-
Notifications
You must be signed in to change notification settings - Fork 0
feat: Prod DB EC2 리소스 추가 #53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
9a21071
b81398e
a4cdd50
d64bc19
42b40cd
9f4fd00
0f1d260
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| data "cloudinit_config" "db_init" { | ||
| count = var.enable_db_ec2 ? 1 : 0 | ||
| gzip = true | ||
| base64_encode = true | ||
|
|
||
| part { | ||
| content_type = "text/x-shellscript" | ||
| content = templatefile("${path.module}/scripts/mysql_setup.sh.tftpl", { | ||
| db_root_username_b64 = base64encode(var.db_username) | ||
| db_root_password_b64 = base64encode(var.db_password) | ||
| mysql_config_content = file("${path.module}/templates/mysql_tuning.cnf") | ||
| }) | ||
| filename = "mysql_setup.sh" | ||
| } | ||
| } | ||
|
|
||
| resource "aws_instance" "db_server" { | ||
| count = var.enable_db_ec2 ? 1 : 0 | ||
|
|
||
| ami = var.db_ami_id | ||
| instance_type = var.db_instance_type | ||
| subnet_id = var.db_subnet_id | ||
|
|
||
| vpc_security_group_ids = [aws_security_group.db_ec2_sg[count.index].id] | ||
| associate_public_ip_address = false | ||
| iam_instance_profile = var.ec2_iam_instance_profile | ||
| key_name = var.key_name | ||
|
|
||
| user_data_base64 = data.cloudinit_config.db_init[count.index].rendered | ||
|
|
||
| metadata_options { | ||
| http_endpoint = "enabled" | ||
| http_tokens = "required" | ||
| http_put_response_hop_limit = 1 | ||
| } | ||
|
|
||
| root_block_device { | ||
| volume_size = 8 | ||
| volume_type = "gp3" | ||
| encrypted = true | ||
| delete_on_termination = true | ||
| } | ||
|
|
||
| tags = { | ||
| Name = "solid-connection-db-mysql-${var.env_name}" | ||
| } | ||
|
|
||
| user_data_replace_on_change = false | ||
|
|
||
| lifecycle { | ||
| ignore_changes = [ | ||
| user_data, | ||
| user_data_base64, | ||
| user_data_replace_on_change, | ||
| key_name, | ||
| ] | ||
| } | ||
| } | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| output "db_server_private_ip" { | ||
| description = "DB EC2 서버 private IP" | ||
| value = try(aws_instance.db_server[0].private_ip, null) | ||
|
Comment on lines
+1
to
+3
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
These outputs are defined only inside the child Useful? React with 👍 / 👎.
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 현재 GitHub Actions 워크플로우에서는 따라서 root module output으로 재노출하지 않고, |
||
| } | ||
|
|
||
| output "db_server_instance_id" { | ||
| description = "DB EC2 서버 인스턴스 ID" | ||
| value = try(aws_instance.db_server[0].id, null) | ||
| } | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| #!/bin/bash | ||
| set -euo pipefail | ||
|
|
||
| DB_ROOT_USER="$(printf '%s' '${db_root_username_b64}' | base64 -d)" | ||
| DB_ROOT_PASS="$(printf '%s' '${db_root_password_b64}' | base64 -d)" | ||
|
|
||
| mysql_escape() { | ||
| local value="$1" | ||
| value="$${value//\\/\\\\}" | ||
| value="$${value//\'/\\\'}" | ||
| printf '%s' "$value" | ||
| } | ||
|
|
||
| DB_ROOT_USER_SQL="$(mysql_escape "$DB_ROOT_USER")" | ||
| DB_ROOT_PASS_SQL="$(mysql_escape "$DB_ROOT_PASS")" | ||
|
|
||
| command -v docker >/dev/null | ||
| systemctl enable --now docker | ||
| docker image inspect mysql:8.4 >/dev/null | ||
|
|
||
| mkdir -p /var/lib/mysql | ||
| chown -R 999:999 /var/lib/mysql | ||
| chmod 750 /var/lib/mysql | ||
|
|
||
| mkdir -p /etc/mysql/conf.d | ||
| cat > /etc/mysql/conf.d/tuning.cnf <<'CNFEOF' | ||
| ${mysql_config_content} | ||
| CNFEOF | ||
| chmod 644 /etc/mysql/conf.d/tuning.cnf | ||
|
|
||
| docker rm -f mysql-server 2>/dev/null || true | ||
|
|
||
| docker run -d \ | ||
| --name mysql-server \ | ||
| --restart always \ | ||
| -p 3306:3306 \ | ||
| -v /var/lib/mysql:/var/lib/mysql \ | ||
| -v /etc/mysql/conf.d:/etc/mysql/conf.d \ | ||
| -e MYSQL_ROOT_PASSWORD="$DB_ROOT_PASS" \ | ||
| mysql:8.4 | ||
|
|
||
| MYSQL_READY=false | ||
| for i in $(seq 1 30); do | ||
| if docker exec mysql-server mysqladmin ping -uroot -p"$DB_ROOT_PASS" 2>/dev/null; then | ||
| MYSQL_READY=true | ||
| break | ||
| fi | ||
| sleep 2 | ||
| done | ||
|
|
||
| if [ "$MYSQL_READY" != "true" ]; then | ||
| echo "MySQL container did not become ready within 60 seconds." >&2 | ||
| docker logs --tail 100 mysql-server >&2 || true | ||
| exit 1 | ||
| fi | ||
|
|
||
| docker exec -i mysql-server mysql -uroot -p"$DB_ROOT_PASS" <<SQLEOF | ||
| CREATE USER IF NOT EXISTS '$DB_ROOT_USER_SQL'@'%' IDENTIFIED BY '$DB_ROOT_PASS_SQL'; | ||
| GRANT ALL PRIVILEGES ON *.* TO '$DB_ROOT_USER_SQL'@'%' WITH GRANT OPTION; | ||
| FLUSH PRIVILEGES; | ||
| SQLEOF |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| [mysqld] | ||
| max_connections = 64 | ||
| innodb_buffer_pool_size = 128M | ||
| innodb_redo_log_capacity = 128M | ||
| bind-address = 0.0.0.0 | ||
| skip-name-resolve |
Uh oh!
There was an error while loading. Please reload this page.