-
Notifications
You must be signed in to change notification settings - Fork 0
/
deploy-ha.sh
executable file
·203 lines (177 loc) · 8.98 KB
/
deploy-ha.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
#!/bin/bash
set -o xtrace
## Configuration
export PRIMARY_REGION="eu-central-1"
export SECONDARY_REGION="eu-west-1"
export ENV_NAME="prod"
export APP_NAME="ghost"
export DOMAIN_NAME="d7o5rsy6thbx9.cloudfront.net"
## End of Configuration
if [ -z "$IMAGE_TAG" ]; then
echo "IMAGE_TAG environment variable must be set to know what to deploy"
exit 10
fi
echo "IMAGE_TAG=$IMAGE_TAG"
ACCOUNT_ID=`aws sts get-caller-identity --query=Account --output=text`
# Cloudformation buckets
export PRIMARY_BUCKET_NAME="$ENV_NAME-$PRIMARY_REGION-templates"
aws s3 mb "s3://$PRIMARY_BUCKET_NAME" --region=$PRIMARY_REGION || true
export SECONDARY_BUCKET_NAME="$ENV_NAME-$SECONDARY_REGION-templates"
aws s3 mb "s3://$SECONDARY_BUCKET_NAME" --region=$SECONDARY_REGION || true
export GLOBAL_BUCKET_NAME="$ENV_NAME-us-east-1-templates"
aws s3 mb "s3://$GLOBAL_BUCKET_NAME" --region=us-east-1 || true
#### Sync specified image primary to secondary
export PRIMARY_ECR_URI=`aws cloudformation list-exports --query="Exports[?Name=='$APP_NAME-RepositoryUri'][Value]" --region=$PRIMARY_REGION --output=text` || exit 3
export SECONDARY_ECR_URI=`aws cloudformation list-exports --query="Exports[?Name=='$APP_NAME-RepositoryUri'][Value]" --region=$SECONDARY_REGION --output=text` || exit 3
aws ecr get-login-password --region $PRIMARY_REGION | docker login --username AWS --password-stdin $ACCOUNT_ID.dkr.ecr.$PRIMARY_REGION.amazonaws.com || exit 3
docker pull $PRIMARY_ECR_URI:$IMAGE_TAG
docker tag $PRIMARY_ECR_URI:$IMAGE_TAG $SECONDARY_ECR_URI:$IMAGE_TAG
aws ecr get-login-password --region $SECONDARY_REGION | docker login --username AWS --password-stdin $ACCOUNT_ID.dkr.ecr.$SECONDARY_REGION.amazonaws.com || exit 3
docker push $SECONDARY_ECR_URI:$IMAGE_TAG || exit 3
#### Resource Group
# Primary
sam deploy --stack-name="$ENV_NAME-resource-group" \
--parameter-overrides="Value=\"$ENV_NAME\" TagName=\"env\"" \
--tags="env=$ENV_NAME" \
--capabilities="CAPABILITY_NAMED_IAM" \
--region=$PRIMARY_REGION \
--s3-bucket=$PRIMARY_BUCKET_NAME \
--no-fail-on-empty-changeset \
--template-file 0.resource-group.yaml || exit 2
# Secondary
sam deploy --stack-name="$ENV_NAME-resource-group" \
--parameter-overrides="Value=\"$ENV_NAME\" TagName=\"env\"" \
--tags="env=$ENV_NAME" \
--capabilities="CAPABILITY_NAMED_IAM" \
--region=$SECONDARY_REGION \
--s3-bucket=$SECONDARY_BUCKET_NAME \
--no-fail-on-empty-changeset \
--template-file 0.resource-group.yaml || exit 2
#### VPC
# Primary
export VpcCIDRNet="10.200"
sam deploy --stack-name="$ENV_NAME-vpc" \
--parameter-overrides="EnvName=\"$ENV_NAME\" VpcCIDR=\"$VpcCIDRNet.0.0/16\" PublicSubnet1CIDR=\"$VpcCIDRNet.10.0/24\" PublicSubnet2CIDR=\"$VpcCIDRNet.11.0/24\" PrivateSubnet1CIDR=\"$VpcCIDRNet.20.0/24\" PrivateSubnet2CIDR=\"$VpcCIDRNet.21.0/24\"" \
--tags="env=$ENV_NAME" \
--capabilities="CAPABILITY_NAMED_IAM" \
--region=$PRIMARY_REGION \
--s3-bucket=$PRIMARY_BUCKET_NAME \
--no-fail-on-empty-changeset \
--template-file 1.vpc.yaml || exit 2
# Secondary
export VpcCIDRNet="10.100"
sam deploy --stack-name="$ENV_NAME-vpc" \
--parameter-overrides="EnvName=\"$ENV_NAME\" VpcCIDR=\"$VpcCIDRNet.0.0/16\" PublicSubnet1CIDR=\"$VpcCIDRNet.10.0/24\" PublicSubnet2CIDR=\"$VpcCIDRNet.11.0/24\" PrivateSubnet1CIDR=\"$VpcCIDRNet.20.0/24\" PrivateSubnet2CIDR=\"$VpcCIDRNet.21.0/24\"" \
--tags="env=$ENV_NAME" \
--capabilities="CAPABILITY_NAMED_IAM" \
--region=$SECONDARY_REGION \
--s3-bucket=$SECONDARY_BUCKET_NAME \
--no-fail-on-empty-changeset \
--template-file 1.vpc.yaml || exit 2
#### EFS
# Secondary - create destination EFS first
sam deploy --stack-name="$ENV_NAME-efs" \
--parameter-overrides="EnvName=\"$ENV_NAME\" " \
--tags="env=$ENV_NAME" \
--capabilities="CAPABILITY_NAMED_IAM" \
--region=$SECONDARY_REGION \
--s3-bucket=$SECONDARY_BUCKET_NAME \
--no-fail-on-empty-changeset \
--template-file 3.efs.yaml || exit 2
export DESTINATION_FILESYSTEM_ID=`aws cloudformation list-exports --query="Exports[?Name=='$ENV_NAME-FilesystemId'][Value]" --region=$SECONDARY_REGION --output=text`
echo "DestinationFileSystemId=$DESTINATION_FILESYSTEM_ID"
# Primary - create primary and configure replication to sedondary
sam deploy --stack-name="$ENV_NAME-efs" \
--parameter-overrides="EnvName=\"$ENV_NAME\" ReplicateToFileSystemId=\"$DESTINATION_FILESYSTEM_ID\" DestinationRegion=\"$SECONDARY_REGION\"" \
--tags="env=$ENV_NAME" \
--capabilities="CAPABILITY_NAMED_IAM" \
--region=$PRIMARY_REGION \
--s3-bucket=$PRIMARY_BUCKET_NAME \
--no-fail-on-empty-changeset \
--template-file 3.efs.yaml || exit 2
#### DB
# Create global DB secret manager from primary region
sam deploy --stack-name="$ENV_NAME-secrets" \
--parameter-overrides="EnvName=\"$ENV_NAME\" SecondaryRegion=\"$SECONDARY_REGION\"" \
--tags="env=$ENV_NAME" \
--capabilities="CAPABILITY_NAMED_IAM" \
--region=$PRIMARY_REGION \
--s3-bucket=$PRIMARY_BUCKET_NAME \
--no-fail-on-empty-changeset \
--template-file 0.secrets.yaml || exit 2
export MASTER_SECRET_ARN=`aws cloudformation list-exports --query="Exports[?Name=='$ENV_NAME-MasterSecret'][Value]" --region=$PRIMARY_REGION --output=text`
echo "SecretArn=$MASTER_SECRET_ARN"
export MASTER_SECRET_NAME=`echo "$MASTER_SECRET_ARN" | awk -F ":" '{ print $7 }'`
echo "SecretName=$MASTER_SECRET_NAME"
# Primary - Create global DB and source cluster first
export EXISTING_GLOBAL_DB="" # keep empty to to create new global DB
sam deploy --stack-name="$ENV_NAME-aurora-mysql" \
--parameter-overrides="EnvName=\"$ENV_NAME\" DBInstanceClass=\"db.r5.large\" ExistingGlobalDbArn=\"$EXISTING_GLOBAL_DB\" MasterSecretName=\"$MASTER_SECRET_NAME\"" \
--tags="env=$ENV_NAME" \
--capabilities="CAPABILITY_NAMED_IAM" \
--region=$PRIMARY_REGION \
--s3-bucket=$PRIMARY_BUCKET_NAME \
--no-fail-on-empty-changeset \
--template-file 2.aurora-mysql.yaml || exit 2
# Secondary - join existing global cluster
export EXISTING_GLOBAL_DB="$ENV_NAME-global"
sam deploy --stack-name="$ENV_NAME-aurora-mysql" \
--parameter-overrides="EnvName=\"$ENV_NAME\" DBInstanceClass=\"db.r5.large\" ExistingGlobalDbArn=\"$EXISTING_GLOBAL_DB\" MasterSecretName=\"$MASTER_SECRET_NAME\"" \
--tags="env=$ENV_NAME" \
--capabilities="CAPABILITY_NAMED_IAM" \
--region=$SECONDARY_REGION \
--s3-bucket=$SECONDARY_BUCKET_NAME \
--no-fail-on-empty-changeset \
--template-file 2.aurora-mysql.yaml || exit 2
# #### Main APP
# Primary
# According to https://ghost.org/docs/faq/clustering-sharding-multi-server/ max number of simultaniously running instances can be 1
sam deploy --stack-name="$ENV_NAME-app" \
--parameter-overrides="EnvName=\"$ENV_NAME\" DomainName=\"$DOMAIN_NAME\" AppName=\"$APP_NAME\" ImageTag=\"$IMAGE_TAG\" MasterSecretName=\"$MASTER_SECRET_NAME\" DesiredCount=\"1\"" \
--tags="env=$ENV_NAME" \
--capabilities="CAPABILITY_NAMED_IAM" \
--region=$PRIMARY_REGION \
--s3-bucket=$PRIMARY_BUCKET_NAME \
--no-fail-on-empty-changeset \
--template-file 4.app.yaml || exit 2
# Secondary region goes scaled down to 0
sam deploy --stack-name="$ENV_NAME-app" \
--parameter-overrides="EnvName=\"$ENV_NAME\" DomainName=\"$DOMAIN_NAME\" AppName=\"$APP_NAME\" ImageTag=\"$IMAGE_TAG\" MasterSecretName=\"$MASTER_SECRET_NAME\" DesiredCount=\"0\"" \
--tags="env=$ENV_NAME" \
--capabilities="CAPABILITY_NAMED_IAM" \
--region=$SECONDARY_REGION \
--s3-bucket=$SECONDARY_BUCKET_NAME \
--no-fail-on-empty-changeset \
--template-file 4.app.yaml || exit 2
export PRIMARY_ALB=`aws cloudformation list-exports --query="Exports[?Name=='$ENV_NAME-LoadBalancer-DNSName'][Value]" --region=$PRIMARY_REGION --output=text`
echo "PRIMARY_ALB=$PRIMARY_ALB"
export SECONDARY_ALB=`aws cloudformation list-exports --query="Exports[?Name=='$ENV_NAME-LoadBalancer-DNSName'][Value]" --region=$SECONDARY_REGION --output=text`
sam deploy --stack-name="$ENV_NAME-cloudfront" \
--parameter-overrides="EnvName=\"$ENV_NAME\" PrimaryOriginDnsName=\"$PRIMARY_ALB\" SecondaryOriginDnsName=\"$SECONDARY_ALB\"" \
--tags="env=$ENV_NAME" \
--capabilities="CAPABILITY_NAMED_IAM" \
--region=us-east-1 \
--s3-bucket=$GLOBAL_BUCKET_NAME \
--no-fail-on-empty-changeset \
--template-file 5.cloudfront.yaml || exit 2
#### Delete All Lambda
# Primary
cd ./lambda/delete-posts
sam build && sam deploy --stack-name="$ENV_NAME-lambda-delete-posts" \
--parameter-overrides="GhostUrl=\"$PRIMARY_ALB\"" \
--tags="env=$ENV_NAME" \
--capabilities="CAPABILITY_NAMED_IAM" \
--region=$PRIMARY_REGION \
--s3-bucket=$PRIMARY_BUCKET_NAME \
--no-fail-on-empty-changeset \
--template-file template.yaml || exit 2
# Secondary
cd ./lambda/delete-posts
sam build && sam deploy --stack-name="$ENV_NAME-lambda-delete-posts" \
--parameter-overrides="GhostUrl=\"$SECONDARY_ALB\"" \
--tags="env=$ENV_NAME" \
--capabilities="CAPABILITY_NAMED_IAM" \
--region=$SECONDARY_REGION \
--s3-bucket=$SECONDARY_BUCKET_NAME \
--no-fail-on-empty-changeset \
--template-file template.yaml || exit 2