Final Push

Author: Bcoderx6

files/traefik.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Traefik
+After=network.target
+
+[Service]
+Type=simple
+User=root
+Group=root
+EnvironmentFile=/etc/traefik/cloudflare.env
+ExecStart=/usr/local/bin/traefik --configfile=/etc/traefik/traefik.toml
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

files/traefik.toml

@@ -0,0 +1,24 @@
+[entryPoints]
+  [entryPoints.web]
+    address = ":80"
+    [entryPoints.web.http.redirections.entryPoint]
+      to = "websecure"
+      scheme = "https"
+
+  [entryPoints.websecure]
+    address = ":443"
+
+[api]
+  dashboard = true
+  insecure = true 
+
+[providers.file]
+  directory = "/etc/traefik/config"
+  watch = true
+
+[certificatesResolvers.cloudflare.acme]
+  email = "[email protected]"
+  storage = "/etc/traefik/acme/acme.json"
+  [certificatesResolvers.cloudflare.acme.dnsChallenge]
+    provider = "cloudflare"
+    delayBeforeCheck = 0

main.tf

@@ -0,0 +1,173 @@
+terraform {
+  required_providers {
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 4.0"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = "~> 3.0"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.0"
+    }
+  }
+
+  backend "s3" {
+    bucket = ""
+    key    = ""
+    region = ""
+
+    endpoints = {
+      s3 = ""
+    }
+    access_key = ""
+    secret_key = ""
+
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_region_validation      = true
+    skip_requesting_account_id  = true
+    use_path_style              = true
+  }
+}
+
+provider "cloudflare" {
+  email   = var.cloudflare_api_email
+  api_key = var.cloudflare_api_key
+}
+
+
+# AWS Provider for Minio
+provider "aws" {
+  region = "us-east-1"
+
+  # Minio-specific settings
+  skip_credentials_validation = true
+  skip_metadata_api_check     = true
+  skip_region_validation      = true
+  skip_requesting_account_id  = true
+
+  # Endpoint configuration
+  endpoints {
+    s3 = ""
+  }
+
+  # Access credentials
+  access_key = ""
+  secret_key = ""
+}
+
+# Create Cloudflare Records
+
+resource "cloudflare_record" "sonarqube" {
+  zone_id = var.cloudflare_zone_id
+  name    = "sonarqube"
+  content   = var.controller2_server_ip
+  type    = "A"
+  proxied = false
+}
+
+provider "null" {}
+
+# Modules for create Services
+
+module "service_sonarqube" {
+  source = "./modules/traefik"
+
+  cloudflare_email     = var.cloudflare_api_email
+  cloudflare_api_token = var.cloudflare_api_key
+
+  server_two_ip        = var.controller2_server_ip
+  ssh_user             = var.ssh_user
+  ssh_private_key_path = var.ssh_private_key_path
+
+  service_name         = "sonarqube"
+  domain               = "sonarqube.yash.com"
+  backend_url          = "http://192.168.8.1:9000"
+  entry_points         = ["websecure"]
+}
+
+# Treafik Deployment
+
+resource "null_resource" "traefik_deployment" {
+  connection {
+    type        = "ssh"
+    user        = var.ssh_user
+    private_key = file(var.ssh_private_key_path)
+    host        = var.controller2_server_ip
+  }
+
+  # Copy Treafik Setup Script
+  provisioner "file" {
+    source      = "${path.module}/scripts/setup_traefik.sh"
+    destination = "/tmp/setup_traefik.sh"
+  }
+
+  # Copy Treafik cleanup for Terraform Destroy
+
+  provisioner "file" {
+    source      = "${path.module}/scripts/clean_treafik.sh"
+    destination = "/tmp/clean_treafik.sh"
+  }
+
+  # Copy Treafik configuration files
+
+  provisioner "file" {
+    source      = "${path.module}/files/traefik.toml"
+    destination = "/tmp/traefik.toml"
+  }
+
+  provisioner "file" {
+    source      = "${path.module}/files/traefik.service"
+    destination = "/tmp/traefik.service"
+  }
+
+  # Execute Treafik setup
+
+  provisioner "remote-exec" {
+    inline = [
+      "chmod +x /tmp/setup_traefik.sh",
+      "chmod +x /tmp/clean_treafik.sh",
+      "sudo /tmp/setup_traefik.sh '${var.cloudflare_api_email}' '${var.cloudflare_api_token}' '${var.domain_name}'"
+    ]
+  }
+
+  # Setup Trigger For Cleanup
+
+  triggers = {
+    server_ip         = var.controller2_server_ip
+    ssh_user          = var.ssh_user
+    ssh_private_key   = var.ssh_private_key_path
+  }
+}
+
+resource "null_resource" "traefik_cleanup" {
+  depends_on = [null_resource.traefik_deployment]
+
+  triggers = {
+    deployment_id     = null_resource.traefik_deployment.id
+    server_ip         = null_resource.traefik_deployment.triggers.server_ip
+    ssh_user          = null_resource.traefik_deployment.triggers.ssh_user
+    ssh_private_key   = null_resource.traefik_deployment.triggers.ssh_private_key
+  }
+
+  # Run with Terraform Destroy
+
+  provisioner "remote-exec" {
+    when = destroy
+
+    connection {
+      type        = "ssh"
+      user        = self.triggers.ssh_user
+      private_key = file(self.triggers.ssh_private_key)
+      host        = self.triggers.server_ip
+    }
+
+    inline = [
+      "echo 'Running cleanup script...'",
+      "sudo /tmp/clean_treafik.sh || echo 'Cleanup script failed, but continuing'"
+    ]
+  }
+}

modules/treafik/main.tf

@@ -0,0 +1,117 @@
+# variables For Modules
+
+variable "server_two_ip" {
+  description = "IP address of the server running Traefik"
+  type        = string
+}
+
+variable "ssh_user" {
+  description = "SSH username to connect to the server"
+  type        = string
+}
+
+variable "ssh_private_key_path" {
+  description = "Path to the SSH private key"
+  type        = string
+}
+
+variable "service_name" {
+  description = "Name of the service"
+  type        = string
+}
+
+variable "domain" {
+  description = "Domain name for the service"
+  type        = string
+}
+
+variable "backend_url" {
+  description = "Backend URL for the service"
+  type        = string
+}
+
+variable "entry_points" {
+  description = "Entry points for the router"
+  type        = list(string)
+  default     = ["websecure"]
+}
+
+variable "cert_resolver" {
+  description = "Certificate resolver to use"
+  type        = string
+  default     = "cloudflare"
+}
+
+variable "cloudflare_email" {
+  description = "Cloudflare email for DNS challenge"
+  type        = string
+}
+
+variable "cloudflare_api_token" {
+  description = "Cloudflare API token for DNS challenge"
+  type        = string
+  sensitive   = true
+}
+
+locals {
+  formatted_entry_points = join(", ", [for ep in var.entry_points : "\"${ep}\""])
+}
+
+# Deploy Modules Service
+
+resource "null_resource" "deploy_service" {
+  connection {
+    type        = "ssh"
+    user        = var.ssh_user
+    private_key = file(var.ssh_private_key_path)
+    host        = var.server_two_ip
+  }
+
+  # Create Cloudflare ENV File
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo mkdir -p /etc/traefik",
+      "sudo bash -c 'echo \"CF_API_EMAIL=${var.cloudflare_email}\" > /etc/traefik/cloudflare.env'",
+      "sudo bash -c 'echo \"CF_API_KEY=${var.cloudflare_api_token}\" >> /etc/traefik/cloudflare.env'",
+      "sudo chown traefik:traefik /etc/traefik/cloudflare.env",
+      "sudo chmod 600 /etc/traefik/cloudflare.env"
+    ]
+  }
+
+  # Create service configuration
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo mkdir -p /etc/traefik/config",
+      "echo '[http.routers.${var.service_name}]' | sudo tee /etc/traefik/config/${var.service_name}.toml > /dev/null",
+      "echo '  rule = \"Host(`${var.domain}`)\"' | sudo tee -a /etc/traefik/config/${var.service_name}.toml > /dev/null",
+      "echo '  service = \"${var.service_name}\"' | sudo tee -a /etc/traefik/config/${var.service_name}.toml > /dev/null",
+      "echo '  entryPoints = [${local.formatted_entry_points}]' | sudo tee -a /etc/traefik/config/${var.service_name}.toml > /dev/null",
+      "echo '' | sudo tee -a /etc/traefik/config/${var.service_name}.toml > /dev/null",
+      "echo '[http.routers.${var.service_name}.tls]' | sudo tee -a /etc/traefik/config/${var.service_name}.toml > /dev/null",
+      "echo '    certResolver = \"${var.cert_resolver}\"' | sudo tee -a /etc/traefik/config/${var.service_name}.toml > /dev/null",
+      "echo '' | sudo tee -a /etc/traefik/config/${var.service_name}.toml > /dev/null",
+      "echo '[http.services.${var.service_name}.loadBalancer]' | sudo tee -a /etc/traefik/config/${var.service_name}.toml > /dev/null",
+      "echo '  [[http.services.${var.service_name}.loadBalancer.servers]]' | sudo tee -a /etc/traefik/config/${var.service_name}.toml > /dev/null",
+      "echo '    url = \"${var.backend_url}\"' | sudo tee -a /etc/traefik/config/${var.service_name}.toml > /dev/null"
+    ]
+  }
+
+  # Setup Trigger Replace Value When Changes
+
+  triggers = {
+    service_name = var.service_name
+    domain       = var.domain
+    backend_url  = var.backend_url
+    entry_points = join(",", var.entry_points)
+  }
+}
+
+output "service_name" {
+  value = var.service_name
+}
+
+output "domain" {
+  value = var.domain
+}

scripts/clean_treafik.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+# cleanup_treafik.sh - Script to remove all Traefik components
+
+# Stop services first
+echo "Stopping Traefik service..."
+sudo systemctl stop traefik || true
+sudo systemctl disable traefik || true
+
+# Stop Docker container if exists
+echo "Stopping test containers..."
+sudo docker stop whoami || true
+sudo docker rm whoami || true
+
+# Remove Traefik files
+echo "Removing Traefik configuration files..."
+sudo rm -rf /etc/traefik
+sudo rm -f /etc/systemd/system/traefik.service
+sudo rm -f /usr/local/bin/traefik
+
+# Reload systemd to forget about the service
+echo "Reloading systemd..."
+sudo systemctl daemon-reload
+
+echo "Cleanup completed successfully!"