Affichage des articles dont le libellé est terraform. Afficher tous les articles
Affichage des articles dont le libellé est terraform. Afficher tous les articles

mardi 20 février 2024

terraform variable <-> variables {script, gitlab-ci}

 (Ici, ce que vous voulez avant le lien) (Ici vous racontez votre vie)


terraform -> gitlab/script/etc.


src: https://stackoverflow.com/questions/75531444/how-to-use-terraform-variable-into-gitlab-ci-yml

  • Terraform : use an "output" 

locals {
toto = format ("${var.ressource_name_pattern}-something", "cloudfront-edge")
}

output "toto" {
 value = local.toto
}

  • Script: get output from terraform command

foobar = ${terraform output toto}



gitlab -> Terraform


Read environment variables in terraform variables, add TF_VAR_ in front of the variable name,

=> env / exported  "TF_VAR_toto" => variable.tf variable toto





terraform -> gitlab/script/etc. VARIABLE (in project settings)

src https://www.reddit.com/r/Terraform/comments/mwmq4e/comment/gvjo7g3/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

     For example : create an EKS cluster & then create a variable with the KUBECONFIG data in another project which has the code for the apps & trigger the deployment of those apps into newly created cluster using that variable.

    - terragrunt run-all apply --terragrunt-non-interactive -auto-approve tfplan-$CI_COMMIT_SHA
    - terraform output kubectl_config > kubectl_config
    - |
      curl -s -XPUT -H "PRIVATE-TOKEN: $GITLAB_API_RW_PRIVATE_TOKEN" $CI_API_V4_URL/groups/$GROUP_ID/variables/KUBECONFIG \
      --form "value=$(cat kubectl_config)" \
      --form "variable_type=file" \
      --form "protected=false" \
      --form "masked=false" \ 
      --form "environment_scope=*" 






Posted by at Aucun commentaire:
Labels: , , , , , ,

lundi 15 janvier 2024

terraform, then ansible

Terraform creates the infra, 
then we want to use ansible to actually configure it...

Different solutions exist to run Terraform, and them ansible:

  • Using Terraform Output as Ansible Inventory :
    https://github.com/adammck/terraform-inventory
     $ terraform-inventory -inventory terraform.tfstate [all] 10.10.1.2 10.10.1.3


  • `local-exec` / `remote-exec` : terraform runs ansible locally 

     ``` provisioner "local-exec" {command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u {var.user} -i '${self.ipv4_address},' --private-key ${var.ssh_private_key} playbook.yml"} ```
    key component here is the ${self.ipv4_address} variable. After provisioning the machine, Terraform knows its IP address. And we need to pass an IP address for Ansible.

     (cf https://www.cprime.com/resources/blog/terraform-and-ansible-tutorial-integrating-terraform-managed-instances-with-ansible-control-nodes )

     

  • using dynamic inventory and cloud providers specific ansible modules 

    •  AWS : https://docs.ansible.com/ansible/latest/collections/amazon/aws/aws_ec2_inventory.html 
    •  GCP : https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_compute_inventory.html#ansible-collections-google-cloud-gcp-compute-inventory and so on...



AWS example of the dynamic inventory:


ansible.cfg :
enable_plugins=aws_ec2

aws_ec2.yml (example):
plugin: aws_ec2
regions:
  - "us-east-1"
keyed_groups:
  - key: tags.Name
  - key: tags
    prefix: tag
  - prefix: instance_type
    key: instance_type
  - key: placement.region
    prefix: aws_region
filters:
  instance-state-name : running
  # All instances with their `Environment` tag set to `dev`
  tag:Environment: dev
  # All dev and QA hosts
  tag:Environment:
    - dev
    - qa
compose:
  ansible_host: public_ip_address



Good way to test : 
ansible-inventory -i aws_ec2.yml --graph
ansible all –list-hosts



To run a playbook have/generate 4 files : myplaybook.yml, key.pem, aws_ec2.yml (seen before), and ansible.cfg (seen after)


ansible.cfg
[defaults]
inventory=./aws_ec2.yml
host_key_chekcing=false
remote_user=ec2-user
private_key_file=key.pem

[privilege_escalation]
become=true
become_method=sudo
become_user=root


Run 

ansible <group-name> -i aws_ec2.yaml -m ping --private-key=<private-key-name> 

ansible-playbook myplaybook.yml
 (with hosts: _Ansible_TargetNode or whatever you have validated in the output of the inventory)






# sources : 
https://www.cloudthat.com/resources/blog/step-by-step-guide-to-integrate-ansible-dynamic-inventory-plugin-for-aws-ec2-instances#why-ansible-dynamic-inventory-

https://medium.com/geekculture/a-complete-overview-of-ansible-dynamic-inventory-a9ded104df4c



Posted by at Aucun commentaire:
Labels: , , , , ,

mercredi 21 juin 2023

parse json in terraform

 https://www.reddit.com/r/Terraform/comments/c07dgc/using_external_jsons_as_data_source/

    data "http" "example" {
  url = "..."
}

locals {
  example_response = jsondecode(data.http.example.body)
}
From there you can manipulate that data structure as you need. If you want to produce a map of lists then probably your next step would be to use two nested for expressions. I’m just guessing what you want the values in those lists to look like, but here’s a starting point:
    locals {
  example_rules = {
    for k, m in local.example_response : k => [
      for k, v in m : {
        key   = k
        value = v
      }
    ]
  }
}
Posted by at Aucun commentaire:
Labels: ,

jeudi 3 septembre 2020

Terraform support channels + best practices

 This email tf-cloud@hashicorp.support provides support with Terraform Cloud related issues only.

For Terraform OSS related questions, use cases and best practices, please check the Terraform community for assistance: https://www.terraform.io/community.html

Our support engineers frequent the Terraform community forum and would be able to share some guidance there: https://discuss.hashicorp.com/c/terraform-core


(from a question sent to hashicorp zendesk )

Posted by at 1 commentaire:
Labels: , ,
Inscription à : Articles (Atom)