AZ fixes for servers, add DNS entries, fix provisioner

.pre-commit-config.yaml

@@ -0,0 +1,31 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.6.0
+  hooks:
+    # Git style
+    - id: check-added-large-files
+    - id: check-merge-conflict
+    - id: check-vcs-permalinks
+    - id: forbid-new-submodules
+    - id: no-commit-to-branch
+
+    # Common errors
+    - id: end-of-file-fixer
+    - id: trailing-whitespace
+      args: [--markdown-linebreak-ext=md]
+      exclude: CHANGELOG.md
+    - id: check-yaml
+    - id: check-merge-conflict
+    - id: check-executables-have-shebangs
+
+- repo: https://github.com/jumanjihouse/pre-commit-hooks
+  rev: 3.0.0
+  hooks:
+    - id: shfmt
+      args: ['-l', '-i', '2', '-ci', '-sr', '-w']
+    - id: shellcheck
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.96.3
+  hooks:
+    - id: terraform_fmt
+    - id: terraform_docs

Makefile

@@ -1,4 +1,4 @@
-local_team_servers := $(shell vagrant status | grep -E -o 'team[0-9]+')
+local_team_servers = $(shell vagrant status | grep -E -o 'team[0-9]+')
 
 ci:
 	@bash ./scripts/ci.sh
@@ -8,9 +8,11 @@ up-local:
 	@vagrant up --parallel
 
 up-aws:
+	@terraform -chdir=./terraform init
 	@terraform -chdir=./terraform apply
 
 yeet-aws:
+	@terraform -chdir=./terraform init
 	@terraform -chdir=./terraform apply -auto-approve
 	@printf 'Waiting 30s for EC2 instances to hopefully process userdata...\n' && sleep 30
 	@make -s provision-aws

instructions/challenge_2.md

@@ -18,6 +18,6 @@ following:
 - Once there, the app there needs to be named `run-app`, not `app`
 
 - To ensure both locations always have the same version (e.g. during hotfixes),
-  make a reference from the binary location to the target location without
-  copying the actual file. This way, any update or change will reflect in both
+  make a reference from the binary location to the target location *without
+  copying the actual file*. This way, any update or change will reflect in both
   places at once without needing to manually sync them.

instructions/challenge_3.md

@@ -15,5 +15,5 @@ Create that service, and get it running. You need to make sure it runs *even if
 the system reboots* -- meaning that if the server is restarted for any reason,
 the app service needs to start again *without you starting it manually*.
 
-If for any reason you need to check out more detailed logs of the service, you
-can also use the separate `journalctl` command to inspect them.
+If for any reason you need to check out more detailed logs of the service you're
+creating, you can also use the separate `journalctl` command to inspect them.

instructions/challenge_4.md

@@ -24,5 +24,5 @@ look at the `/opt/app` directory again, you may have noticed that there is a
   correctly-installed app binary.
 
 Once you do that, be sure to check the `systemd` and/or `journald` logs of the
-new `app-deb.service` to make sure it's running successfully! (and, just like
-the last one, that it would keep running after a reboot)
+new `app-deb.service` to make sure it's running successfully (and, just like
+the last one, that it would keep running after a reboot).

instructions/challenge_6.md

@@ -8,7 +8,7 @@ dissappeared while on a golfing trip a few weeks past. We were told that the
 code was about ready to deploy, just hadn't gotten the chance to merge it into
 the main branch. See if you can figure out how to get it up and running.
 
-The name of the app is 'carrot-cruncher'. The last dev got the repo set up
+The name of the app is "carrot-cruncher". The last dev got the repo set up
 somewhere on disk, but they never said where... hopefully you'll able to find
 it. When you do, supposedly there was a new working branch pushed to the remote
 repo, so you'll need to figure out how to authenticate to that repo.

scripts/ci.sh

@@ -24,6 +24,7 @@ if [[ "$(</tmp/go-modules wc -l)" -gt 0 ]] ; then
   printf '> Installing CI checks for Go...\n'
   for pkg in \
     honnef.co/go/tools/cmd/staticcheck@latest \
+    github.com/mgechev/revive@latest \
     github.com/kisielk/errcheck@latest \
   ; do
     go install "${pkg}"
@@ -39,9 +40,11 @@ while read -r module ; do
     cd "${mod_dir}"
     printf '>> Running go vet...\n'
     go vet ./...
-    printf '>> Running linter...\n'
+    printf '>> Running staticcheck linter...\n'
     staticcheck ./...
-    printf '>> Running error checker...\n'
+    printf '>> Running revive linter...\n'
+    revive --set_exit_status ./...
+    printf '>> Running error-checker...\n'
     errcheck ./...
   )
 done < /tmp/go-modules

scripts/linux-workshop-admin.sh

@@ -35,13 +35,13 @@ _score-for-challenge() {
       log-info "Providing instruction to user for Challenge ${next_challenge}"
       cp "${wsroot}/instructions/challenge_${next_challenge}.md" /home/appuser/
       # Also broadcast message to user when challenge is complete
-      wall "Congrats on finishing Challenge ${which_challenge}! Be sure to check your home directory for any new instruction files! (hit any key to dismiss this message)"
+      wall "Congrats on finishing Challenge ${which_challenge}! Be sure to check your home directory for any new instruction files! (hit Enter to dismiss this message)"
     else
       log-info 'Team is done with the workshop!'
       cp "${wsroot}/instructions/congrats.md" /home/appuser/
       # This check suppresses an infinite loop of congratulations, lol
       if [[ ! -f "${wsroot}"/team_has_been_congratulated ]] ; then
-        wall "Congratulations -- you have completed ALL CHALLENGES! Be sure to read congrats.md in your home directory! (hit any key to dismiss this message)"
+        wall "Congratulations -- you have completed ALL CHALLENGES! Be sure to read congrats.md in your home directory! (hit Enter to dismiss this message)"
         touch "${wsroot}"/team_has_been_congratulated
       fi
     fi

scripts/provision-ec2-team-parallelizer.sh

@@ -32,7 +32,7 @@ log-info "Adding files to Team server ${server_num} at ${server_ip}..."
 scp -P 2332 -r -o StrictHostKeyChecking=accept-new ../scripts ../services ../instructions ../dummy-app-src admin@"${server_ip}":/tmp
 
 log-info "Running init on Team server ${server_num} at ${server_ip}..."
-ssh -p 2332 admin@"${server_ip}" "export team_name=Team-${server_num} && export db_addr=${db_priv_ip} && sudo -E bash /tmp/scripts/init.sh"
+ssh -p 2332 admin@"${server_ip}" "source /tmp/.tfenv && sudo -E bash /tmp/scripts/init.sh"
 
 log-info "Running tests on Team server ${server_num} at ${server_ip}..."
 ssh -p 2332 admin@"${server_ip}" "sudo -E bats /.ws/scripts/test.bats"

terraform/.gitignore

@@ -1,3 +1,4 @@
 .terraform/
 *.tfvars
 *tfstate*
+!main.auto.tfvars

terraform/dns.tf

@@ -0,0 +1,39 @@
+
+data "aws_route53_zone" "root_zone" {
+  count = var.create_dns ? 1 : 0
+  name  = var.zone_name
+
+}
+
+resource "aws_route53_zone" "workshop_zone" {
+  count = var.create_dns ? 1 : 0
+  name  = "${var.event_name}.${var.zone_name}"
+}
+
+resource "aws_route53_record" "workshop" {
+  count   = var.create_dns ? 1 : 0
+  zone_id = data.aws_route53_zone.root_zone[0].zone_id
+  name    = aws_route53_zone.workshop_zone[0].name
+  type    = "NS"
+  ttl     = "300"
+  records = aws_route53_zone.workshop_zone[0].name_servers
+}
+
+resource "aws_route53_record" "teams" {
+  count      = var.create_dns ? var.num_teams : 0
+  zone_id    = aws_route53_zone.workshop_zone[0].zone_id
+  name       = "team-${count.index + 1}"
+  type       = "A"
+  ttl        = 300 #5 mins
+  records    = [module.team_servers[count.index].public_ip]
+  depends_on = [aws_route53_record.hub]
+}
+
+resource "aws_route53_record" "db" {
+  count   = var.create_dns ? 1 : 0
+  zone_id = aws_route53_zone.workshop_zone[0].zone_id
+  name    = "db"
+  type    = "A"
+  ttl     = 300 #5 mins
+  records = [module.db.public_ip]
+}

terraform/main.auto.tfvars

@@ -0,0 +1,26 @@
+num_teams  = 2
+event_name = "codemash"
+custom_security_group_ingress = [{
+  from_port   = 2332,
+  to_port     = 2332,
+  protocol    = "tcp",
+  description = "ssh",
+  cidr_blocks = "0.0.0.0/0"
+  },
+  {
+    from_port   = 8080,
+    to_port     = 8080,
+    protocol    = "tcp",
+    description = "http",
+    cidr_blocks = "0.0.0.0/0"
+  },
+  {
+    from_port   = 443,
+    to_port     = 443,
+    protocol    = "tcp",
+    description = "https for wetty",
+    cidr_blocks = "0.0.0.0/0"
+  }
+]
+zone_name  = "sbx.justindebo.com"
+create_dns = true

terraform/main.tf

@@ -20,8 +20,8 @@ module "vpc" {
   name = local.name
   cidr = "10.0.0.0/16"
 
-  azs            = [data.aws_availability_zones.available.names[0]]
-  public_subnets = ["10.0.1.0/24"]
+  azs            = [data.aws_availability_zones.available.names[0], data.aws_availability_zones.available.names[1]]
+  public_subnets = cidrsubnets("10.0.0.0/16", 8, 8)
 
   enable_nat_gateway = false
 
@@ -124,7 +124,7 @@ module "team_servers" {
   instance_type               = "t3a.micro"
   key_name                    = aws_key_pair.main.key_name
   vpc_security_group_ids      = [module.security_group.security_group_id]
-  subnet_id                   = module.vpc.public_subnets[0]
+  subnet_id                   = module.vpc.public_subnets[count.index % 2]
   associate_public_ip_address = true
 
   user_data = <<-EOF
@@ -133,6 +133,8 @@ module "team_servers" {
     # NOTE: setting sshd to listen on both 2332 AND regular 22
     grep -q 2332 /etc/ssh/sshd_config || printf 'Port 2332\nPort 22\n' >> /etc/ssh/sshd_config
     systemctl restart ssh
+    # Variables to be sourced before init.sh runs
+    printf 'export team_name="Team-${count.index + 1}"\nexport db_addr="${module.db.private_ip}"\n' > /tmp/.tfenv
   EOF
 
   tags = local.tags

terraform/outputs.tf

@@ -2,6 +2,10 @@ output "instance_ips" {
   value = { for instance in module.team_servers : instance.tags_all["Name"] => instance.public_ip }
 }
 
+output "instance_dns" {
+  value = { for dns in aws_route53_record.teams : "${dns.name}.${aws_route53_zone.workshop_zone[0].name}" => dns.records }
+}
+
 output "db_pub_ip" {
   value = module.db.public_ip
 }

terraform/variables.tf

@@ -32,3 +32,15 @@ variable "ssh_local_key_path" {
   type        = string
   default     = "~/.ssh/id_rsa.pub"
 }
+
+variable "create_dns" {
+  description = "Whether to create a Route53 DNS zone for the workshop instances"
+  type        = bool
+  default     = false
+}
+
+variable "zone_name" {
+  description = "Route53 zone name to use for workshop instances"
+  type        = string
+  default     = null
+}