CI inventory generation

.github/workflows/inventory.yaml

@@ -0,0 +1,70 @@
+name: Assemble inventory
+on:
+  push:
+    branches: 
+      - main
+  workflow_dispatch:
+
+jobs:
+  generate_inventory:
+    runs-on: kubernetes
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - uses: actions/cache@v3
+      name: Restore cache
+      id: cache-inventory-restore
+      with:
+        path: ~/inventory-restore
+        key: inventory-terraform
+
+    - name: Terraform init
+      run: terraform init
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.TF_STATE_BUCKET_ACC_KEY }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_STATE_BUCKET_SEC_KEY }}
+
+    - name: Generate inventory
+      id: generate-inventory
+      run: ./ci/assemble_inventory.sh > ~/inventory
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.TF_STATE_BUCKET_ACC_KEY }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_STATE_BUCKET_SEC_KEY }}
+
+    - name: Compare inventories
+      if: steps.inventory-cache-restore.outputs.cache-hit == 'true'
+      id: inventory-comparison
+      run: |
+        run=$(./ci/compare_inventories.sh)
+        echo "VERDICT=$run" >> "$GITHUB_OUTPUT"
+
+    - uses: actions/checkout@v4
+      name: Check out ansible repo
+      if: steps.inventory-comparison.outputs.VERDICT == 'is_different'
+      with:
+        repository: "https://github.com/KlopfiNet/ansible.git"
+        sparse-checkout: inventories
+        ssh-key: ${{ secrets.KEY_KLOPFI_BOT }}
+
+    - name: Move new inventory
+      if: steps.inventory-comparison.outputs.VERDICT == 'is_different'
+      run: cp ~/inventory ./inventories/inventory_all.ini
+
+    - uses: EndBug/add-and-commit@v9
+      name: Update inventory in remote
+      if: steps.inventory-comparison.outputs.VERDICT == 'is_different'
+      with:
+        cwd: './ansible'
+        add: 'inventories/inventory_all.ini'
+        author_name: klopfi-bot
+        author_email: [email protected]
+        message: 'Update inventory'
+        new_branch: update-inventory
+
+    - name: Cache new inventory
+      id: cache-inventory-save
+      uses: actions/cache/save@v3
+      with:
+        path: ~/inventory
+        key: inventory-terraform

ci/assemble_inventory.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+# Script to assemble ansible inventory files from terraform output
+
+set -e 
+
+output=$(terraform output -json)
+
+# Verify that output is not empty
+if [ $(echo $output | jq length) -gt 0 ]; then
+    full_inventory=$(echo $output | jq '.[].value | select(.inventory) | .inventory' -r)
+    echo "$full_inventory"
+else
+    echo "::error title=INV_EMPTY::Inventory is empty"
+    exit 1
+fi

ci/compare_inventories.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+# Compares cached inventories
+
+set -e
+
+for EXPECTED_FILE in "~/inventory" "~/inventory-restore"; do
+    ls $EXPECTED_FILE || exit 1
+done
+
+diff=$(diff ~/inventory ~/inventory-restore | wc -l) || exit 1
+echo "[i] Diff is: $diff"
+
+if [ $diff -gt 0 ]; then
+    echo "is_different"
+else
+    echo "::notice title=INV_IDENTICAL::Inventories are the same"
+    echo "is_identical"
+fi

modules/kube_machine/outputs.tf

@@ -3,10 +3,13 @@ output "ansible_password" {
   sensitive = true
 }
 
-output "node_ipv4_addresses" {
-  value = values(proxmox_virtual_environment_vm.node)[*].ipv4_addresses
-}
-
 output "node_mac_addresses" {
   value = values(proxmox_virtual_environment_vm.node)[*].mac_addresses
+}
+
+output "inventory" {
+  value = templatefile("${path.module}/templates/inventory.tmpl", {
+    hosts      = var.nodes
+    ip_network = local.ip_network
+  })
 }

modules/kube_machine/templates/inventory.tmpl

@@ -5,8 +5,8 @@
 ${host.name} ansible_host=${ip_network}.${host.ip_octet}
 %{ endif ~}
 %{ endfor ~}
-%{ endfor ~}
 
+%{ endfor ~}
 [cluster:children]
 %{ for role in distinct([for h in hosts : h.role]) ~}
 ${ role }

modules/load_balancer/outputs.tf

@@ -1,3 +1,9 @@
 output "vm_password" {
   value = random_password.vm_password.result
+}
+
+output "inventory" {
+  value = templatefile("${path.module}/templates/inventory.tmpl", {
+    ip = var.vm_ip_address
+  })
 }