diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2021-01-07 23:38:01 +0100 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2021-01-07 23:38:01 +0100 |
commit | 3d25f7059f518dd8c857dd5e45552ba3ab733aa6 (patch) | |
tree | e7bbd7f2c6c7cfe41398335da0ab51807b54931c | |
parent | 70d0ad3c9f37e44a9504a0d7f66e412a3f3bba6f (diff) | |
download | rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.tar.gz rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.tar.bz2 rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.tar.xz rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.zip |
Working terraform setup.
21 files changed, 241 insertions, 53 deletions
diff --git a/acme-apps/dns/acme-1.tf b/acme-apps/dns/acme-1.tf deleted file mode 100644 index 2252410..0000000 --- a/acme-apps/dns/acme-1.tf +++ /dev/null @@ -1,8 +0,0 @@ -resource "google_dns_record_set" "acme-1" { - name = "acme-1.machine.acme.com" - managed_zone = "" - type = "A" - ttl = 300 - - rrdatas = [var.addresses.scaleway_instance_ip.acme-1.address] -} diff --git a/acme-apps/dns/acme-2.tf b/acme-apps/dns/acme-2.tf deleted file mode 100644 index 04b79a2..0000000 --- a/acme-apps/dns/acme-2.tf +++ /dev/null @@ -1,8 +0,0 @@ -resource "google_dns_record_set" "acme-2" { - name = "acme-2.machine.acme.com" - managed_zone = "" - type = "A" - ttl = 300 - - rrdatas = [var.addresses.scaleway_instance_ip.acme-2.address] -} diff --git a/acme-apps/dns/acme-3.tf b/acme-apps/dns/acme-3.tf deleted file mode 100644 index 57d9f45..0000000 --- a/acme-apps/dns/acme-3.tf +++ /dev/null @@ -1,8 +0,0 @@ -resource "google_dns_record_set" "acme-3" { - name = "acme-3.machine.acme.com" - managed_zone = "" - type = "A" - ttl = 300 - - rrdatas = [var.addresses.scaleway_instance_ip.acme-3.address] -} diff --git a/acme-apps/terraform/dns-acme-1.tf b/acme-apps/terraform/dns-acme-1.tf new file mode 100644 index 0000000..0b9ede0 --- /dev/null +++ b/acme-apps/terraform/dns-acme-1.tf @@ -0,0 +1,8 @@ +resource "google_dns_record_set" "acme-1" { + name = "acme-1.machine.acme.com." + managed_zone = var.acme_zone + type = "A" + ttl = 300 + + rrdatas = [scaleway_instance_ip.acme-1.address] +} diff --git a/acme-apps/terraform/dns-acme-2.tf b/acme-apps/terraform/dns-acme-2.tf new file mode 100644 index 0000000..407935e --- /dev/null +++ b/acme-apps/terraform/dns-acme-2.tf @@ -0,0 +1,8 @@ +resource "google_dns_record_set" "acme-2" { + name = "acme-2.machine.acme.com." + managed_zone = var.acme_zone + type = "A" + ttl = 300 + + rrdatas = [scaleway_instance_ip.acme-2.address] +} diff --git a/acme-apps/terraform/dns-acme-3.tf b/acme-apps/terraform/dns-acme-3.tf new file mode 100644 index 0000000..4c753df --- /dev/null +++ b/acme-apps/terraform/dns-acme-3.tf @@ -0,0 +1,8 @@ +resource "google_dns_record_set" "acme-3" { + name = "acme-3.machine.acme.com." + managed_zone = var.acme_zone + type = "A" + ttl = 300 + + rrdatas = [scaleway_instance_ip.acme-3.address] +} diff --git a/acme-apps/terraform/main-scaleway-machine.tf b/acme-apps/terraform/main-scaleway-machine.tf new file mode 100644 index 0000000..ef74c6e --- /dev/null +++ b/acme-apps/terraform/main-scaleway-machine.tf @@ -0,0 +1,16 @@ +# Generated + +terraform { + required_providers { + scaleway = { + source = "scaleway/scaleway" + version = "1.17.2" + } + } +} + +provider "scaleway" { +} +variable "acme_zone" { + type = string +} diff --git a/acme-apps/platform/terraform/acme-1.tf b/acme-apps/terraform/scaleway-machine-acme-1.tf index 8100533..8100533 100644 --- a/acme-apps/platform/terraform/acme-1.tf +++ b/acme-apps/terraform/scaleway-machine-acme-1.tf diff --git a/acme-apps/platform/terraform/acme-2.tf b/acme-apps/terraform/scaleway-machine-acme-2.tf index 07d5e8b..07d5e8b 100644 --- a/acme-apps/platform/terraform/acme-2.tf +++ b/acme-apps/terraform/scaleway-machine-acme-2.tf diff --git a/acme-apps/platform/terraform/acme-3.tf b/acme-apps/terraform/scaleway-machine-acme-3.tf index a2246bc..a2246bc 100644 --- a/acme-apps/platform/terraform/acme-3.tf +++ b/acme-apps/terraform/scaleway-machine-acme-3.tf @@ -11,6 +11,11 @@ data: type: io.trygvis.acme.apps.AcmeOps +--- # DNS configuration +type: io.trygvis.rules.terraform.GoogleManagedZoneTerraformExpression +data: + name: "acme_zone" + --- type: io.trygvis.rules.machine.Machine data: diff --git a/acme/.gitignore b/acme/.gitignore new file mode 100644 index 0000000..a01565a --- /dev/null +++ b/acme/.gitignore @@ -0,0 +1,9 @@ +.terraform* +terraform.d +*.tfstate +*.tfstate.backup +plan + +.vault-password* +*.dot +*.png diff --git a/acme/.settings.sh b/acme/.settings.sh new file mode 100644 index 0000000..7bd49fb --- /dev/null +++ b/acme/.settings.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +basedir=$(dirname "$_") +basedir=$(cd "$basedir" && pwd) + +#echo "Adding tools/ to path" +#PATH="$basedir/tools:$PATH" + +alias terraform="TF_VAR_ansible_vault_pass=\$($(pwd)/.vault-password) $(pwd)/.terraform/bin/terraform" diff --git a/acme/Makefile b/acme/Makefile new file mode 100644 index 0000000..39d54a6 --- /dev/null +++ b/acme/Makefile @@ -0,0 +1,41 @@ +terraform_version=0.14.4 +terraform_url=https://releases.hashicorp.com/terraform/$(terraform_version)/terraform_$(terraform_version)_linux_amd64.zip +terraform_unzip=.terraform/unzip/$(terraform_version)/ +terraform_zip=.terraform/zip/terraform_$(terraform_version)_linux_amd64.zip +terraform_bin=.terraform/bin/terraform + +ansiblevault_version=2.0.1 +ansiblevault_url=https://github.com/MeilleursAgents/terraform-provider-ansiblevault/releases/download/v$(ansiblevault_version)/terraform-provider-ansiblevault_linux_amd64_v$(ansiblevault_version) +ansiblevault_path=terraform.d/plugins/linux_amd64/terraform-provider-ansiblevault_v$(ansiblevault_version)_x4 + +all: $(terraform_bin) $(ansiblevault_path) setup + +$(terraform_bin): $(terraform_zip) + rm -rf $(dir $(terraform_unzip)) + mkdir -p $(terraform_unzip) + mkdir -p $(dir $(terraform_bin)) + unzip $(terraform_zip) -d $(terraform_unzip) + ln -sf $(PWD)/$(terraform_unzip)/terraform $(terraform_bin) + touch $(PWD)/$(terraform_unzip)/terraform + +$(terraform_zip): + mkdir -p $(dir $@) + curl -L -o "$@" $(terraform_url) + +$(ansiblevault_path): terraform.d + mkdir -p $(dir $@) + curl -L -o "$@" $(ansiblevault_url) + chmod +x $(@) + +terraform.d: + mkdir $@ + +MAIN=$(patsubst %/main.tf,%,$(wildcard */main.tf)) +setup: $(patsubst %,%/terraform.d,$(MAIN)) +.PHONY: setup + +%/terraform.d: terraform.d + ln -s ../terraform.d $@ + +.terraform/plugins/linux_amd64: + mkdir -p $@ diff --git a/acme/ansible.cfg b/acme/ansible.cfg new file mode 100644 index 0000000..1790523 --- /dev/null +++ b/acme/ansible.cfg @@ -0,0 +1,8 @@ +[defaults] +become_method = sudo +inventory = inventory.yml +nocows = True +stdout_callback = debug +vault_password_file = .vault-password +roles_path = roles +retry_files_enabled = False diff --git a/acme/main.tf b/acme/main.tf new file mode 100644 index 0000000..c7b91b2 --- /dev/null +++ b/acme/main.tf @@ -0,0 +1,60 @@ +terraform { + required_providers { + scaleway = { + source = "scaleway/scaleway" + version = "1.17.2" + } + + ansiblevault = { + source = "MeilleursAgents/ansiblevault" + version = "2.2.0" + } + } +} + +variable "ansible_vault_pass" { + type = string +} + +provider "ansiblevault" { + # vault_path = ".vault-password" + vault_pass = var.ansible_vault_pass + root_folder = "." +} + +data "ansiblevault_path" "scaleway_access_key" { + path = "vault/scaleway.yml" + key = "scaleway_access_key" +} +data "ansiblevault_path" "scaleway_secret_key" { + path = "vault/scaleway.yml" + key = "scaleway_secret_key" +} +data "ansiblevault_path" "scaleway_organization" { + path = "vault/scaleway.yml" + key = "scaleway_organization" +} + +provider "scaleway" { + region = "fr-par" + zone = "fr-par-1" + access_key = data.ansiblevault_path.scaleway_access_key.value + secret_key = data.ansiblevault_path.scaleway_secret_key.value + organization_id = data.ansiblevault_path.scaleway_organization.value +} + +# This can also be generated from input objects, but it might be reused between different modules so some control +# over if/when it is generated is required. +resource "google_dns_managed_zone" "acme" { + name = "acme" + dns_name = "machine.acme.com." +} + +module "acme-apps" { + source = "../acme-apps/terraform" + providers = { + scaleway = scaleway + } + + acme_zone = google_dns_managed_zone.acme.name +} diff --git a/j2/terraform-main-scaleway-machine.j2 b/j2/terraform-main-scaleway-machine.j2 new file mode 100644 index 0000000..eab9fac --- /dev/null +++ b/j2/terraform-main-scaleway-machine.j2 @@ -0,0 +1,19 @@ +# Generated + +terraform { + required_providers { + scaleway = { + source = "scaleway/scaleway" + version = "1.17.2" + } + } +} + +provider "scaleway" { +} + +{% -for z in managedZones %} +variable "{{z.name}}" { + type = string +} +{% endfor -%} diff --git a/j2/terraform-record-set.j2 b/j2/terraform-record-set.j2 index 31bcfab..b89ee00 100644 --- a/j2/terraform-record-set.j2 +++ b/j2/terraform-record-set.j2 @@ -1,8 +1,8 @@ resource "google_dns_record_set" "{{ tf.key }}" { name = "{{ entry.fqdn }}" - managed_zone = "{{ tf.terraformManagedZone }}" + managed_zone = var.{{ managedZone.name }} type = "{{ entry.type }}" ttl = 300 - rrdatas = [var.addresses.{{ tf.expression }}] + rrdatas = [{{ tf.expression }}] } diff --git a/module/acme/src/main/resources/io/trygvis/acme/acme.drl b/module/acme/src/main/resources/io/trygvis/acme/acme.drl index 66623c3..cb04b09 100644 --- a/module/acme/src/main/resources/io/trygvis/acme/acme.drl +++ b/module/acme/src/main/resources/io/trygvis/acme/acme.drl @@ -27,6 +27,6 @@ when $m : Machine(fqdn == null) $s : AcmeServer(machine == $m) then - $s.machine.fqdn = "%s.machine.acme.com".formatted($s.machine.name); + $s.machine.fqdn = "%s.machine.acme.com.".formatted($s.machine.name); update($s.machine) end diff --git a/module/ri-engine/src/main/resources/io/trygvis/rules/terraform/terraform.drl b/module/ri-engine/src/main/resources/io/trygvis/rules/terraform/terraform.drl index b3d176b..c1293fe 100644 --- a/module/ri-engine/src/main/resources/io/trygvis/rules/terraform/terraform.drl +++ b/module/ri-engine/src/main/resources/io/trygvis/rules/terraform/terraform.drl @@ -5,6 +5,7 @@ import io.trygvis.rules.dba.Container import io.trygvis.rules.machine.Machine import io.trygvis.rules.dns.DnsEntry import io.trygvis.rules.dns.DnsEntryTerraformExpression +import java.util.ArrayList; import java.util.Map; global io.trygvis.rules.engine.TemplateEngine te; @@ -14,12 +15,15 @@ declare ScalewayMachine key : String end +declare GoogleManagedZoneTerraformExpression + name : String +end + rule "Terraform for Machine" when $machine: Machine() then - ScalewayMachine scw = new ScalewayMachine(); - + var scw = new ScalewayMachine(); scw.setKey($machine.name); scw.setMachine($machine); @@ -38,13 +42,24 @@ then insert(new DnsEntryTerraformExpression(a, $machine.name, ipv4)); end +rule "main-scaleway-machine.tf" + agenda-group "generate" +when + $managedZones : ArrayList() from collect(GoogleManagedZoneTerraformExpression()) +then + var path = "terraform/main-scaleway-machine.tf"; + te.template("terraform-main-scaleway-machine", path, Map.of( + "managedZones", $managedZones + )); +end + rule "TF for TerraformMachine" agenda-group "generate" when $m: Machine() $scw: ScalewayMachine(machine == $m) then - var path = "platform/terraform/%s.tf".formatted($scw.getKey()); + var path = "terraform/scaleway-machine-%s.tf".formatted($scw.getKey()); te.template("terraform-machine", path, Map.of("m", $m, "scw", $scw)); end @@ -53,10 +68,12 @@ rule "Terraform for DNS" when $entry: DnsEntry() $tf : DnsEntryTerraformExpression(entry == $entry) + $managedZone : GoogleManagedZoneTerraformExpression() then - var path = "dns/%s.tf".formatted($tf.key); + var path = "terraform/dns-%s.tf".formatted($tf.key); te.template("terraform-record-set", path, Map.of( "entry", $entry, + "managedZone", $managedZone, "tf", $tf) ); end diff --git a/out/acme/apps.yaml b/out/acme/apps.yaml index 9ec1663..fddeea6 100644 --- a/out/acme/apps.yaml +++ b/out/acme/apps.yaml @@ -4,21 +4,21 @@ data: name: "acme-1" machine: name: "acme-1" - fqdn: "acme-1.machine.acme.com" + fqdn: "acme-1.machine.acme.com." --- type: "io.trygvis.acme.AcmeServer" data: name: "acme-2" machine: name: "acme-2" - fqdn: "acme-2.machine.acme.com" + fqdn: "acme-2.machine.acme.com." --- type: "io.trygvis.acme.AcmeServer" data: name: "acme-3" machine: name: "acme-3" - fqdn: "acme-3.machine.acme.com" + fqdn: "acme-3.machine.acme.com." --- type: "io.trygvis.acme.apps.AcmeMyApp" data: @@ -138,7 +138,7 @@ data: type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-myapp-ci" + name: "acme-myapp-production" name: "db" machineRole: "mdb" image: "mongodb" @@ -147,7 +147,7 @@ data: type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-myapp-production" + name: "acme-myapp-ci" name: "db" machineRole: "mdb" image: "mongodb" @@ -156,7 +156,7 @@ data: type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-myapp-ci" + name: "acme-myapp-production" name: "db" machineRole: "pdb" image: "postgresql" @@ -165,7 +165,7 @@ data: type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-myapp-production" + name: "acme-myapp-ci" name: "db" machineRole: "pdb" image: "postgresql" @@ -173,23 +173,23 @@ data: --- type: "io.trygvis.rules.dns.DnsEntry" data: - fqdn: "acme-1.machine.acme.com" + fqdn: "acme-1.machine.acme.com." type: "A" --- type: "io.trygvis.rules.dns.DnsEntry" data: - fqdn: "acme-2.machine.acme.com" + fqdn: "acme-2.machine.acme.com." type: "A" --- type: "io.trygvis.rules.dns.DnsEntry" data: - fqdn: "acme-3.machine.acme.com" + fqdn: "acme-3.machine.acme.com." type: "A" --- type: "io.trygvis.rules.dns.DnsEntryTerraformExpression" data: entry: - fqdn: "acme-1.machine.acme.com" + fqdn: "acme-1.machine.acme.com." type: "A" key: "acme-1" expression: "scaleway_instance_ip.acme-1.address" @@ -197,7 +197,7 @@ data: type: "io.trygvis.rules.dns.DnsEntryTerraformExpression" data: entry: - fqdn: "acme-2.machine.acme.com" + fqdn: "acme-2.machine.acme.com." type: "A" key: "acme-2" expression: "scaleway_instance_ip.acme-2.address" @@ -205,7 +205,7 @@ data: type: "io.trygvis.rules.dns.DnsEntryTerraformExpression" data: entry: - fqdn: "acme-3.machine.acme.com" + fqdn: "acme-3.machine.acme.com." type: "A" key: "acme-3" expression: "scaleway_instance_ip.acme-3.address" @@ -218,17 +218,17 @@ data: type: "io.trygvis.rules.machine.Machine" data: name: "acme-1" - fqdn: "acme-1.machine.acme.com" + fqdn: "acme-1.machine.acme.com." --- type: "io.trygvis.rules.machine.Machine" data: name: "acme-2" - fqdn: "acme-2.machine.acme.com" + fqdn: "acme-2.machine.acme.com." --- type: "io.trygvis.rules.machine.Machine" data: name: "acme-3" - fqdn: "acme-3.machine.acme.com" + fqdn: "acme-3.machine.acme.com." --- type: "io.trygvis.rules.machine.Machine" data: @@ -240,46 +240,50 @@ data: name: "ws-2" fqdn: null --- +type: "io.trygvis.rules.terraform.GoogleManagedZoneTerraformExpression" +data: + name: "acme_zone" +--- type: "io.trygvis.rules.terraform.ScalewayMachine" data: machine: name: "acme-1" - fqdn: "acme-1.machine.acme.com" + fqdn: "acme-1.machine.acme.com." key: "acme-1" --- type: "io.trygvis.rules.terraform.ScalewayMachine" data: machine: name: "acme-1" - fqdn: "acme-1.machine.acme.com" + fqdn: "acme-1.machine.acme.com." key: "acme-1" --- type: "io.trygvis.rules.terraform.ScalewayMachine" data: machine: name: "acme-2" - fqdn: "acme-2.machine.acme.com" + fqdn: "acme-2.machine.acme.com." key: "acme-2" --- type: "io.trygvis.rules.terraform.ScalewayMachine" data: machine: name: "acme-2" - fqdn: "acme-2.machine.acme.com" + fqdn: "acme-2.machine.acme.com." key: "acme-2" --- type: "io.trygvis.rules.terraform.ScalewayMachine" data: machine: name: "acme-3" - fqdn: "acme-3.machine.acme.com" + fqdn: "acme-3.machine.acme.com." key: "acme-3" --- type: "io.trygvis.rules.terraform.ScalewayMachine" data: machine: name: "acme-3" - fqdn: "acme-3.machine.acme.com" + fqdn: "acme-3.machine.acme.com." key: "acme-3" --- type: "io.trygvis.rules.terraform.ScalewayMachine" |