From de3d0b6b74f31aa6fe3fd9b8850dcc5fb464a89f Mon Sep 17 00:00:00 2001 From: Robert Sweetman Date: Fri, 17 Jan 2025 16:36:47 +0000 Subject: [PATCH] :rocket: deploy lb for onr production (#9387) * :rocket: deploy lb for onr production * fix typo * change url for onr and add DNS record * simplify lb alias record * fix lb host header value --- .../locals_preproduction.tf | 4 +- .../locals_production.tf | 141 ++++++++++++++++++ 2 files changed, 143 insertions(+), 2 deletions(-) diff --git a/terraform/environments/oasys-national-reporting/locals_preproduction.tf b/terraform/environments/oasys-national-reporting/locals_preproduction.tf index eb601b1299d..335aed91df9 100644 --- a/terraform/environments/oasys-national-reporting/locals_preproduction.tf +++ b/terraform/environments/oasys-national-reporting/locals_preproduction.tf @@ -181,7 +181,7 @@ locals { } } - # DO NOT DEPLOY YET AS OTHER THINGS AREN'T READY + # DO NOT FULLY DEPLOY YET AS WEB INSTANCES ARE NOT IN USE lbs = { public = merge(local.lbs.public, { instance_target_groups = { @@ -274,7 +274,7 @@ locals { # conditions = [{ # host_header = { # values = [ - # "pp-onr-web-1-a.oasys-national-reporting.hmpps-test.modernisation-platform.service.justice.gov.uk", + # "pp-onr-web-1-a.oasys-national-reporting.hmpps-preproduction.modernisation-platform.service.justice.gov.uk", # ] # } # }] diff --git a/terraform/environments/oasys-national-reporting/locals_production.tf b/terraform/environments/oasys-national-reporting/locals_production.tf index bc389e55f32..77dfa8206cf 100644 --- a/terraform/environments/oasys-national-reporting/locals_production.tf +++ b/terraform/environments/oasys-national-reporting/locals_production.tf @@ -131,6 +131,144 @@ locals { } } + # DO NOT FULLY DEPLOY YET AS WEB INSTANCES ARE NOT IN USE + lbs = { + public = merge(local.lbs.public, { + instance_target_groups = { + pd-onr-bods-http28080 = merge(local.lbs.public.instance_target_groups.http28080, { + attachments = [ + { ec2_instance_name = "pd-onr-bods-1" }, + ] + }) + } + listeners = merge(local.lbs.public.listeners, { + https = merge(local.lbs.public.listeners.https, { + alarm_target_group_names = [] + rules = { + pd-onr-bods-http28080 = { + priority = 100 + actions = [{ + type = "forward" + target_group_name = "pd-onr-bods-http28080" + }] + conditions = [{ + host_header = { + values = [ + "bods.reporting.oasys.service.justice.gov.uk", + ] + } + }] + } + } + }) + }) + }) + + # No web instances built yet, not in use + # private = { + # drop_invalid_header_fields = false # https://me.sap.com/notes/0003348935 + # enable_cross_zone_load_balancing = true + # enable_delete_protection = false + # idle_timeout = 3600 + # internal_lb = true + # load_balancer_type = "application" + # security_groups = ["lb"] + # subnets = module.environment.subnets["private"].ids + + # instance_target_groups = { + # pd-onr-web-1-a = { + # port = 7777 + # protocol = "HTTP" + # health_check = { + # enabled = true + # healthy_threshold = 3 + # interval = 30 + # matcher = "200-399" + # path = "/" + # port = 7777 + # timeout = 5 + # unhealthy_threshold = 5 + # } + # stickiness = { + # enabled = true + # type = "lb_cookie" + # } + # attachments = [ + # { ec2_instance_name = "pd-onr-web-1-a" }, + # ] + # } + # } + + # listeners = { + # http = { + # port = 7777 + # protocol = "HTTP" + + # default_action = { + # type = "fixed-response" + # fixed_response = { + # content_type = "text/plain" + # message_body = "Not implemented" + # status_code = "501" + # } + # } + # rules = { + # pd-onr-web-1-a = { + # priority = 4000 + + # actions = [{ + # type = "forward" + # target_group_name = "pd-onr-web-1-a" + # }] + + # conditions = [{ + # host_header = { + # values = [ + # "pd-onr-web-1-a.oasys-national-reporting.hmpps-production.modernisation-platform.service.justice.gov.uk", + # ] + # } + # }] + # } + # } + # } + # https = { + # certificate_names_or_arns = ["oasys_national_reporting_wildcard_cert"] + # port = 443 + # protocol = "HTTPS" + # ssl_policy = "ELBSecurityPolicy-2016-08" + + # default_action = { + # type = "fixed-response" + # fixed_response = { + # content_type = "text/plain" + # message_body = "Not implemented" + # status_code = "501" + # } + # } + + # rules = { + # pd-onr-web-1-a = { + # priority = 4580 + + # actions = [{ + # type = "forward" + # target_group_name = "pd-onr-web-1-a" + # }] + + # conditions = [{ + # host_header = { + # values = [ + # "pd-onr-web-1-a.oasys-national-reporting.hmpps-production.modernisation-platform.service.justice.gov.uk", + # ] + # } + # }] + # } + # } + # } + # } + # } + } # end of lbs + route53_zones = { "reporting.oasys.service.justice.gov.uk" = { ns_records = [ @@ -142,6 +280,9 @@ locals { { name = "test", type = "NS", ttl = "86000", records = ["ns-1440.awsdns-52.org", "ns-1823.awsdns-35.co.uk", "ns-43.awsdns-05.com", "ns-893.awsdns-47.net"] }, { name = "preproduction", type = "NS", ttl = "86400", records = ["ns-1161.awsdns-17.org", "ns-2014.awsdns-59.co.uk", "ns-487.awsdns-60.com", "ns-919.awsdns-50.net"] }, ] + lb_alias_records = [ + { name = "bods", type = "A", lbs_map_key = "public" } + ], } "production.reporting.oasys.service.justice.gov.uk" = { }