-
Notifications
You must be signed in to change notification settings - Fork 19
/
provision_resources_instances_terraform_enterprise.yml
183 lines (150 loc) · 6.07 KB
/
provision_resources_instances_terraform_enterprise.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
---
- name: Provision Cloud infrastructure via Terraform
hosts: localhost
gather_facts: no
vars:
machine_type: default
vars_files:
- ./credentials/tower_creds.yml
- ./vars/default-vars.yml
- ./credentials/tf_token.yml
tasks:
- name: Provision GCP infrastructure via Terraform
block:
- name: Set Machine Type to Small
ansible.builtin.set_fact:
machine_type: g1-small
when: instance_size == "small"
- name: Set Machine Type to Medium
ansible.builtin.set_fact:
machine_type: n1-standard-1
when: instance_size == "medium"
- name: Set Machine Type to large
ansible.builtin.set_fact:
machine_type: n1-standard-2
when: instance_size == "large"
- name: Copy GCP Terraform Directory
ansible.builtin.copy:
src: "{{ playbook_dir }}/terraform/cloud-deploy/gcp_deploy"
dest: /tmp
mode: 0777
- ansible.builtin.set_fact:
gcp_project: '{{ lookup("env", "GCE_PROJECT") }}'
- name: Ensure Terraform Variables File Exists
ansible.builtin.template:
src: "{{ playbook_dir }}/templates/gcp.auto.tfvars.j2"
dest: /tmp/gcp_deploy/gcp.auto.tfvars
owner: awx
group: awx
- name: Initialize Terraform
ansible.builtin.command:
cmd: terraform init
chdir: /tmp/gcp_deploy
- name: Terraform Plan
ansible.builtin.command:
cmd: terraform apply -auto-approve
chdir: /tmp/gcp_deploy
- name: Update Ansible Tower Cloud SSH Credential
ansible.controller.credential:
name: Cloud Demo Instances Key
organization: "Cloud Organization"
tower_host: "{{ tower_url }}"
tower_username: "{{ tower_user }}"
tower_password: "{{ tower_pass }}"
kind: ssh
username: "{{ gcp_instance_username }}"
ssh_key_data: "{{ lookup('file', '/tmp/id_ssh_rsa') }}"
tower_verify_ssl: false
when: cloud_provider == "gcp"
- name: Provision Resources on AWS
block:
- name: Set Machine Type to Small
ansible.builtin.set_fact:
machine_type: t2.small
# ec2_root_volume_name: /dev/sda1
when: instance_size == "small"
- name: Set Machine Type to Medium
ansible.builtin.set_fact:
machine_type: t2.medium
# ec2_root_volume_name: /dev/sda1
when: instance_size == "medium"
- name: Set Machine Type to large
ansible.builtin.set_fact:
machine_type: t2.large
# ec2_root_volume_name: /dev/sda1
when: instance_size == "large"
- name: Copy AWS Terraform Directory
ansible.builtin.copy:
src: "{{ playbook_dir }}/terraform/cloud-deploy/aws_deploy"
dest: /tmp
mode: 0777
# - shell:
# cmd: ansible-vault decrypt main.tf --vault-id ~/.ssh/.vault
# chdir: /tmp/aws_deploy
- name: Ensure Terraform Variables File Exists
ansible.builtin.template:
src: "{{ playbook_dir }}/templates/aws.auto.tfvars.j2"
dest: /tmp/aws_deploy/aws.auto.tfvars
# owner: awx
# group: awx
- name: Create .terraform.d directory
ansible.builtin.file:
path: /home/runner/.terraform.d/
state: directory
- name: Place API Token File in its proper location
ansible.builtin.template:
src: "{{ api_token_file }}"
dest: /home/runner/.terraform.d/credentials.tfrc.json
- name: Initialize Terraform
ansible.builtin.command:
cmd: terraform init
chdir: /tmp/aws_deploy
- name: Terraform Plan
ansible.builtin.command:
cmd: terraform apply -auto-approve
chdir: /tmp/aws_deploy
#TODO: https://registry.terraform.io/providers/nolte/awx/latest/docs/resources/credential_machine
- name: Retrieve public Key from S3
amazon.aws.aws_s3:
bucket: mford-terraform-key-bucket
object: "{{ ec2_prefix }}-key.pub"
dest: "/tmp/{{ ec2_prefix }}-key.pub"
mode: get
- name: Retrieve Private Key from S3
amazon.aws.aws_s3:
bucket: mford-terraform-key-bucket
object: "{{ec2_prefix}}-key-private.pem"
dest: "/tmp/{{ec2_prefix}}-key-private.pem"
mode: get
- name: Add Terraform Variables to S3
amazon.aws.aws_s3:
bucket: mford-terraform-key-bucket
object: aws.auto.tfvars
src: /tmp/aws_deploy/aws.auto.tfvars
mode: put
- name: Add terraform.lock.hcl to S3
amazon.aws.aws_s3:
bucket: mford-terraform-key-bucket
object: .terraform.lock.hcl
src: /tmp/aws_deploy/.terraform.lock.hcl
mode: put
# - name: add terraform state files to S3
# community.aws.s3_sync:
# bucket: mford-terraform-key-bucket
# file_root: /tmp/aws_deploy/.terraform/
- name: add terraform state files to S3
ansible.builtin.command: "aws s3 cp /tmp/aws_deploy/.terraform/ s3://mford-terraform-key-bucket/.terraform/ --recursive"
- name: Update Ansible Tower Cloud SSH Credential
ansible.controller.credential:
name: Cloud Demo Instances Key
organization: "Cloud Organization"
controller_host: "{{ tower_url }}"
controller_username: "{{ tower_user }}"
controller_password: "{{ tower_pass }}"
credential_type: Machine
inputs:
ssh_key_data: "{{ lookup('file', '/tmp/' + ec2_prefix + '-key-private.pem') }}"
username: "{{ aws_instance_username }}"
# ssh_key_data: "{{ lookup('file', '/tmp/mford-linux-key-private.pem') }}"
validate_certs: no
when: cloud_provider == "aws"