add Makefile and ansible.cfg

2018-11-23 16:53:58 +01:00 · 2018-11-23 16:53:58 +01:00 · 259f810a52
parent fac63e5d61
commit 259f810a52
2 changed files with 85 additions and 0 deletions
--- a/66
+++ b/66
@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+
+OS = $(strip $(shell uname -s))
+ARCH = linux_amd64
+PLATFORM = linux
+ifeq ($(OS),Darwin)
+	ARCH = darwin_amd64
+	PLATFORM = darwin
+endif
+
+PLUGIN_DIR = ~/.terraform.d/plugins
+
+PROVIDER_NAME = terraform-provider-ansible
+PROVIDER_VERSION = v0.0.4
+PROVIDER_ARCHIVE = $(PROVIDER_NAME)-$(ARCH).zip
+PROVIDER_URL = https://github.com/nbering/terraform-provider-ansible/releases/download/$(PROVIDER_VERSION)/$(PROVIDER_ARCHIVE)
+
+PROVISIONER_NAME = terraform-provisioner-ansible
+PROVISIONER_VERSION = v2.0.0
+PROVISIONER_ARCHIVE = $(PROVISIONER_NAME)-$(subst _,-,$(ARCH))_$(PROVISIONER_VERSION)
+PROVISIONER_URL = https://github.com/radekg/terraform-provisioner-ansible/releases/download/$(PROVISIONER_VERSION)/$(PROVISIONER_ARCHIVE)
+
+all: requirements install-provider install-provisioner secrets
+	echo "Success!"
+
+plugins: install-provider install-provisioner
+
+requirements:
+	ansible-galaxy install --ignore-errors --force -r ansible/requirements.yml
+
+install-unzip:
+	ifeq (, $(shell which unzip)) \
+ 		$(error "No unzip in PATH, consider doing apt install unzip") \
+ 	endif
+
+install-provider:
+	if [ ! -e $(PLUGIN_DIR)/$(ARCH)/$(PROVIDER_NAME)_$(PROVIDER_VERSION) ]; then \
+		mkdir -p $(PLUGIN_DIR); \
+		wget $(PROVIDER_URL) -P $(PLUGIN_DIR); \
+		unzip -o $(PLUGIN_DIR)/$(PROVIDER_ARCHIVE) -d $(PLUGIN_DIR); \
+	fi
+
+install-provisioner:
+	if [ ! -e $(PLUGIN_DIR)/$(ARCH)/$(PROVISIONER_NAME)_$(PROVISIONER_VERSION) ]; then \
+		mkdir -p $(PLUGIN_DIR); \
+		wget $(PROVISIONER_URL) -O $(PLUGIN_DIR)/$(ARCH)/$(PROVISIONER_NAME)_$(PROVISIONER_VERSION); \
+		chmod +x $(PLUGIN_DIR)/$(ARCH)/$(PROVISIONER_NAME)_$(PROVISIONER_VERSION); \
+	fi
+
+secrets:
+	pass services/consul/ca-crt > ansible/files/consul-ca.crt
+	pass services/consul/ca-key > ansible/files/consul-ca.key
+	pass services/consul/client-crt > ansible/files/consul-client.crt
+	pass services/consul/client-key > ansible/files/consul-client.key
+	echo "\
+# secrets extracted from password-store\n\
+digitalocean_token  = \"$(shell pass cloud/DigitalOcean/token)\"\n\
+cloudflare_token    = \"$(shell pass cloud/Cloudflare/token)\"\n\
+cloudflare_email    = \"$(shell pass cloud/Cloudflare/email)\"\n\
+cloudflare_org_id   = \"$(shell pass cloud/Cloudflare/org_id)\"\n\
+alicloud_access_key = \"$(shell pass cloud/Alibaba/access-key)\"\n\
+alicloud_secret_key = \"$(shell pass cloud/Alibaba/secret-key)\"\n\
+" > terraform.tfvars
+
+cleanup:
+	rm -r $(PLUGIN_DIR)/$(ARCHIVE)
--- a/ansible.cfg
+++ b/ansible.cfg
@ -0,0 +1,19 @@
+[defaults]
+inventory = ./ansible/terraform.py
+remote_user = admin
+host_key_checking = False
+# this is useful when developing roles like infra-role-bootstrap
+#roles_path = ../
+
+[privilege_escalation]
+become = true
+become_user = root
+
+[ssh_connection]
+# this should speed up exection but might cause issues with sudo
+pipelining = True
+control_path = /tmp/ansible-ssh-%%h-%%p-%%r
+# necessary for cloning private git repos
+ssh_args=-o ForwardAgent=yes
+# this can be useful when accessing from weird wifi
+#ssh_args = -o ForwardAgent=yes -o ProxyCommand='ssh -A -t arael.magi.blue nc %h %p 2>/dev/null'