From d5860d5089a44a0996bb87849537958ad82fb66e Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Tue, 24 May 2022 03:04:18 -0400 Subject: [PATCH 01/10] feature: add uptime monitoring via Terraform --- terraform/.gitignore | 36 +++++++++++++++++++++++++++++++++++ terraform/.terraform.lock.hcl | 22 +++++++++++++++++++++ terraform/main.tf | 17 +++++++++++++++++ terraform/uptime.tf | 36 +++++++++++++++++++++++++++++++++++ 4 files changed, 111 insertions(+) create mode 100644 terraform/.gitignore create mode 100644 terraform/.terraform.lock.hcl create mode 100644 terraform/main.tf create mode 100644 terraform/uptime.tf diff --git a/terraform/.gitignore b/terraform/.gitignore new file mode 100644 index 000000000..304142f73 --- /dev/null +++ b/terraform/.gitignore @@ -0,0 +1,36 @@ +# https://github.com/github/gitignore/blob/e5323759e387ba347a9d50f8b0ddd16502eb71d4/Terraform.gitignore + +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl new file mode 100644 index 000000000..7bb079b89 --- /dev/null +++ b/terraform/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.7.0" + constraints = "~> 3.7.0" + hashes = [ + "h1:rsnOB8uq9SsniYpL4J2aYpZGFwDoTME7n/Tpqo5erl0=", + "zh:14904a421cc543a48c72cb0728bdab4ac054ef134bc4e6b5f06998814f1264ba", + "zh:1b5f88bf8ee9ce1cf80ad2d774be23df7a22371586029e7cfd34509aa6695371", + "zh:2554e8dd4612071c771be43bd33c7a4e75ede70fd647b435dcf0d36bc8cddb2c", + "zh:5730d02d44c112d2eea5878b7fb7dba8da3f9e95fa4b1074f4fc45ad900b17fe", + "zh:5a225f06f4a699dcce0707b1879f75029bcf80a4e7833d049a09dc69889b14cd", + "zh:7678453db283dd5e3ca85ecfba98ca0a0f4e77be79dc227d07be70f6ac658aab", + "zh:a71561b277651924853cc63438dfa81ed5cfc4fce402798ce30f732976c50091", + "zh:c4efdb587d42f443242078b288c222990d1e3d31df08485a48c360b2afc9e1e8", + "zh:d481fb61cc0070413789522181f1ab056ec33729bfc8cb7e4ea9855686f31049", + "zh:ed8810a90c11e27c8722a134e17b270199ab2246a957392c628956a8ed95edac", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fe5f87a7e9635d4bfc2b8d662efd6a85eb3047ae4bc9d7cf2d7c1ccc3a16d075", + ] +} diff --git a/terraform/main.tf b/terraform/main.tf new file mode 100644 index 000000000..79f539dbe --- /dev/null +++ b/terraform/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.7.0" + } + } +} + +# Configure the Microsoft Azure Provider +provider "azurerm" { + features {} +} + +data "azurerm_resource_group" "benefits" { + name = "RG-CDT-PUB-VIP-CALITP-D-001" +} diff --git a/terraform/uptime.tf b/terraform/uptime.tf new file mode 100644 index 000000000..566fc58a5 --- /dev/null +++ b/terraform/uptime.tf @@ -0,0 +1,36 @@ +data "azurerm_application_insights" "benefits" { + name = "AS-CDT-CALITP-D-001" + resource_group_name = data.azurerm_resource_group.benefits.name +} + + +resource "azurerm_application_insights_web_test" "dev_healthcheck" { + name = "dev-healthcheck" + location = data.azurerm_application_insights.benefits.location + resource_group_name = data.azurerm_resource_group.benefits.name + application_insights_id = data.azurerm_application_insights.benefits.id + kind = "ping" + enabled = true + geo_locations = [ + "us-fl-mia-edge", # Central US + "us-va-ash-azr", # East US + "us-il-ch1-azr", # North Central US + "us-tx-sn1-azr", # South Central US + "us-ca-sjc-azr", # West US + ] + + configuration = < + + + + +XML + + lifecycle { + ignore_changes = [ + tags, + ] + } +} From aed04999fd601dccda0d1450d1bdcbf353741234 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Tue, 24 May 2022 03:31:59 -0400 Subject: [PATCH 02/10] feature: add alerting for uptime monitoring --- terraform/uptime.tf | 43 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 3 deletions(-) diff --git a/terraform/uptime.tf b/terraform/uptime.tf index 566fc58a5..1526d4e2a 100644 --- a/terraform/uptime.tf +++ b/terraform/uptime.tf @@ -29,8 +29,45 @@ resource "azurerm_application_insights_web_test" "dev_healthcheck" { XML lifecycle { - ignore_changes = [ - tags, - ] + ignore_changes = [tags] + } +} + +resource "azurerm_monitor_action_group" "dev_email" { + name = "Benefits engineering team email" + resource_group_name = data.azurerm_resource_group.benefits.name + short_name = "p0action" + + email_receiver { + name = "Benefits engineering team" + email_address = "aidan@compiler.la" + } + + lifecycle { + ignore_changes = [tags] + } +} + +resource "azurerm_monitor_metric_alert" "uptime" { + name = "uptime" + resource_group_name = data.azurerm_resource_group.benefits.name + scopes = [ + azurerm_application_insights_web_test.dev_healthcheck.id, + data.azurerm_application_insights.benefits.id + ] + severity = 1 + + application_insights_web_test_location_availability_criteria { + web_test_id = azurerm_application_insights_web_test.dev_healthcheck.id + component_id = data.azurerm_application_insights.benefits.id + failed_location_count = 3 + } + + action { + action_group_id = azurerm_monitor_action_group.dev_email.id + } + + lifecycle { + ignore_changes = [tags] } } From d8c7cb30c2ef15f6f318fb8cb8f2f962af9d06f4 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Thu, 2 Jun 2022 12:35:29 -0400 Subject: [PATCH 03/10] fix: move Terraform state to Azure --- terraform/main.tf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/terraform/main.tf b/terraform/main.tf index 79f539dbe..d5b3a8154 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -5,6 +5,13 @@ terraform { version = "~> 3.7.0" } } + + backend "azurerm" { + resource_group_name = "RG-CDT-PUB-VIP-CALITP-D-001" + storage_account_name = "sacalitpd001" + container_name = "tfstate" + key = "terraform.tfstate" + } } # Configure the Microsoft Azure Provider From 68de550d161ad029fd60c0f1d1227656a3fefccd Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Thu, 2 Jun 2022 17:24:53 -0400 Subject: [PATCH 04/10] fix: send uptime alerts to Slack --- terraform/main.tf | 1 - terraform/monitor.tf | 26 ++++++++++++++++++++++++++ terraform/uptime.tf | 15 --------------- 3 files changed, 26 insertions(+), 16 deletions(-) create mode 100644 terraform/monitor.tf diff --git a/terraform/main.tf b/terraform/main.tf index d5b3a8154..b105524ba 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -14,7 +14,6 @@ terraform { } } -# Configure the Microsoft Azure Provider provider "azurerm" { features {} } diff --git a/terraform/monitor.tf b/terraform/monitor.tf new file mode 100644 index 000000000..d9aac7a52 --- /dev/null +++ b/terraform/monitor.tf @@ -0,0 +1,26 @@ +data "azurerm_key_vault" "main" { + name = "kv-cdt-pub-calitp-d-001" + resource_group_name = data.azurerm_resource_group.benefits.name +} + +# created manually +# https://slack.com/help/articles/206819278-Send-emails-to-Slack +data "azurerm_key_vault_secret" "slack_benefits_notify_email" { + name = "slack-benefits-notify-email" + key_vault_id = data.azurerm_key_vault.main.id +} + +resource "azurerm_monitor_action_group" "dev_email" { + name = "benefits-notify Slack channel email" + resource_group_name = data.azurerm_resource_group.benefits.name + short_name = "slack-notify" + + email_receiver { + name = "Benefits engineering team" + email_address = data.azurerm_key_vault_secret.slack_benefits_notify_email.value + } + + lifecycle { + ignore_changes = [tags] + } +} diff --git a/terraform/uptime.tf b/terraform/uptime.tf index 1526d4e2a..28671ead1 100644 --- a/terraform/uptime.tf +++ b/terraform/uptime.tf @@ -33,21 +33,6 @@ XML } } -resource "azurerm_monitor_action_group" "dev_email" { - name = "Benefits engineering team email" - resource_group_name = data.azurerm_resource_group.benefits.name - short_name = "p0action" - - email_receiver { - name = "Benefits engineering team" - email_address = "aidan@compiler.la" - } - - lifecycle { - ignore_changes = [tags] - } -} - resource "azurerm_monitor_metric_alert" "uptime" { name = "uptime" resource_group_name = data.azurerm_resource_group.benefits.name From a387ed002bf1d04b2058a32fa5cdd51b739cfcba Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Thu, 2 Jun 2022 17:26:31 -0400 Subject: [PATCH 05/10] refactor: compute the failed location count programmatically --- terraform/uptime.tf | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/terraform/uptime.tf b/terraform/uptime.tf index 28671ead1..835affd62 100644 --- a/terraform/uptime.tf +++ b/terraform/uptime.tf @@ -11,6 +11,9 @@ resource "azurerm_application_insights_web_test" "dev_healthcheck" { application_insights_id = data.azurerm_application_insights.benefits.id kind = "ping" enabled = true + + # "We strongly recommend testing from … a minimum of five locations." + # https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability#create-a-test geo_locations = [ "us-fl-mia-edge", # Central US "us-va-ash-azr", # East US @@ -45,7 +48,9 @@ resource "azurerm_monitor_metric_alert" "uptime" { application_insights_web_test_location_availability_criteria { web_test_id = azurerm_application_insights_web_test.dev_healthcheck.id component_id = data.azurerm_application_insights.benefits.id - failed_location_count = 3 + # "the optimal configuration is to have the number of test locations be equal to the alert location threshold + 2" + # https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability#create-a-test + failed_location_count = length(azurerm_application_insights_web_test.dev_healthcheck.geo_locations) - 2 } action { From afe454deab43eb50e638c43138fea0449207689b Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Fri, 3 Jun 2022 17:08:58 -0400 Subject: [PATCH 06/10] refactor: make the uptime check a module --- terraform/uptime.tf | 69 +++++++---------------------------- terraform/uptime/README.md | 1 + terraform/uptime/main.tf | 62 +++++++++++++++++++++++++++++++ terraform/uptime/variables.tf | 22 +++++++++++ 4 files changed, 98 insertions(+), 56 deletions(-) create mode 100644 terraform/uptime/README.md create mode 100644 terraform/uptime/main.tf create mode 100644 terraform/uptime/variables.tf diff --git a/terraform/uptime.tf b/terraform/uptime.tf index 835affd62..56d2954bc 100644 --- a/terraform/uptime.tf +++ b/terraform/uptime.tf @@ -1,63 +1,20 @@ -data "azurerm_application_insights" "benefits" { - name = "AS-CDT-CALITP-D-001" - resource_group_name = data.azurerm_resource_group.benefits.name -} - +module "dev_healthcheck" { + source = "./uptime" -resource "azurerm_application_insights_web_test" "dev_healthcheck" { + action_group_id = azurerm_monitor_action_group.dev_email.id name = "dev-healthcheck" - location = data.azurerm_application_insights.benefits.location - resource_group_name = data.azurerm_resource_group.benefits.name - application_insights_id = data.azurerm_application_insights.benefits.id - kind = "ping" - enabled = true - - # "We strongly recommend testing from … a minimum of five locations." - # https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability#create-a-test - geo_locations = [ - "us-fl-mia-edge", # Central US - "us-va-ash-azr", # East US - "us-il-ch1-azr", # North Central US - "us-tx-sn1-azr", # South Central US - "us-ca-sjc-azr", # West US - ] - - configuration = < - - - - -XML - - lifecycle { - ignore_changes = [tags] - } -} - -resource "azurerm_monitor_metric_alert" "uptime" { - name = "uptime" resource_group_name = data.azurerm_resource_group.benefits.name - scopes = [ - azurerm_application_insights_web_test.dev_healthcheck.id, - data.azurerm_application_insights.benefits.id - ] - severity = 1 + url = "https://dev-benefits.calitp.org/healthcheck" +} - application_insights_web_test_location_availability_criteria { - web_test_id = azurerm_application_insights_web_test.dev_healthcheck.id - component_id = data.azurerm_application_insights.benefits.id - # "the optimal configuration is to have the number of test locations be equal to the alert location threshold + 2" - # https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability#create-a-test - failed_location_count = length(azurerm_application_insights_web_test.dev_healthcheck.geo_locations) - 2 - } +# migrations - action { - action_group_id = azurerm_monitor_action_group.dev_email.id - } +moved { + from = azurerm_application_insights_web_test.dev_healthcheck + to = module.dev_healthcheck.azurerm_application_insights_web_test.healthcheck +} - lifecycle { - ignore_changes = [tags] - } +moved { + from = azurerm_monitor_metric_alert.uptime + to = module.dev_healthcheck.azurerm_monitor_metric_alert.uptime } diff --git a/terraform/uptime/README.md b/terraform/uptime/README.md new file mode 100644 index 000000000..47d56f90b --- /dev/null +++ b/terraform/uptime/README.md @@ -0,0 +1 @@ +Terraform module to set up [ping tests](https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability). diff --git a/terraform/uptime/main.tf b/terraform/uptime/main.tf new file mode 100644 index 000000000..72130eef7 --- /dev/null +++ b/terraform/uptime/main.tf @@ -0,0 +1,62 @@ +data "azurerm_application_insights" "benefits" { + name = "AS-CDT-CALITP-D-001" + resource_group_name = var.resource_group_name +} + +resource "azurerm_application_insights_web_test" "healthcheck" { + name = var.name + location = data.azurerm_application_insights.benefits.location + resource_group_name = var.resource_group_name + application_insights_id = data.azurerm_application_insights.benefits.id + kind = "ping" + enabled = true + + # "We strongly recommend testing from … a minimum of five locations." + # https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability#create-a-test + geo_locations = [ + "us-fl-mia-edge", # Central US + "us-va-ash-azr", # East US + "us-il-ch1-azr", # North Central US + "us-tx-sn1-azr", # South Central US + "us-ca-sjc-azr", # West US + ] + + configuration = < + + + + +XML + + lifecycle { + ignore_changes = [tags] + } +} + +resource "azurerm_monitor_metric_alert" "uptime" { + name = "uptime-${var.name}" + resource_group_name = var.resource_group_name + scopes = [ + azurerm_application_insights_web_test.healthcheck.id, + data.azurerm_application_insights.benefits.id + ] + severity = var.severity + + application_insights_web_test_location_availability_criteria { + web_test_id = azurerm_application_insights_web_test.healthcheck.id + component_id = data.azurerm_application_insights.benefits.id + # "the optimal configuration is to have the number of test locations be equal to the alert location threshold + 2" + # https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability#create-a-test + failed_location_count = length(azurerm_application_insights_web_test.healthcheck.geo_locations) - 2 + } + + action { + action_group_id = var.action_group_id + } + + lifecycle { + ignore_changes = [tags] + } +} diff --git a/terraform/uptime/variables.tf b/terraform/uptime/variables.tf new file mode 100644 index 000000000..369e6a388 --- /dev/null +++ b/terraform/uptime/variables.tf @@ -0,0 +1,22 @@ +variable "action_group_id" { + type = string +} + +variable "name" { + type = string + description = "What to call the ping test" +} + +variable "resource_group_name" { + type = string +} + +variable "severity" { + type = number + default = 1 + description = "https://docs.microsoft.com/en-us/azure/azure-monitor/best-practices-alerts#alert-severity" +} + +variable "url" { + type = string +} From 47a37ca804123cdd8c1c478f655e0be06194bb14 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Fri, 3 Jun 2022 17:48:41 -0400 Subject: [PATCH 07/10] feat: add ping checks for test and production Refactor the uptime code to be in a module to be reusable. --- terraform/uptime.tf | 26 ++++++++++++++++++++++---- terraform/uptime/main.tf | 1 + 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/terraform/uptime.tf b/terraform/uptime.tf index 56d2954bc..e42037426 100644 --- a/terraform/uptime.tf +++ b/terraform/uptime.tf @@ -1,10 +1,28 @@ module "dev_healthcheck" { source = "./uptime" - action_group_id = azurerm_monitor_action_group.dev_email.id - name = "dev-healthcheck" + action_group_id = azurerm_monitor_action_group.dev_email.id + name = "dev-healthcheck" resource_group_name = data.azurerm_resource_group.benefits.name - url = "https://dev-benefits.calitp.org/healthcheck" + url = "https://dev-benefits.calitp.org/healthcheck" +} + +module "test_healthcheck" { + source = "./uptime" + + action_group_id = azurerm_monitor_action_group.dev_email.id + name = "test-healthcheck" + resource_group_name = data.azurerm_resource_group.benefits.name + url = "https://test-benefits.calitp.org/healthcheck" +} + +module "prod_healthcheck" { + source = "./uptime" + + action_group_id = azurerm_monitor_action_group.dev_email.id + name = "prod-healthcheck" + resource_group_name = data.azurerm_resource_group.benefits.name + url = "https://benefits.calitp.org/healthcheck" } # migrations @@ -16,5 +34,5 @@ moved { moved { from = azurerm_monitor_metric_alert.uptime - to = module.dev_healthcheck.azurerm_monitor_metric_alert.uptime + to = module.dev_healthcheck.azurerm_monitor_metric_alert.uptime } diff --git a/terraform/uptime/main.tf b/terraform/uptime/main.tf index 72130eef7..2ab9a6e01 100644 --- a/terraform/uptime/main.tf +++ b/terraform/uptime/main.tf @@ -21,6 +21,7 @@ resource "azurerm_application_insights_web_test" "healthcheck" { "us-ca-sjc-azr", # West US ] + # boilerplate configuration configuration = < From 128cfa611708558253e444c9710c20d72e075a13 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Fri, 3 Jun 2022 17:53:53 -0400 Subject: [PATCH 08/10] refactor: move webtest configuration into its own file --- terraform/uptime/main.tf | 14 +++----------- terraform/uptime/variables.tf | 6 +++--- terraform/uptime/webtest.xml | 7 +++++++ 3 files changed, 13 insertions(+), 14 deletions(-) create mode 100644 terraform/uptime/webtest.xml diff --git a/terraform/uptime/main.tf b/terraform/uptime/main.tf index 2ab9a6e01..8b23471a5 100644 --- a/terraform/uptime/main.tf +++ b/terraform/uptime/main.tf @@ -21,15 +21,7 @@ resource "azurerm_application_insights_web_test" "healthcheck" { "us-ca-sjc-azr", # West US ] - # boilerplate configuration - configuration = < - - - - -XML + configuration = templatefile("${path.module}/webtest.xml", { url = var.url }) lifecycle { ignore_changes = [tags] @@ -46,8 +38,8 @@ resource "azurerm_monitor_metric_alert" "uptime" { severity = var.severity application_insights_web_test_location_availability_criteria { - web_test_id = azurerm_application_insights_web_test.healthcheck.id - component_id = data.azurerm_application_insights.benefits.id + web_test_id = azurerm_application_insights_web_test.healthcheck.id + component_id = data.azurerm_application_insights.benefits.id # "the optimal configuration is to have the number of test locations be equal to the alert location threshold + 2" # https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability#create-a-test failed_location_count = length(azurerm_application_insights_web_test.healthcheck.geo_locations) - 2 diff --git a/terraform/uptime/variables.tf b/terraform/uptime/variables.tf index 369e6a388..b51f6d972 100644 --- a/terraform/uptime/variables.tf +++ b/terraform/uptime/variables.tf @@ -3,7 +3,7 @@ variable "action_group_id" { } variable "name" { - type = string + type = string description = "What to call the ping test" } @@ -12,8 +12,8 @@ variable "resource_group_name" { } variable "severity" { - type = number - default = 1 + type = number + default = 1 description = "https://docs.microsoft.com/en-us/azure/azure-monitor/best-practices-alerts#alert-severity" } diff --git a/terraform/uptime/webtest.xml b/terraform/uptime/webtest.xml new file mode 100644 index 000000000..0e4bc8c77 --- /dev/null +++ b/terraform/uptime/webtest.xml @@ -0,0 +1,7 @@ + + + + + + From 2be4e15ff3252bdb821cf782d9346430eca119d8 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Fri, 3 Jun 2022 18:41:27 -0400 Subject: [PATCH 09/10] chore: add documentation Terraform in Azure --- docs/deployment/azure.md | 27 +++++++++++++++++++++++++++ terraform/README.md | 1 + terraform/uptime/README.md | 2 +- 3 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 terraform/README.md diff --git a/docs/deployment/azure.md b/docs/deployment/azure.md index 94ef38154..bd662270a 100644 --- a/docs/deployment/azure.md +++ b/docs/deployment/azure.md @@ -2,6 +2,8 @@ [dev-benefits.calitp.org](https://dev-benefits.calitp.org) is currently deployed into a Microsoft Azure account provided by [California Department of Technology (CDT)'s Office of Enterprise Technology (OET)](https://techblog.cdt.ca.gov/2020/06/cdt-taking-the-lead-in-digital-transformation/), a.k.a. the "DevSecOps" team. More specifically, it uses [custom containers](https://docs.microsoft.com/en-us/azure/app-service/configure-custom-container) on [Azure App Service](https://docs.microsoft.com/en-us/azure/app-service/overview). +The infrastructure is configured as code via [Terraform](https://www.terraform.io/), for [various reasons](https://techcommunity.microsoft.com/t5/fasttrack-for-azure/the-benefits-of-infrastructure-as-code/ba-p/2069350). We are adding existing resources to the configuration progressively. In other words, not _all_ our resources in Azure show up under [`terraform/`][terraform-dir], but we are [moving that direction](https://github.com/cal-itp/benefits/issues/618). + ## Architecture ### System interconnections @@ -53,3 +55,28 @@ flowchart LR ``` WAF: [Web Application Firewall](https://azure.microsoft.com/en-us/services/web-application-firewall/) + +## Making changes + +1. Get access to the Azure account through the DevSecOps team. +1. Install dependencies: + - [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) + - [Terraform](https://www.terraform.io/downloads) +1. [Authenticate using the Azure CLI](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/azure_cli). +1. Outside the [dev container](../../getting-started/), navigate to the [`terraform/`][terraform-dir] directory. +1. [Initialize Terraform.](https://www.terraform.io/cli/commands/init) + + ```sh + terraform init + ``` + +1. Make changes to Terraform files. +1. [Plan](https://www.terraform.io/cli/commands/plan)/[apply](https://www.terraform.io/cli/commands/apply) the changes, as necessary. + + ```sh + terraform apply + ``` + +1. [Submit the changes via pull request.](../development/commits-branches-merging/) Be sure to specify whether they've been applied, i.e. whether they're live or not. + +[terraform-dir]: https://github.com/cal-itp/benefits/tree/dev/terraform diff --git a/terraform/README.md b/terraform/README.md new file mode 100644 index 000000000..5f9db0b8d --- /dev/null +++ b/terraform/README.md @@ -0,0 +1 @@ +[Documentation](https://docs.calitp.org/benefits/deployment/azure/) diff --git a/terraform/uptime/README.md b/terraform/uptime/README.md index 47d56f90b..98a3f0c68 100644 --- a/terraform/uptime/README.md +++ b/terraform/uptime/README.md @@ -1 +1 @@ -Terraform module to set up [ping tests](https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability). +[Terraform module](https://www.terraform.io/language/modules) to set up [ping tests](https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability). From 81b275cd42be2ba644917bd1e1d46ccad0d1abff Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Thu, 9 Jun 2022 14:17:20 -0700 Subject: [PATCH 10/10] fix: switch Terraform to Azure Production Subscription --- docs/deployment/azure.md | 6 +++++- terraform/main.tf | 9 ++++++--- terraform/monitor.tf | 2 +- terraform/uptime/main.tf | 2 +- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/docs/deployment/azure.md b/docs/deployment/azure.md index bd662270a..ae2622d0c 100644 --- a/docs/deployment/azure.md +++ b/docs/deployment/azure.md @@ -56,13 +56,17 @@ flowchart LR WAF: [Web Application Firewall](https://azure.microsoft.com/en-us/services/web-application-firewall/) +## Monitoring + +We have [ping tests](https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability) set up to notify about availability of the dev, test, and prod deployments. Alerts go to [#benefits-notify](https://cal-itp.slack.com/archives/C022HHSEE3F). + ## Making changes 1. Get access to the Azure account through the DevSecOps team. 1. Install dependencies: - [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) - [Terraform](https://www.terraform.io/downloads) -1. [Authenticate using the Azure CLI](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/azure_cli). +1. [Authenticate using the Azure CLI](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/azure_cli), specifying the `CDT/ODI Production` Subscription. 1. Outside the [dev container](../../getting-started/), navigate to the [`terraform/`][terraform-dir] directory. 1. [Initialize Terraform.](https://www.terraform.io/cli/commands/init) diff --git a/terraform/main.tf b/terraform/main.tf index b105524ba..22fc1cd61 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -7,17 +7,20 @@ terraform { } backend "azurerm" { - resource_group_name = "RG-CDT-PUB-VIP-CALITP-D-001" - storage_account_name = "sacalitpd001" + resource_group_name = "RG-CDT-PUB-VIP-CALITP-P-001" + storage_account_name = "sacdtcalitpp001" container_name = "tfstate" key = "terraform.tfstate" } } provider "azurerm" { + # temporary workaround for permissions issue + skip_provider_registration = true + features {} } data "azurerm_resource_group" "benefits" { - name = "RG-CDT-PUB-VIP-CALITP-D-001" + name = "RG-CDT-PUB-VIP-CALITP-P-001" } diff --git a/terraform/monitor.tf b/terraform/monitor.tf index d9aac7a52..af0d1e09f 100644 --- a/terraform/monitor.tf +++ b/terraform/monitor.tf @@ -1,5 +1,5 @@ data "azurerm_key_vault" "main" { - name = "kv-cdt-pub-calitp-d-001" + name = "KV-CDT-PUB-CALITP-P-001" resource_group_name = data.azurerm_resource_group.benefits.name } diff --git a/terraform/uptime/main.tf b/terraform/uptime/main.tf index 8b23471a5..2f4d28e38 100644 --- a/terraform/uptime/main.tf +++ b/terraform/uptime/main.tf @@ -1,5 +1,5 @@ data "azurerm_application_insights" "benefits" { - name = "AS-CDT-CALITP-D-001" + name = "AI-CDT-PUB-VIP-CALITP-P-001" resource_group_name = var.resource_group_name }