-
Notifications
You must be signed in to change notification settings - Fork 440
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
3243e13
commit 3fa9994
Showing
18 changed files
with
358 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| # AWS | ||
|
|
||
| ## Enumera los pasos que seguirías para desplegar un servidor web básico con nginx sobre una nueva instancia de EC2 en una cuenta de AWS recién creada | ||
|
|
||
| Dado que la cuenta de AWS es nueva, deberemos, desde la sesión de la cuenta root, crear un usuario para trabajar desde él (ya que no es una buena práctica trabajar con la cuenta root). Además, crearemos un grupo al cual le asignaremos los permisos necesarios para realizar las tareas requeridas. A este grupo le asignaremos al usuario, para otorgarle los permisos. | ||
|
|
||
| Architectura de la solución: | ||
|
|
||
|  | ||
|
|
||
| ### Despliegue AWS Console EC2 | ||
|
|
||
| 1. Creacion de **IAM user** y **Roles** | ||
| - Crear un IAM user. | ||
| - No usar el root (Mala practica). | ||
| - Crear Grupo IAM con los roles necesarios para la creacion de la infraestructura, y adjuntar a el usuario al grupo. | ||
| 2. Creacion de **VPC** | ||
| - Definir el CIDR block (0.0.0.0/16) | ||
| - Configuracion del numero de AZ's, y subnets publicas y/o privadas (+NAT) | ||
| 3. Creacion de **Subnet** | ||
| - Crearemos una subnet publica en este caso para proporcionar acceso a internet al servidor, y asociaremos esta a la VPC ya creada, tambien indicaremos su AZ. | ||
| 4. Creacion de **Internet Gateway** | ||
| - Crearemos una Internet Gateway para conectar nuestra VPC a Internet | ||
| 5. Cnfigurar la **route table** | ||
| - Crearemos la RT para dirigir el trafico a la IGW. | ||
| - Associaremos la Route Table con la Public Subnet. | ||
| 6. Creacion de **Security group** para la EC2 | ||
| - Security group que permita inbound traffic a los siguientes puertos: | ||
| - `80`: **HTTP** | ||
| - `443`: **HTTPS** | ||
| - `22`: **SSH** | ||
| 7. **Launch EC2** instance | ||
| - Desplegarla en la Subnet Publica | ||
| - Seleccionaremos lo siguiente | ||
| - `AMI` (for exampl Ubuntu ) | ||
| - `Instance type`(t2.micro free tier) | ||
| - Associaremos a el `Security Group` ya creado | ||
| - Añadiremos un `Key pair` para acceder mediante SSH a la instancia una vez creada. | ||
| - Usaremos `User Data` para mediante script, automatizar la instalacion y abilitacion de NGINX durante el despliegue: | ||
|
|
||
| ```bash | ||
| #!/bin/bash | ||
| yum update -y | ||
| yum install nginx -y | ||
| systemctl start nginx | ||
| systemctl enable nginx | ||
| ``` | ||
|
|
||
| 8. **Conexion a la instancia EC2** | ||
|
|
||
| Almacenaremos las claves en (~/.ssh/) y le daremos permisos de Lectura solo al usuario, y ya podremos conectarnos mediante SSh. | ||
|
|
||
| ```bash | ||
| mv /ruta/a/mi-clave.pem ~/.ssh/ | ||
| chmod 400 ~/.ssh/mi-clave.pem | ||
| ssh -i "tu-clave.pem" ec2-user@tu-ip-publica | ||
| sudo systemctl status nginx | ||
| ``` | ||
|
|
||
| 9. **Verificar Nginx** en la EC2 | ||
| 1. Accederemos a la IP publica de la instancia mediante navegador. | ||
| 2. Veremos la Welcome Page que NGINX proporciona por defecto. | ||
|
|
||
|  |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| #! /bin/bash | ||
|
|
||
| show_help() { | ||
| cat << EOF | ||
| Usage: $0 <directory> <keyword> | ||
| This script searches through all files in the specified directory for the given keyword. | ||
| It counts the total number of files in the given directory, the number of files containing the keyword, and | ||
| the total number of lines that contain the keyword. | ||
| Arguments: | ||
| <directory> The directory to search in. | ||
| <keyword> The keyword to search for in the files. | ||
| Example: | ||
| $0 /path/to/directory keyword | ||
| EOF | ||
| exit 0 | ||
| } | ||
|
|
||
| if [[ "$1" == "--help" || "$1" == "-h" ]]; then | ||
| show_help | ||
| fi | ||
|
|
||
| if [ $# -ne 2 ]; then | ||
| echo "Usage: $0 <directory> <keyword>" | ||
| echo "Try '$0 --help' for more information." | ||
| exit 1 | ||
| fi | ||
|
|
||
| DIRECTORI=$1 | ||
| KEY=$2 | ||
| NUMBER_FILES=0 | ||
| NUMBER_LINES=0 | ||
| FILES_WITH_KEY=0 | ||
|
|
||
| if [ ! -d "$DIRECTORI" ]; then | ||
| echo "The directory '$DIRECTORI' does not exist" | ||
| exit 1 | ||
| fi | ||
|
|
||
| for file in "$DIRECTORI"/*; do | ||
| if [ -f "$file" ]; then | ||
| NUMBER_FILES=$((NUMBER_FILES+1)) | ||
| lines=$(grep -ci "$KEY" "$file") | ||
| if [ "$lines" -gt 0 ]; then | ||
| FILES_WITH_KEY=$((FILES_WITH_KEY+1)) | ||
| NUMBER_LINES=$((NUMBER_LINES+lines)) | ||
| echo "The file '$file' has $lines lines with the key '$KEY'" | ||
| fi | ||
| fi | ||
| done | ||
|
|
||
| echo "Total number of files: $NUMBER_FILES" | ||
| echo "Total number of files with the key '$KEY': $FILES_WITH_KEY" | ||
| echo "Total number of lines with the key '$KEY': $NUMBER_LINES" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| # Kubernetes | ||
|
|
||
| ## Crea un archivo YAML de despliegue de Kubernetes para una aplicación Ruby on Rails. | ||
|
|
||
| No tengo experiencia en Kubernetes, he realizado el `ruby_deployment.yaml`, siguiendo la creacion de recursos de la [documentacion oficial de kubernetes](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/). | ||
| Para su ejecucion en kubernetes cluster, usaremos el siguiente comando: | ||
| ``` | ||
| kubctl create -f ruby_deployment.yaml | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: rails-app | ||
| labels: | ||
| app: teimas | ||
| spec: | ||
| replicas: 3 | ||
| selector: | ||
| matchLabels: | ||
| app: teimas | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: teimas | ||
| spec: | ||
| containers: | ||
| - name: teimas-rails-app | ||
| image: your-docker-repo/teimas-rails-app:latest | ||
| ports: | ||
| - containerPort: 3000 | ||
| env: | ||
| - name: DATABASE_URL | ||
| value: "postgres://user:password@postgres:5432/database_name" |
24 changes: 24 additions & 0 deletions
24
prueba_tecnica_teimas/Terraform/import-resources/.terraform.lock.hcl
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| resource "aws_instance" "nginx" { | ||
| ami = "ami-0084a47cc718c111a" #Ubuntu 20.04 | ||
| instance_type = "t2.micro" | ||
| key_name = "teimas" | ||
| subnet_id = aws_subnet.ps_teimas.id | ||
| vpc_security_group_ids = [aws_security_group.sg_teimas.id] | ||
|
|
||
| provisioner "remote-exec" { | ||
| inline = [ | ||
|
|
||
| "echo 'Versión actual de nginx:' && nginx -v 2>&1 || echo 'nginx no está instalado'", | ||
|
|
||
| "sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak", | ||
|
|
||
| "sudo apt update -y nginx", | ||
|
|
||
| "sudo nginx -s reload", #! Recargar la configuración de nginx sin parar el servicio. | ||
| ] | ||
| } | ||
| connection { | ||
| type = "ssh" | ||
| user = "ubuntu" | ||
| private_key = file("~/.ssh/teimas.pem") | ||
| host = self.public_ip | ||
| } | ||
|
|
||
| tags = { | ||
| Name = "nginx-teimas" | ||
| } | ||
|
|
||
| } |
8 changes: 8 additions & 0 deletions
8
prueba_tecnica_teimas/Terraform/import-resources/int_gateway.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| resource "aws_internet_gateway" "igw_teimas" { | ||
| vpc_id = aws_vpc.vpc_teimas.id | ||
|
|
||
| tags = { | ||
| Name = "int_gateway_teimas" | ||
| } | ||
|
|
||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| output "output_Nginx" { | ||
| value = { | ||
| "public_ip" = "https://${aws_instance.nginx.public_ip}/" | ||
| } | ||
| } |
10 changes: 10 additions & 0 deletions
10
prueba_tecnica_teimas/Terraform/import-resources/providers.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| provider "aws" { | ||
| region = var.region | ||
|
|
||
| default_tags { | ||
| tags = { | ||
| "Owner" = "Ruben" | ||
| "Project" = "Test-TEIMAS" | ||
| } | ||
| } | ||
| } |
10 changes: 10 additions & 0 deletions
10
prueba_tecnica_teimas/Terraform/import-resources/public_subnet.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| resource "aws_subnet" "ps_teimas" { | ||
| vpc_id = aws_vpc.vpc_teimas.id | ||
| cidr_block = var.psn_cidr_block | ||
| availability_zone = "${var.region}a" | ||
| map_public_ip_on_launch = true | ||
|
|
||
| tags = { | ||
| Name = "pub-subnt-teimas" | ||
| } | ||
| } |
12 changes: 12 additions & 0 deletions
12
prueba_tecnica_teimas/Terraform/import-resources/route_table.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| resource "aws_route_table" "rt_teimas" { | ||
| vpc_id = aws_vpc.vpc_teimas.id | ||
|
|
||
| route { | ||
| cidr_block = "0.0.0.0/0" | ||
| gateway_id = aws_internet_gateway.igw_teimas.id | ||
| } | ||
|
|
||
| tags = { | ||
| Name = "route_table_teimas" | ||
| } | ||
| } |
8 changes: 8 additions & 0 deletions
8
prueba_tecnica_teimas/Terraform/import-resources/route_table_association.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| resource "aws_route_table_association" "rta_teimas" { | ||
| subnet_id = aws_subnet.ps_teimas.id | ||
| route_table_id = aws_route_table.rt_teimas.id | ||
|
|
||
| depends_on = [ | ||
| aws_route_table.rt_teimas, | ||
| ] | ||
| } |
37 changes: 37 additions & 0 deletions
37
prueba_tecnica_teimas/Terraform/import-resources/sec_group.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| resource "aws_security_group" "sg_teimas" { | ||
| vpc_id = aws_vpc.vpc_teimas.id | ||
| name = "sec_group_teimas" | ||
| description = "Allow inbound traffic from port 22 and 80" | ||
|
|
||
| ingress { | ||
| from_port = 22 | ||
| to_port = 22 | ||
| protocol = "tcp" | ||
| cidr_blocks = ["0.0.0.0/0"] | ||
| } | ||
|
|
||
| ingress{ | ||
| from_port = 443 | ||
| to_port = 443 | ||
| protocol = "tcp" | ||
| cidr_blocks = ["0.0.0.0/0"] | ||
| } | ||
|
|
||
| ingress { | ||
| from_port = 80 | ||
| to_port = 80 | ||
| protocol = "tcp" | ||
| cidr_blocks = ["0.0.0.0/0"] | ||
| } | ||
|
|
||
| egress { | ||
| from_port = 0 | ||
| to_port = 0 | ||
| protocol = "-1" | ||
| cidr_blocks = ["0.0.0.0/0"] | ||
| } | ||
|
|
||
| tags = { | ||
| Name = "sec_group_teimas" | ||
| } | ||
| } |
17 changes: 17 additions & 0 deletions
17
prueba_tecnica_teimas/Terraform/import-resources/variables.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| variable "region" { | ||
| description = "The region in which the resources will be created" | ||
| type = string | ||
| default = "eu-central-1" | ||
| } | ||
|
|
||
| variable "vpc_cidr_block" { | ||
| description = "The CIDR block for the VPC" | ||
| type = string | ||
| default = "10.0.0.0/16" | ||
| } | ||
|
|
||
| variable "psn_cidr_block" { | ||
| description = "The CIDR block for the public subnet" | ||
| type = string | ||
| default = "10.0.0.0/24" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| resource "aws_vpc" "vpc_teimas" { | ||
| cidr_block = var.vpc_cidr_block | ||
|
|
||
| tags = { | ||
| Name = "vpc-teimas" | ||
| } | ||
|
|
||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| # Terraform | ||
|
|
||
| ## Automatizar el despliegue del servidor nginx indicado arriba mediante un script en terraform. Al realizar esta automatización debemos de reutilizar el servidor existente, no pudiendo haber interrupción del servicio. | ||
|
|
||
| Me he planteado el siguiente punto de la prueba técnica: como una importación de código creado a mano en AWS, y deseamos automatizar el control de esta infraestructura mediante el uso de Terraform. | ||
|
|
||
| He procedido a realizar la **IMPORTACIÓN** de todos los recursos creados en AWS siguiendo los siguientes pasos: | ||
|
|
||
| 1. **Creación de un provider** cumpliendo las versiones necesarias para la infraestructura en cuestión. | ||
|
|
||
| 2. **Creación uno por uno de cada recurso (básico)**. | ||
|
|
||
| 3. **Importar cada recurso mediante su ID específico** (ejemplo para la EC2): | ||
| ```bash | ||
| terraform import aws_instance.nginx i-0cb2d505126a225bc | ||
| ``` | ||
| - Cualquier necesidad que tengamos sobre el servidor de NGINX la podremos implementar utilizando el provisioner `remote-exec`, al cual podremos adjuntar un script, ya sea inline o un `script.sh`, ya que el User data solo trabaja en el momento de la creación del servidor y no es lo que buscamos en este caso. | ||
| - Una vez listo, ejecutaremos `terraform plan` y `terraform apply`; este último ejecutará el `remote-exec`. | ||
|
|
||
| 4. **Comprobar**: | ||
| ```bash | ||
| terraform state list | ||
| ``` | ||
|
|
||
| 5. **Verificar el contenido exacto del recurso para implementarlo en mi recurso básico creado**: | ||
| ```bash | ||
| terraform state show | ||
| ``` | ||
|
|
||
| 6. **Upgrade version de NGINX** | ||
| Podemos modificar el script de User Data para realizar cambios en la versión de NGINX, por ejemplo, usando el mismo servidor y sin necesidad de reiniciar el servidor. | ||
|
|
||
| 7. **Terraform plan y apply** | ||
| Esto nos actualizará solo los cambios específicos realizados. |