Squashing previous PR commit because I forgot to set the repo to do that

Author: ryapric

.gitignore

@@ -0,0 +1,2 @@
+.vagrant
+.DS_Store

.gitmodules

@@ -6,6 +6,11 @@ if [[ "$(id -u)" -ne 0 ]]; then
   exit 1
 fi
 
+# Disable unattended-upgrades (if it exists) because that shit is ANNOYING
+systemctl stop unattended-upgrades.service || true
+systemctl disable unattended-upgrades.service || true
+apt-get remove --purge -y unattended-upgrades || true
+
 # Enable SSH password access
 sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
 systemctl restart sshd

linux/.gitignore

@@ -22,6 +22,11 @@ if grep -v -q "${team_name}" /etc/hosts ; then
   printf '\n 127.0.0.1    %s\n' "${team_name}" >> /etc/hosts
 fi
 
+# Disable unattended-upgrades (if it exists) because that shit is ANNOYING
+systemctl stop unattended-upgrades.service || true
+systemctl disable unattended-upgrades.service || true
+apt-get remove --purge -y unattended-upgrades || true
+
 # Enable SSH password access
 sed -i -E 's/.*PasswordAuthentication.*no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
 systemctl restart sshd
@@ -85,12 +90,8 @@ printf 'All done!\n'
 ## TODO: ideas for other scorable steps for teams:
 
 # Simulate a git repo's history a la:
-# cd /opt/app
-# git init
-# git remote add origin FAKE
-# <do some thing to change local code>
-# git add .
-# git commit -m "WIP"
+# (at time of writing, this was on the branch 'feature/add-git-scoring-step')
+
 # ...
 
 # mess up the current branch (maybe it was a feature branch that got yeeted)?

linux/instructions/step_4.md

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+outputs_file='/tmp/outputs.json'
+
+cd "$(dirname $0)"
+
+printf '>>> Getting Terraform outputs...\n'
+(cd ../terraform && terraform output -json) > "${outputs_file}"
+
+printf '>>> Determining IP addresses of DB server...\n'
+db_pub_ip="$(jq -rc '.db_pub_ip.value' ${outputs_file})"
+db_priv_ip="$(jq -rc '.db_priv_ip.value' ${outputs_file})"
+printf '>>> DB IPs: Public %s, Private %s\n' "${db_pub_ip}" "${db_priv_ip}"
+
+printf '>>> Determining IP addresses of Team servers...\n'
+num_teams="$(jq '[.instance_ips.value[]] | length' ${outputs_file})"
+team_server_ips="$(jq -c '[.instance_ips.value[]]' ${outputs_file})"
+printf '>>> %s teams, with IPs of: %s\n' "${num_teams}" "${team_server_ips}"
+
+printf '>>> Adding DB server init script...\n'
+scp -o StrictHostKeyChecking=accept-new -r ../scripts admin@"${db_pub_ip}":/tmp
+printf '>>> Running DB server init script...\n'
+ssh admin@"${db_pub_ip}" 'sudo bash /tmp/scripts/init-db.sh'
+
+for server_num in $(seq 1 "${num_teams}") ; do
+  server_index=$((server_num - 1))
+  server_ip=$(echo "${team_server_ips}" | jq -rc ".[${server_index}]")
+  printf '>>> Team %s IP is %s\n' "${server_num}" "${server_ip}"
+
+  printf '>>> Adding files to Team server %s at %s...\n' "${server_num}" "${server_ip}"
+  scp -r -o StrictHostKeyChecking=accept-new ../scripts ../services ../instructions ../dummy-app-src admin@"${server_ip}":/tmp
+
+  printf '>>> Running init on Team server %s at %s...\n' "${server_num}" "${server_ip}"
+  ssh admin@"${server_ip}" "export team_name=Team-${server_num} && export db_addr=${db_priv_ip} && sudo -E bash /tmp/scripts/init.sh"
+
+  printf '>>> Running tests on Team server %s at %s...\n' "${server_num}" "${server_ip}"
+  ssh admin@"${server_ip}" "sudo -E bats /.ws/scripts/test.bats"
+
+  printf '>>> Done with Team server %s at %s\n' "${server_num}" "${server_ip}"
+done

linux/scripts/init-db.sh

@@ -1,2 +1,3 @@
 .terraform/
 *.tfvars
+*tfstate*

linux/scripts/init.sh

@@ -5,41 +5,111 @@ provider "aws" {
 }
 
 locals {
-  db_ip  = "10.0.1.10"
-  region = var.aws_region
-
+  db_ip   = "10.0.1.10"
+  region  = var.aws_region
+  name    = "${var.event_name}-osc-workshop-linux"
+  my_cidr = "${chomp(data.http.my_ip.response_body)}/32"
   tags = {
-
+    event_name = var.event_name
   }
 }
 
 module "vpc" {
   source = "terraform-aws-modules/vpc/aws"
 
-  name = "osc-workshop-linux"
+  name = local.name
   cidr = "10.0.0.0/16"
 
-  azs            = ["${local.region}a"]
+  azs            = [data.aws_availability_zones.available.names[0]]
   public_subnets = ["10.0.1.0/24"]
 
   enable_nat_gateway = false
 
+  manage_default_network_acl    = false
+  manage_default_route_table    = false
+  manage_default_security_group = false
+  manage_default_vpc            = false
+
+  tags = local.tags
+}
+
+module "security_group" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 4.0"
+
+  name        = local.name
+  description = "Security group for local IP ssh"
+  vpc_id      = module.vpc.vpc_id
+
+  ingress_cidr_blocks = [local.my_cidr]
+  ingress_rules       = ["ssh-tcp", "all-icmp"]
+  egress_rules        = ["all-all"]
+
+  ingress_with_cidr_blocks = concat(
+    [
+      {
+        from_port   = 8080
+        to_port     = 8080
+        protocol    = "tcp"
+        description = "Score server dashboard"
+        cidr_blocks = local.my_cidr
+      },
+      {
+        from_port   = 5432
+        to_port     = 5432
+        protocol    = "tcp"
+        description = "Score DB for team servers"
+        cidr_blocks = module.vpc.vpc_cidr_block
+      },
+      {
+        from_port   = 5432
+        to_port     = 5432
+        protocol    = "tcp"
+        description = "Score DB for deployer"
+        cidr_blocks = local.my_cidr
+      }
+    ],
+    var.custom_security_group_ingress
+  )
+
   tags = local.tags
 }
 
 module "db" {
   source  = "terraform-aws-modules/ec2-instance/aws"
-  version = "~> 3.0"
+  version = "~> 4.0"
+
+  name = "${local.name}-db"
+
+  ami                         = data.aws_ami.latest.id
+  instance_type               = "t2.micro"
+  key_name                    = aws_key_pair.main.key_name
+  vpc_security_group_ids      = [module.security_group.security_group_id]
+  subnet_id                   = module.vpc.public_subnets[0]
+  associate_public_ip_address = true
 
-  subnet_id  = module.vpc.public_subnets[0].subnet_id
-  private_ip = local.db_ip
+  tags = local.tags
 }
 
-module "team_server" {
+module "team_servers" {
   source  = "terraform-aws-modules/ec2-instance/aws"
-  version = "~> 3.0"
+  version = "~> 4.0"
+
+  count = var.num_teams
 
-  for_each = toset(["1", "2"])
+  name = "${local.name}-team-${count.index + 1}"
+
+  ami                         = data.aws_ami.latest.id
+  instance_type               = "t2.micro"
+  key_name                    = aws_key_pair.main.key_name
+  vpc_security_group_ids      = [module.security_group.security_group_id]
+  subnet_id                   = module.vpc.public_subnets[0]
+  associate_public_ip_address = true
+
+  tags = local.tags
+}
 
-  subnet_id = module.vpc.public_subnets[0].subnet_id
+resource "aws_key_pair" "main" {
+  key_name   = local.name
+  public_key = file(pathexpand(var.ssh_local_key_path))
 }