gmatte/EvalueTonSavoir
1
0
Fork 0
mirror of https://github.com/ets-cfuhrman-pfe/EvalueTonSavoir.git synced 2025-08-11 21:23:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add deployment with opentofu in azure

Browse source
This commit is contained in:
fserres 2024-11-04 19:54:15 -05:00
parent ba77b73899
commit 2f1a96fdba
14 changed files with 562 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.gitignore vendored
View file

@ -128,3 +128,12 @@ dist
.yarn/build-state.yml .yarn/build-state.yml
.yarn/install-state.gz .yarn/install-state.gz
.pnp.* .pnp.*
# Opentofu state
opentofu/*/.terraform
opentofu/*/.terraform.lock*
opentofu/*/terraform.tfstate*
opentofu/*/terraform.tfvars
# Opentofu auth config
opentofu/auth_config.json

39
opentofu/README.md Normal file
View file

@ -0,0 +1,39 @@
# Déploiement avec Opentofu
## Microsoft Azure
### Installer opentofu
https://opentofu.org/docs/intro/install/
### Installer Azure CLI
https://learn.microsoft.com/en-us/cli/azure/install-azure-cli#install
### Modifier les configurations
Créer un fichier **terraform.tfvars** sur la base du fichier **terraform.tfvars.example** dans le répertoire **azure**.
Vous pouvez changer toutes les variables utilisée lors du déploiement dans ce fichier.
Toutes les variables, leur description et leur valeur par défaut sont disponibles dans le fichier **variables.tf**.
Créer un fichier **auth_config.json** sur la base du fichier **auth_config.json.example** dans le répertoire **opentofu**.
Modifier le fichier **default.conf** afin de pointer vers le bon url pour le backend et le frontend.
L'url du frontend est défini comme suit: http://\<container_group_app_dns>.\<location>.azurecontainer.io:\<frontend_port>".
L'url du backend est défini comme suit: http://\<container_group_app_dns>.\<location>.azurecontainer.io:\<backend_port>".
Location est sans espace et en minuscule.
Par défaut, l'url du frontend est http://evaluetonsavoir-app.canadacentral.azurecontainer.io:5173.
Par défaut, l'url du backend est http://evaluetonsavoir-app.canadacentral.azurecontainer.io:3000.
### Lancer le déploiement
Pour lancer le déploiement, faites les commandes suivantes
`cd azure`
`az login`
`tofu init`
`tofu apply`
Ensuite, opentofu va afficher toutes les actions qu'il va effectuer avec les valeurs configurées.
Entrez `yes` pour appliquer ces actions et lancer le déploiement.

35
opentofu/auth_config.json.example Normal file
View file

@ -0,0 +1,35 @@
{
auth: {
passportjs: [
{
provider1: {
type: "oauth",
OAUTH_AUTHORIZATION_URL: "https://www.testurl.com/oauth2/authorize",
OAUTH_TOKEN_URL: "https://www.testurl.com/oauth2/token",
OAUTH_USERINFO_URL: "https://www.testurl.com/oauth2/userinfo/",
OAUTH_CLIENT_ID: "your_oauth_client_id",
OAUTH_CLIENT_SECRET: "your_oauth_client_secret",
OAUTH_ADD_SCOPE: "scopes",
OAUTH_ROLE_TEACHER_VALUE: "teacher-claim-value",
OAUTH_ROLE_STUDENT_VALUE: "student-claim-value",
},
},
{
provider2: {
type: "oidc",
OIDC_CLIENT_ID: "your_oidc_client_id",
OIDC_CLIENT_SECRET: "your_oidc_client_secret",
OIDC_CONFIG_URL: "https://your-issuer.com",
OIDC_ADD_SCOPE: "groups",
OIDC_ROLE_TEACHER_VALUE: "teacher-claim-value",
OIDC_ROLE_STUDENT_VALUE: "student-claim-value",
},
},
],
"simpleauth": {
enabled: true,
name: "provider3",
SESSION_SECRET: "your_session_secret",
},
},
}

64
opentofu/azure/app.tf Normal file
View file

@ -0,0 +1,64 @@
resource "azurerm_container_group" "app" {
name = var.container_group_app_name
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
os_type = var.container_group_os
dns_name_label = var.container_group_app_dns
image_registry_credential {
server = var.image_registry_server
username = var.image_registry_user
password = var.image_registry_password
}
container {
name = var.frontend_image_name
image = var.frontend_image
cpu = var.frontend_image_cpu
memory = var.frontend_image_memory
environment_variables = {
VITE_BACKEND_URL = "http://${var.container_group_router_dns}.${lower(replace(azurerm_resource_group.resource_group.location, " ", ""))}.azurecontainer.io"
}
ports {
port = var.frontend_port
}
}
container {
name = var.backend_image_name
image = var.backend_image
cpu = var.backend_image_cpu
memory = var.backend_image_memory
environment_variables = {
PORT = var.backend_port
MONGO_URI = azurerm_cosmosdb_account.cosmosdb_account.connection_strings[0]
MONGO_DATABASE = azurerm_cosmosdb_mongo_collection.cosmosdb_mongo_collection.database_name
EMAIL_SERVICE = var.backend_email_service
SENDER_EMAIL = var.backend_email_sender
EMAIL_PSW = var.backend_email_password
JWT_SECRET = var.backend_jwt_secret
SESSION_Secret = var.backend_session_secret
SITE_URL = "http://${var.container_group_router_dns}.${lower(replace(azurerm_resource_group.resource_group.location, " ", ""))}.azurecontainer.io"
FRONTEND_PORT = var.frontend_port
USE_PORTS = var.backend_use_port
AUTHENTICATED_ROOMS = var.backend_use_auth_student
}
ports {
port = var.backend_port
}
volume {
name = azurerm_storage_share.backend_storage_share.name
mount_path = var.backend_volume_mount_path
share_name = azurerm_storage_share.backend_storage_share.name
storage_account_name = azurerm_storage_account.storage_account.name
storage_account_key = azurerm_storage_account.storage_account.primary_access_key
}
}
depends_on = [azurerm_cosmosdb_mongo_collection.cosmosdb_mongo_collection]
}

36
opentofu/azure/database.tf Normal file
View file

@ -0,0 +1,36 @@
resource "azurerm_cosmosdb_account" "cosmosdb_account" {
name = var.cosmosdb_account_name
resource_group_name = azurerm_resource_group.resource_group.name
location = azurerm_resource_group.resource_group.location
offer_type = "Standard"
kind = "MongoDB"
capabilities {
name = "EnableMongo"
}
consistency_policy {
consistency_level = "Session"
}
geo_location {
failover_priority = 0
location = azurerm_resource_group.resource_group.location
}
depends_on = [azurerm_resource_group.resource_group]
}
resource "azurerm_cosmosdb_mongo_collection" "cosmosdb_mongo_collection" {
name = var.mongo_database_name
resource_group_name = azurerm_resource_group.resource_group.name
account_name = azurerm_cosmosdb_account.cosmosdb_account.name
database_name = var.mongo_database_name
index {
keys = ["_id"]
unique = true
}
depends_on = [azurerm_cosmosdb_account.cosmosdb_account]
}

13
opentofu/azure/main.tf Normal file
View file

@ -0,0 +1,13 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0"
}
}
required_version = ">= 1.0"
}
provider "azurerm" {
features {}
}

4
opentofu/azure/resource_group.tf Normal file
View file

@ -0,0 +1,4 @@
resource "azurerm_resource_group" "resource_group" {
name = var.resource_group_name
location = var.location
}

34
opentofu/azure/router.tf Normal file
View file

@ -0,0 +1,34 @@
resource "azurerm_container_group" "router" {
name = var.container_group_router_name
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
os_type = var.container_group_os
dns_name_label = var.container_group_router_dns
image_registry_credential {
server = var.image_registry_server
username = var.image_registry_user
password = var.image_registry_password
}
container {
name = var.router_image_name
image = var.router_image
cpu = var.router_image_cpu
memory = var.router_image_memory
ports {
port = var.router_port
}
volume {
name = azurerm_storage_share.router_storage_share.name
mount_path = var.router_volume_mount_path
share_name = azurerm_storage_share.router_storage_share.name
storage_account_name = azurerm_storage_account.storage_account.name
storage_account_key = azurerm_storage_account.storage_account.primary_access_key
}
}
depends_on = [azurerm_container_group.app]
}

52
opentofu/azure/storage.tf Normal file
View file

@ -0,0 +1,52 @@
resource "azurerm_storage_account" "storage_account" {
name = var.config_volume_storage_account_name
resource_group_name = azurerm_resource_group.resource_group.name
location = azurerm_resource_group.resource_group.location
account_tier = "Standard"
account_replication_type = "LRS"
depends_on = [azurerm_resource_group.resource_group]
}
resource "azurerm_storage_share" "backend_storage_share" {
name = var.backend_volume_share_name
storage_account_name = azurerm_storage_account.storage_account.name
quota = 1
depends_on = [azurerm_storage_account.storage_account]
}
resource "azurerm_storage_share" "router_storage_share" {
name = var.router_volume_share_name
storage_account_name = azurerm_storage_account.storage_account.name
quota = 1
depends_on = [azurerm_storage_account.storage_account]
}
resource "null_resource" "upload_file" {
provisioner "local-exec" {
command = <<EOT
az storage file upload \
--account-name ${azurerm_storage_account.storage_account.name} \
--share-name ${azurerm_storage_share.backend_storage_share.name} \
--source ../auth_config.json \
--path auth_config.json
EOT
}
provisioner "local-exec" {
command = <<EOT
az storage file upload \
--account-name ${azurerm_storage_account.storage_account.name} \
--share-name ${azurerm_storage_share.router_storage_share.name} \
--source ../default.conf \
--path default.conf
EOT
}
depends_on = [
azurerm_storage_share.backend_storage_share,
azurerm_storage_share.router_storage_share
]
}

7
opentofu/azure/terraform.tfvars.example Normal file
View file

@ -0,0 +1,7 @@
image_registry_user = "username"
image_registry_password = "password"
image_registry_server = "index.docker.io"
backend_session_secret = "session_secret"
backend_email_sender = "mail@mail.com"
backend_email_password = "password"
backend_jwt_secret = "jwt_secret"

233
opentofu/azure/variables.tf Normal file
View file

@ -0,0 +1,233 @@
variable "resource_group_name" {
description = "The name of the resource group"
type = string
default = "evaluetonsavoir"
}
variable "container_group_app_name" {
description = "The name of the app container group"
type = string
default = "evaluetonsavoir-app"
}
variable "container_group_app_dns" {
description = "The dns name of the app container group"
type = string
default = "evaluetonsavoir-app"
}
variable "container_group_router_name" {
description = "The name of the router container group"
type = string
default = "evaluetonsavoir"
}
variable "container_group_router_dns" {
description = "The dns name of the router container group"
type = string
default = "evaluetonsavoir"
}
variable "container_group_os" {
description = "The os type of the container group"
type = string
default = "Linux"
}
variable "image_registry_server" {
description = "The image registry server"
type = string
default = "index.docker.io"
}
variable "image_registry_user" {
description = "The image registry username"
type = string
default = "username"
}
variable "image_registry_password" {
description = "The image registry password"
type = string
default = "password"
}
variable "location" {
description = "The location for resources"
type = string
default = "Canada Central"
}
variable "frontend_image" {
description = "Docker image for the frontend"
type = string
default = "fuhrmanator/evaluetonsavoir-frontend:latest"
}
variable "frontend_image_name" {
description = "Docker image name for the frontend"
type = string
default = "frontend"
}
variable "frontend_image_cpu" {
description = "Docker image cpu for the frontend"
type = string
default = "1"
}
variable "frontend_image_memory" {
description = "Docker image memory for the frontend"
type = string
default = "2"
}
variable "frontend_port" {
description = "The frontend port"
type = number
default = 5173
}
variable "backend_image" {
description = "Docker image for the backend"
type = string
default = "fuhrmanator/evaluetonsavoir-backend:latest"
}
variable "backend_image_name" {
description = "Docker image name for the backend"
type = string
default = "backend"
}
variable "backend_image_cpu" {
description = "Docker image cpu for the backend"
type = string
default = "1"
}
variable "backend_image_memory" {
description = "Docker image memory for the backend"
type = string
default = "2"
}
variable "backend_port" {
description = "The backend port"
type = number
default = 3000
}
variable "backend_use_port" {
description = "If true use port in the backend, else no"
type = bool
default = false
}
variable "backend_use_auth_student" {
description = "If true student need to authenticate, else no"
type = bool
default = false
}
variable "backend_session_secret" {
description = "The backend session secret"
type = string
default = "secret"
}
variable "backend_email_service" {
description = "The name of the service use for sending email"
type = string
default = "gmail"
}
variable "backend_email_sender" {
description = "The email address used to send email"
type = string
default = "mail@mail.com"
}
variable "backend_email_password" {
description = "The email password"
type = string
default = "password"
}
variable "backend_jwt_secret" {
description = "The secret used to sign the jwt"
type = string
default = "secret"
}
variable "router_image" {
description = "Docker image for the router"
type = string
default = "nginx:alpine"
}
variable "router_image_name" {
description = "Docker image name for the router"
type = string
default = "nginx"
}
variable "router_image_cpu" {
description = "Docker image cpu for the router"
type = string
default = "1"
}
variable "router_image_memory" {
description = "Docker image memory for the router"
type = string
default = "2"
}
variable "router_port" {
description = "The router port"
type = number
default = 80
}
variable "router_volume_mount_path" {
description = "The router volume mount path"
type = string
default = "/etc/nginx/conf.d"
}
variable "router_volume_share_name" {
description = "The router volume share name"
type = string
default = "nginx-config-share"
}
variable "backend_volume_mount_path" {
description = "The backend volume mount path"
type = string
default = "/usr/src/app/serveur/config/auth"
}
variable "backend_volume_share_name" {
description = "The backend volume share name"
type = string
default = "auth-config-share"
}
variable "config_volume_storage_account_name" {
description = "The volume storage account name"
type = string
default = "evaluetonsavoirstorage"
}
variable "mongo_database_name" {
description = "The name of the database"
type = string
default = "evaluetonsavoir"
}
variable "cosmosdb_account_name" {
description = "The name of the cosmosdb account"
type = string
default = "evaluetonsavoircosmosdb"
}

31
opentofu/default.conf Normal file
View file

@ -0,0 +1,31 @@
upstream frontend {
server evaluetonsavoir-app.canadacentral.azurecontainer.io:5173;
}
upstream backend {
server evaluetonsavoir-app.canadacentral.azurecontainer.io:3000;
}
server {
listen 80;
location /api {
rewrite /backend/(.*) /$1 break;
proxy_pass http://backend;
}
location /socket.io {
rewrite /backend/(.*) /$1 break;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_hide_header 'Access-Control-Allow-Origin';
}
location / {
proxy_pass http://frontend;
}
}

2
server/__tests__/auth.test.js
View file

@ -30,7 +30,7 @@ const mockConfig = {
}, },
}, },
], ],
"simple-login": { "simpleauth": {
enabled: true, enabled: true,
name: "provider3", name: "provider3",
SESSION_SECRET: "your_session_secret", SESSION_SECRET: "your_session_secret",

5
server/config/auth.js
View file

@ -2,7 +2,7 @@ const fs = require('fs');
const path = require('path'); const path = require('path');
const pathAuthConfig = './auth_config.json'; const pathAuthConfig = './auth_config.json';
const configPath = path.join(process.cwd(), pathAuthConfig); let configPath = path.join(process.cwd(), pathAuthConfig);
class AuthConfig { class AuthConfig {
@ -12,6 +12,9 @@ class AuthConfig {
// Méthode pour lire le fichier de configuration JSON // Méthode pour lire le fichier de configuration JSON
loadConfig() { loadConfig() {
try { try {
if (!fs.existsSync(configPath)) {
configPath = path.join(process.cwd(), "config", "auth", pathAuthConfig);
}
const configData = fs.readFileSync(configPath, 'utf-8'); const configData = fs.readFileSync(configPath, 'utf-8');
this.config = JSON.parse(configData); this.config = JSON.parse(configData);
} catch (error) { } catch (error) {