terraform: update .gitignore

terraform: rewrite ansible_inventory as yaml instead of ini
terraform: rename output directory
2022-06-16 18:07:06 +02:00 · 2022-06-16 18:06:53 +02:00 · 2022-06-16 18:05:09 +02:00 · 2022-06-16 17:53:52 +02:00 · 2022-06-16 17:53:38 +02:00
19 changed files with 235 additions and 74 deletions
--- a/ansible/group_vars/all/vars.yml
+++ b/ansible/group_vars/all/vars.yml
@ -3,5 +3,6 @@
 sshwifty_internal_port: 8080
 sshwifty_configuration_directory: "/etc/sshwifty"
 sshwifty_work_directory: "/var/lib/sshwifty"
 sshwifty_gateway_access: false
 #
--- a/ansible/host_vars/prod-gateway4/vars.yml
+++ b/ansible/host_vars/prod-gateway4/vars.yml
@ -0,0 +1 @@
 ---
--- a/ansible/inventories/terraform
+++ b/ansible/inventories/terraform
@ -1 +1 @@
-../../terraform/outputs/inventory
+../../terraform/_build/ansible_inventory
--- a/ansible/tasks/setup_sshwifty.yml
+++ b/ansible/tasks/setup_sshwifty.yml
@ -1,4 +1,20 @@
 ---
 # - name: Check sshwifty_* variables are not empty
 #   assert:
 #     that:
 #       sshwifty_configuration_directory
 #       sshwifty_hostname
 #       sshwifty_public_port
 #       sshwifty_shared_key
 #       sshwifty_authentication
 #       sshwifty_ssh_password
 #       sshwifty_ssh_user
 #       sshwifty_internal_port
 #       sshwifty_configuration_directory
 #       sshwifty_work_directory
 #       sshwifty_gateway_access
 #   msg: ""
 - name: Install required system packages
  ansible.builtin.apt:
    name:
@ -43,7 +59,7 @@
 - name: Run SSHwifty
  community.docker.docker_compose:
    project_src: "{{ sshwifty_work_directory }}"
-    recreate: smart
+    recreate: always
    state: present
 #
--- a/ansible/templates/sshwifty.conf-with-gateway.j2
+++ b/ansible/templates/sshwifty.conf-with-gateway.j2
@ -0,0 +1,66 @@
 {# vim: set ts=2 sw=2 et ft=jinja2,json : #}
 {
  {# "HostName": "localhost", #}
  "SharedKey": "{{ sshwifty_shared_key }}",
  "DialTimeout": 10,
  "Servers": [
    {
      "ListenInterface": "0.0.0.0",
      "ListenPort": 8182,
      "InitialTimeout": 3,
      "ReadTimeout": 60,
      "WriteTimeout": 60,
      "HeartbeatTimeout": 20,
      "ReadDelay": 10,
      "WriteDelay": 10 {# , #}
      {# "TLSCertificateFile": "", #}
      {# "TLSCertificateKeyFile": "" #}
    }
  ],
  "Presets": [
    {% for host in groups['role_mongo'] %}
      {% set server_group_id = loop.index0 // mongo_replicas_count %}
      {% set server_index = loop.index0 % mongo_replicas_count %}
      {% set server_ip_addr = hostvars[host]['ansible_facts']['default_ipv4']['address'] %}
      {% if server_group_id == mongo_group_id %}
      {
        "Title": "Group {{ server_group_id }} - Server {{ server_index }} ({{ host }})",
        "Type": "SSH",
        "Host": "{{ server_ip_addr }}:22",
        "Meta": {
        "User": "{{ sshwifty_ssh_user }}",
        {% if "password" == sshwifty_authentication | lower %}
        "Authentication": "Password",
        "Password": "{{ sshwifty_ssh_password }}",
        {% else %}
        "Authentication": "Private Key",
        "Private Key": "file://{{ sshwifty_ssh_private_key }}",
        {% endif %}
        {# "Fingerprint": home"SHA256:bgO...." #}
        "Encoding": "utf-8"
        }
      }{% if not loop.last %},{% endif %}
      {% endif %}
    {% endfor %}
    {#
    {
      "Title": "Group {{ mongo_group_id }} - Gateway ({{ ansible_facts['hostname'] }})",
      "Type": "SSH",
      "Host": "{{ ansible_ssh_host }}:22",
      "Meta": {
        "User": "{{ sshwifty_ssh_user }}",
        {% if "password" == sshwifty_authentication | lower %}
          "Authentication": "Password",
          "Password": "{{ sshwifty_ssh_password }}",
        {% else %}
          "Authentication": "Private Key",
          "Private Key": "file://{{ sshwifty_ssh_private_key }}",
        {% endif %}
        {# "Fingerprint": "SHA256:bgO...." #}
        "Encoding": "utf-8"
      }
    }
    #}
  ],
  "OnlyAllowPresetRemotes": true
 }
--- a/ansible/templates/sshwifty.conf.j2
+++ b/ansible/templates/sshwifty.conf.j2
@ -1,4 +1,4 @@
-{# vim: set ts=2 sw=2 et ft=jinja2,json : #}
+{# vim: set ts=2 sw=2 et ft=jinja2 : #}
 {
  {# "HostName": "localhost", #}
  "SharedKey": "{{ sshwifty_shared_key }}",
@ -18,47 +18,49 @@
    }
  ],
  "Presets": [
-    {% for host in groups['role_mongo'] %}
+    {%- for host in groups['role_mongo'] -%}
-      {% set server_group_id = loop.index0 // mongo_replicas_count %}
+      {%- set server_group_id = loop.index0 // mongo_replicas_count -%}
-      {% set server_index = loop.index0 % mongo_replicas_count %}
+      {%- set server_index = loop.index0 % mongo_replicas_count -%}
-      {% set server_ip_addr = hostvars[host]['ansible_facts']['default_ipv4']['address'] %}
+      {%- set server_ip_addr = hostvars[host]['ansible_facts']['default_ipv4']['address'] -%}
-      {% if server_group_id == mongo_group_id %}
+      {%- if server_group_id == mongo_group_id -%}
      {
        "Title": "Group {{ server_group_id }} - Server {{ server_index }} ({{ host }})",
        "Type": "SSH",
        "Host": "{{ server_ip_addr }}:22",
        "Meta": {
        "User": "{{ sshwifty_ssh_user }}",
-        {% if "password" == sshwifty_authentication | lower %}
+        {%- if "password" == sshwifty_authentication | lower -%}
        "Authentication": "Password",
        "Password": "{{ sshwifty_ssh_password }}",
-        {% else %}
+        {%- else -%}
        "Authentication": "Private Key",
        "Private Key": "file://{{ sshwifty_ssh_private_key }}",
-        {% endif %}
+        {%- endif -%}
        {# "Fingerprint": home"SHA256:bgO...." #}
        "Encoding": "utf-8"
        }
-      },
+      }{%- if sshwifty_gateway_access or (server_index + 1) < mongo_replicas_count -%},{%- endif -%}
-      {% endif %}
+      {%- endif -%}
-    {% endfor %}
+    {%- endfor -%}
    {%- if sshwifty_gateway_access -%}
    {
      "Title": "Group {{ mongo_group_id }} - Gateway ({{ ansible_facts['hostname'] }})",
      "Type": "SSH",
      "Host": "{{ ansible_ssh_host }}:22",
      "Meta": {
        "User": "{{ sshwifty_ssh_user }}",
-        {% if "password" == sshwifty_authentication | lower %}
+        {%- if "password" == sshwifty_authentication | lower -%}
          "Authentication": "Password",
          "Password": "{{ sshwifty_ssh_password }}",
-        {% else %}
+        {%- else -%}
          "Authentication": "Private Key",
          "Private Key": "file://{{ sshwifty_ssh_private_key }}",
-        {% endif %}
+        {%- endif -%}
        {# "Fingerprint": "SHA256:bgO...." #}
        "Encoding": "utf-8"
      }
    }
    {%- endif -%}
  ],
  "OnlyAllowPresetRemotes": true
 }
--- a/terraform/.gitignore
+++ b/terraform/.gitignore
@ -1,4 +1,4 @@
 .terraform
 .terraform.lock.hcl
-outputs/*
+_build/*
 *.tfstate*
--- a/terraform/outputs/.empty
+++ b/terraform/outputs/.empty
--- a/terraform/domains.tf
+++ b/terraform/domains.tf
@ -1,17 +1,17 @@
-resource "gandi_livedns_record" "gateways_exploreko_org" {
+resource "gandi_livedns_record" "mongo_gateways" {
  count  = var.mongo_groups_count
  zone   = var.domain_name
-  name   = "gateway${count.index}.teaching"
+  name   = "gateway${count.index}.${var.subdomain_suffix}"
  type   = "A"
  ttl    = 3600
-  values = [openstack_compute_instance_v2.mongo_gateway[count.index].access_ip_v4]
+  values = [openstack_compute_instance_v2.mongo_gateways[count.index].access_ip_v4]
 }
-resource "gandi_livedns_record" "mongos_exploreko_org" {
+resource "gandi_livedns_record" "mongo_servers" {
-  count = var.mongo_replicas_count * var.mongo_groups_count
+  count  = var.mongo_replicas_count * var.mongo_groups_count
  zone   = var.domain_name
-  name   = "mongo${count.index}.teaching"
+  name   = "mongo${openstack_compute_instance_v2.mongo_servers[count.index].metadata.mongo_group_id}-${openstack_compute_instance_v2.mongo_servers[count.index].metadata.mongo_group_index}.${var.subdomain_suffix}"
  type   = "A"
  ttl    = 3600
  values = [openstack_compute_instance_v2.mongo_servers[count.index].access_ip_v4]
--- a/terraform/fdj.tfvars
+++ b/terraform/fdj.tfvars
@ -0,0 +1,9 @@
 # mongo_groups_count   = 10
 mongo_gateways_enable = false
 mongo_servers_enable = false
 mongo_groups_count   = 10
 mongo_replicas_count = 1
 ssh_private_key      = "~/.ssh/keyring.syntaxio/francaise-des-jeux/id_ed25519"
 ssh_public_key       = "~/.ssh/keyring.syntaxio/francaise-des-jeux/id_ed25519.pub"
 domain_name          = "glenux.net"
 subdomain_suffix     = "teaching"
--- a/terraform/instances.tf
+++ b/terraform/instances.tf
@ -1,62 +1,55 @@
 # Création d'une ressource de paire de clés SSH
 resource "openstack_compute_keypair_v2" "provision_keypair" {
-  provider   = openstack.ovh             
+  provider   = openstack.ovh
  name       = "provision_keypair"
-  public_key = file(var.ssh_public_key) 
+  public_key = file(var.ssh_public_key)
 }
-resource "openstack_compute_instance_v2" "mongo_gateway" {
+resource "openstack_compute_instance_v2" "mongo_gateways" {
  count       = var.mongo_groups_count
  name        = "prod-gateway${count.index}" # Nom de l'instance
-  provider    = openstack.ovh                     # Nom du fournisseur
+  provider    = openstack.ovh                # Nom du fournisseur
-  image_name  = "Debian 11"                       # Nom de l'image
+  image_name  = "Debian 11"                  # Nom de l'image
-  flavor_name = "s1-2"                            # Nom du type d'instance
+  flavor_name = "s1-2"                       # Nom du type d'instance
  # flavor_name = "s1-8"                            # Nom du type d'instance
  # flavor_name = "d2-8"                            # Nom du type d'instance
  # Nom de la ressource openstack_compute_keypair_v2 nommée test_keypair
  key_pair = openstack_compute_keypair_v2.provision_keypair.name
  power_state = var.mongo_servers_enable ? "active" : "shutoff"
  metadata = {
-    ansible-group = "gateways"
+    ansible_group  = "gateways"
-    mongo-group-id = count.index
+    mongo_group_id = count.index
  }
  # Ajoute le composant réseau pour atteindre votre instance
  network {
-    name = "Ext-Net" 
+    name = "Ext-Net"
  }
  # provisioner "local-exec" {
  #   command = "ansible-playbook -i inventories/terraform --private-key ${var.ssh_private_key} -e 'pub_key=${var.ssh_public_key}' playbook.yml --limit ${self.name}"
  #   working_dir = "../ansible"
  #   environment = {
  #     ANSIBLE_HOST_KEY_CHECKING = "False"
  #   }
  # }
 }
 # Création d'une instance
 resource "openstack_compute_instance_v2" "mongo_servers" {
  count       = var.mongo_replicas_count * var.mongo_groups_count
  name        = "prod-server${count.index}" # Nom de l'instance
-  provider    = openstack.ovh                     # Nom du fournisseur
+  provider    = openstack.ovh               # Nom du fournisseur
-  image_name  = "Debian 11"                       # Nom de l'image
+  image_name  = "Debian 11"                 # Nom de l'image
-  flavor_name = "s1-2"                            # Nom du type d'instance
+  flavor_name = "s1-2"                      # Nom du type d'instance
  # flavor_name = "s1-8"                            # Nom du type d'instance
  # flavor_name = "d2-8"                            # Nom du type d'instance
  # Nom de la ressource openstack_compute_keypair_v2 nommée test_keypair
  key_pair = openstack_compute_keypair_v2.provision_keypair.name
  power_state = var.mongo_servers_enable ? "active" : "shutoff"
  metadata = {
-    ansible-group = "mongos"
+    ansible_group     = "mongos"
-    mongo-group-id = floor(count.index / var.mongo_replicas_count)
+    mongo_group_id    = floor(count.index / var.mongo_replicas_count)
-    mongo-group-index = count.index % var.mongo_replicas_count
+    mongo_group_index = count.index % var.mongo_replicas_count
  }
  # Ajoute le composant réseau pour atteindre votre instance
  network {
-    name = "Ext-Net" 
+    name = "Ext-Net"
  }
  # provisioner "local-exec" {
--- a/terraform/output.tf
+++ b/terraform/output.tf
@ -1,12 +0,0 @@
 resource "local_file" "ansible_inventory" {
  content = templatefile("templates/inventory.tmpl",
    {
 		  mongo_gateways = openstack_compute_instance_v2.mongo_gateway.*
 		  mongo_servers = openstack_compute_instance_v2.mongo_servers.*
 		  mongo_groups_count = var.mongo_groups_count
 		  mongo_replicas_count = var.mongo_replicas_count
    }
  )
  filename = "outputs/inventory"
  file_permission = "0644"
 }
--- a/terraform/outputs.tf
+++ b/terraform/outputs.tf
@ -0,0 +1,16 @@
 resource "local_file" "ansible_inventory" {
  content = templatefile("templates/inventory.yml.tmpl",
    {
      dns_gateways         = gandi_livedns_record.mongo_gateways.*
      dns_servers          = gandi_livedns_record.mongo_gateways.*
      mongo_gateways       = openstack_compute_instance_v2.mongo_gateways.*
      mongo_servers        = openstack_compute_instance_v2.mongo_servers.*
      mongo_groups_count   = var.mongo_groups_count
      mongo_replicas_count = var.mongo_replicas_count
    }
  )
  filename        = "_build/ansible_inventory"
  file_permission = "0644"
 }
--- a/terraform/provider.tf
+++ b/terraform/provider.tf
@ -12,14 +12,14 @@ terraform {
    }
    gandi = {
-      source = "go-gandi/gandi"
+      source  = "go-gandi/gandi"
      version = "~> 2.0.1"
    }
  }
 }
 provider "gandi" {
-  key = "${var.gandi_key}"
+  key = var.gandi_key
 }
 provider "openstack" {
--- a/terraform/provision.tf
+++ b/terraform/provision.tf
@ -0,0 +1,25 @@
 resource "null_resource" "ansible" {
  count = (var.mongo_gateways_enable && var.mongo_servers_enable) ? 1 : 0
  depends_on = [local_file.ansible_inventory]
  triggers = {
    always_run = "${timestamp()}"
  }
  provisioner "local-exec" {
    environment = {
      ANSIBLE_HOST_KEY_CHECKING = "False"
    }
    working_dir = "../ansible"
    command     = <<-EOT
      ansible-playbook \
        -i inventories/terraform \
        --private-key ${var.ssh_private_key} \
        -e 'pub_key=${var.ssh_public_key}' \
        playbook.yml
    EOT
  }
 }
--- a/terraform/provisionners.tf
+++ b/terraform/provisionners.tf
@ -1,4 +0,0 @@
 # provisioner "local-exec" {
 #   command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i outputs/inventory --private-key ${var.private_key} -e 'pub_key=${var.pub_key}' playbook.yml"
 # }
--- a/terraform/templates/inventory.ini.tmpl
+++ b/terraform/templates/inventory.ini.tmpl
@ -1,8 +1,8 @@
 %{ for index, instance in mongo_gateways ~}
-${ instance.name } ansible_user=debian ansible_host=${instance.network[0].fixed_ip_v4}
+${ instance.name } ansible_user=debian ansible_host=${instance.network[0].fixed_ip_v4} sshwifty_hostname=${dns_gateways[index].name}.${dns_gateways[index].zone} mongo_group_id=${instance.metadata.mongo_group_id}
 %{ endfor ~}
 %{ for index, instance in mongo_servers ~}
-${ instance.name } ansible_user=debian ansible_host=${instance.network[0].fixed_ip_v4}
+${ instance.name } ansible_user=debian ansible_host=${instance.network[0].fixed_ip_v4} mongo_group_id=${instance.metadata.mongo_group_id} mongo_group_index=${instance.metadata.mongo_group_index}
 %{ endfor ~}
 [stage_development]
--- a/terraform/templates/inventory.yml.tmpl
+++ b/terraform/templates/inventory.yml.tmpl
@ -0,0 +1,37 @@
 all:
  children:
    all_groups:
      children:
        role_gateway:
          hosts:
 %{ for index, instance in mongo_gateways ~}
            prod-gateway9:
              ansible_host: ${instance.network[0].fixed_ip_v4}
              ansible_user: debian
              mongo_group_id: ${instance.metadata.mongo_group_id}
              mongo_groups_count: ${ mongo_groups_count }
              mongo_replicas_count: ${ mongo_replicas_count }
              sshwifty_hostname: ${dns_gateways[index].name}.${dns_gateways[index].zone}
 %{ endfor ~}
        role_mongo:
          hosts:
 %{ for index, instance in mongo_servers ~}
            ${ instance.name }:
              ansible_host: ${instance.network[0].fixed_ip_v4}
              ansible_user: debian
              mongo_group_id: ${instance.metadata.mongo_group_id}
              mongo_group_index: ${instance.metadata.mongo_group_index}
              mongo_groups_count: ${ mongo_groups_count }
              mongo_replicas_count: ${ mongo_replicas_count }
 %{ endfor ~}
        stage_development: {}
        stage_production:
          hosts:
 %{ for index, instance in mongo_gateways ~}
            ${ instance.name } : {}
 %{ endfor ~}
 %{ for index, instance in mongo_servers ~}
            ${ instance.name } : {} 
 %{ endfor ~}
        stage_testing: {}
    ungrouped: {}
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@ -1,12 +1,22 @@
 variable "mongo_gateways_enable" {
  default = false
  type = bool
 }
 variable "mongo_servers_enable" {
  default = false
  type = bool
 }
 variable "mongo_groups_count" {
-  default = "1"
+  default     = "1"
-	description = "How many replicas per mongo"
+  description = "How many replicas per mongo"
 }
 variable "mongo_replicas_count" {
-  default = "2"
+  default     = "2"
-	description = "How many replicas per mongo group"
+  description = "How many replicas per mongo group"
 }
 variable "ssh_private_key" {}
@ -17,4 +27,5 @@ variable "gandi_key" {}
 variable "domain_name" {}
-
+variable "subdomain_suffix" {
 }
Author	SHA1	Message	Date
Glenn Y. Rolland	ae5b189164	terraform: update .gitignore	2022-06-16 18:07:06 +02:00
Glenn Y. Rolland	1d2483bb1b	terraform: rewrite ansible_inventory as yaml instead of ini	2022-06-16 18:06:53 +02:00
Glenn Y. Rolland	db640ea6fa	terraform: rename output directory	2022-06-16 18:05:09 +02:00
Glenn Y. Rolland	0cc199dd1f	ansible: finalize config	2022-06-16 17:53:52 +02:00
Glenn Y. Rolland	9118f64a03	terraform: finalize config	2022-06-16 17:53:38 +02:00
		`@ -1 +1 @@`
			`../../terraform/outputs/inventory`				`../../terraform/_build/ansible_inventory`