From c85eee527a132bdbb67a43697b6f4ea15d64d553 Mon Sep 17 00:00:00 2001
From: Jesse McDonald <nybble41@gmail.com>
Date: Sun, 26 Sep 2021 16:53:14 -0500
Subject: [PATCH] updates for deployment to EC2

---
 .gitignore                 |  4 ++++
 CHECKLIST.md               | 44 ++++++++++++++++++++++++++++++++++++++
 docker-compose.build.yml   | 10 +++++++++
 docker-compose.dev.yml     |  3 +++
 docker-compose.prod.yml    |  8 +++++++
 docker-compose.staging.yml |  8 +++++++
 docker-compose.yml         | 11 +++++-----
 scripts/copy_compose.sh    |  8 +++++++
 scripts/copy_images.sh     |  8 +++++++
 scripts/download_db.sh     |  6 ++++++
 scripts/setup_instance.sh  | 18 ++++++++++++++++
 scripts/upload_db.sh       |  6 ++++++
 12 files changed, 128 insertions(+), 6 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 CHECKLIST.md
 create mode 100644 docker-compose.build.yml
 create mode 100644 docker-compose.dev.yml
 create mode 100755 scripts/copy_compose.sh
 create mode 100755 scripts/copy_images.sh
 create mode 100755 scripts/download_db.sh
 create mode 100755 scripts/setup_instance.sh
 create mode 100755 scripts/upload_db.sh

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4aec7de
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+.*.swp
+.*.swo
+*~
+pacosako.db
diff --git a/CHECKLIST.md b/CHECKLIST.md
new file mode 100644
index 0000000..2db5b1f
--- /dev/null
+++ b/CHECKLIST.md
@@ -0,0 +1,44 @@
+# Checklist for New Staging Instances
+
+- Build and tag the Docker images:
+
+        docker-compose -f docker-compose.yml -f docker-compose.build.yml build
+
+- Create the instance from the template
+- Assign a public Elastic IP address
+- Update Route53 with the new IP address for `pacosako-staging.jessemcdonald.info`
+- Create the DB volume from a snapshot
+- Attach the DB volume to the instance
+- Clear out old SSH host key information
+
+        ssh-keygen -f "$HOME/.ssh/known_hosts" -R "pacosako-staging.jessemcdonald.info"
+        ssh-keygen -f "$HOME/.ssh/known_hosts" -R "1.2.3.4"
+
+- Run the scripts:
+
+        ./scripts/setup_instance.sh ec2-user@pacosako-staging.jessemcdonald.info
+        ./scripts/copy_images.sh ec2-user@pacosako-staging.jessemcdonald.info
+        ./scripts/copy_compose.sh ec2-user@pacosako-staging.jessemcdonald.info
+
+- Start the containers:
+
+        ssh ec2-user@pacosako-staging.jessemcdonald.info \
+            docker-compose \
+                -f paco_sako_docker/docker-compose.yml \
+                -f paco_sako_docker/docker-compose.staging.yml \
+                up -d
+
+- After a few seconds, restart Apache2 to complete `mod_md` setup:
+
+        ssh ec2-user@pacosako-staging.jessemcdonald.info \
+            docker exec paco_sako_docker_httpd_1 \
+                /usr/local/apache2/bin/apachectl -k graceful
+
+## Instructions for Production Instances
+
+The process for creating a production instance is similar,
+with the following changes:
+
+- Replace `pacosako-staging` with `pacosako`
+- Use `docker-compose.prod.yml` instead of `docker-compose.staging.yml`
+- Create Cloudwatch alarms to avoid runaway billing
diff --git a/docker-compose.build.yml b/docker-compose.build.yml
new file mode 100644
index 0000000..90f77c2
--- /dev/null
+++ b/docker-compose.build.yml
@@ -0,0 +1,10 @@
+services:
+  httpd:
+    build:
+      context: httpd
+      network: host
+
+  app:
+    build:
+      context: app
+      network: host
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
new file mode 100644
index 0000000..47dbb1c
--- /dev/null
+++ b/docker-compose.dev.yml
@@ -0,0 +1,3 @@
+volumes:
+  pacosako-db:
+    external: true
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 2b94805..8babdf6 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -9,3 +9,11 @@ services:
       MD_CERTIFICATE_KEY_FILE: ""
       SERVER_NAME: "pacosako.jessemcdonald.info"
     command: [ "httpd", "-D", "FOREGROUND" ]
+
+volumes:
+  pacosako-db:
+    driver: local
+    driver_opts:
+      type: 'none'
+      o: 'bind'
+      device: '/mnt/db'
diff --git a/docker-compose.staging.yml b/docker-compose.staging.yml
index 47ce52d..b21be85 100644
--- a/docker-compose.staging.yml
+++ b/docker-compose.staging.yml
@@ -9,3 +9,11 @@ services:
       MD_CERTIFICATE_KEY_FILE: ""
       SERVER_NAME: "pacosako-staging.jessemcdonald.info"
     command: [ "httpd", "-D", "FOREGROUND" ]
+
+volumes:
+  pacosako-db:
+    driver: local
+    driver_opts:
+      type: 'none'
+      o: 'bind'
+      device: '/mnt/db'
diff --git a/docker-compose.yml b/docker-compose.yml
index 28f5cff..cfebfab 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,15 +1,15 @@
 services:
   httpd:
     image: paco_sako_httpd
-    build:
-      context: httpd
-      network: host
+    restart: unless-stopped
     ports:
       - "${HTTP_PORT:-8088}:80"
       - "${HTTPS_PORT:-8043}:443"
     networks:
       - front-tier
       - back-tier
+    volumes:
+      - "httpd-md:/usr/local/apache2/md"
     environment:
       MD_CERTIFICATE_AUTHORITY: "https://acme-staging-v02.api.letsencrypt.org/directory"
       MD_CERTIFICATE_FILE: "/usr/local/apache2/conf/testing.crt"
@@ -20,9 +20,7 @@ services:
 
   app:
     image: paco_sako_app
-    build:
-      context: app
-      network: host
+    restart: unless-stopped
     networks:
       - back-tier
     environment:
@@ -36,4 +34,5 @@ networks:
   back-tier: {}
 
 volumes:
+  httpd-md: {}
   pacosako-db: {}
diff --git a/scripts/copy_compose.sh b/scripts/copy_compose.sh
new file mode 100755
index 0000000..4dffb2b
--- /dev/null
+++ b/scripts/copy_compose.sh
@@ -0,0 +1,8 @@
+#! /bin/bash
+
+SOURCE="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+TARGET="${1:-ec2-user@pacosako-staging.jessemcdonald.info}"
+
+ssh "$TARGET" mkdir -p paco_sako_docker/
+
+scp "$SOURCE"/docker-compose*.yml "$TARGET":paco_sako_docker/
diff --git a/scripts/copy_images.sh b/scripts/copy_images.sh
new file mode 100755
index 0000000..e5cfcb1
--- /dev/null
+++ b/scripts/copy_images.sh
@@ -0,0 +1,8 @@
+#! /bin/bash
+
+TARGET="${1:-ec2-user@pacosako-staging.jessemcdonald.info}"
+
+docker save paco_sako_httpd:latest paco_sako_app:latest | \
+   pv | \
+   xz -c | \
+   ssh "$TARGET" docker load
diff --git a/scripts/download_db.sh b/scripts/download_db.sh
new file mode 100755
index 0000000..96b49c1
--- /dev/null
+++ b/scripts/download_db.sh
@@ -0,0 +1,6 @@
+#! /bin/bash
+
+DBFILE="${1:-pacosako.db}"
+SOURCE="${2:-ec2-user@pacosako-staging.jessemcdonald.info}"
+
+scp "$SOURCE":/mnt/db/pacosako.db "$DBFILE"
diff --git a/scripts/setup_instance.sh b/scripts/setup_instance.sh
new file mode 100755
index 0000000..829d90e
--- /dev/null
+++ b/scripts/setup_instance.sh
@@ -0,0 +1,18 @@
+#! /bin/bash
+
+TARGET="${1:-ec2-user@pacosako-staging.jessemcdonald.info}"
+
+ssh "$TARGET" sudo /bin/bash <<EOF
+set -x -e
+yum update -y
+yum install -y tmux
+amazon-linux-extras install -y docker
+systemctl enable docker
+systemctl start docker
+usermod -a -G docker ec2-user
+sudo curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
+sudo chmod +x /usr/local/bin/docker-compose
+mkdir -p /mnt/db
+echo 'LABEL="/mnt/db"  /mnt/db  xfs  defaults,noatime  1  1' >> /etc/fstab
+systemctl reboot
+EOF
diff --git a/scripts/upload_db.sh b/scripts/upload_db.sh
new file mode 100755
index 0000000..f6b2c9b
--- /dev/null
+++ b/scripts/upload_db.sh
@@ -0,0 +1,6 @@
+#! /bin/bash
+
+DBFILE="${1:-pacosako.db}"
+TARGET="${2:-ec2-user@pacosako-staging.jessemcdonald.info}"
+
+scp "$DBFILE" "$TARGET":/mnt/db/pacosako.db