From 259f810a527a3e31c674878a20723e2fbaea9728 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= Date: Fri, 23 Nov 2018 16:53:58 +0100 Subject: [PATCH] add Makefile and ansible.cfg --- Makefile | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++ ansible.cfg | 19 +++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 Makefile create mode 100644 ansible.cfg diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..334a444 --- /dev/null +++ b/Makefile @@ -0,0 +1,66 @@ +#!/usr/bin/env bash + +OS = $(strip $(shell uname -s)) +ARCH = linux_amd64 +PLATFORM = linux +ifeq ($(OS),Darwin) + ARCH = darwin_amd64 + PLATFORM = darwin +endif + +PLUGIN_DIR = ~/.terraform.d/plugins + +PROVIDER_NAME = terraform-provider-ansible +PROVIDER_VERSION = v0.0.4 +PROVIDER_ARCHIVE = $(PROVIDER_NAME)-$(ARCH).zip +PROVIDER_URL = https://github.com/nbering/terraform-provider-ansible/releases/download/$(PROVIDER_VERSION)/$(PROVIDER_ARCHIVE) + +PROVISIONER_NAME = terraform-provisioner-ansible +PROVISIONER_VERSION = v2.0.0 +PROVISIONER_ARCHIVE = $(PROVISIONER_NAME)-$(subst _,-,$(ARCH))_$(PROVISIONER_VERSION) +PROVISIONER_URL = https://github.com/radekg/terraform-provisioner-ansible/releases/download/$(PROVISIONER_VERSION)/$(PROVISIONER_ARCHIVE) + +all: requirements install-provider install-provisioner secrets + echo "Success!" + +plugins: install-provider install-provisioner + +requirements: + ansible-galaxy install --ignore-errors --force -r ansible/requirements.yml + +install-unzip: + ifeq (, $(shell which unzip)) \ + $(error "No unzip in PATH, consider doing apt install unzip") \ + endif + +install-provider: + if [ ! -e $(PLUGIN_DIR)/$(ARCH)/$(PROVIDER_NAME)_$(PROVIDER_VERSION) ]; then \ + mkdir -p $(PLUGIN_DIR); \ + wget $(PROVIDER_URL) -P $(PLUGIN_DIR); \ + unzip -o $(PLUGIN_DIR)/$(PROVIDER_ARCHIVE) -d $(PLUGIN_DIR); \ + fi + +install-provisioner: + if [ ! -e $(PLUGIN_DIR)/$(ARCH)/$(PROVISIONER_NAME)_$(PROVISIONER_VERSION) ]; then \ + mkdir -p $(PLUGIN_DIR); \ + wget $(PROVISIONER_URL) -O $(PLUGIN_DIR)/$(ARCH)/$(PROVISIONER_NAME)_$(PROVISIONER_VERSION); \ + chmod +x $(PLUGIN_DIR)/$(ARCH)/$(PROVISIONER_NAME)_$(PROVISIONER_VERSION); \ + fi + +secrets: + pass services/consul/ca-crt > ansible/files/consul-ca.crt + pass services/consul/ca-key > ansible/files/consul-ca.key + pass services/consul/client-crt > ansible/files/consul-client.crt + pass services/consul/client-key > ansible/files/consul-client.key + echo "\ +# secrets extracted from password-store\n\ +digitalocean_token = \"$(shell pass cloud/DigitalOcean/token)\"\n\ +cloudflare_token = \"$(shell pass cloud/Cloudflare/token)\"\n\ +cloudflare_email = \"$(shell pass cloud/Cloudflare/email)\"\n\ +cloudflare_org_id = \"$(shell pass cloud/Cloudflare/org_id)\"\n\ +alicloud_access_key = \"$(shell pass cloud/Alibaba/access-key)\"\n\ +alicloud_secret_key = \"$(shell pass cloud/Alibaba/secret-key)\"\n\ +" > terraform.tfvars + +cleanup: + rm -r $(PLUGIN_DIR)/$(ARCHIVE) diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..7f2020f --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,19 @@ +[defaults] +inventory = ./ansible/terraform.py +remote_user = admin +host_key_checking = False +# this is useful when developing roles like infra-role-bootstrap +#roles_path = ../ + +[privilege_escalation] +become = true +become_user = root + +[ssh_connection] +# this should speed up exection but might cause issues with sudo +pipelining = True +control_path = /tmp/ansible-ssh-%%h-%%p-%%r +# necessary for cloning private git repos +ssh_args=-o ForwardAgent=yes +# this can be useful when accessing from weird wifi +#ssh_args = -o ForwardAgent=yes -o ProxyCommand='ssh -A -t arael.magi.blue nc %h %p 2>/dev/null'