module-service-teampass-fargate
This module creates a https://github.com/nilsteampassnet/TeamPass [TeamPass] service on Fargate. The module will spawn TeamPass tasks over an existing ECS cluster with Fargate as execution mode, along with the required database and networking elements.
Due to the limitation of the software, a customized docker has been created to carry out this migration with all the existing configuration
upon this module is executed, the database will be initialized with "CHANGEME" as the root user password.
This password must be changed in the RDS console and the password must be stored in
the rds_root_pwd SSM Parameter.
|
Also, you need change other variables especific from TeamPass migration in SSM Parameter as:
- tp_db_pwd: (hash of original password from migration) It´s referenced in TeamPass - tp_seckey: (salt key of original salt key from migration) It´s referenced in TeamPass - tp_bck_script_passkey: (bck script passkey of original bck script passkey from migration) It´s referenced in TeamPass - tp_bck_script_key: (bck script key of original bck script key from migration) It´s referenced in TeamPass - tp_csrfp_token: (bck csrfp token of original bck csrfp token from migration) It´s referenced in TeamPass
Also, you need change variables LDAP & SMTP passwords from TeamPass migration in SSM Parameter as:
- tp_ldap_bind_passwd: It´s referenced in TeamPass - tp_email_auth_pwd: It´s referenced in TeamPass
Given the situation that it is a migration of an exist application. Once it is mounted, it is necessary to connect to the RDS and import a dump of the original database for its migration
Usage examples
Simple example
module "teampass" {
source = "git::https://gitlab.vectoritcgroup.com/vectordigital/iac/terraform/modules/aws/compute/module-service-teampass-fargate.git?ref=vX.Y.Z"
prefix = var.prefix
aws_region = var.aws_region
name = var.name
vpc_id = module.vpc.vpc_id
rds_instance_count = 1
rds_instance_type = "db.t3.small"
rds_subnet_group_name = module.vpc.db_subnet_group
alb_certificate_arn = aws_acm_certificate.acm.arn
alb_public_subnets = module.vpc.public_subnets
service_private_subnets = module.vpc.private_subnets
service_ecs_cluster_arn = module.ecs.cluster_arn
service_desired_count = 2
service_deployment_minimum_healthy_percent = 50
teampass_vars = {
TP_LDAP_SUFFIX : "@dc=ldap,DC=vectorim,DC=net"
TP_LDAP_DOMAIN_DN : "DC=vectorim,DC=net"
TP_LDAP_DOMAIN_CONTROLER : "dc01-test.vectorim.net,dc02-test.vectorim.net"
TP_LDAP_SEARCH_BASE : "DC=vectorim,DC=net"
TP_LDAP_BIND_DN : "CN=Administrator,CN=Users,DC=vectorim,DC=net"
TP_CUSTOM_LOGO = "https://intranet.vectoritcgroup.com/wp-content/uploads/2017/01/signature-logo-vector-itc-2x.png"
TP_CPASSMAN_URL = module.teampass.alb_dns_name
}
tags = {
"Project" = "test"
"Environment" = "basic"
}
}Modules
| Name | Source | Version |
|---|---|---|
git::https://gitlab.vectoritcgroup.com/vectordigital/iac/terraform/modules/aws/networking/module-base-alb.git |
v0.1.0 |
|
git::https://gitlab.vectoritcgroup.com/vectordigital/iac/terraform/modules/aws/networking/module-base-alb-listener-rule.git |
v0.1.0 |
|
git::https://gitlab.vectoritcgroup.com/vectordigital/iac/terraform/modules/aws/storage/module-base-efs.git |
v0.1.0 |
|
git::https://gitlab.vectoritcgroup.com/vectordigital/iac/terraform/modules/aws/compute/module-base-ecs-fargate-service.git |
v0.2.0 |
|
git::https://gitlab.vectoritcgroup.com/vectordigital/iac/terraform/modules/aws/database/module-base-rds-aurora-cluster.git |
v0.1.0 |
|
git::https://gitlab.vectoritcgroup.com/vectordigital/iac/terraform/modules/aws/database/module-base-rds-aurora-cluster-instance.git |
v0.1.0 |
|
git::https://gitlab.vectoritcgroup.com/vectordigital/iac/terraform/modules/aws/networking/module-base-sg.git |
v0.2.2 |
|
git::https://gitlab.vectoritcgroup.com/vectordigital/iac/terraform/modules/aws/networking/module-base-sg.git |
v0.2.2 |
|
git::https://gitlab.vectoritcgroup.com/vectordigital/iac/terraform/modules/aws/networking/module-base-sg.git |
v0.2.2 |
|
git::https://gitlab.vectoritcgroup.com/vectordigital/iac/terraform/modules/aws/networking/module-base-sg.git |
v0.2.2 |
Resources
| Name | Type |
|---|---|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
A map of description and source CIDR blocks to be allowed in the ALB security group |
|
|
no |
|
Certificate ARN to associate in Listener HTTPS from Load Balancer |
|
n/a |
yes |
|
The custom DNS hostname of this service (NOTE: this should match the CN specified in the ACM certificate) |
|
|
no |
|
The Route53 ZoneID where the |
|
|
no |
|
Public subnets to associate ALB |
|
n/a |
yes |
|
AWS Region name where you deploy VPC |
|
n/a |
yes |
|
The Service/Application for all resources |
|
n/a |
yes |
|
The prefix to be attached to every resource name |
|
n/a |
yes |
|
Number of instances to be deployed and attached to the specified |
|
|
no |
|
Type of instances class for RDS |
|
n/a |
yes |
|
The ARN for the KMS encryption key if one is set to the cluster. |
|
|
no |
|
Allow create or not final snapshot for RDS Cluster |
|
|
no |
|
DB subnet groupp name to associate RDS Cluster and instances. This value is create in module VPC (db_subnet_group) |
|
|
no |
|
A list of VPC subnet IDs where the RDS DB subnet group will be created. This variable is mutually exclusive with |
|
|
no |
|
Container Path |
|
|
no |
|
Container Path |
|
|
no |
|
The number of cpu units the Amazon ECS container agent will reserve for the container. You can determine the number of CPU units that are available per Amazon EC2 instance type by multiplying the number of vCPUs listed for that instance type on the Amazon EC2 Instances detail page by 1024 |
|
|
no |
|
Minimum healthy percent provides a lower limit on the number of running tasks during a deployment enabling you to deploy without using additional cluster capacity |
|
n/a |
yes |
|
For replica services, set the number of instantiations of the specified task definition to place and keep running on your cluster |
|
n/a |
yes |
|
ECS Cluster ARN where deploy fargate service |
|
n/a |
yes |
|
The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed |
|
|
no |
|
Private subnets to associate ecs fargate service for deploy service into this subnets |
|
n/a |
yes |
|
Root directory in EFS to |
|
|
no |
|
Root directory in EFS to |
|
|
no |
|
Specific tags for all module resources |
|
n/a |
yes |
|
The Docker container image that will be used in the service Task Definition |
|
n/a |
yes |
|
A list of TeamPass Docker Configuration LDAP Variables to be passed |
|
|
no |
|
A list of TeamPass Docker Configuration SMTP variables to be passed |
|
|
no |
|
A list of TeamPass Docker Environment Variables to be passed |
|
|
no |
|
The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). Set to |
|
|
no |
|
VPC id |
|
n/a |
yes |
Outputs
| Name | Description |
|---|---|
Load Balancer DNS Name |
|
Listener HTTP ARN |
|
Listener HTTPS ARN |
|
Load Balancer Name |
|
Load Balancer zone Id |
|
Cloud Watch Log Group name for insert log application |
|
Target group name associate to deploy service in Load Balancer |
|
The Amazon Resource Name of the Elastic File System created along this service |
|
The DNS name for the Elastic File System created along this service |
|
The ID that identifies the Elastic File System created along this service |
|
A list of the DNS names for the EFS Mount Targets created along this service |
|
A list of the Network Interface IDs for the EFS Mount Targets created along this service |
|
DNS Cluster ednpoint |
|
DNS Cluster ednpoint |
|
ARN ssm paramater RDS root password |
|
Security group id for RDS |
|
Security group id for ECS Services |