diff options
| author | Trygve Laugstøl <trygvis@inamo.no> | 2020-12-28 21:56:05 +0100 |
|---|---|---|
| committer | Trygve Laugstøl <trygvis@inamo.no> | 2020-12-28 21:56:05 +0100 |
| commit | 9851dffc8d915ff01117a5ed8070e5b2a1ef2bb5 (patch) | |
| tree | 6fe7914b793a782079738a936bac595a08902b44 | |
| parent | b8af5cdf274a60f364d34192d4f483f4f4800282 (diff) | |
| download | rules-sandbox-9851dffc8d915ff01117a5ed8070e5b2a1ef2bb5.tar.gz rules-sandbox-9851dffc8d915ff01117a5ed8070e5b2a1ef2bb5.tar.bz2 rules-sandbox-9851dffc8d915ff01117a5ed8070e5b2a1ef2bb5.tar.xz rules-sandbox-9851dffc8d915ff01117a5ed8070e5b2a1ef2bb5.zip | |
Better structure.
Splitting machines and terraform machines, ditto with dns.
37 files changed, 216 insertions, 76 deletions
@@ -2,7 +2,6 @@ all: env/.cookie run: env/.cookie env/bin/python main.py - git add -A out gen find out gen env: diff --git a/gen/dns/acme-1.machine.acme.corp.tf b/gen/dns/acme-1.machine.acme.corp.tf new file mode 100644 index 0000000..cb408cb --- /dev/null +++ b/gen/dns/acme-1.machine.acme.corp.tf @@ -0,0 +1,8 @@ +resource "google_dns_record_set" "acme-1.machine.acme.corp" { + name = "acme-1.machine.acme.corp" + managed_zone = "None" + type = "A" + ttl = 300 + + rrdatas = [None] +} diff --git a/gen/dns/acme-2.machine.acme.corp.tf b/gen/dns/acme-2.machine.acme.corp.tf new file mode 100644 index 0000000..9edfe76 --- /dev/null +++ b/gen/dns/acme-2.machine.acme.corp.tf @@ -0,0 +1,8 @@ +resource "google_dns_record_set" "acme-2.machine.acme.corp" { + name = "acme-2.machine.acme.corp" + managed_zone = "None" + type = "A" + ttl = 300 + + rrdatas = [None] +} diff --git a/gen/dns/acme-3.machine.acme.corp.tf b/gen/dns/acme-3.machine.acme.corp.tf new file mode 100644 index 0000000..940dbf2 --- /dev/null +++ b/gen/dns/acme-3.machine.acme.corp.tf @@ -0,0 +1,8 @@ +resource "google_dns_record_set" "acme-3.machine.acme.corp" { + name = "acme-3.machine.acme.corp" + managed_zone = "None" + type = "A" + ttl = 300 + + rrdatas = [None] +} diff --git a/gen/platform/ansible/acme-1.tf b/gen/platform/ansible/acme-1.tf deleted file mode 100644 index 686275d..0000000 --- a/gen/platform/ansible/acme-1.tf +++ /dev/null @@ -1 +0,0 @@ -# Ansible diff --git a/gen/platform/ansible/acme-1.yml b/gen/platform/ansible/acme-1.yml new file mode 100644 index 0000000..f5849b2 --- /dev/null +++ b/gen/platform/ansible/acme-1.yml @@ -0,0 +1,6 @@ +# Ansible +- hosts: + - acme-1 + tasks: + - import_role: + name: acme-platform diff --git a/gen/platform/ansible/acme-2.tf b/gen/platform/ansible/acme-2.tf deleted file mode 100644 index 686275d..0000000 --- a/gen/platform/ansible/acme-2.tf +++ /dev/null @@ -1 +0,0 @@ -# Ansible diff --git a/gen/platform/ansible/acme-2.yml b/gen/platform/ansible/acme-2.yml new file mode 100644 index 0000000..755c214 --- /dev/null +++ b/gen/platform/ansible/acme-2.yml @@ -0,0 +1,6 @@ +# Ansible +- hosts: + - acme-2 + tasks: + - import_role: + name: acme-platform diff --git a/gen/platform/ansible/acme-3.tf b/gen/platform/ansible/acme-3.tf deleted file mode 100644 index 686275d..0000000 --- a/gen/platform/ansible/acme-3.tf +++ /dev/null @@ -1 +0,0 @@ -# Ansible diff --git a/gen/platform/ansible/acme-3.yml b/gen/platform/ansible/acme-3.yml new file mode 100644 index 0000000..880a21f --- /dev/null +++ b/gen/platform/ansible/acme-3.yml @@ -0,0 +1,6 @@ +# Ansible +- hosts: + - acme-3 + tasks: + - import_role: + name: acme-platform diff --git a/gen/platform/terraform/acme-1.tf b/gen/platform/terraform/acme-1.tf index d488fbc..06b681f 100644 --- a/gen/platform/terraform/acme-1.tf +++ b/gen/platform/terraform/acme-1.tf @@ -13,14 +13,3 @@ resource "scaleway_instance_ip_reverse_dns" "acme-1" { ip_id = scaleway_instance_ip.acme-1.id reverse = "acme-1.${google_dns_managed_zone.machine.dns_name}" } - -resource "google_dns_record_set" "acme-1" { - name = "acme-1.${google_dns_managed_zone.machine.dns_name}" - managed_zone = google_dns_managed_zone.machine.name - type = "A" - ttl = 300 - - rrdatas = [scaleway_instance_ip.acme-1.public_ip] - - depends_on = [google_dns_managed_zone.ci] -} diff --git a/gen/platform/terraform/acme-2.tf b/gen/platform/terraform/acme-2.tf index e791c61..d2e41b0 100644 --- a/gen/platform/terraform/acme-2.tf +++ b/gen/platform/terraform/acme-2.tf @@ -13,14 +13,3 @@ resource "scaleway_instance_ip_reverse_dns" "acme-2" { ip_id = scaleway_instance_ip.acme-2.id reverse = "acme-2.${google_dns_managed_zone.machine.dns_name}" } - -resource "google_dns_record_set" "acme-2" { - name = "acme-2.${google_dns_managed_zone.machine.dns_name}" - managed_zone = google_dns_managed_zone.machine.name - type = "A" - ttl = 300 - - rrdatas = [scaleway_instance_ip.acme-2.public_ip] - - depends_on = [google_dns_managed_zone.ci] -} diff --git a/gen/platform/terraform/acme-3.tf b/gen/platform/terraform/acme-3.tf index 13977bd..4a84d3f 100644 --- a/gen/platform/terraform/acme-3.tf +++ b/gen/platform/terraform/acme-3.tf @@ -13,14 +13,3 @@ resource "scaleway_instance_ip_reverse_dns" "acme-3" { ip_id = scaleway_instance_ip.acme-3.id reverse = "acme-3.${google_dns_managed_zone.machine.dns_name}" } - -resource "google_dns_record_set" "acme-3" { - name = "acme-3.${google_dns_managed_zone.machine.dns_name}" - managed_zone = google_dns_managed_zone.machine.name - type = "A" - ttl = 300 - - rrdatas = [scaleway_instance_ip.acme-3.public_ip] - - depends_on = [google_dns_managed_zone.ci] -} diff --git a/gen/platform/terraform/main.tf b/gen/platform/terraform/main.tf new file mode 100644 index 0000000..3f217ed --- /dev/null +++ b/gen/platform/terraform/main.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + scaleway = { + source = "scaleway/scaleway" + } + } +} diff --git a/j2/platform-ansible.j2 b/j2/platform-ansible.j2 index 686275d..72e3247 100644 --- a/j2/platform-ansible.j2 +++ b/j2/platform-ansible.j2 @@ -1 +1,6 @@ # Ansible +- hosts: + - {{ m.key }} + tasks: + - import_role: + name: acme-platform diff --git a/j2/terraform-machine.j2 b/j2/terraform-machine.j2 index 7a00001..e6f0fe9 100644 --- a/j2/terraform-machine.j2 +++ b/j2/terraform-machine.j2 @@ -13,14 +13,3 @@ resource "scaleway_instance_ip_reverse_dns" "{{ m.key }}" { ip_id = scaleway_instance_ip.{{ m.key }}.id reverse = "{{ m.key }}.${google_dns_managed_zone.machine.dns_name}" } - -resource "google_dns_record_set" "{{ m.key }}" { - name = "{{ m.key }}.${google_dns_managed_zone.machine.dns_name}" - managed_zone = google_dns_managed_zone.machine.name - type = "A" - ttl = 300 - - rrdatas = [scaleway_instance_ip.{{ m.key }}.public_ip] - - depends_on = [google_dns_managed_zone.ci] -} diff --git a/j2/terraform-record-set.j2 b/j2/terraform-record-set.j2 new file mode 100644 index 0000000..7dea150 --- /dev/null +++ b/j2/terraform-record-set.j2 @@ -0,0 +1,8 @@ +resource "google_dns_record_set" "{{ m.key }}" { + name = "{{ m.fqdn }}" + managed_zone = "{{ m.terraformManagedZone }}" + type = "{{ m.rrType }}" + ttl = 300 + + rrdatas = [{{ m.terraformIp }}] +} @@ -7,11 +7,60 @@ import jinja2 from utils import * +class Dns: + @staticmethod + def a(fqdn: str): + return {"type": "dns-entry", + "key": fqdn, + "fqdn": fqdn, + "rrType": "A" + } + class Machine: @staticmethod def make(name: str): return {"type": "machine", "key": name, "name": name} + @staticmethod + def declare_rules(): + @when_all((m.type == "machine")) + def acmeApp(c): + c.assert_fact(Dns.a(f"{c.m.name}.machine.acme.corp")) + +class Terraform: + @staticmethod + def recordSet(fqdn: str): + return {"type": "terraform-record-set", + "key": fqdn, + "fqdn": fqdn, + "rrType": "A" + } + + @staticmethod + def machine(key: str): + return {"type": "terraform-machine", + "key": key, + } + + @staticmethod + def declare_rules(): + @when_all((m.type == "dns-entry")) + def onDnsEntry(c): + c.assert_fact(Terraform.recordSet(c.m.fqdn)) + + @when_all((m.type == "terraform-record-set")) + def defaultTerraformRecordSet(c): + pass + + @when_all((m.type == "machine")) + def onDnsEntry(c): + print(f"matched machine: {c.m}") + c.assert_fact(Terraform.machine(c.m.key)) + + @when_all((m.type == "terraform-machine")) + def defaultTerraformMachine(c): + print(f"matched terraform-machine: {c.m}") + class Acme: @staticmethod def make(env: str, tag: str): @@ -69,6 +118,8 @@ dba = DockerBasedApplications with ruleset("phase-1"): Acme.declare_rules() AcmeOperations.declare_rules() + Machine.declare_rules() + Terraform.declare_rules() @when_all(+s.exception) def second(c): @@ -82,7 +133,8 @@ with ruleset("phase-1"): @when_all(pri(1000), (m.type == 'dba-container')) def dba_container(c): - print(f"dba-container: {c.m}") + pass + # print(f"dba-container: {c.m}") @when_all(pri(900), (m.type == 'dba-container') & (m.image == "statera") & -m.ports) def addPortsToStatera(c): @@ -105,7 +157,7 @@ with ruleset("phase-1"): cluster = c.container.cluster try: c.assert_fact(dba.cluster(cluster)) - print(f"NEW CLUSTER: c.container={c.container}") + # print(f"NEW CLUSTER: c.container={c.container}") except MessageObservedException: pass @@ -134,7 +186,7 @@ x = assert_fact("phase-1", m1); print(f"x: {x}") x = assert_fact("phase-1", m2); print(f"x: {x}") x = assert_fact("phase-1", m3); print(f"x: {x}") -if True: +if False: print("Facts:") for f in get_facts("phase-1"): print(f"fact: {f}") @@ -186,13 +238,15 @@ with ruleset("phase-2"): c.container << ((m.type == "dba-container") & +m.ports_classified & (m.public_ports > 0)) ) def container(c): - print(f"public container") - print(f" cluster: {c.cluster}") - print(f" container: {c.container}") + pass + # print(f"public container") + # print(f" cluster: {c.cluster}") + # print(f" container: {c.container}") @when_all(((m.type == "dba-container") & (+m.ports_classified) & (m.public_ports == 0))) def container(c): - print(f"private container: {c.m}") + pass + # print(f"private container: {c.m}") print("PHASE 2") @@ -208,30 +262,55 @@ os.mkdir("gen") os.mkdir("gen/platform") os.mkdir("gen/platform/terraform") os.mkdir("gen/platform/ansible") +os.mkdir("gen/dns") -print("PHASE 3") +print("PHASE 3: Generating stuff") file_loader = jinja2.FileSystemLoader("j2") j2 = jinja2.Environment(loader=file_loader) with ruleset("phase-3"): - @when_all(pri(1), (m.type == "machine")) - def terraformForMachine(c): + @when_all((m.type == "terraform-machine"), none(m.done == "platform/terraform/main.tf")) + def mainTf(c): + print("yo") + c.assert_fact({"type": "meta", "done": "platform/terraform/main.tf"}) + with open(f"gen/platform/terraform/main.tf", "w") as f: + f.write(""" +terraform { + required_providers { + scaleway = { + source = "scaleway/scaleway" + } + } +}""".strip()) + f.write("\n") + + + @when_all((m.type == "terraform-machine")) + def ansibleMachine(c): + template = j2.get_template("platform-ansible.j2") + with open(f"gen/platform/ansible/{c.m.key}.yml", "w") as f: + s = template.render(**{"m": c.m}) + f.write(s.strip()) + f.write("\n") + + @when_all((m.type == "terraform-machine")) + def terraformMachine(c): template = j2.get_template("terraform-machine.j2") with open(f"gen/platform/terraform/{c.m.key}.tf", "w") as f: s = template.render(**{"m": c.m}) f.write(s.strip()) f.write("\n") - @when_all(pri(1), (m.type == "machine")) - def ansibleForMachine(c): - template = j2.get_template("platform-ansible.j2") - with open(f"gen/platform/ansible/{c.m.key}.tf", "w") as f: + @when_all((m.type == "terraform-record-set")) + def terraformRecordSet(c): + template = j2.get_template("terraform-record-set.j2") + with open(f"gen/dns/{c.m.key}.tf", "w") as f: s = template.render(**{"m": c.m}) f.write(s.strip()) f.write("\n") -for f in [f for f in get_facts("phase-1") if f["type"] in ("machine")]: +for f in [f for f in get_facts("phase-1") if f["type"] in ("terraform-record-set", "terraform-machine")]: x = assert_fact("phase-3", f); print(f"x: {x}") write_facts("phase-3") diff --git a/out/phase-1/dns-entry/acme-1.machine.acme.corp.yaml b/out/phase-1/dns-entry/acme-1.machine.acme.corp.yaml new file mode 100644 index 0000000..d9d83ed --- /dev/null +++ b/out/phase-1/dns-entry/acme-1.machine.acme.corp.yaml @@ -0,0 +1,4 @@ +fqdn: acme-1.machine.acme.corp +key: acme-1.machine.acme.corp +rrType: A +type: dns-entry diff --git a/out/phase-1/dns-entry/acme-2.machine.acme.corp.yaml b/out/phase-1/dns-entry/acme-2.machine.acme.corp.yaml new file mode 100644 index 0000000..b782af3 --- /dev/null +++ b/out/phase-1/dns-entry/acme-2.machine.acme.corp.yaml @@ -0,0 +1,4 @@ +fqdn: acme-2.machine.acme.corp +key: acme-2.machine.acme.corp +rrType: A +type: dns-entry diff --git a/out/phase-1/dns-entry/acme-3.machine.acme.corp.yaml b/out/phase-1/dns-entry/acme-3.machine.acme.corp.yaml new file mode 100644 index 0000000..28ee130 --- /dev/null +++ b/out/phase-1/dns-entry/acme-3.machine.acme.corp.yaml @@ -0,0 +1,4 @@ +fqdn: acme-3.machine.acme.corp +key: acme-3.machine.acme.corp +rrType: A +type: dns-entry diff --git a/out/phase-1/terraform-machine/acme-1.yaml b/out/phase-1/terraform-machine/acme-1.yaml new file mode 100644 index 0000000..90653fe --- /dev/null +++ b/out/phase-1/terraform-machine/acme-1.yaml @@ -0,0 +1,2 @@ +key: acme-1 +type: terraform-machine diff --git a/out/phase-1/terraform-machine/acme-2.yaml b/out/phase-1/terraform-machine/acme-2.yaml new file mode 100644 index 0000000..79b0ce6 --- /dev/null +++ b/out/phase-1/terraform-machine/acme-2.yaml @@ -0,0 +1,2 @@ +key: acme-2 +type: terraform-machine diff --git a/out/phase-1/terraform-machine/acme-3.yaml b/out/phase-1/terraform-machine/acme-3.yaml new file mode 100644 index 0000000..8d77b80 --- /dev/null +++ b/out/phase-1/terraform-machine/acme-3.yaml @@ -0,0 +1,2 @@ +key: acme-3 +type: terraform-machine diff --git a/out/phase-1/terraform-record-set/acme-1.machine.acme.corp.yaml b/out/phase-1/terraform-record-set/acme-1.machine.acme.corp.yaml new file mode 100644 index 0000000..9537d73 --- /dev/null +++ b/out/phase-1/terraform-record-set/acme-1.machine.acme.corp.yaml @@ -0,0 +1,4 @@ +fqdn: acme-1.machine.acme.corp +key: acme-1.machine.acme.corp +rrType: A +type: terraform-record-set diff --git a/out/phase-1/terraform-record-set/acme-2.machine.acme.corp.yaml b/out/phase-1/terraform-record-set/acme-2.machine.acme.corp.yaml new file mode 100644 index 0000000..b00bb5c --- /dev/null +++ b/out/phase-1/terraform-record-set/acme-2.machine.acme.corp.yaml @@ -0,0 +1,4 @@ +fqdn: acme-2.machine.acme.corp +key: acme-2.machine.acme.corp +rrType: A +type: terraform-record-set diff --git a/out/phase-1/terraform-record-set/acme-3.machine.acme.corp.yaml b/out/phase-1/terraform-record-set/acme-3.machine.acme.corp.yaml new file mode 100644 index 0000000..94a3056 --- /dev/null +++ b/out/phase-1/terraform-record-set/acme-3.machine.acme.corp.yaml @@ -0,0 +1,4 @@ +fqdn: acme-3.machine.acme.corp +key: acme-3.machine.acme.corp +rrType: A +type: terraform-record-set diff --git a/out/phase-3/machine/acme-1.yaml b/out/phase-3/machine/acme-1.yaml deleted file mode 100644 index 9e4356e..0000000 --- a/out/phase-3/machine/acme-1.yaml +++ /dev/null @@ -1,3 +0,0 @@ -key: acme-1 -name: acme-1 -type: machine diff --git a/out/phase-3/machine/acme-2.yaml b/out/phase-3/machine/acme-2.yaml deleted file mode 100644 index 24655d8..0000000 --- a/out/phase-3/machine/acme-2.yaml +++ /dev/null @@ -1,3 +0,0 @@ -key: acme-2 -name: acme-2 -type: machine diff --git a/out/phase-3/machine/acme-3.yaml b/out/phase-3/machine/acme-3.yaml deleted file mode 100644 index d7d75ff..0000000 --- a/out/phase-3/machine/acme-3.yaml +++ /dev/null @@ -1,3 +0,0 @@ -key: acme-3 -name: acme-3 -type: machine diff --git a/out/phase-3/terraform-machine/acme-1.yaml b/out/phase-3/terraform-machine/acme-1.yaml new file mode 100644 index 0000000..90653fe --- /dev/null +++ b/out/phase-3/terraform-machine/acme-1.yaml @@ -0,0 +1,2 @@ +key: acme-1 +type: terraform-machine diff --git a/out/phase-3/terraform-machine/acme-2.yaml b/out/phase-3/terraform-machine/acme-2.yaml new file mode 100644 index 0000000..79b0ce6 --- /dev/null +++ b/out/phase-3/terraform-machine/acme-2.yaml @@ -0,0 +1,2 @@ +key: acme-2 +type: terraform-machine diff --git a/out/phase-3/terraform-machine/acme-3.yaml b/out/phase-3/terraform-machine/acme-3.yaml new file mode 100644 index 0000000..8d77b80 --- /dev/null +++ b/out/phase-3/terraform-machine/acme-3.yaml @@ -0,0 +1,2 @@ +key: acme-3 +type: terraform-machine diff --git a/out/phase-3/terraform-record-set/acme-1.machine.acme.corp.yaml b/out/phase-3/terraform-record-set/acme-1.machine.acme.corp.yaml new file mode 100644 index 0000000..9537d73 --- /dev/null +++ b/out/phase-3/terraform-record-set/acme-1.machine.acme.corp.yaml @@ -0,0 +1,4 @@ +fqdn: acme-1.machine.acme.corp +key: acme-1.machine.acme.corp +rrType: A +type: terraform-record-set diff --git a/out/phase-3/terraform-record-set/acme-2.machine.acme.corp.yaml b/out/phase-3/terraform-record-set/acme-2.machine.acme.corp.yaml new file mode 100644 index 0000000..b00bb5c --- /dev/null +++ b/out/phase-3/terraform-record-set/acme-2.machine.acme.corp.yaml @@ -0,0 +1,4 @@ +fqdn: acme-2.machine.acme.corp +key: acme-2.machine.acme.corp +rrType: A +type: terraform-record-set diff --git a/out/phase-3/terraform-record-set/acme-3.machine.acme.corp.yaml b/out/phase-3/terraform-record-set/acme-3.machine.acme.corp.yaml new file mode 100644 index 0000000..94a3056 --- /dev/null +++ b/out/phase-3/terraform-record-set/acme-3.machine.acme.corp.yaml @@ -0,0 +1,4 @@ +fqdn: acme-3.machine.acme.corp +key: acme-3.machine.acme.corp +rrType: A +type: terraform-record-set @@ -32,14 +32,22 @@ def write_facts(ruleset: set): os.mkdir(typedir) fs = [] - for f in facts: - if f["type"] != t: + for fact in facts: + if fact["type"] != t: continue + + if fact["type"] == "meta": + continue + + if fact.get("key") is None: + raise Exception(f"Bad fact: no 'key' {fact}") + try: - del f["sid"] + del fact["sid"] except KeyError: pass - fs.append(f) + + fs.append(fact) i = 0 for fact in sorted(fs, key=lambda f: f["key"]): |