Working terraform setup.

author: Trygve Laugstøl <trygvis@inamo.no> 2021-01-07 23:38:01 +0100
committer: Trygve Laugstøl <trygvis@inamo.no> 2021-01-07 23:38:01 +0100
commit: 3d25f7059f518dd8c857dd5e45552ba3ab733aa6 (patch)
tree: e7bbd7f2c6c7cfe41398335da0ab51807b54931c
parent: 70d0ad3c9f37e44a9504a0d7f66e412a3f3bba6f (diff)
download: rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.tar.gz
rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.tar.bz2
rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.tar.xz
rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.zip
21 files changed, 241 insertions, 53 deletions
diff --git a/acme-apps/dns/acme-1.tf b/acme-apps/dns/acme-1.tf
deleted file mode 100644
index 2252410..0000000
--- a/acme-apps/dns/acme-1.tf
+++ /dev/null
@@ -1,8 +0,0 @@
-resource "google_dns_record_set" "acme-1" {
-  name         = "acme-1.machine.acme.com"
-  managed_zone = ""
-  type         = "A"
-  ttl          = 300
-
-  rrdatas      = [var.addresses.scaleway_instance_ip.acme-1.address]
-}
diff --git a/acme-apps/dns/acme-2.tf b/acme-apps/dns/acme-2.tf
deleted file mode 100644
index 04b79a2..0000000
--- a/acme-apps/dns/acme-2.tf
+++ /dev/null
@@ -1,8 +0,0 @@
-resource "google_dns_record_set" "acme-2" {
-  name         = "acme-2.machine.acme.com"
-  managed_zone = ""
-  type         = "A"
-  ttl          = 300
-
-  rrdatas      = [var.addresses.scaleway_instance_ip.acme-2.address]
-}
diff --git a/acme-apps/dns/acme-3.tf b/acme-apps/dns/acme-3.tf
deleted file mode 100644
index 57d9f45..0000000
--- a/acme-apps/dns/acme-3.tf
+++ /dev/null
@@ -1,8 +0,0 @@
-resource "google_dns_record_set" "acme-3" {
-  name         = "acme-3.machine.acme.com"
-  managed_zone = ""
-  type         = "A"
-  ttl          = 300
-
-  rrdatas      = [var.addresses.scaleway_instance_ip.acme-3.address]
-}
diff --git a/acme-apps/terraform/dns-acme-1.tf b/acme-apps/terraform/dns-acme-1.tf
new file mode 100644
index 0000000..0b9ede0
--- /dev/null
+++ b/acme-apps/terraform/dns-acme-1.tf
@@ -0,0 +1,8 @@
+resource "google_dns_record_set" "acme-1" {
+  name         = "acme-1.machine.acme.com."
+  managed_zone = var.acme_zone
+  type         = "A"
+  ttl          = 300
+
+  rrdatas      = [scaleway_instance_ip.acme-1.address]
+}
diff --git a/acme-apps/terraform/dns-acme-2.tf b/acme-apps/terraform/dns-acme-2.tf
new file mode 100644
index 0000000..407935e
--- /dev/null
+++ b/acme-apps/terraform/dns-acme-2.tf
@@ -0,0 +1,8 @@
+resource "google_dns_record_set" "acme-2" {
+  name         = "acme-2.machine.acme.com."
+  managed_zone = var.acme_zone
+  type         = "A"
+  ttl          = 300
+
+  rrdatas      = [scaleway_instance_ip.acme-2.address]
+}
diff --git a/acme-apps/terraform/dns-acme-3.tf b/acme-apps/terraform/dns-acme-3.tf
new file mode 100644
index 0000000..4c753df
--- /dev/null
+++ b/acme-apps/terraform/dns-acme-3.tf
@@ -0,0 +1,8 @@
+resource "google_dns_record_set" "acme-3" {
+  name         = "acme-3.machine.acme.com."
+  managed_zone = var.acme_zone
+  type         = "A"
+  ttl          = 300
+
+  rrdatas      = [scaleway_instance_ip.acme-3.address]
+}
diff --git a/acme-apps/terraform/main-scaleway-machine.tf b/acme-apps/terraform/main-scaleway-machine.tf
new file mode 100644
index 0000000..ef74c6e
--- /dev/null
+++ b/acme-apps/terraform/main-scaleway-machine.tf
@@ -0,0 +1,16 @@
+# Generated
+
+terraform {
+  required_providers {
+    scaleway = {
+      source = "scaleway/scaleway"
+      version = "1.17.2"
+    }
+  }
+}
+
+provider "scaleway" {
+}
+variable "acme_zone" {
+  type = string
+}
diff --git a/acme-apps/platform/terraform/acme-1.tf b/acme-apps/terraform/scaleway-machine-acme-1.tf
index 8100533..8100533 100644
--- a/acme-apps/platform/terraform/acme-1.tf
+++ b/acme-apps/terraform/scaleway-machine-acme-1.tf
diff --git a/acme-apps/platform/terraform/acme-2.tf b/acme-apps/terraform/scaleway-machine-acme-2.tf
index 07d5e8b..07d5e8b 100644
--- a/acme-apps/platform/terraform/acme-2.tf
+++ b/acme-apps/terraform/scaleway-machine-acme-2.tf
diff --git a/acme-apps/platform/terraform/acme-3.tf b/acme-apps/terraform/scaleway-machine-acme-3.tf
index a2246bc..a2246bc 100644
--- a/acme-apps/platform/terraform/acme-3.tf
+++ b/acme-apps/terraform/scaleway-machine-acme-3.tf
diff --git a/acme.yaml b/acme.yaml
index 0a18ff0..09bdd0d 100644
--- a/acme.yaml
+++ b/acme.yaml
@@ -11,6 +11,11 @@ data:
 type: io.trygvis.acme.apps.AcmeOps
 
 
+--- # DNS configuration
+type: io.trygvis.rules.terraform.GoogleManagedZoneTerraformExpression
+data:
+  name: "acme_zone"
+
 ---
 type: io.trygvis.rules.machine.Machine
 data:
diff --git a/acme/.gitignore b/acme/.gitignore
new file mode 100644
index 0000000..a01565a
--- /dev/null
+++ b/acme/.gitignore
@@ -0,0 +1,9 @@
+.terraform*
+terraform.d
+*.tfstate
+*.tfstate.backup
+plan
+
+.vault-password*
+*.dot
+*.png
diff --git a/acme/.settings.sh b/acme/.settings.sh
new file mode 100644
index 0000000..7bd49fb
--- /dev/null
+++ b/acme/.settings.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+basedir=$(dirname "$_")
+basedir=$(cd "$basedir" && pwd)
+
+#echo "Adding tools/ to path"
+#PATH="$basedir/tools:$PATH"
+
+alias terraform="TF_VAR_ansible_vault_pass=\$($(pwd)/.vault-password) $(pwd)/.terraform/bin/terraform"
diff --git a/acme/Makefile b/acme/Makefile
new file mode 100644
index 0000000..39d54a6
--- /dev/null
+++ b/acme/Makefile
@@ -0,0 +1,41 @@
+terraform_version=0.14.4
+terraform_url=https://releases.hashicorp.com/terraform/$(terraform_version)/terraform_$(terraform_version)_linux_amd64.zip
+terraform_unzip=.terraform/unzip/$(terraform_version)/
+terraform_zip=.terraform/zip/terraform_$(terraform_version)_linux_amd64.zip
+terraform_bin=.terraform/bin/terraform
+
+ansiblevault_version=2.0.1
+ansiblevault_url=https://github.com/MeilleursAgents/terraform-provider-ansiblevault/releases/download/v$(ansiblevault_version)/terraform-provider-ansiblevault_linux_amd64_v$(ansiblevault_version)
+ansiblevault_path=terraform.d/plugins/linux_amd64/terraform-provider-ansiblevault_v$(ansiblevault_version)_x4
+
+all: $(terraform_bin) $(ansiblevault_path) setup
+
+$(terraform_bin): $(terraform_zip)
+	rm -rf $(dir $(terraform_unzip))
+	mkdir -p $(terraform_unzip)
+	mkdir -p $(dir $(terraform_bin))
+	unzip $(terraform_zip) -d $(terraform_unzip)
+	ln -sf $(PWD)/$(terraform_unzip)/terraform $(terraform_bin)
+	touch $(PWD)/$(terraform_unzip)/terraform
+
+$(terraform_zip):
+	mkdir -p $(dir $@)
+	curl -L -o "$@" $(terraform_url)
+
+$(ansiblevault_path): terraform.d
+	mkdir -p $(dir $@)
+	curl -L -o "$@" $(ansiblevault_url)
+	chmod +x $(@)
+
+terraform.d:
+	mkdir $@
+
+MAIN=$(patsubst %/main.tf,%,$(wildcard */main.tf))
+setup: $(patsubst %,%/terraform.d,$(MAIN))
+.PHONY: setup
+
+%/terraform.d: terraform.d
+	ln -s ../terraform.d $@
+
+.terraform/plugins/linux_amd64:
+	mkdir -p $@
diff --git a/acme/ansible.cfg b/acme/ansible.cfg
new file mode 100644
index 0000000..1790523
--- /dev/null
+++ b/acme/ansible.cfg
@@ -0,0 +1,8 @@
+[defaults]
+become_method = sudo
+inventory = inventory.yml
+nocows = True
+stdout_callback = debug
+vault_password_file = .vault-password
+roles_path = roles
+retry_files_enabled = False
diff --git a/acme/main.tf b/acme/main.tf
new file mode 100644
index 0000000..c7b91b2
--- /dev/null
+++ b/acme/main.tf
@@ -0,0 +1,60 @@
+terraform {
+  required_providers {
+    scaleway = {
+      source = "scaleway/scaleway"
+      version = "1.17.2"
+    }
+
+    ansiblevault = {
+      source = "MeilleursAgents/ansiblevault"
+      version = "2.2.0"
+    }
+  }
+}
+
+variable "ansible_vault_pass" {
+  type = string
+}
+
+provider "ansiblevault" {
+  # vault_path  = ".vault-password"
+  vault_pass = var.ansible_vault_pass
+  root_folder = "."
+}
+
+data "ansiblevault_path" "scaleway_access_key" {
+  path = "vault/scaleway.yml"
+  key = "scaleway_access_key"
+}
+data "ansiblevault_path" "scaleway_secret_key" {
+  path = "vault/scaleway.yml"
+  key = "scaleway_secret_key"
+}
+data "ansiblevault_path" "scaleway_organization" {
+  path = "vault/scaleway.yml"
+  key = "scaleway_organization"
+}
+
+provider "scaleway" {
+  region = "fr-par"
+  zone = "fr-par-1"
+  access_key = data.ansiblevault_path.scaleway_access_key.value
+  secret_key = data.ansiblevault_path.scaleway_secret_key.value
+  organization_id = data.ansiblevault_path.scaleway_organization.value
+}
+
+# This can also be generated from input objects, but it might be reused between different modules so some control
+# over if/when it is generated is required.
+resource "google_dns_managed_zone" "acme" {
+  name = "acme"
+  dns_name = "machine.acme.com."
+}
+
+module "acme-apps" {
+  source = "../acme-apps/terraform"
+  providers = {
+      scaleway = scaleway
+  }
+
+  acme_zone = google_dns_managed_zone.acme.name
+}
diff --git a/j2/terraform-main-scaleway-machine.j2 b/j2/terraform-main-scaleway-machine.j2
new file mode 100644
index 0000000..eab9fac
--- /dev/null
+++ b/j2/terraform-main-scaleway-machine.j2
@@ -0,0 +1,19 @@
+# Generated
+
+terraform {
+  required_providers {
+    scaleway = {
+      source = "scaleway/scaleway"
+      version = "1.17.2"
+    }
+  }
+}
+
+provider "scaleway" {
+}
+
+{% -for z in managedZones %}
+variable "{{z.name}}" {
+  type = string
+}
+{% endfor -%}
diff --git a/j2/terraform-record-set.j2 b/j2/terraform-record-set.j2
index 31bcfab..b89ee00 100644
--- a/j2/terraform-record-set.j2
+++ b/j2/terraform-record-set.j2
@@ -1,8 +1,8 @@
 resource "google_dns_record_set" "{{ tf.key }}" {
   name         = "{{ entry.fqdn }}"
-  managed_zone = "{{ tf.terraformManagedZone }}"
+  managed_zone = var.{{ managedZone.name }}
   type         = "{{ entry.type }}"
   ttl          = 300
 
-  rrdatas      = [var.addresses.{{ tf.expression }}]
+  rrdatas      = [{{ tf.expression }}]
 }
diff --git a/module/acme/src/main/resources/io/trygvis/acme/acme.drl b/module/acme/src/main/resources/io/trygvis/acme/acme.drl
index 66623c3..cb04b09 100644
--- a/module/acme/src/main/resources/io/trygvis/acme/acme.drl
+++ b/module/acme/src/main/resources/io/trygvis/acme/acme.drl
@@ -27,6 +27,6 @@ when
     $m : Machine(fqdn == null)
     $s : AcmeServer(machine == $m)
 then
-    $s.machine.fqdn = "%s.machine.acme.com".formatted($s.machine.name);
+    $s.machine.fqdn = "%s.machine.acme.com.".formatted($s.machine.name);
     update($s.machine)
 end
diff --git a/module/ri-engine/src/main/resources/io/trygvis/rules/terraform/terraform.drl b/module/ri-engine/src/main/resources/io/trygvis/rules/terraform/terraform.drl
index b3d176b..c1293fe 100644
--- a/module/ri-engine/src/main/resources/io/trygvis/rules/terraform/terraform.drl
+++ b/module/ri-engine/src/main/resources/io/trygvis/rules/terraform/terraform.drl
@@ -5,6 +5,7 @@ import io.trygvis.rules.dba.Container
 import io.trygvis.rules.machine.Machine
 import io.trygvis.rules.dns.DnsEntry
 import io.trygvis.rules.dns.DnsEntryTerraformExpression
+import java.util.ArrayList;
 import java.util.Map;
 
 global io.trygvis.rules.engine.TemplateEngine te;
@@ -14,12 +15,15 @@ declare ScalewayMachine
     key : String
 end
 
+declare GoogleManagedZoneTerraformExpression
+    name : String
+end
+
 rule "Terraform for Machine"
 when
     $machine: Machine()
 then
-    ScalewayMachine scw = new ScalewayMachine();
-
+    var scw = new ScalewayMachine();
     scw.setKey($machine.name);
     scw.setMachine($machine);
 
@@ -38,13 +42,24 @@ then
     insert(new DnsEntryTerraformExpression(a, $machine.name, ipv4));
 end
 
+rule "main-scaleway-machine.tf"
+    agenda-group "generate"
+when
+    $managedZones : ArrayList() from collect(GoogleManagedZoneTerraformExpression())
+then
+    var path = "terraform/main-scaleway-machine.tf";
+    te.template("terraform-main-scaleway-machine", path, Map.of(
+        "managedZones", $managedZones
+    ));
+end
+
 rule "TF for TerraformMachine"
     agenda-group "generate"
 when
     $m: Machine()
     $scw: ScalewayMachine(machine == $m)
 then
-    var path = "platform/terraform/%s.tf".formatted($scw.getKey());
+    var path = "terraform/scaleway-machine-%s.tf".formatted($scw.getKey());
     te.template("terraform-machine", path, Map.of("m", $m, "scw", $scw));
 end
 
@@ -53,10 +68,12 @@ rule "Terraform for DNS"
 when
     $entry: DnsEntry()
     $tf : DnsEntryTerraformExpression(entry == $entry)
+    $managedZone : GoogleManagedZoneTerraformExpression()
 then
-    var path = "dns/%s.tf".formatted($tf.key);
+    var path = "terraform/dns-%s.tf".formatted($tf.key);
     te.template("terraform-record-set", path, Map.of(
             "entry", $entry,
+            "managedZone", $managedZone,
             "tf", $tf)
     );
 end
diff --git a/out/acme/apps.yaml b/out/acme/apps.yaml
index 9ec1663..fddeea6 100644
--- a/out/acme/apps.yaml
+++ b/out/acme/apps.yaml
@@ -4,21 +4,21 @@ data:
   name: "acme-1"
   machine:
     name: "acme-1"
-    fqdn: "acme-1.machine.acme.com"
+    fqdn: "acme-1.machine.acme.com."
 ---
 type: "io.trygvis.acme.AcmeServer"
 data:
   name: "acme-2"
   machine:
     name: "acme-2"
-    fqdn: "acme-2.machine.acme.com"
+    fqdn: "acme-2.machine.acme.com."
 ---
 type: "io.trygvis.acme.AcmeServer"
 data:
   name: "acme-3"
   machine:
     name: "acme-3"
-    fqdn: "acme-3.machine.acme.com"
+    fqdn: "acme-3.machine.acme.com."
 ---
 type: "io.trygvis.acme.apps.AcmeMyApp"
 data:
@@ -138,7 +138,7 @@ data:
 type: "io.trygvis.rules.dba.Container"
 data:
   cluster:
-    name: "acme-myapp-ci"
+    name: "acme-myapp-production"
   name: "db"
   machineRole: "mdb"
   image: "mongodb"
@@ -147,7 +147,7 @@ data:
 type: "io.trygvis.rules.dba.Container"
 data:
   cluster:
-    name: "acme-myapp-production"
+    name: "acme-myapp-ci"
   name: "db"
   machineRole: "mdb"
   image: "mongodb"
@@ -156,7 +156,7 @@ data:
 type: "io.trygvis.rules.dba.Container"
 data:
   cluster:
-    name: "acme-myapp-ci"
+    name: "acme-myapp-production"
   name: "db"
   machineRole: "pdb"
   image: "postgresql"
@@ -165,7 +165,7 @@ data:
 type: "io.trygvis.rules.dba.Container"
 data:
   cluster:
-    name: "acme-myapp-production"
+    name: "acme-myapp-ci"
   name: "db"
   machineRole: "pdb"
   image: "postgresql"
@@ -173,23 +173,23 @@ data:
 ---
 type: "io.trygvis.rules.dns.DnsEntry"
 data:
-  fqdn: "acme-1.machine.acme.com"
+  fqdn: "acme-1.machine.acme.com."
   type: "A"
 ---
 type: "io.trygvis.rules.dns.DnsEntry"
 data:
-  fqdn: "acme-2.machine.acme.com"
+  fqdn: "acme-2.machine.acme.com."
   type: "A"
 ---
 type: "io.trygvis.rules.dns.DnsEntry"
 data:
-  fqdn: "acme-3.machine.acme.com"
+  fqdn: "acme-3.machine.acme.com."
   type: "A"
 ---
 type: "io.trygvis.rules.dns.DnsEntryTerraformExpression"
 data:
   entry:
-    fqdn: "acme-1.machine.acme.com"
+    fqdn: "acme-1.machine.acme.com."
     type: "A"
   key: "acme-1"
   expression: "scaleway_instance_ip.acme-1.address"
@@ -197,7 +197,7 @@ data:
 type: "io.trygvis.rules.dns.DnsEntryTerraformExpression"
 data:
   entry:
-    fqdn: "acme-2.machine.acme.com"
+    fqdn: "acme-2.machine.acme.com."
     type: "A"
   key: "acme-2"
   expression: "scaleway_instance_ip.acme-2.address"
@@ -205,7 +205,7 @@ data:
 type: "io.trygvis.rules.dns.DnsEntryTerraformExpression"
 data:
   entry:
-    fqdn: "acme-3.machine.acme.com"
+    fqdn: "acme-3.machine.acme.com."
     type: "A"
   key: "acme-3"
   expression: "scaleway_instance_ip.acme-3.address"
@@ -218,17 +218,17 @@ data:
 type: "io.trygvis.rules.machine.Machine"
 data:
   name: "acme-1"
-  fqdn: "acme-1.machine.acme.com"
+  fqdn: "acme-1.machine.acme.com."
 ---
 type: "io.trygvis.rules.machine.Machine"
 data:
   name: "acme-2"
-  fqdn: "acme-2.machine.acme.com"
+  fqdn: "acme-2.machine.acme.com."
 ---
 type: "io.trygvis.rules.machine.Machine"
 data:
   name: "acme-3"
-  fqdn: "acme-3.machine.acme.com"
+  fqdn: "acme-3.machine.acme.com."
 ---
 type: "io.trygvis.rules.machine.Machine"
 data:
@@ -240,46 +240,50 @@ data:
   name: "ws-2"
   fqdn: null
 ---
+type: "io.trygvis.rules.terraform.GoogleManagedZoneTerraformExpression"
+data:
+  name: "acme_zone"
+---
 type: "io.trygvis.rules.terraform.ScalewayMachine"
 data:
   machine:
     name: "acme-1"
-    fqdn: "acme-1.machine.acme.com"
+    fqdn: "acme-1.machine.acme.com."
   key: "acme-1"
 ---
 type: "io.trygvis.rules.terraform.ScalewayMachine"
 data:
   machine:
     name: "acme-1"
-    fqdn: "acme-1.machine.acme.com"
+    fqdn: "acme-1.machine.acme.com."
   key: "acme-1"
 ---
 type: "io.trygvis.rules.terraform.ScalewayMachine"
 data:
   machine:
     name: "acme-2"
-    fqdn: "acme-2.machine.acme.com"
+    fqdn: "acme-2.machine.acme.com."
   key: "acme-2"
 ---
 type: "io.trygvis.rules.terraform.ScalewayMachine"
 data:
   machine:
     name: "acme-2"
-    fqdn: "acme-2.machine.acme.com"
+    fqdn: "acme-2.machine.acme.com."
   key: "acme-2"
 ---
 type: "io.trygvis.rules.terraform.ScalewayMachine"
 data:
   machine:
     name: "acme-3"
-    fqdn: "acme-3.machine.acme.com"
+    fqdn: "acme-3.machine.acme.com."
   key: "acme-3"
 ---
 type: "io.trygvis.rules.terraform.ScalewayMachine"
 data:
   machine:
     name: "acme-3"
-    fqdn: "acme-3.machine.acme.com"
+    fqdn: "acme-3.machine.acme.com."
   key: "acme-3"
 ---
 type: "io.trygvis.rules.terraform.ScalewayMachine"
author	Trygve Laugstøl <trygvis@inamo.no>	2021-01-07 23:38:01 +0100
committer	Trygve Laugstøl <trygvis@inamo.no>	2021-01-07 23:38:01 +0100
commit	3d25f7059f518dd8c857dd5e45552ba3ab733aa6 (patch)
tree	e7bbd7f2c6c7cfe41398335da0ab51807b54931c
parent	70d0ad3c9f37e44a9504a0d7f66e412a3f3bba6f (diff)
download	rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.tar.gz rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.tar.bz2 rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.tar.xz rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.zip