[DM-11448] Allow external connection to SQuaSH DB RDS instance - Jira

XML

Word

Printable

Details

Type: Story
Status: Won't Fix
Resolution: Done
Fix Version/s: None
Component/s: None
Labels:
None

Story Points:
1
Epic Link:
sqre-f17-k8sq
Team:
SQuaRE

Description

Joshua Hoblitt here is my attempt in changing terraform configuration to allow external connections to SQuaSH DB RDS instance. It didn't work and I couldn't figure out what is missing.

For testing the squash-api in the kubernetes deployment I can run mysql on another container and restore a copy of the current DB. It should be enough for now.

If we are going to deploy the SQuaSH DB on kubernetes this example seems to cover what we need:
https://kubernetes.io/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume/

Attachments

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Angelo Fausti added a comment - 31/Jul/17 5:20 PM

So, I have changed:

$ git diff main.tf

diff --git a/terraform/main.tf b/terraform/main.tf

index 1a75c6f..21116a8 100644

--- a/terraform/main.tf

+++ b/terraform/main.tf

@@ -173,3 +173,28 @@ resource "aws_security_group" "jenkins-demo-internal" {

     Name = "${var.demo_name}-internal"

+resource "aws_security_group" "jenkins-demo-external" {

+  vpc_id      = "${aws_vpc.jenkins-demo.id}"

+  name        = "${var.demo_name}-external"

+  description = "allow VPC external traffic"

+  ingress {

+    from_port   = 3306

+    to_port     = 3306

+    protocol    = "tcp"

+    cidr_blocks = ["${aws_subnet.jenkins-demo.cidr_block}"]

+  }

+  # allow all output traffic from the VPC

+  egress {

+    from_port   = 3306

+    to_port     = 3306

+    protocol    = "tcp"

+    cidr_blocks = ["0.0.0.0/0"]

+  }

+  tags {

+    Name = "${var.demo_name}-external"

+  }

+}

and

$ git diff --no-index opt/rds.tf rds.tf

diff --git a/opt/rds.tf b/rds.tf

index 624b6d3..f4709c5 100644

--- a/opt/rds.tf

+++ b/rds.tf

@@ -20,11 +20,12 @@ resource "aws_db_instance" "jenkins-demo" {

   skip_final_snapshot       = false

   copy_tags_to_snapshot     = true

   backup_retention_period   = 30

-  vpc_security_group_ids    = ["${aws_security_group.jenkins-demo-internal.id}"]

+  vpc_security_group_ids    = ["${aws_security_group.jenkins-demo-external.id}"]

   db_subnet_group_name      = "${aws_db_subnet_group.jenkins-demo.id}"

   multi_az                  = false

   backup_window             = "07:00-07:55"

   maintenance_window        = "Tue:08:00-Tue:11:00"

+  publicly_accessible       = true

 resource "aws_db_parameter_group" "jenkins-demo" {

@@ -59,7 +60,7 @@ resource "aws_subnet" "jenkins-demo-db1" {

   vpc_id                  = "${aws_vpc.jenkins-demo.id}"

   availability_zone       = "${var.aws_default_region}b"

   cidr_block              = "192.168.42.0/24"

-  map_public_ip_on_launch = false

+  map_public_ip_on_launch = true

   tags {

     Name = "${var.demo_name}-db1"

@@ -70,7 +71,7 @@ resource "aws_subnet" "jenkins-demo-db2" {

   vpc_id                  = "${aws_vpc.jenkins-demo.id}"

   availability_zone       = "${var.aws_default_region}c"

   cidr_block              = "192.168.43.0/24"

-  map_public_ip_on_launch = false

+  map_public_ip_on_launch = true

   tags {

     Name = "${var.demo_name}-db2"

followed by ./bin/terraform apply. But couldn't get external connection working.

Will proceed with plan B then.

Show

Angelo Fausti added a comment - 31/Jul/17 5:20 PM So, I have changed: $ git diff main.tf diff --git a /terraform/main .tf b /terraform/main .tf index 1a75c6f..21116a8 100644 --- a /terraform/main .tf +++ b /terraform/main .tf @@ -173,3 +173,28 @@ resource "aws_security_group" "jenkins-demo-internal" { Name = "${var.demo_name}-internal" } } + +resource "aws_security_group" "jenkins-demo-external" { + vpc_id = "${aws_vpc.jenkins-demo.id}" + name = "${var.demo_name}-external" + description = "allow VPC external traffic" + + ingress { + from_port = 3306 + to_port = 3306 + protocol = "tcp" + cidr_blocks = [ "${aws_subnet.jenkins-demo.cidr_block}" ] + } + + # allow all output traffic from the VPC + egress { + from_port = 3306 + to_port = 3306 + protocol = "tcp" + cidr_blocks = [ "0.0.0.0/0" ] + } + + tags { + Name = "${var.demo_name}-external" + } +} and $ git diff --no-index opt /rds .tf rds.tf diff --git a /opt/rds .tf b /rds .tf index 624b6d3..f4709c5 100644 --- a /opt/rds .tf +++ b /rds .tf @@ -20,11 +20,12 @@ resource "aws_db_instance" "jenkins-demo" { skip_final_snapshot = false copy_tags_to_snapshot = true backup_retention_period = 30 - vpc_security_group_ids = [ "${aws_security_group.jenkins-demo-internal.id}" ] + vpc_security_group_ids = [ "${aws_security_group.jenkins-demo-external.id}" ] db_subnet_group_name = "${aws_db_subnet_group.jenkins-demo.id}" multi_az = false backup_window = "07:00-07:55" maintenance_window = "Tue:08:00-Tue:11:00" + publicly_accessible = true } resource "aws_db_parameter_group" "jenkins-demo" { @@ -59,7 +60,7 @@ resource "aws_subnet" "jenkins-demo-db1" { vpc_id = "${aws_vpc.jenkins-demo.id}" availability_zone = "${var.aws_default_region}b" cidr_block = "192.168.42.0/24" - map_public_ip_on_launch = false + map_public_ip_on_launch = true tags { Name = "${var.demo_name}-db1" @@ -70,7 +71,7 @@ resource "aws_subnet" "jenkins-demo-db2" { vpc_id = "${aws_vpc.jenkins-demo.id}" availability_zone = "${var.aws_default_region}c" cidr_block = "192.168.43.0/24" - map_public_ip_on_launch = false + map_public_ip_on_launch = true tags { Name = "${var.demo_name}-db2" followed by ./bin/terraform apply . But couldn't get external connection working. Will proceed with plan B then.

Hide

Permalink

Angelo Fausti added a comment - 31/Jul/17 5:24 PM

Joshua Hoblitt reported my changes here in case you have time to review, let's say next week no hurry.

Show

Angelo Fausti added a comment - 31/Jul/17 5:24 PM Joshua Hoblitt reported my changes here in case you have time to review, let's say next week no hurry.

Hide

Permalink

Angelo Fausti added a comment - 04/Aug/17 10:57 AM

This is not needed anymore since we decided to implement squash-db on kubernetes right away.

Show

Angelo Fausti added a comment - 04/Aug/17 10:57 AM This is not needed anymore since we decided to implement squash-db on kubernetes right away.

People

Assignee:: Angelo Fausti

Reporter:: Angelo Fausti

Reviewers:: Joshua Hoblitt

Watchers:: Angelo Fausti, Joshua Hoblitt

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 31/Jul/17 5:07 PM

Updated:: 04/Aug/17 10:57 AM

Resolved:: 04/Aug/17 10:57 AM

Jenkins

No builds found.

Data Management

Details

Description

Attachments

Activity

People

Dates

Jenkins