLI, Trivy, Kubectl
    AWS-->>AnsibleWorker: Worker node configured
Loading

Poem

I'm a bunny hopping with delight,
As Terraform builds clusters in the light.
Ansible plays its tuning song,
Configuring nodes all day long.
Jenkins, Docker, and AWS in a dance so bright,
With every change, my world feels just right!
🥕🐇

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Mar 2, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (12)
ansible/agent_server_play.yml (1)

1-9: Clean Up YAML Formatting: Remove Trailing Spaces

Static analysis has flagged trailing spaces (e.g., around lines 5 and 9). Removing these trailing spaces will help achieve YAML linting compliance and improve file readability.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 5-5: trailing spaces

(trailing-spaces)

[error] 9-9: trailing spaces

(trailing-spaces)

ansible/master_server_play.yml (3)

1-5: Address Trailing Spaces in YAML

Static analysis indicates trailing spaces on several lines (e.g., lines 1, 5, and others). Please remove these extra spaces to comply with YAML formatting guidelines.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 1-1: trailing spaces

(trailing-spaces)

[error] 5-5: trailing spaces

(trailing-spaces)

113-115: Correct Typo in Completion Message

The task name "Print Completetion Message" contains a typo. It should be "Print Completion Message" to avoid confusion.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 115-115: no new line character at the end of file

(new-line-at-end-of-file)

115-115: Ensure Newline at End of File

The file is missing a newline at the end. Adding a newline helps maintain consistency and avoids potential linting issues.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 115-115: no new line character at the end of file

(new-line-at-end-of-file)

terraform/variables.tf (1)

61-61: Ensure Newline at End of File

Please add a newline at the end of this file to adhere to common file formatting conventions.

terraform/main.tf (4)

5-7: Default Subnet Configuration (Availability Zone: ap-south-1a):
This subnet is properly set for the Mumbai region’s availability zone "ap-south-1a". For improved flexibility in the future, you might consider parameterizing the availability zone.

9-11: Default Subnet Configuration (Availability Zone: ap-south-1b):
The subnet for "ap-south-1b" is correctly defined. As with the previous subnet, consider using a variable for the availability zone to enhance reusability.

65-104: Worker Nodes Security Group Configuration:
The security group for EKS worker nodes includes similar open ingress rules (including SSH on port 22 and additional ports). Please review whether exposing these ports to "0.0.0.0/0" is intentional. Limiting broad access—especially for SSH—can enhance security.

171-201: EKS Node Group Configuration:
The node group resource is comprehensive—it specifies the cluster name, node role ARN, subnet IDs, scaling configuration, remote access setup, instance types, and tagging. A few minor suggestions:

  • Consider parameterizing the scaling values (desired, max, min) for potential future adjustments.
  • The use of interpolation in the instance_types list (["${var.eks_node_instance_type}"]) can be simplified to [var.eks_node_instance_type] in newer Terraform versions.
README.md (3)

47-56: Installation Table Formatting:
The installation table now includes new entries for Jenkins Master, Jenkins-Worker, Bastion-Host, Terraform, Ansible, and Jenkins Worker Setup. To meet markdownlint MD055 guidelines, please ensure that each table row ends with a trailing pipe ("|") for consistency.

🧰 Tools
🪛 markdownlint-cli2 (0.17.2)

49-49: Table pipe style
Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe

(MD055, table-pipe-style)

68-69: Region Specification Clarity:
The note indicates that the project will be implemented in the Mumbai region (ap-south-1). For clarity and conciseness, consider rephrasing to something like, "This project will be deployed in the Mumbai region (ap-south-1)."

70-72: Instance Usage Description:
The statement “This instance primary use is to launch the EKS cluster using Terraform” appears slightly awkward. Rewording to “The primary use of this instance is to launch the EKS cluster using Terraform” would enhance clarity. Additionally, verify that the sentence is complete as intended.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d6ff649 and 6af4575.

⛔ Files ignored due to path filters (4)
  • Assets/ansible-master-installation.png is excluded by !**/*.png
  • Assets/ansible-worker-installation.png is excluded by !**/*.png
  • Assets/terraform-provisioning.png is excluded by !**/*.png
  • frontend/package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (7)
  • README.md (5 hunks)
  • ansible/agent_server_play.yml (1 hunks)
  • ansible/master_server_play.yml (1 hunks)
  • frontend/package.json (1 hunks)
  • terraform/main.tf (1 hunks)
  • terraform/providers.tf (1 hunks)
  • terraform/variables.tf (1 hunks)
🧰 Additional context used
🪛 YAMLlint (1.35.1)
ansible/agent_server_play.yml

[error] 5-5: trailing spaces

(trailing-spaces)

[error] 9-9: trailing spaces

(trailing-spaces)

[error] 19-19: trailing spaces

(trailing-spaces)

[error] 38-38: trailing spaces

(trailing-spaces)

[error] 49-49: trailing spaces

(trailing-spaces)

[error] 84-84: trailing spaces

(trailing-spaces)

[error] 99-99: no new line character at the end of file

(new-line-at-end-of-file)

ansible/master_server_play.yml

[error] 1-1: trailing spaces

(trailing-spaces)

[error] 5-5: trailing spaces

(trailing-spaces)

[error] 10-10: trailing spaces

(trailing-spaces)

[error] 62-62: trailing spaces

(trailing-spaces)

[error] 73-73: trailing spaces

(trailing-spaces)

[error] 101-101: trailing spaces

(trailing-spaces)

[error] 115-115: no new line character at the end of file

(new-line-at-end-of-file)

🪛 markdownlint-cli2 (0.17.2)
README.md

49-49: Table pipe style
Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe

(MD055, table-pipe-style)

73-73: Multiple headings with the same content
null

(MD024, no-duplicate-heading)

158-158: Multiple spaces after blockquote symbol
null

(MD027, no-multiple-space-blockquote)

160-160: Images should have alternate text (alt text)
null

(MD045, no-alt-text)

205-205: Images should have alternate text (alt text)
null

(MD045, no-alt-text)

209-209: Images should have alternate text (alt text)
null

(MD045, no-alt-text)

235-235: Multiple headings with the same content
null

(MD024, no-duplicate-heading)

🪛 LanguageTool
README.md

[grammar] ~185-~185: Uncountable nouns are usually not used with an indefinite article. Use simply “decent access”.
Context: ...ec2-key-pair.pem ``` > [!Note] > Give a decent access to the private key (.pem) file to run p...

(A_UNCOUNTABLE)

[grammar] ~213-~213: The word “setup” is a noun. The verb is spelled with a space.
Context: ...ilable in your aws account. This will setup all the configuration on those 2 EC2 in...

(NOUN_VERB_CONFUSION)

🔇 Additional comments (16)
terraform/providers.tf (2)

1-6: AWS Provider Requirement Configuration

The terraform block correctly configures the AWS provider with a version constraint of "~> 5.0". Ensure that this version range is tested with your intended AWS features.

10-12: Configuring AWS Region Using a Variable

The provider block uses region = var.aws_region, which follows best practices for configurability. Please confirm that aws_region is defined (as done later in terraform/variables.tf) and the default value aligns with your target deployment region.

ansible/agent_server_play.yml (1)

1-99: Overall Agent Playbook Review

The playbook methodically updates the Apt cache and installs/configures key tools including Java 17, Docker, AWS CLI, Kubectl, and Trivy for the worker nodes. Ensure that all manual steps (such as AWS CLI configuration) are clearly documented for end users.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 5-5: trailing spaces

(trailing-spaces)

[error] 9-9: trailing spaces

(trailing-spaces)

[error] 19-19: trailing spaces

(trailing-spaces)

[error] 38-38: trailing spaces

(trailing-spaces)

[error] 49-49: trailing spaces

(trailing-spaces)

[error] 84-84: trailing spaces

(trailing-spaces)

[error] 99-99: no new line character at the end of file

(new-line-at-end-of-file)

ansible/master_server_play.yml (1)

1-115: Overall Master Server Playbook Assessment

This playbook effectively orchestrates tasks for installing and configuring Jenkins, Docker, AWS CLI, Kubectl, SonarQube, and ArgoCD on the master node. Along with addressing minor formatting issues, ensure that the service configurations (e.g., for Jenkins and Docker) are verified in your staging environment.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 1-1: trailing spaces

(trailing-spaces)

[error] 5-5: trailing spaces

(trailing-spaces)

[error] 10-10: trailing spaces

(trailing-spaces)

[error] 62-62: trailing spaces

(trailing-spaces)

[error] 73-73: trailing spaces

(trailing-spaces)

[error] 101-101: trailing spaces

(trailing-spaces)

[error] 115-115: no new line character at the end of file

(new-line-at-end-of-file)

terraform/variables.tf (1)

1-61: Terraform Variables Configuration Review

All variables are defined with clear descriptions and appropriate default values. This setup supports easy customization of AWS and EKS resources, aligning with modular infrastructure best practices. Verify that the default values (such as region and AMI ID) are updated as needed for your environment.

terraform/main.tf (8)

1-3: Default VPC Resource Declaration:
The declaration for the default VPC is minimal and straightforward. Ensure that this default VPC meets your needs, and consider adding further properties if additional configuration becomes necessary.

106-120: EKS Cluster IAM Role Configuration:
The IAM role for the EKS cluster is defined correctly with an appropriate assume-role policy. No further changes are needed here.

121-135: EKS Node IAM Role Configuration:
The IAM role for worker nodes has been appropriately set up with the EC2 service principal. Ensure that the permissions granted are in line with the principle of least privilege as your project evolves.

137-140: EKS Cluster Policy Attachment:
Attaching the cluster policy via a variable for the policy ARN is a flexible and sound approach.

142-154: EKS Cluster Resource Configuration:
The EKS cluster resource is well structured with its VPC configuration, linked subnets, and security group. Declaring an explicit dependency on the policy attachment helps ensure correct creation order.

156-159: EKS Worker Node Policy Attachment:
The worker node policy attachment is implemented correctly using a variable for the policy ARN.

161-164: EKS CNI Policy Attachment:
The attachment of the CNI policy for networking is clear and uses variables effectively.

166-169: EKS ECR Read-Only Policy Attachment:
The read-only ECR policy is attached appropriately to the worker node role.

README.md (3)

27-28: Tech Stack Update:
The addition of "Terraform (Infrastructure Provisioning)" and "Ansible (Configuration Management)" to the tech stack list clearly reflects the new automation goals of the project. This inclusion aligns well with the PR objectives.

78-82: Jenkins Instance Specifications:
The instructions for creating the Jenkins Master and Jenkins Worker instances are descriptive and clear. Ensure that the provided hardware specifications (e.g., 2 CPU, 8GB RAM, 29 GB storage on t2.large instances) align with your production requirements.

87-89: Bastion Host Setup:
The Bastion Host instructions are now explicitly defined, indicating its dual purpose—for provisioning the EKS cluster with Terraform and configuring nodes with Ansible. Verify that any associated security group rules or key management practices are updated accordingly.

frontend/package.json
"axios": "^1.6.1",
"class-variance-authority": "^0.7.0",
"clsx": "^2.0.0",
"frontend": "file:",
Copy link

@coderabbitai coderabbitai bot Mar 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Verify Local Dependency Specification

The new dependency "frontend": "file:" appears to reference a local package, but the path is incomplete. Typically, a local dependency should specify a relative path (e.g., "file:../some-local-folder"). Please confirm that this is intentional and update the value if needed to ensure proper dependency resolution.

terraform/main.tf
Comment on lines +13 to +63
resource "aws_security_group" "cluster_sg" {
name = "cluster-sg"
description = "Security group for meet application"
vpc_id = aws_default_vpc.default_vpc.id

ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

ingress {
from_port = 10250
to_port = 10250
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

ingress {
from_port = 30000
to_port = 32767
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}

tags = {
Name = "cluster_sg"
}
}
Copy link

@coderabbitai coderabbitai bot Mar 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Cluster Security Group Configuration:
This security group defines multiple ingress rules covering SSH (port 22), HTTP (port 80), HTTPS (port 443), Kubernetes API (port 10250), and a NodePort range (30000–32767). A couple of points to consider:

  • Allowing SSH access from "0.0.0.0/0" can pose a security risk. It is advisable to restrict this to known IP ranges if possible.
  • The description ("Security group for meet application") might be refined to clearly reflect its purpose in managing access to the EKS cluster.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rcheeez