├── .gitignore ├── LICENSE ├── README.md ├── packer ├── ansible │ ├── roles │ │ ├── nginx │ │ │ ├── tasks │ │ │ │ └── main.yml │ │ │ └── templates │ │ │ │ ├── nginx.conf │ │ │ │ └── wordpress.conf │ │ ├── php-fpm │ │ │ ├── tasks │ │ │ │ └── main.yml │ │ │ └── templates │ │ │ │ └── php-fpm.conf │ │ ├── supervisor │ │ │ ├── tasks │ │ │ │ └── main.yml │ │ │ └── templates │ │ │ │ └── supervisord.conf │ │ └── wordpress │ │ │ ├── files │ │ │ ├── entrypoint.sh │ │ │ └── install-wp.sh │ │ │ ├── tasks │ │ │ └── main.yml │ │ │ └── vars │ │ │ └── main.yml │ └── wordpress.yml └── wp-packer.json └── terraform ├── aws.tf ├── ec2.tf ├── ecs.tf ├── elb.tf ├── outputs.tf ├── rds.tf ├── security-groups.tf ├── task-definitions └── wordpress.json ├── templates.tf ├── variables.tf └── vpc.tf /.gitignore: -------------------------------------------------------------------------------- 1 | terraform.* 2 | .DS_Store 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Joan Fuster 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | # Wordpress on ECS 3 | 4 | Practical example on how to get a Wordpress running under an Amazon ECS Cluster using different technologies. 5 | 6 | ## Technologies 7 | 8 | * [Wordpress](https://wordpress.org/) 9 | * [Packer](https://www.packer.io/) 10 | * [Docker](https://www.docker.com/) 11 | * [Ansible](https://www.ansible.com/) 12 | * [Terraform](https://www.terraform.io/) 13 | * [Amazon ECS](https://aws.amazon.com/ecs/) 14 | * [Amazon RDS](https://aws.amazon.com/es/rds/) 15 | 16 | ## Requirements 17 | 18 | To use this example you will need an [AWS](https://aws.amazon.com/es/) account and: 19 | 20 | * [Packer](https://www.packer.io/downloads.html) 21 | * [Terraform](https://www.terraform.io/downloads.html) 22 | * [Docker](https://docs.docker.com/engine/installation/) 23 | 24 | ## Usage 25 | 26 | 1. Build the Wordpress container. 27 | 28 | Packer will use a [base Docker image with Ansible](https://github.com/jfusterm/dockerfiles/blob/master/ansible/Dockerfile) to provision all the applications needed to run a Wordpress. The result will be saved into a container named `jfusterm/wp-packer` with a version tag `4.4.2`. 29 | 30 | **Note**: If you want to change the image tag you have to change it in `wp-packer.json` and `wordpress.json`. 31 | 32 | ``` 33 | # packer build wp-packer.json 34 | ``` 35 | 36 | 2. Push the container to [Dockerhub](https://hub.docker.com/) 37 | 38 | Check that the image is ready. 39 | 40 | ``` 41 | # docker images 42 | 43 | REPOSITORY TAG IMAGE ID CREATED SIZE 44 | jfusterm/wp-packer 4.4.2 60bfb4ef7e9d 3 hours ago 138.2 MB 45 | ``` 46 | 47 | Then you can push it to Dockerhub. 48 | 49 | ``` 50 | # docker login 51 | # docker push jfusterm/wp-packer:4.4.2 52 | ``` 53 | 54 | 3. Deploy all the infrastructure needed on AWS using Terraform. 55 | 56 | ``` 57 | # terraform apply 58 | ``` 59 | 60 | Once deployed, Terraform will display the ECS Container Instances public IPs and the [ELB](https://aws.amazon.com/es/elasticloadbalancing/) URL that will distribute the traffic across the different Wordpress container instances. 61 | 62 | The RDS connection parameters will be passed on runtime to the Wordpress containers via environment variables. 63 | 64 | 4. Once not needed, we can remove all the AWS infrastructure: 65 | 66 | 67 | ``` 68 | # terraform destroy 69 | ``` 70 | 71 | ## Considerations 72 | 73 | This example uses a basic and simple approach to get a ready to use Wordpress using different technology. Further modifications will be done to get a fully automated, scalable and high available Wordpress. Some thoughts: 74 | 75 | * Wrap all the steps in a single script: build the container, push the container to Dockerhub or a private registry and finally deploy all the infrastructure on AWS. 76 | * ~~Automate Wordpress installation when the first instance is launched. **Note**: Currently the ELB won't work properly due to the health-checks configuration until Wordpress is installed from one of the Worpress instances.~~ 77 | * Distribute the ECS Container Instances across different availability zones and route the traffic using the ELB among them. 78 | * Decouple Nginx and PHP-FPM in separate containers so can be scaled independently. 79 | * Use a shared or distributed storage system to persist Wordpress' data. Examples: 80 | * [Amazon EFS](https://aws.amazon.com/efs/) 81 | * [GlusterFS](https://www.gluster.org/) 82 | * [Flocker](https://docs.clusterhq.com/en/latest/docker-integration/) 83 | * Remove the RDS single point of failure. Examples: 84 | * Deploy RDS on [Multi-AZ](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html) 85 | * Use [Percona XtraDB Cluster](https://www.percona.com/software/mysql-database/percona-xtradb-cluster) 86 | -------------------------------------------------------------------------------- /packer/ansible/roles/nginx/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Nginx | Installation 3 | apk: 4 | name=nginx 5 | state=present 6 | update_cache=yes 7 | 8 | - name: Nginx | Setting config file nginx.conf 9 | template: 10 | src=nginx.conf 11 | dest=/etc/nginx 12 | 13 | - name: Nginx | Setting config file wordpress.conf 14 | template: 15 | src=wordpress.conf 16 | dest=/etc/nginx/conf.d 17 | -------------------------------------------------------------------------------- /packer/ansible/roles/nginx/templates/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes 2; 3 | 4 | error_log /var/log/nginx/error.log warn; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | multi_accept on; 10 | use epoll; 11 | } 12 | 13 | http { 14 | include /etc/nginx/mime.types; 15 | default_type application/octet-stream; 16 | 17 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 18 | '$status $body_bytes_sent "$http_referer" ' 19 | '"$http_user_agent" "$http_x_forwarded_for"'; 20 | 21 | access_log /var/log/nginx/access.log main; 22 | 23 | sendfile on; 24 | tcp_nopush on; 25 | server_tokens off; 26 | keepalive_timeout 65; 27 | gzip on; 28 | 29 | include /etc/nginx/conf.d/*.conf; 30 | } -------------------------------------------------------------------------------- /packer/ansible/roles/nginx/templates/wordpress.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | 4 | root /usr/share/nginx/html/wordpress; 5 | index index.php; 6 | 7 | location / { 8 | try_files $uri $uri/ /index.php?$args; 9 | } 10 | 11 | location ~ \.php$ { 12 | fastcgi_pass unix:/var/run/php-fpm.sock; 13 | fastcgi_index index.php; 14 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 15 | include /etc/nginx/fastcgi_params; 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /packer/ansible/roles/php-fpm/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: PHP-FPM | Installation 3 | apk: 4 | name=php-fpm,php-mysql,php-opcache 5 | state=present 6 | update_cache=yes 7 | 8 | - name: PHP-FPM | Setting config file src=php-fpm.conf 9 | template: 10 | src=php-fpm.conf 11 | dest=/etc/php 12 | -------------------------------------------------------------------------------- /packer/ansible/roles/php-fpm/templates/php-fpm.conf: -------------------------------------------------------------------------------- 1 | ;;;;;;;;;;;;;;;;;;;;; 2 | ; FPM Configuration ; 3 | ;;;;;;;;;;;;;;;;;;;;; 4 | 5 | ; All relative paths in this configuration file are relative to PHP's install 6 | ; prefix (/usr). This prefix can be dynamically changed by using the 7 | ; '-p' argument from the command line. 8 | 9 | ; Include one or more files. If glob(3) exists, it is used to include a bunch of 10 | ; files from a glob(3) pattern. This directive can be used everywhere in the 11 | ; file. 12 | ; Relative path can also be used. They will be prefixed by: 13 | ; - the global prefix if it's been set (-p argument) 14 | ; - /usr otherwise 15 | ;include=etc/fpm.d/*.conf 16 | 17 | ;;;;;;;;;;;;;;;;;; 18 | ; Global Options ; 19 | ;;;;;;;;;;;;;;;;;; 20 | 21 | [global] 22 | ; Pid file 23 | ; Note: the default prefix is /var 24 | ; Default Value: none 25 | ;pid = run/php-fpm.pid 26 | 27 | ; Error log file 28 | ; If it's set to "syslog", log is sent to syslogd instead of being written 29 | ; in a local file. 30 | ; Note: the default prefix is /var 31 | ; Default Value: log/php-fpm.log 32 | error_log = /var/log/php-fpm.log 33 | 34 | ; syslog_facility is used to specify what type of program is logging the 35 | ; message. This lets syslogd specify that messages from different facilities 36 | ; will be handled differently. 37 | ; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) 38 | ; Default Value: daemon 39 | ;syslog.facility = daemon 40 | 41 | ; syslog_ident is prepended to every message. If you have multiple FPM 42 | ; instances running on the same server, you can change the default value 43 | ; which must suit common needs. 44 | ; Default Value: php-fpm 45 | ;syslog.ident = php-fpm 46 | 47 | ; Log level 48 | ; Possible Values: alert, error, warning, notice, debug 49 | ; Default Value: notice 50 | ;log_level = notice 51 | 52 | ; If this number of child processes exit with SIGSEGV or SIGBUS within the time 53 | ; interval set by emergency_restart_interval then FPM will restart. A value 54 | ; of '0' means 'Off'. 55 | ; Default Value: 0 56 | ;emergency_restart_threshold = 0 57 | 58 | ; Interval of time used by emergency_restart_interval to determine when 59 | ; a graceful restart will be initiated. This can be useful to work around 60 | ; accidental corruptions in an accelerator's shared memory. 61 | ; Available Units: s(econds), m(inutes), h(ours), or d(ays) 62 | ; Default Unit: seconds 63 | ; Default Value: 0 64 | ;emergency_restart_interval = 0 65 | 66 | ; Time limit for child processes to wait for a reaction on signals from master. 67 | ; Available units: s(econds), m(inutes), h(ours), or d(ays) 68 | ; Default Unit: seconds 69 | ; Default Value: 0 70 | ;process_control_timeout = 0 71 | 72 | ; The maximum number of processes FPM will fork. This has been design to control 73 | ; the global number of processes when using dynamic PM within a lot of pools. 74 | ; Use it with caution. 75 | ; Note: A value of 0 indicates no limit 76 | ; Default Value: 0 77 | ; process.max = 128 78 | 79 | ; Specify the nice(2) priority to apply to the master process (only if set) 80 | ; The value can vary from -19 (highest priority) to 20 (lower priority) 81 | ; Note: - It will only work if the FPM master process is launched as root 82 | ; - The pool process will inherit the master process priority 83 | ; unless it specified otherwise 84 | ; Default Value: no set 85 | ; process.priority = -19 86 | 87 | ; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. 88 | ; Default Value: yes 89 | ;daemonize = yes 90 | 91 | ; Set open file descriptor rlimit for the master process. 92 | ; Default Value: system defined value 93 | ;rlimit_files = 1024 94 | 95 | ; Set max core size rlimit for the master process. 96 | ; Possible Values: 'unlimited' or an integer greater or equal to 0 97 | ; Default Value: system defined value 98 | ;rlimit_core = 0 99 | 100 | ; Specify the event mechanism FPM will use. The following is available: 101 | ; - select (any POSIX os) 102 | ; - poll (any POSIX os) 103 | ; - epoll (linux >= 2.5.44) 104 | ; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) 105 | ; - /dev/poll (Solaris >= 7) 106 | ; - port (Solaris >= 10) 107 | ; Default Value: not set (auto detection) 108 | ;events.mechanism = epoll 109 | 110 | ; When FPM is build with systemd integration, specify the interval, 111 | ; in second, between health report notification to systemd. 112 | ; Set to 0 to disable. 113 | ; Available Units: s(econds), m(inutes), h(ours) 114 | ; Default Unit: seconds 115 | ; Default value: 10 116 | ;systemd_interval = 10 117 | 118 | ;;;;;;;;;;;;;;;;;;;; 119 | ; Pool Definitions ; 120 | ;;;;;;;;;;;;;;;;;;;; 121 | 122 | ; Multiple pools of child processes may be started with different listening 123 | ; ports and different management options. The name of the pool will be 124 | ; used in logs and stats. There is no limitation on the number of pools which 125 | ; FPM can handle. Your system will tell you anyway :) 126 | 127 | ; Start a new pool named 'www'. 128 | ; the variable $pool can we used in any directive and will be replaced by the 129 | ; pool name ('www' here) 130 | [www] 131 | 132 | ; Per pool prefix 133 | ; It only applies on the following directives: 134 | ; - 'access.log' 135 | ; - 'slowlog' 136 | ; - 'listen' (unixsocket) 137 | ; - 'chroot' 138 | ; - 'chdir' 139 | ; - 'php_values' 140 | ; - 'php_admin_values' 141 | ; When not set, the global prefix (or /usr) applies instead. 142 | ; Note: This directive can also be relative to the global prefix. 143 | ; Default Value: none 144 | ;prefix = /path/to/pools/$pool 145 | 146 | ; Unix user/group of processes 147 | ; Note: The user is mandatory. If the group is not set, the default user's group 148 | ; will be used. 149 | user = nginx 150 | group = nginx 151 | 152 | ; The address on which to accept FastCGI requests. 153 | ; Valid syntaxes are: 154 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on 155 | ; a specific port; 156 | ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on 157 | ; a specific port; 158 | ; 'port' - to listen on a TCP socket to all IPv4 addresses on a 159 | ; specific port; 160 | ; '[::]:port' - to listen on a TCP socket to all addresses 161 | ; (IPv6 and IPv4-mapped) on a specific port; 162 | ; '/path/to/unix/socket' - to listen on a unix socket. 163 | ; Note: This value is mandatory. 164 | listen = /var/run/php-fpm.sock 165 | 166 | ; Set listen(2) backlog. 167 | ; Default Value: 65535 (-1 on FreeBSD and OpenBSD) 168 | ;listen.backlog = 65535 169 | 170 | ; Set permissions for unix socket, if one is used. In Linux, read/write 171 | ; permissions must be set in order to allow connections from a web server. Many 172 | ; BSD-derived systems allow connections regardless of permissions. 173 | ; Default Values: user and group are set as the running user 174 | ; mode is set to 0660 175 | listen.owner = nginx 176 | listen.group = nginx 177 | listen.mode = 0660 178 | ; When POSIX Access Control Lists are supported you can set them using 179 | ; these options, value is a comma separated list of user/group names. 180 | ; When set, listen.owner and listen.group are ignored 181 | ;listen.acl_users = 182 | ;listen.acl_groups = 183 | 184 | ; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. 185 | ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original 186 | ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address 187 | ; must be separated by a comma. If this value is left blank, connections will be 188 | ; accepted from any ip address. 189 | ; Default Value: any 190 | ;listen.allowed_clients = 127.0.0.1 191 | 192 | ; Specify the nice(2) priority to apply to the pool processes (only if set) 193 | ; The value can vary from -19 (highest priority) to 20 (lower priority) 194 | ; Note: - It will only work if the FPM master process is launched as root 195 | ; - The pool processes will inherit the master process priority 196 | ; unless it specified otherwise 197 | ; Default Value: no set 198 | ; process.priority = -19 199 | 200 | ; Choose how the process manager will control the number of child processes. 201 | ; Possible Values: 202 | ; static - a fixed number (pm.max_children) of child processes; 203 | ; dynamic - the number of child processes are set dynamically based on the 204 | ; following directives. With this process management, there will be 205 | ; always at least 1 children. 206 | ; pm.max_children - the maximum number of children that can 207 | ; be alive at the same time. 208 | ; pm.start_servers - the number of children created on startup. 209 | ; pm.min_spare_servers - the minimum number of children in 'idle' 210 | ; state (waiting to process). If the number 211 | ; of 'idle' processes is less than this 212 | ; number then some children will be created. 213 | ; pm.max_spare_servers - the maximum number of children in 'idle' 214 | ; state (waiting to process). If the number 215 | ; of 'idle' processes is greater than this 216 | ; number then some children will be killed. 217 | ; ondemand - no children are created at startup. Children will be forked when 218 | ; new requests will connect. The following parameter are used: 219 | ; pm.max_children - the maximum number of children that 220 | ; can be alive at the same time. 221 | ; pm.process_idle_timeout - The number of seconds after which 222 | ; an idle process will be killed. 223 | ; Note: This value is mandatory. 224 | pm = dynamic 225 | 226 | ; The number of child processes to be created when pm is set to 'static' and the 227 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 228 | ; This value sets the limit on the number of simultaneous requests that will be 229 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 230 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 231 | ; CGI. The below defaults are based on a server without much resources. Don't 232 | ; forget to tweak pm.* to fit your needs. 233 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 234 | ; Note: This value is mandatory. 235 | pm.max_children = 5 236 | 237 | ; The number of child processes created on startup. 238 | ; Note: Used only when pm is set to 'dynamic' 239 | ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 240 | pm.start_servers = 2 241 | 242 | ; The desired minimum number of idle server processes. 243 | ; Note: Used only when pm is set to 'dynamic' 244 | ; Note: Mandatory when pm is set to 'dynamic' 245 | pm.min_spare_servers = 1 246 | 247 | ; The desired maximum number of idle server processes. 248 | ; Note: Used only when pm is set to 'dynamic' 249 | ; Note: Mandatory when pm is set to 'dynamic' 250 | pm.max_spare_servers = 3 251 | 252 | ; The number of seconds after which an idle process will be killed. 253 | ; Note: Used only when pm is set to 'ondemand' 254 | ; Default Value: 10s 255 | ;pm.process_idle_timeout = 10s; 256 | 257 | ; The number of requests each child process should execute before respawning. 258 | ; This can be useful to work around memory leaks in 3rd party libraries. For 259 | ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. 260 | ; Default Value: 0 261 | ;pm.max_requests = 500 262 | 263 | ; The URI to view the FPM status page. If this value is not set, no URI will be 264 | ; recognized as a status page. It shows the following informations: 265 | ; pool - the name of the pool; 266 | ; process manager - static, dynamic or ondemand; 267 | ; start time - the date and time FPM has started; 268 | ; start since - number of seconds since FPM has started; 269 | ; accepted conn - the number of request accepted by the pool; 270 | ; listen queue - the number of request in the queue of pending 271 | ; connections (see backlog in listen(2)); 272 | ; max listen queue - the maximum number of requests in the queue 273 | ; of pending connections since FPM has started; 274 | ; listen queue len - the size of the socket queue of pending connections; 275 | ; idle processes - the number of idle processes; 276 | ; active processes - the number of active processes; 277 | ; total processes - the number of idle + active processes; 278 | ; max active processes - the maximum number of active processes since FPM 279 | ; has started; 280 | ; max children reached - number of times, the process limit has been reached, 281 | ; when pm tries to start more children (works only for 282 | ; pm 'dynamic' and 'ondemand'); 283 | ; Value are updated in real time. 284 | ; Example output: 285 | ; pool: www 286 | ; process manager: static 287 | ; start time: 01/Jul/2011:17:53:49 +0200 288 | ; start since: 62636 289 | ; accepted conn: 190460 290 | ; listen queue: 0 291 | ; max listen queue: 1 292 | ; listen queue len: 42 293 | ; idle processes: 4 294 | ; active processes: 11 295 | ; total processes: 15 296 | ; max active processes: 12 297 | ; max children reached: 0 298 | ; 299 | ; By default the status page output is formatted as text/plain. Passing either 300 | ; 'html', 'xml' or 'json' in the query string will return the corresponding 301 | ; output syntax. Example: 302 | ; http://www.foo.bar/status 303 | ; http://www.foo.bar/status?json 304 | ; http://www.foo.bar/status?html 305 | ; http://www.foo.bar/status?xml 306 | ; 307 | ; By default the status page only outputs short status. Passing 'full' in the 308 | ; query string will also return status for each pool process. 309 | ; Example: 310 | ; http://www.foo.bar/status?full 311 | ; http://www.foo.bar/status?json&full 312 | ; http://www.foo.bar/status?html&full 313 | ; http://www.foo.bar/status?xml&full 314 | ; The Full status returns for each process: 315 | ; pid - the PID of the process; 316 | ; state - the state of the process (Idle, Running, ...); 317 | ; start time - the date and time the process has started; 318 | ; start since - the number of seconds since the process has started; 319 | ; requests - the number of requests the process has served; 320 | ; request duration - the duration in µs of the requests; 321 | ; request method - the request method (GET, POST, ...); 322 | ; request URI - the request URI with the query string; 323 | ; content length - the content length of the request (only with POST); 324 | ; user - the user (PHP_AUTH_USER) (or '-' if not set); 325 | ; script - the main script called (or '-' if not set); 326 | ; last request cpu - the %cpu the last request consumed 327 | ; it's always 0 if the process is not in Idle state 328 | ; because CPU calculation is done when the request 329 | ; processing has terminated; 330 | ; last request memory - the max amount of memory the last request consumed 331 | ; it's always 0 if the process is not in Idle state 332 | ; because memory calculation is done when the request 333 | ; processing has terminated; 334 | ; If the process is in Idle state, then informations are related to the 335 | ; last request the process has served. Otherwise informations are related to 336 | ; the current request being served. 337 | ; Example output: 338 | ; ************************ 339 | ; pid: 31330 340 | ; state: Running 341 | ; start time: 01/Jul/2011:17:53:49 +0200 342 | ; start since: 63087 343 | ; requests: 12808 344 | ; request duration: 1250261 345 | ; request method: GET 346 | ; request URI: /test_mem.php?N=10000 347 | ; content length: 0 348 | ; user: - 349 | ; script: /home/fat/web/docs/php/test_mem.php 350 | ; last request cpu: 0.00 351 | ; last request memory: 0 352 | ; 353 | ; Note: There is a real-time FPM status monitoring sample web page available 354 | ; It's available in: /usr/share/php/fpm/status.html 355 | ; 356 | ; Note: The value must start with a leading slash (/). The value can be 357 | ; anything, but it may not be a good idea to use the .php extension or it 358 | ; may conflict with a real PHP file. 359 | ; Default Value: not set 360 | ;pm.status_path = /status 361 | 362 | ; The ping URI to call the monitoring page of FPM. If this value is not set, no 363 | ; URI will be recognized as a ping page. This could be used to test from outside 364 | ; that FPM is alive and responding, or to 365 | ; - create a graph of FPM availability (rrd or such); 366 | ; - remove a server from a group if it is not responding (load balancing); 367 | ; - trigger alerts for the operating team (24/7). 368 | ; Note: The value must start with a leading slash (/). The value can be 369 | ; anything, but it may not be a good idea to use the .php extension or it 370 | ; may conflict with a real PHP file. 371 | ; Default Value: not set 372 | ;ping.path = /ping 373 | 374 | ; This directive may be used to customize the response of a ping request. The 375 | ; response is formatted as text/plain with a 200 response code. 376 | ; Default Value: pong 377 | ;ping.response = pong 378 | 379 | ; The access log file 380 | ; Default: not set 381 | ;access.log = log/$pool.access.log 382 | 383 | ; The access log format. 384 | ; The following syntax is allowed 385 | ; %%: the '%' character 386 | ; %C: %CPU used by the request 387 | ; it can accept the following format: 388 | ; - %{user}C for user CPU only 389 | ; - %{system}C for system CPU only 390 | ; - %{total}C for user + system CPU (default) 391 | ; %d: time taken to serve the request 392 | ; it can accept the following format: 393 | ; - %{seconds}d (default) 394 | ; - %{miliseconds}d 395 | ; - %{mili}d 396 | ; - %{microseconds}d 397 | ; - %{micro}d 398 | ; %e: an environment variable (same as $_ENV or $_SERVER) 399 | ; it must be associated with embraces to specify the name of the env 400 | ; variable. Some exemples: 401 | ; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e 402 | ; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e 403 | ; %f: script filename 404 | ; %l: content-length of the request (for POST request only) 405 | ; %m: request method 406 | ; %M: peak of memory allocated by PHP 407 | ; it can accept the following format: 408 | ; - %{bytes}M (default) 409 | ; - %{kilobytes}M 410 | ; - %{kilo}M 411 | ; - %{megabytes}M 412 | ; - %{mega}M 413 | ; %n: pool name 414 | ; %o: output header 415 | ; it must be associated with embraces to specify the name of the header: 416 | ; - %{Content-Type}o 417 | ; - %{X-Powered-By}o 418 | ; - %{Transfert-Encoding}o 419 | ; - .... 420 | ; %p: PID of the child that serviced the request 421 | ; %P: PID of the parent of the child that serviced the request 422 | ; %q: the query string 423 | ; %Q: the '?' character if query string exists 424 | ; %r: the request URI (without the query string, see %q and %Q) 425 | ; %R: remote IP address 426 | ; %s: status (response code) 427 | ; %t: server time the request was received 428 | ; it can accept a strftime(3) format: 429 | ; %d/%b/%Y:%H:%M:%S %z (default) 430 | ; %T: time the log has been written (the request has finished) 431 | ; it can accept a strftime(3) format: 432 | ; %d/%b/%Y:%H:%M:%S %z (default) 433 | ; %u: remote user 434 | ; 435 | ; Default: "%R - %u %t \"%m %r\" %s" 436 | ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" 437 | 438 | ; The log file for slow requests 439 | ; Default Value: not set 440 | ; Note: slowlog is mandatory if request_slowlog_timeout is set 441 | ;slowlog = log/$pool.log.slow 442 | 443 | ; The timeout for serving a single request after which a PHP backtrace will be 444 | ; dumped to the 'slowlog' file. A value of '0s' means 'off'. 445 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 446 | ; Default Value: 0 447 | ;request_slowlog_timeout = 0 448 | 449 | ; The timeout for serving a single request after which the worker process will 450 | ; be killed. This option should be used when the 'max_execution_time' ini option 451 | ; does not stop script execution for some reason. A value of '0' means 'off'. 452 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 453 | ; Default Value: 0 454 | ;request_terminate_timeout = 0 455 | 456 | ; Set open file descriptor rlimit. 457 | ; Default Value: system defined value 458 | ;rlimit_files = 1024 459 | 460 | ; Set max core size rlimit. 461 | ; Possible Values: 'unlimited' or an integer greater or equal to 0 462 | ; Default Value: system defined value 463 | ;rlimit_core = 0 464 | 465 | ; Chroot to this directory at the start. This value must be defined as an 466 | ; absolute path. When this value is not set, chroot is not used. 467 | ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one 468 | ; of its subdirectories. If the pool prefix is not set, the global prefix 469 | ; will be used instead. 470 | ; Note: chrooting is a great security feature and should be used whenever 471 | ; possible. However, all PHP paths will be relative to the chroot 472 | ; (error_log, sessions.save_path, ...). 473 | ; Default Value: not set 474 | ;chroot = 475 | 476 | ; Chdir to this directory at the start. 477 | ; Note: relative path can be used. 478 | ; Default Value: current directory or / when chroot 479 | ;chdir = /var/www 480 | 481 | ; Redirect worker stdout and stderr into main error log. If not set, stdout and 482 | ; stderr will be redirected to /dev/null according to FastCGI specs. 483 | ; Note: on highloaded environement, this can cause some delay in the page 484 | ; process time (several ms). 485 | ; Default Value: no 486 | ;catch_workers_output = yes 487 | 488 | ; Clear environment in FPM workers 489 | ; Prevents arbitrary environment variables from reaching FPM worker processes 490 | ; by clearing the environment in workers before env vars specified in this 491 | ; pool configuration are added. 492 | ; Setting to "no" will make all environment variables available to PHP code 493 | ; via getenv(), $_ENV and $_SERVER. 494 | ; Default Value: yes 495 | ;clear_env = no 496 | 497 | ; Limits the extensions of the main script FPM will allow to parse. This can 498 | ; prevent configuration mistakes on the web server side. You should only limit 499 | ; FPM to .php extensions to prevent malicious users to use other extensions to 500 | ; exectute php code. 501 | ; Note: set an empty value to allow all extensions. 502 | ; Default Value: .php 503 | ;security.limit_extensions = .php .php3 .php4 .php5 504 | 505 | ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from 506 | ; the current environment. 507 | ; Default Value: clean env 508 | ;env[HOSTNAME] = $HOSTNAME 509 | ;env[PATH] = /usr/local/bin:/usr/bin:/bin 510 | ;env[TMP] = /tmp 511 | ;env[TMPDIR] = /tmp 512 | ;env[TEMP] = /tmp 513 | 514 | ; Additional php.ini defines, specific to this pool of workers. These settings 515 | ; overwrite the values previously defined in the php.ini. The directives are the 516 | ; same as the PHP SAPI: 517 | ; php_value/php_flag - you can set classic ini defines which can 518 | ; be overwritten from PHP call 'ini_set'. 519 | ; php_admin_value/php_admin_flag - these directives won't be overwritten by 520 | ; PHP call 'ini_set' 521 | ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. 522 | 523 | ; Defining 'extension' will load the corresponding shared extension from 524 | ; extension_dir. Defining 'disable_functions' or 'disable_classes' will not 525 | ; overwrite previously defined php.ini values, but will append the new value 526 | ; instead. 527 | 528 | ; Note: path INI options can be relative and will be expanded with the prefix 529 | ; (pool, global or /usr) 530 | 531 | ; Default Value: nothing is defined by default except the values in php.ini and 532 | ; specified at startup with the -d argument 533 | ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com 534 | ;php_flag[display_errors] = off 535 | ;php_admin_value[error_log] = /var/log/fpm-php.www.log 536 | ;php_admin_flag[log_errors] = on 537 | ;php_admin_value[memory_limit] = 32M 538 | -------------------------------------------------------------------------------- /packer/ansible/roles/supervisor/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Supervisor | Installation 3 | apk: 4 | name=supervisor 5 | state=present 6 | update_cache=yes 7 | 8 | - name: Supervisor | Setting config file supervisord.conf 9 | template: 10 | src=supervisord.conf 11 | dest=/etc/supervisord.conf 12 | -------------------------------------------------------------------------------- /packer/ansible/roles/supervisor/templates/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | nodaemon=true 3 | 4 | [program:nginx] 5 | command=/usr/sbin/nginx 6 | 7 | [program:php-fpm] 8 | command=/usr/bin/php-fpm 9 | 10 | [program:wordpress] 11 | command=/install-wp.sh 12 | -------------------------------------------------------------------------------- /packer/ansible/roles/wordpress/files/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | cd /usr/share/nginx/html/wordpress 6 | 7 | if ! [ -e wp-config.php ] && [ -e wp-config-sample.php ]; then 8 | 9 | sed -ie "s/database_name_here/$WORDPRESS_DB_NAME/g" wp-config-sample.php 10 | sed -ie "s/username_here/$WORDPRESS_DB_USER/g" wp-config-sample.php 11 | sed -ie "s/password_here/$WORDPRESS_DB_PASSWORD/g" wp-config-sample.php 12 | sed -ie "s/localhost/$WORDPRESS_DB_HOST/g" wp-config-sample.php 13 | 14 | fi 15 | 16 | KEYS=( 17 | AUTH_KEY 18 | SECURE_AUTH_KEY 19 | LOGGED_IN_KEY 20 | NONCE_KEY 21 | AUTH_SALT 22 | SECURE_AUTH_SALT 23 | LOGGED_IN_SALT 24 | NONCE_SALT 25 | ) 26 | 27 | for KEY in "${KEYS[@]}"; do 28 | RAND=$(openssl rand -base64 48) 29 | sed -ie "/\<$KEY\>/s#put\ your\ unique\ phrase\ here#$RAND#g" wp-config-sample.php 30 | done 31 | 32 | mv wp-config-sample.php wp-config.php 33 | 34 | cd / 35 | 36 | exec "$@" -------------------------------------------------------------------------------- /packer/ansible/roles/wordpress/files/install-wp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | EC2_PUBLIC_IP=$(curl http://169.254.169.254/latest/meta-data/public-ipv4) 6 | WP_INSTALL_URL="http://$EC2_PUBLIC_IP/wp-admin/install.php?step=2" 7 | 8 | # Wait random time between 1s and 15s so the container with the lowest wait installs Wordpress, not all at once. 9 | sleep $(shuf -i 1-15 -n 1) 10 | 11 | if ! curl -sf $WP_INSTALL_URL | grep "Already Installed"; then 12 | 13 | curl -s -X POST \ 14 | -F "weblog_title=$WORDPRESS_TITLE" \ 15 | -F "user_name=$WORDPRESS_USER" \ 16 | -F "admin_password=$WORDPRESS_PASSWORD" \ 17 | -F "admin_password2=$WORDPRESS_PASSWORD" \ 18 | -F "admin_email=$WORDPRESS_MAIL" \ 19 | -F "blog_public=0" \ 20 | $WP_INSTALL_URL 21 | fi 22 | -------------------------------------------------------------------------------- /packer/ansible/roles/wordpress/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Wordpress | Installation 3 | get_url: 4 | url=https://wordpress.org/wordpress-{{ wordpress_version }}.tar.gz 5 | dest=/wordpress.tar.gz 6 | checksum=md5:{{ wordpress_md5 }} 7 | validate_certs=no # Alpine 3.3 doesn't recognize Godaddy's CA. 8 | 9 | - name: Wordpress | Unarchive 10 | unarchive: 11 | src=/wordpress.tar.gz 12 | dest=/usr/share/nginx/html 13 | 14 | - name: Wordpress | Set permissions 15 | file: 16 | path=/usr/share/nginx/html/wordpress 17 | owner=nginx 18 | group=nginx 19 | state=directory 20 | recurse=yes 21 | 22 | - name: Wordpress | Copy entrypoint.sh 23 | copy: 24 | src=entrypoint.sh 25 | dest=/ 26 | mode=777 27 | 28 | - name: Wordpress | Copy install-wp.sh 29 | copy: 30 | src=install-wp.sh 31 | dest=/ 32 | mode=777 33 | 34 | - name: Wordpress | Remove wordpress.tar.gz 35 | file: 36 | path=/wordpress.tar.gz 37 | state=absent 38 | 39 | - name: apk | Install curl 40 | apk: 41 | name=curl 42 | state=present 43 | 44 | - name: apk | Remove cache 45 | file: 46 | state=absent 47 | path={{ item }} 48 | with_fileglob: 49 | - /var/cache/apk/* 50 | -------------------------------------------------------------------------------- /packer/ansible/roles/wordpress/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | wordpress_version: "4.5" 3 | wordpress_md5: "6beda5bee679ddff61cb8e2e163f23bf" 4 | -------------------------------------------------------------------------------- /packer/ansible/wordpress.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Wordpress | Installation 3 | hosts: localhost 4 | 5 | roles: 6 | - supervisor 7 | - php-fpm 8 | - nginx 9 | - wordpress 10 | -------------------------------------------------------------------------------- /packer/wp-packer.json: -------------------------------------------------------------------------------- 1 | { 2 | "builders": [ 3 | { 4 | "type": "docker", 5 | "image": "jfusterm/ansible", 6 | "commit": true 7 | } 8 | ], 9 | "provisioners": [ 10 | { 11 | "type": "ansible-local", 12 | "playbook_dir": "ansible", 13 | "playbook_file": "ansible/wordpress.yml" 14 | } 15 | ], 16 | "post-processors": [ 17 | [ 18 | { 19 | "type": "docker-tag", 20 | "repository": "jfusterm/wp-packer", 21 | "tag": "4.5" 22 | }, 23 | { 24 | "type": "docker-push", 25 | "login": "true", 26 | "login_username": "jfusterm", 27 | "login_password": "", 28 | "login_email": "joan.fuster@gmail.com" 29 | } 30 | ] 31 | ] 32 | } 33 | -------------------------------------------------------------------------------- /terraform/aws.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | access_key = "${var.aws_access_key}" 3 | secret_key = "${var.aws_secret_key}" 4 | region = "us-west-2" 5 | } 6 | -------------------------------------------------------------------------------- /terraform/ec2.tf: -------------------------------------------------------------------------------- 1 | # ECS Container Instances 2 | 3 | resource "aws_instance" "ecs-instance01" { 4 | ami = "${lookup(var.amis, var.region)}" 5 | instance_type = "${var.instance_type}" 6 | availability_zone = "us-west-2a" 7 | subnet_id = "${aws_subnet.wp-public-tf.id}" 8 | key_name = "${var.key_name}" 9 | associate_public_ip_address = true 10 | iam_instance_profile = "ecsInstanceRole" 11 | security_groups = ["${aws_security_group.wp-ecs-sg-tf.id}"] 12 | user_data = "#!/bin/bash\necho ECS_CLUSTER=${aws_ecs_cluster.default.name} > /etc/ecs/ecs.config" 13 | tags { 14 | Name = "ecs-instance01" 15 | } 16 | } 17 | 18 | resource "aws_instance" "ecs-instance02" { 19 | ami = "${lookup(var.amis, var.region)}" 20 | instance_type = "${var.instance_type}" 21 | availability_zone = "us-west-2a" 22 | subnet_id = "${aws_subnet.wp-public-tf.id}" 23 | key_name = "${var.key_name}" 24 | associate_public_ip_address = true 25 | iam_instance_profile = "ecsInstanceRole" 26 | security_groups = ["${aws_security_group.wp-ecs-sg-tf.id}"] 27 | user_data = "#!/bin/bash\necho ECS_CLUSTER=${aws_ecs_cluster.default.name} > /etc/ecs/ecs.config" 28 | tags { 29 | Name = "ecs-instance02" 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /terraform/ecs.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ecs_cluster" "default" { 2 | name = "${var.ecs_cluster_name}" 3 | } 4 | 5 | resource "aws_ecs_task_definition" "wordpress" { 6 | family = "wp-ecs-task-tf" 7 | container_definitions = "${template_file.wp-container.rendered}" 8 | } 9 | 10 | resource "aws_ecs_service" "wp-ecs-svc" { 11 | name = "wp-ecs-svc-tf" 12 | cluster = "${aws_ecs_cluster.default.id}" 13 | task_definition = "${aws_ecs_task_definition.wordpress.arn}" 14 | desired_count = 2 15 | 16 | iam_role = "ecsServiceRole" 17 | 18 | load_balancer { 19 | elb_name = "${aws_elb.default.id}" 20 | container_name = "wordpress" 21 | container_port = 80 22 | } 23 | } -------------------------------------------------------------------------------- /terraform/elb.tf: -------------------------------------------------------------------------------- 1 | resource "aws_elb" "default" { 2 | name = "wp-elb-tf" 3 | subnets = ["${aws_subnet.wp-public-tf.id}"] 4 | security_groups = ["${aws_security_group.wp-elb-tf.id}"] 5 | 6 | listener { 7 | instance_port = 80 8 | instance_protocol = "http" 9 | lb_port = 80 10 | lb_protocol = "http" 11 | } 12 | 13 | health_check { 14 | healthy_threshold = 2 15 | unhealthy_threshold = 2 16 | timeout = 5 17 | target = "HTTP:80/" 18 | interval = 30 19 | } 20 | 21 | tags { 22 | Name = "wp-elb-tf" 23 | } 24 | } 25 | 26 | resource "aws_lb_cookie_stickiness_policy" "wp-elb-tf-policy" { 27 | name = "wp-elb-tf-policy" 28 | load_balancer = "${aws_elb.default.id}" 29 | lb_port = 80 30 | cookie_expiration_period = 600 31 | } -------------------------------------------------------------------------------- /terraform/outputs.tf: -------------------------------------------------------------------------------- 1 | output "elb_dns" { 2 | value = "${aws_elb.default.dns_name}" 3 | } 4 | 5 | output "ecs_instance01" { 6 | value = "${aws_instance.ecs-instance01.public_ip}" 7 | } 8 | 9 | output "ecs_instance02" { 10 | value = "${aws_instance.ecs-instance02.public_ip}" 11 | } -------------------------------------------------------------------------------- /terraform/rds.tf: -------------------------------------------------------------------------------- 1 | resource "aws_db_subnet_group" "default" { 2 | name = "wp-db-subnet-tf" 3 | description = "VPC Subnets" 4 | subnet_ids = ["${aws_subnet.wp-public-tf.id}", "${aws_subnet.wp-private-tf.id}"] 5 | } 6 | 7 | resource "aws_db_instance" "wordpress" { 8 | identifier = "wordpress-tf" 9 | allocated_storage = 5 10 | engine = "mysql" 11 | engine_version = "5.7.10" 12 | port = "3306" 13 | instance_class = "${var.db_instance_type}" 14 | name = "${var.db_name}" 15 | username = "${var.db_user}" 16 | password = "${var.db_password}" 17 | availability_zone = "us-west-2b" 18 | vpc_security_group_ids = ["${aws_security_group.wp-db-sg-tf.id}"] 19 | multi_az = false 20 | db_subnet_group_name = "${aws_db_subnet_group.default.id}" 21 | parameter_group_name = "default.mysql5.7" 22 | publicly_accessible = false 23 | } 24 | -------------------------------------------------------------------------------- /terraform/security-groups.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "wp-ecs-sg-tf" { 2 | name = "wp-ecs-instance-tf" 3 | description = "Security group for EC2 Container Instances" 4 | vpc_id = "${aws_vpc.default.id}" 5 | 6 | ingress { 7 | from_port = 80 8 | to_port = 80 9 | protocol = "tcp" 10 | cidr_blocks = ["0.0.0.0/0"] 11 | } 12 | 13 | ingress { 14 | from_port = 22 15 | to_port = 22 16 | protocol = "tcp" 17 | cidr_blocks = ["0.0.0.0/0"] 18 | } 19 | 20 | egress { 21 | from_port = 0 22 | to_port = 0 23 | protocol = "-1" 24 | cidr_blocks = ["0.0.0.0/0"] 25 | } 26 | 27 | tags { 28 | Name = "wp-ecs-sg-tf" 29 | } 30 | } 31 | 32 | resource "aws_security_group" "wp-db-sg-tf" { 33 | name = "wp-db-tf" 34 | description = "Access to the RDS instances from the VPC" 35 | vpc_id = "${aws_vpc.default.id}" 36 | 37 | ingress { 38 | from_port = 3306 39 | to_port = 3306 40 | protocol = "tcp" 41 | cidr_blocks = ["${var.vpc_cidr_block}"] 42 | } 43 | 44 | ingress { 45 | from_port = 8 46 | to_port = 0 47 | protocol = "icmp" 48 | cidr_blocks = ["${var.vpc_cidr_block}"] 49 | } 50 | 51 | egress { 52 | from_port = 0 53 | to_port = 0 54 | protocol = "-1" 55 | cidr_blocks = ["0.0.0.0/0"] 56 | } 57 | 58 | tags { 59 | Name = "wp-db-sg-tf" 60 | } 61 | } 62 | 63 | resource "aws_security_group" "wp-elb-tf" { 64 | name = "wp-sg-elb-tf" 65 | description = "Security Group for the ELB" 66 | vpc_id = "${aws_vpc.default.id}" 67 | 68 | ingress { 69 | from_port = 80 70 | to_port = 80 71 | protocol = "tcp" 72 | cidr_blocks = ["0.0.0.0/0"] 73 | } 74 | 75 | egress { 76 | from_port = 0 77 | to_port = 0 78 | protocol = "-1" 79 | cidr_blocks = ["0.0.0.0/0"] 80 | } 81 | 82 | tags { 83 | Name = "wp-sg-elb-tf" 84 | } 85 | } 86 | -------------------------------------------------------------------------------- /terraform/task-definitions/wordpress.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "wordpress", 4 | "image": "jfusterm/wp-packer:4.5", 5 | "cpu": 10, 6 | "memory": 300, 7 | "essential": true, 8 | "portMappings": [ 9 | { 10 | "hostPort": 80, 11 | "containerPort": 80, 12 | "protocol": "tcp" 13 | } 14 | ], 15 | "links": [], 16 | "command": [ 17 | "supervisord" 18 | ], 19 | "entryPoint": [ 20 | "/entrypoint.sh" 21 | ], 22 | "environment": [ 23 | { 24 | "name": "WORDPRESS_DB_HOST", 25 | "value": "${db_host}" 26 | }, 27 | { 28 | "name": "WORDPRESS_DB_USER", 29 | "value": "${db_user}" 30 | }, 31 | { 32 | "name": "WORDPRESS_DB_PASSWORD", 33 | "value": "${db_password}" 34 | }, 35 | { 36 | "name": "WORDPRESS_DB_NAME", 37 | "value": "${db_name}" 38 | }, 39 | { 40 | "name": "WORDPRESS_TITLE", 41 | "value": "${wp_title}" 42 | }, 43 | { 44 | "name": "WORDPRESS_USER", 45 | "value": "${wp_user}" 46 | }, 47 | { 48 | "name": "WORDPRESS_PASSWORD", 49 | "value": "${wp_password}" 50 | }, 51 | { 52 | "name": "WORDPRESS_MAIL", 53 | "value": "${wp_mail}" 54 | } 55 | ], 56 | "mountPoints": null, 57 | "volumesFrom": null, 58 | "extraHosts": null, 59 | "logConfiguration": null, 60 | "ulimits": null, 61 | "dockerLabels": null 62 | } 63 | ] 64 | -------------------------------------------------------------------------------- /terraform/templates.tf: -------------------------------------------------------------------------------- 1 | resource "template_file" "wp-container" { 2 | template = "${file("task-definitions/wordpress.json")}" 3 | 4 | vars { 5 | db_host = "${aws_db_instance.wordpress.endpoint}" 6 | db_name = "${var.db_name}" 7 | db_user = "${var.db_user}" 8 | db_password = "${var.db_password}" 9 | wp_title = "${var.wp_title}" 10 | wp_user = "${var.wp_user}" 11 | wp_password = "${var.wp_password}" 12 | wp_mail = "${var.wp_mail}" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /terraform/variables.tf: -------------------------------------------------------------------------------- 1 | 2 | variable "aws_access_key" { 3 | description = "AWS access key" 4 | } 5 | 6 | variable "aws_secret_key" { 7 | description = "AWS secret key" 8 | } 9 | 10 | variable "vpc_cidr_block" { 11 | description = "VPC network" 12 | default = "10.1.0.0/16" 13 | } 14 | 15 | variable "public_subnet_cidr_block" { 16 | description = "Public Subnet" 17 | default = "10.1.1.0/24" 18 | } 19 | 20 | variable "private_subnet_cidr_block" { 21 | description = "Private Subnet" 22 | default = "10.1.2.0/24" 23 | } 24 | 25 | variable "region" { 26 | description = "AWS Region" 27 | default = "us-west-2" 28 | } 29 | 30 | variable "availability_zones" { 31 | description = "Availability Zones" 32 | default = "us-west-2a,us-west-2b,us-west-2c" 33 | } 34 | 35 | variable "ecs_cluster_name" { 36 | description = "ECS cluster Name" 37 | default = "ecs-tf" 38 | } 39 | 40 | variable "amis" { 41 | description = "ECS Container Instances AMIs" 42 | default = { 43 | ap-northeast-1 = "ami-7e4a5b10" 44 | ap-southeast-1 = "ami-be63a9dd" 45 | ap-southeast-2 = "ami-b8cbe8db" 46 | eu-central-1 = "ami-9aeb0af5" 47 | eu-west-1 = "ami-9c9819ef" 48 | us-east-1 = "ami-67a3a90d" 49 | us-west-1 = "ami-b7d5a8d7" 50 | us-west-2 = "ami-c7a451a7" 51 | } 52 | } 53 | 54 | variable "instance_type" { 55 | description = "EC2 instance type" 56 | default = "t2.micro" 57 | } 58 | 59 | variable "db_instance_type" { 60 | description = "RDS instance type" 61 | default = "db.t2.micro" 62 | } 63 | 64 | variable "key_name" { 65 | description = "SSH key name to access the EC2 instances" 66 | } 67 | 68 | variable "db_name" { 69 | description = "RDS DB name" 70 | default = "wordpressdb" 71 | } 72 | 73 | variable "db_user" { 74 | description = "RDS DB username" 75 | default = "ecs" 76 | } 77 | 78 | variable "db_password" { 79 | description = "RDS DB password" 80 | default = "Qwerty12345-" 81 | } 82 | 83 | variable "wp_title" { 84 | description = "Wordpress title" 85 | default = "My Wordpress on ECS" 86 | } 87 | 88 | variable "wp_user" { 89 | description = "Wordpress username" 90 | default = "admin" 91 | } 92 | 93 | variable "wp_password" { 94 | description = "Wordpress password" 95 | default = "Qwerty12345-" 96 | } 97 | 98 | variable "wp_mail" { 99 | description = "Wordpress email" 100 | default = "joan.fuster@gmail.com" 101 | } -------------------------------------------------------------------------------- /terraform/vpc.tf: -------------------------------------------------------------------------------- 1 | # VPC 2 | 3 | resource "aws_vpc" "default" { 4 | cidr_block = "${var.vpc_cidr_block}" 5 | 6 | tags { 7 | Name = "wp-pvc-tf" 8 | } 9 | } 10 | 11 | # Internet Gateway 12 | 13 | resource "aws_internet_gateway" "default" { 14 | vpc_id = "${aws_vpc.default.id}" 15 | 16 | tags { 17 | Name = "wp-igw-tf" 18 | } 19 | } 20 | 21 | # Subnets 22 | 23 | resource "aws_subnet" "wp-public-tf" { 24 | vpc_id = "${aws_vpc.default.id}" 25 | cidr_block = "${var.public_subnet_cidr_block}" 26 | availability_zone = "us-west-2a" 27 | 28 | tags { 29 | Name = "wp-public-tf" 30 | } 31 | } 32 | 33 | resource "aws_subnet" "wp-private-tf" { 34 | vpc_id = "${aws_vpc.default.id}" 35 | cidr_block = "${var.private_subnet_cidr_block}" 36 | availability_zone = "us-west-2b" 37 | 38 | tags { 39 | Name = "wp-private-tf" 40 | } 41 | } 42 | 43 | # Route Tables 44 | 45 | resource "aws_route_table" "wp-rt-public-tf" { 46 | vpc_id = "${aws_vpc.default.id}" 47 | 48 | route { 49 | cidr_block = "0.0.0.0/0" 50 | gateway_id = "${aws_internet_gateway.default.id}" 51 | } 52 | 53 | tags { 54 | Name = "wp-rt-public-tf" 55 | } 56 | } 57 | 58 | resource "aws_route_table_association" "wp-public-tf" { 59 | subnet_id = "${aws_subnet.wp-public-tf.id}" 60 | route_table_id = "${aws_route_table.wp-rt-public-tf.id}" 61 | } --------------------------------------------------------------------------------