terraform: update .gitignore

terraform: rewrite ansible_inventory as yaml instead of ini
terraform: rename output directory
2022-06-16 18:07:06 +02:00 · 2022-06-16 18:06:53 +02:00 · 2022-06-16 18:05:09 +02:00 · 2022-06-16 17:53:52 +02:00 · 2022-06-16 17:53:38 +02:00
19 changed files with 235 additions and 74 deletions
--- a/ansible/group_vars/all/vars.yml
+++ b/ansible/group_vars/all/vars.yml
@ -3,5 +3,6 @@
 sshwifty_internal_port: 8080
 sshwifty_configuration_directory: "/etc/sshwifty"
 sshwifty_work_directory: "/var/lib/sshwifty"
+sshwifty_gateway_access: false

 #
--- a/ansible/host_vars/prod-gateway4/vars.yml
+++ b/ansible/host_vars/prod-gateway4/vars.yml
@ -0,0 +1 @@
+---
--- a/ansible/inventories/terraform
+++ b/ansible/inventories/terraform
@ -1 +1 @@
-../../terraform/outputs/inventory
+../../terraform/_build/ansible_inventory
--- a/ansible/tasks/setup_sshwifty.yml
+++ b/ansible/tasks/setup_sshwifty.yml
@ -1,4 +1,20 @@
 ---
+# - name: Check sshwifty_* variables are not empty
+#   assert:
+#     that:
+#       sshwifty_configuration_directory
+#       sshwifty_hostname
+#       sshwifty_public_port
+#       sshwifty_shared_key
+#       sshwifty_authentication
+#       sshwifty_ssh_password
+#       sshwifty_ssh_user
+#       sshwifty_internal_port
+#       sshwifty_configuration_directory
+#       sshwifty_work_directory
+#       sshwifty_gateway_access
+#   msg: ""
+
 - name: Install required system packages
  ansible.builtin.apt:
    name:
@ -43,7 +59,7 @@
 - name: Run SSHwifty
  community.docker.docker_compose:
    project_src: "{{ sshwifty_work_directory }}"
-    recreate: smart
+    recreate: always
    state: present

 #
--- a/ansible/templates/sshwifty.conf-with-gateway.j2
+++ b/ansible/templates/sshwifty.conf-with-gateway.j2
@ -0,0 +1,66 @@
+{# vim: set ts=2 sw=2 et ft=jinja2,json : #}
+{
+  {# "HostName": "localhost", #}
+  "SharedKey": "{{ sshwifty_shared_key }}",
+  "DialTimeout": 10,
+  "Servers": [
+    {
+      "ListenInterface": "0.0.0.0",
+      "ListenPort": 8182,
+      "InitialTimeout": 3,
+      "ReadTimeout": 60,
+      "WriteTimeout": 60,
+      "HeartbeatTimeout": 20,
+      "ReadDelay": 10,
+      "WriteDelay": 10 {# , #}
+      {# "TLSCertificateFile": "", #}
+      {# "TLSCertificateKeyFile": "" #}
+    }
+  ],
+  "Presets": [
+    {% for host in groups['role_mongo'] %}
+      {% set server_group_id = loop.index0 // mongo_replicas_count %}
+      {% set server_index = loop.index0 % mongo_replicas_count %}
+      {% set server_ip_addr = hostvars[host]['ansible_facts']['default_ipv4']['address'] %}
+      {% if server_group_id == mongo_group_id %}
+      {
+        "Title": "Group {{ server_group_id }} - Server {{ server_index }} ({{ host }})",
+        "Type": "SSH",
+        "Host": "{{ server_ip_addr }}:22",
+        "Meta": {
+        "User": "{{ sshwifty_ssh_user }}",
+        {% if "password" == sshwifty_authentication | lower %}
+        "Authentication": "Password",
+        "Password": "{{ sshwifty_ssh_password }}",
+        {% else %}
+        "Authentication": "Private Key",
+        "Private Key": "file://{{ sshwifty_ssh_private_key }}",
+        {% endif %}
+        {# "Fingerprint": home"SHA256:bgO...." #}
+        "Encoding": "utf-8"
+        }
+      }{% if not loop.last %},{% endif %}
+      {% endif %}
+    {% endfor %}
+    {#
+    {
+      "Title": "Group {{ mongo_group_id }} - Gateway ({{ ansible_facts['hostname'] }})",
+      "Type": "SSH",
+      "Host": "{{ ansible_ssh_host }}:22",
+      "Meta": {
+        "User": "{{ sshwifty_ssh_user }}",
+        {% if "password" == sshwifty_authentication | lower %}
+          "Authentication": "Password",
+          "Password": "{{ sshwifty_ssh_password }}",
+        {% else %}
+          "Authentication": "Private Key",
+          "Private Key": "file://{{ sshwifty_ssh_private_key }}",
+        {% endif %}
+        {# "Fingerprint": "SHA256:bgO...." #}
+        "Encoding": "utf-8"
+      }
+    }
+    #}
+  ],
+  "OnlyAllowPresetRemotes": true
+}
--- a/ansible/templates/sshwifty.conf.j2
+++ b/ansible/templates/sshwifty.conf.j2
@ -1,4 +1,4 @@
-{# vim: set ts=2 sw=2 et ft=jinja2,json : #}
+{# vim: set ts=2 sw=2 et ft=jinja2 : #}
 {
  {# "HostName": "localhost", #}
  "SharedKey": "{{ sshwifty_shared_key }}",
@ -18,47 +18,49 @@
    }
  ],
  "Presets": [
-    {% for host in groups['role_mongo'] %}
-      {% set server_group_id = loop.index0 // mongo_replicas_count %}
-      {% set server_index = loop.index0 % mongo_replicas_count %}
-      {% set server_ip_addr = hostvars[host]['ansible_facts']['default_ipv4']['address'] %}
-      {% if server_group_id == mongo_group_id %}
+    {%- for host in groups['role_mongo'] -%}
+      {%- set server_group_id = loop.index0 // mongo_replicas_count -%}
+      {%- set server_index = loop.index0 % mongo_replicas_count -%}
+      {%- set server_ip_addr = hostvars[host]['ansible_facts']['default_ipv4']['address'] -%}
+      {%- if server_group_id == mongo_group_id -%}
      {
        "Title": "Group {{ server_group_id }} - Server {{ server_index }} ({{ host }})",
        "Type": "SSH",
        "Host": "{{ server_ip_addr }}:22",
        "Meta": {
        "User": "{{ sshwifty_ssh_user }}",
-        {% if "password" == sshwifty_authentication | lower %}
+        {%- if "password" == sshwifty_authentication | lower -%}
        "Authentication": "Password",
        "Password": "{{ sshwifty_ssh_password }}",
-        {% else %}
+        {%- else -%}
        "Authentication": "Private Key",
        "Private Key": "file://{{ sshwifty_ssh_private_key }}",
-        {% endif %}
+        {%- endif -%}
        {# "Fingerprint": home"SHA256:bgO...." #}
        "Encoding": "utf-8"
        }
-      },
-      {% endif %}
-    {% endfor %}
+      }{%- if sshwifty_gateway_access or (server_index + 1) < mongo_replicas_count -%},{%- endif -%}
+      {%- endif -%}
+    {%- endfor -%}
+    {%- if sshwifty_gateway_access -%}
    {
      "Title": "Group {{ mongo_group_id }} - Gateway ({{ ansible_facts['hostname'] }})",
      "Type": "SSH",
      "Host": "{{ ansible_ssh_host }}:22",
      "Meta": {
        "User": "{{ sshwifty_ssh_user }}",
-        {% if "password" == sshwifty_authentication | lower %}
+        {%- if "password" == sshwifty_authentication | lower -%}
          "Authentication": "Password",
          "Password": "{{ sshwifty_ssh_password }}",
-        {% else %}
+        {%- else -%}
          "Authentication": "Private Key",
          "Private Key": "file://{{ sshwifty_ssh_private_key }}",
-        {% endif %}
+        {%- endif -%}
        {# "Fingerprint": "SHA256:bgO...." #}
        "Encoding": "utf-8"
      }
    }
+    {%- endif -%}
  ],
  "OnlyAllowPresetRemotes": true
 }
--- a/terraform/.gitignore
+++ b/terraform/.gitignore
@ -1,4 +1,4 @@
 .terraform
 .terraform.lock.hcl
-outputs/*
+_build/*
 *.tfstate*
--- a/terraform/outputs/.empty
+++ b/terraform/outputs/.empty
--- a/terraform/domains.tf
+++ b/terraform/domains.tf
@ -1,17 +1,17 @@

-resource "gandi_livedns_record" "gateways_exploreko_org" {
+resource "gandi_livedns_record" "mongo_gateways" {
  count  = var.mongo_groups_count
  zone   = var.domain_name
-  name   = "gateway${count.index}.teaching"
+  name   = "gateway${count.index}.${var.subdomain_suffix}"
  type   = "A"
  ttl    = 3600
-  values = [openstack_compute_instance_v2.mongo_gateway[count.index].access_ip_v4]
+  values = [openstack_compute_instance_v2.mongo_gateways[count.index].access_ip_v4]
 }

-resource "gandi_livedns_record" "mongos_exploreko_org" {
-  count = var.mongo_replicas_count * var.mongo_groups_count
+resource "gandi_livedns_record" "mongo_servers" {
+  count  = var.mongo_replicas_count * var.mongo_groups_count
  zone   = var.domain_name
-  name   = "mongo${count.index}.teaching"
+  name   = "mongo${openstack_compute_instance_v2.mongo_servers[count.index].metadata.mongo_group_id}-${openstack_compute_instance_v2.mongo_servers[count.index].metadata.mongo_group_index}.${var.subdomain_suffix}"
  type   = "A"
  ttl    = 3600
  values = [openstack_compute_instance_v2.mongo_servers[count.index].access_ip_v4]
--- a/terraform/fdj.tfvars
+++ b/terraform/fdj.tfvars
@ -0,0 +1,9 @@
+# mongo_groups_count   = 10
+mongo_gateways_enable = false
+mongo_servers_enable = false
+mongo_groups_count   = 10
+mongo_replicas_count = 1
+ssh_private_key      = "~/.ssh/keyring.syntaxio/francaise-des-jeux/id_ed25519"
+ssh_public_key       = "~/.ssh/keyring.syntaxio/francaise-des-jeux/id_ed25519.pub"
+domain_name          = "glenux.net"
+subdomain_suffix     = "teaching"
--- a/terraform/instances.tf
+++ b/terraform/instances.tf
@ -1,62 +1,55 @@

 # Création d'une ressource de paire de clés SSH
 resource "openstack_compute_keypair_v2" "provision_keypair" {
-  provider   = openstack.ovh             
+  provider   = openstack.ovh
  name       = "provision_keypair"
-  public_key = file(var.ssh_public_key) 
+  public_key = file(var.ssh_public_key)
 }

-resource "openstack_compute_instance_v2" "mongo_gateway" {
+resource "openstack_compute_instance_v2" "mongo_gateways" {
  count       = var.mongo_groups_count
  name        = "prod-gateway${count.index}" # Nom de l'instance
-  provider    = openstack.ovh                     # Nom du fournisseur
-  image_name  = "Debian 11"                       # Nom de l'image
-  flavor_name = "s1-2"                            # Nom du type d'instance
+  provider    = openstack.ovh                # Nom du fournisseur
+  image_name  = "Debian 11"                  # Nom de l'image
+  flavor_name = "s1-2"                       # Nom du type d'instance
  # flavor_name = "s1-8"                            # Nom du type d'instance
  # flavor_name = "d2-8"                            # Nom du type d'instance
  # Nom de la ressource openstack_compute_keypair_v2 nommée test_keypair
  key_pair = openstack_compute_keypair_v2.provision_keypair.name
+  power_state = var.mongo_servers_enable ? "active" : "shutoff"

  metadata = {
-    ansible-group = "gateways"
-    mongo-group-id = count.index
+    ansible_group  = "gateways"
+    mongo_group_id = count.index
  }

  # Ajoute le composant réseau pour atteindre votre instance
  network {
-    name = "Ext-Net" 
+    name = "Ext-Net"
  }
-
-  # provisioner "local-exec" {
-  #   command = "ansible-playbook -i inventories/terraform --private-key ${var.ssh_private_key} -e 'pub_key=${var.ssh_public_key}' playbook.yml --limit ${self.name}"
-  #   working_dir = "../ansible"
-  #   environment = {
-  #     ANSIBLE_HOST_KEY_CHECKING = "False"
-  #   }
-
-  # }
 }

 # Création d'une instance
 resource "openstack_compute_instance_v2" "mongo_servers" {
  count       = var.mongo_replicas_count * var.mongo_groups_count
  name        = "prod-server${count.index}" # Nom de l'instance
-  provider    = openstack.ovh                     # Nom du fournisseur
-  image_name  = "Debian 11"                       # Nom de l'image
-  flavor_name = "s1-2"                            # Nom du type d'instance
+  provider    = openstack.ovh               # Nom du fournisseur
+  image_name  = "Debian 11"                 # Nom de l'image
+  flavor_name = "s1-2"                      # Nom du type d'instance
  # flavor_name = "s1-8"                            # Nom du type d'instance
  # flavor_name = "d2-8"                            # Nom du type d'instance
  # Nom de la ressource openstack_compute_keypair_v2 nommée test_keypair
  key_pair = openstack_compute_keypair_v2.provision_keypair.name
+  power_state = var.mongo_servers_enable ? "active" : "shutoff"

  metadata = {
-    ansible-group = "mongos"
-    mongo-group-id = floor(count.index / var.mongo_replicas_count)
-    mongo-group-index = count.index % var.mongo_replicas_count
+    ansible_group     = "mongos"
+    mongo_group_id    = floor(count.index / var.mongo_replicas_count)
+    mongo_group_index = count.index % var.mongo_replicas_count
  }
  # Ajoute le composant réseau pour atteindre votre instance
  network {
-    name = "Ext-Net" 
+    name = "Ext-Net"
  }

  # provisioner "local-exec" {
--- a/terraform/output.tf
+++ b/terraform/output.tf
@ -1,12 +0,0 @@
-resource "local_file" "ansible_inventory" {
-  content = templatefile("templates/inventory.tmpl",
-    {
-		  mongo_gateways = openstack_compute_instance_v2.mongo_gateway.*
-		  mongo_servers = openstack_compute_instance_v2.mongo_servers.*
-		  mongo_groups_count = var.mongo_groups_count
-		  mongo_replicas_count = var.mongo_replicas_count
-    }
-  )
-  filename = "outputs/inventory"
-  file_permission = "0644"
-}
--- a/terraform/outputs.tf
+++ b/terraform/outputs.tf
@ -0,0 +1,16 @@
+resource "local_file" "ansible_inventory" {
+  content = templatefile("templates/inventory.yml.tmpl",
+    {
+      dns_gateways         = gandi_livedns_record.mongo_gateways.*
+      dns_servers          = gandi_livedns_record.mongo_gateways.*
+      mongo_gateways       = openstack_compute_instance_v2.mongo_gateways.*
+      mongo_servers        = openstack_compute_instance_v2.mongo_servers.*
+      mongo_groups_count   = var.mongo_groups_count
+      mongo_replicas_count = var.mongo_replicas_count
+    }
+  )
+  filename        = "_build/ansible_inventory"
+  file_permission = "0644"
+
+}
+
--- a/terraform/provider.tf
+++ b/terraform/provider.tf
@ -12,14 +12,14 @@ terraform {
    }

    gandi = {
-      source = "go-gandi/gandi"
+      source  = "go-gandi/gandi"
      version = "~> 2.0.1"
    }
  }
 }

 provider "gandi" {
-  key = "${var.gandi_key}"
+  key = var.gandi_key
 }

 provider "openstack" {
--- a/terraform/provision.tf
+++ b/terraform/provision.tf
@ -0,0 +1,25 @@
+
+resource "null_resource" "ansible" {
+  count = (var.mongo_gateways_enable && var.mongo_servers_enable) ? 1 : 0
+  depends_on = [local_file.ansible_inventory]
+
+  triggers = {
+    always_run = "${timestamp()}"
+  }
+
+  provisioner "local-exec" {
+    environment = {
+      ANSIBLE_HOST_KEY_CHECKING = "False"
+    }
+    working_dir = "../ansible"
+    command     = <<-EOT
+      ansible-playbook \
+        -i inventories/terraform \
+        --private-key ${var.ssh_private_key} \
+        -e 'pub_key=${var.ssh_public_key}' \
+        playbook.yml
+    EOT
+  }
+
+}
+
--- a/terraform/provisionners.tf
+++ b/terraform/provisionners.tf
@ -1,4 +0,0 @@
-
-# provisioner "local-exec" {
-#   command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i outputs/inventory --private-key ${var.private_key} -e 'pub_key=${var.pub_key}' playbook.yml"
-# }
--- a/terraform/templates/inventory.ini.tmpl
+++ b/terraform/templates/inventory.ini.tmpl
@ -1,8 +1,8 @@
 %{ for index, instance in mongo_gateways ~}
-${ instance.name } ansible_user=debian ansible_host=${instance.network[0].fixed_ip_v4}
+${ instance.name } ansible_user=debian ansible_host=${instance.network[0].fixed_ip_v4} sshwifty_hostname=${dns_gateways[index].name}.${dns_gateways[index].zone} mongo_group_id=${instance.metadata.mongo_group_id}
 %{ endfor ~}
 %{ for index, instance in mongo_servers ~}
-${ instance.name } ansible_user=debian ansible_host=${instance.network[0].fixed_ip_v4}
+${ instance.name } ansible_user=debian ansible_host=${instance.network[0].fixed_ip_v4} mongo_group_id=${instance.metadata.mongo_group_id} mongo_group_index=${instance.metadata.mongo_group_index}
 %{ endfor ~}

 [stage_development]
--- a/terraform/templates/inventory.yml.tmpl
+++ b/terraform/templates/inventory.yml.tmpl
@ -0,0 +1,37 @@
+all:
+  children:
+    all_groups:
+      children:
+        role_gateway:
+          hosts:
+%{ for index, instance in mongo_gateways ~}
+            prod-gateway9:
+              ansible_host: ${instance.network[0].fixed_ip_v4}
+              ansible_user: debian
+              mongo_group_id: ${instance.metadata.mongo_group_id}
+              mongo_groups_count: ${ mongo_groups_count }
+              mongo_replicas_count: ${ mongo_replicas_count }
+              sshwifty_hostname: ${dns_gateways[index].name}.${dns_gateways[index].zone}
+%{ endfor ~}
+        role_mongo:
+          hosts:
+%{ for index, instance in mongo_servers ~}
+            ${ instance.name }:
+              ansible_host: ${instance.network[0].fixed_ip_v4}
+              ansible_user: debian
+              mongo_group_id: ${instance.metadata.mongo_group_id}
+              mongo_group_index: ${instance.metadata.mongo_group_index}
+              mongo_groups_count: ${ mongo_groups_count }
+              mongo_replicas_count: ${ mongo_replicas_count }
+%{ endfor ~}
+        stage_development: {}
+        stage_production:
+          hosts:
+%{ for index, instance in mongo_gateways ~}
+            ${ instance.name } : {}
+%{ endfor ~}
+%{ for index, instance in mongo_servers ~}
+            ${ instance.name } : {} 
+%{ endfor ~}
+        stage_testing: {}
+    ungrouped: {}
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@ -1,12 +1,22 @@

+variable "mongo_gateways_enable" {
+  default = false
+  type = bool
+}
+
+variable "mongo_servers_enable" {
+  default = false
+  type = bool
+}
+
 variable "mongo_groups_count" {
-  default = "1"
-	description = "How many replicas per mongo"
+  default     = "1"
+  description = "How many replicas per mongo"
 }

 variable "mongo_replicas_count" {
-  default = "2"
-	description = "How many replicas per mongo group"
+  default     = "2"
+  description = "How many replicas per mongo group"
 }

 variable "ssh_private_key" {}
@ -17,4 +27,5 @@ variable "gandi_key" {}

 variable "domain_name" {}

-
+variable "subdomain_suffix" {
+}
Author	SHA1	Message	Date
Glenn Y. Rolland	ae5b189164	terraform: update .gitignore	2022-06-16 18:07:06 +02:00
Glenn Y. Rolland	1d2483bb1b	terraform: rewrite ansible_inventory as yaml instead of ini	2022-06-16 18:06:53 +02:00
Glenn Y. Rolland	db640ea6fa	terraform: rename output directory	2022-06-16 18:05:09 +02:00
Glenn Y. Rolland	0cc199dd1f	ansible: finalize config	2022-06-16 17:53:52 +02:00
Glenn Y. Rolland	9118f64a03	terraform: finalize config	2022-06-16 17:53:38 +02:00