Affichage des articles dont le libellé est iac. Afficher tous les articles
Affichage des articles dont le libellé est iac. Afficher tous les articles

mardi 20 février 2024

terraform variable <-> variables {script, gitlab-ci}

 (Ici, ce que vous voulez avant le lien) (Ici vous racontez votre vie)


terraform -> gitlab/script/etc.


src: https://stackoverflow.com/questions/75531444/how-to-use-terraform-variable-into-gitlab-ci-yml

  • Terraform : use an "output" 

locals {
toto = format ("${var.ressource_name_pattern}-something", "cloudfront-edge")
}

output "toto" {
 value = local.toto
}

  • Script: get output from terraform command

foobar = ${terraform output toto}



gitlab -> Terraform


Read environment variables in terraform variables, add TF_VAR_ in front of the variable name,

=> env / exported  "TF_VAR_toto" => variable.tf variable toto





terraform -> gitlab/script/etc. VARIABLE (in project settings)

src https://www.reddit.com/r/Terraform/comments/mwmq4e/comment/gvjo7g3/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

     For example : create an EKS cluster & then create a variable with the KUBECONFIG data in another project which has the code for the apps & trigger the deployment of those apps into newly created cluster using that variable.

    - terragrunt run-all apply --terragrunt-non-interactive -auto-approve tfplan-$CI_COMMIT_SHA
    - terraform output kubectl_config > kubectl_config
    - |
      curl -s -XPUT -H "PRIVATE-TOKEN: $GITLAB_API_RW_PRIVATE_TOKEN" $CI_API_V4_URL/groups/$GROUP_ID/variables/KUBECONFIG \
      --form "value=$(cat kubectl_config)" \
      --form "variable_type=file" \
      --form "protected=false" \
      --form "masked=false" \ 
      --form "environment_scope=*" 






Posted by at Aucun commentaire:
Labels: , , , , , ,

lundi 15 janvier 2024

terraform, then ansible

Terraform creates the infra, 
then we want to use ansible to actually configure it...

Different solutions exist to run Terraform, and them ansible:

  • Using Terraform Output as Ansible Inventory :
    https://github.com/adammck/terraform-inventory
     $ terraform-inventory -inventory terraform.tfstate [all] 10.10.1.2 10.10.1.3


  • `local-exec` / `remote-exec` : terraform runs ansible locally 

     ``` provisioner "local-exec" {command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u {var.user} -i '${self.ipv4_address},' --private-key ${var.ssh_private_key} playbook.yml"} ```
    key component here is the ${self.ipv4_address} variable. After provisioning the machine, Terraform knows its IP address. And we need to pass an IP address for Ansible.

     (cf https://www.cprime.com/resources/blog/terraform-and-ansible-tutorial-integrating-terraform-managed-instances-with-ansible-control-nodes )

     

  • using dynamic inventory and cloud providers specific ansible modules 

    •  AWS : https://docs.ansible.com/ansible/latest/collections/amazon/aws/aws_ec2_inventory.html 
    •  GCP : https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_compute_inventory.html#ansible-collections-google-cloud-gcp-compute-inventory and so on...



AWS example of the dynamic inventory:


ansible.cfg :
enable_plugins=aws_ec2

aws_ec2.yml (example):
plugin: aws_ec2
regions:
  - "us-east-1"
keyed_groups:
  - key: tags.Name
  - key: tags
    prefix: tag
  - prefix: instance_type
    key: instance_type
  - key: placement.region
    prefix: aws_region
filters:
  instance-state-name : running
  # All instances with their `Environment` tag set to `dev`
  tag:Environment: dev
  # All dev and QA hosts
  tag:Environment:
    - dev
    - qa
compose:
  ansible_host: public_ip_address



Good way to test : 
ansible-inventory -i aws_ec2.yml --graph
ansible all –list-hosts



To run a playbook have/generate 4 files : myplaybook.yml, key.pem, aws_ec2.yml (seen before), and ansible.cfg (seen after)


ansible.cfg
[defaults]
inventory=./aws_ec2.yml
host_key_chekcing=false
remote_user=ec2-user
private_key_file=key.pem

[privilege_escalation]
become=true
become_method=sudo
become_user=root


Run 

ansible <group-name> -i aws_ec2.yaml -m ping --private-key=<private-key-name> 

ansible-playbook myplaybook.yml
 (with hosts: _Ansible_TargetNode or whatever you have validated in the output of the inventory)






# sources : 
https://www.cloudthat.com/resources/blog/step-by-step-guide-to-integrate-ansible-dynamic-inventory-plugin-for-aws-ec2-instances#why-ansible-dynamic-inventory-

https://medium.com/geekculture/a-complete-overview-of-ansible-dynamic-inventory-a9ded104df4c



Posted by at Aucun commentaire:
Labels: , , , , ,
Inscription à : Articles (Atom)