2022-05-11 12:25:26 +00:00
|
|
|
OS = $(strip $(shell uname -s))
|
|
|
|
|
|
|
|
|
|
ifeq ($(OS),Darwin)
|
|
|
|
|
ARCH = darwin_amd64
|
|
|
|
|
PROVISIONER_SHA1 = bd688a503f526beedaf6ef5d2dba1128051573b6
|
|
|
|
|
else
|
|
|
|
|
ARCH = linux_amd64
|
|
|
|
|
PROVISIONER_SHA1 = da9cdf019d8f860a6e417257d81b1b21aceba7b7
|
|
|
|
|
endif
|
|
|
|
|
|
|
|
|
|
TF_PLUGINS_DIR = $(HOME)/.terraform.d/plugins
|
|
|
|
|
|
|
|
|
|
PROVISIONER_NAME = terraform-provisioner-ansible
|
|
|
|
|
PROVISIONER_VERSION = v2.5.0
|
|
|
|
|
PROVISIONER_ARCHIVE = $(PROVISIONER_NAME)-$(subst _,-,$(ARCH))_$(PROVISIONER_VERSION)
|
|
|
|
|
PROVISIONER_URL = https://github.com/radekg/terraform-provisioner-ansible/releases/download/$(PROVISIONER_VERSION)/$(PROVISIONER_ARCHIVE)
|
|
|
|
|
PROVISIONER_PATH = $(TF_PLUGINS_DIR)/$(ARCH)/$(PROVISIONER_NAME)_$(PROVISIONER_VERSION)
|
|
|
|
|
|
roles.py: script to replace Ansible Galaxy
Usage:
```
usage: roles.py [-h] [-f FILTER] [-w WORKERS] [-r REQUIREMENTS] [-s ROLES_SYMLINK] [-l LOG_LEVEL] [-d] [-a] [-i | -c | -u]
This tool managed Ansible roles as Git repositories.
It is both faster and simpler than Ansible Galaxy.
By default ~/.ansible/roles is symlinked to ~/work.
Override it using --roles-symlink or ROLES_SYMLINK.
Installation behavior:
- If no version is specified newest is pulled.
- If version is matching nothing is done.
- If repo is dirty or detached nothing is done.
- If version is newer user is notified.
options:
-h, --help show this help message and exit
-f FILTER, --filter FILTER
Filter role repo names.
-w WORKERS, --workers WORKERS
Max workers to run in parallel.
-r REQUIREMENTS, --requirements REQUIREMENTS
Location of requirements.yml file.
-s ROLES_SYMLINK, --roles-symlink ROLES_SYMLINK
Actual location of installed roles.
-l LOG_LEVEL, --log-level LOG_LEVEL
Logging level.
-d, --fail-dirty Fail if repo is dirty.
-a, --fail-detached Fail if repo has detached head.
-i, --install Clone and update required roles.
-c, --check Only check roles, no installing.
-u, --update Update requirements with current commits.
Examples:
./roles.py --install
./roles.py --check
./roles.py --update
```
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-03-12 09:53:13 +00:00
|
|
|
all: roles-install install-provisioner secrets init-terraform
|
2022-05-11 12:25:26 +00:00
|
|
|
@echo "Success!"
|
|
|
|
|
|
roles.py: script to replace Ansible Galaxy
Usage:
```
usage: roles.py [-h] [-f FILTER] [-w WORKERS] [-r REQUIREMENTS] [-s ROLES_SYMLINK] [-l LOG_LEVEL] [-d] [-a] [-i | -c | -u]
This tool managed Ansible roles as Git repositories.
It is both faster and simpler than Ansible Galaxy.
By default ~/.ansible/roles is symlinked to ~/work.
Override it using --roles-symlink or ROLES_SYMLINK.
Installation behavior:
- If no version is specified newest is pulled.
- If version is matching nothing is done.
- If repo is dirty or detached nothing is done.
- If version is newer user is notified.
options:
-h, --help show this help message and exit
-f FILTER, --filter FILTER
Filter role repo names.
-w WORKERS, --workers WORKERS
Max workers to run in parallel.
-r REQUIREMENTS, --requirements REQUIREMENTS
Location of requirements.yml file.
-s ROLES_SYMLINK, --roles-symlink ROLES_SYMLINK
Actual location of installed roles.
-l LOG_LEVEL, --log-level LOG_LEVEL
Logging level.
-d, --fail-dirty Fail if repo is dirty.
-a, --fail-detached Fail if repo has detached head.
-i, --install Clone and update required roles.
-c, --check Only check roles, no installing.
-u, --update Update requirements with current commits.
Examples:
./roles.py --install
./roles.py --check
./roles.py --update
```
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-03-12 09:53:13 +00:00
|
|
|
roles-install:
|
|
|
|
|
ansible/roles.py --install
|
2022-05-11 12:25:26 +00:00
|
|
|
|
roles.py: script to replace Ansible Galaxy
Usage:
```
usage: roles.py [-h] [-f FILTER] [-w WORKERS] [-r REQUIREMENTS] [-s ROLES_SYMLINK] [-l LOG_LEVEL] [-d] [-a] [-i | -c | -u]
This tool managed Ansible roles as Git repositories.
It is both faster and simpler than Ansible Galaxy.
By default ~/.ansible/roles is symlinked to ~/work.
Override it using --roles-symlink or ROLES_SYMLINK.
Installation behavior:
- If no version is specified newest is pulled.
- If version is matching nothing is done.
- If repo is dirty or detached nothing is done.
- If version is newer user is notified.
options:
-h, --help show this help message and exit
-f FILTER, --filter FILTER
Filter role repo names.
-w WORKERS, --workers WORKERS
Max workers to run in parallel.
-r REQUIREMENTS, --requirements REQUIREMENTS
Location of requirements.yml file.
-s ROLES_SYMLINK, --roles-symlink ROLES_SYMLINK
Actual location of installed roles.
-l LOG_LEVEL, --log-level LOG_LEVEL
Logging level.
-d, --fail-dirty Fail if repo is dirty.
-a, --fail-detached Fail if repo has detached head.
-i, --install Clone and update required roles.
-c, --check Only check roles, no installing.
-u, --update Update requirements with current commits.
Examples:
./roles.py --install
./roles.py --check
./roles.py --update
```
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-03-12 09:53:13 +00:00
|
|
|
roles-check:
|
|
|
|
|
ansible/roles.py --check
|
2022-05-11 12:25:26 +00:00
|
|
|
|
roles.py: script to replace Ansible Galaxy
Usage:
```
usage: roles.py [-h] [-f FILTER] [-w WORKERS] [-r REQUIREMENTS] [-s ROLES_SYMLINK] [-l LOG_LEVEL] [-d] [-a] [-i | -c | -u]
This tool managed Ansible roles as Git repositories.
It is both faster and simpler than Ansible Galaxy.
By default ~/.ansible/roles is symlinked to ~/work.
Override it using --roles-symlink or ROLES_SYMLINK.
Installation behavior:
- If no version is specified newest is pulled.
- If version is matching nothing is done.
- If repo is dirty or detached nothing is done.
- If version is newer user is notified.
options:
-h, --help show this help message and exit
-f FILTER, --filter FILTER
Filter role repo names.
-w WORKERS, --workers WORKERS
Max workers to run in parallel.
-r REQUIREMENTS, --requirements REQUIREMENTS
Location of requirements.yml file.
-s ROLES_SYMLINK, --roles-symlink ROLES_SYMLINK
Actual location of installed roles.
-l LOG_LEVEL, --log-level LOG_LEVEL
Logging level.
-d, --fail-dirty Fail if repo is dirty.
-a, --fail-detached Fail if repo has detached head.
-i, --install Clone and update required roles.
-c, --check Only check roles, no installing.
-u, --update Update requirements with current commits.
Examples:
./roles.py --install
./roles.py --check
./roles.py --update
```
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-03-12 09:53:13 +00:00
|
|
|
roles-update:
|
|
|
|
|
ansible/roles.py --update
|
|
|
|
|
|
|
|
|
|
roles: roles-install roles-check
|
2022-05-11 12:25:26 +00:00
|
|
|
|
|
|
|
|
$(PROVISIONER_PATH):
|
|
|
|
|
@mkdir -p $(TF_PLUGINS_DIR)/$(ARCH); \
|
|
|
|
|
wget -q $(PROVISIONER_URL) -O $(PROVISIONER_PATH); \
|
|
|
|
|
chmod +x $(PROVISIONER_PATH); \
|
|
|
|
|
|
|
|
|
|
install-provisioner: $(PROVISIONER_PATH)
|
|
|
|
|
@echo "$(PROVISIONER_SHA1) $(PROVISIONER_PATH)" | shasum -c \
|
|
|
|
|
|| rm -v $(PROVISIONER_PATH)
|
|
|
|
|
|
|
|
|
|
secrets:
|
|
|
|
|
pass services/consul/ca-crt > ansible/files/consul-ca.crt
|
|
|
|
|
pass services/consul/client-crt > ansible/files/consul-client.crt
|
|
|
|
|
pass services/consul/client-key > ansible/files/consul-client.key
|
2024-07-05 14:23:30 +00:00
|
|
|
pass services/vault/certs/root-ca/cert > ansible/files/vault-ca.crt
|
|
|
|
|
pass services/vault/certs/client-user/cert > ansible/files/vault-client-user.crt
|
|
|
|
|
pass services/vault/certs/client-user/privkey > ansible/files/vault-client-user.key
|
2022-05-11 12:25:26 +00:00
|
|
|
|
2024-06-21 10:56:43 +00:00
|
|
|
consul-token-check:
|
|
|
|
|
ifndef CONSUL_HTTP_TOKEN
|
|
|
|
|
$(error No CONSUL_HTTP_TOKEN env variable set!)
|
|
|
|
|
endif
|
|
|
|
|
|
|
|
|
|
init-terraform: consul-token-check
|
2022-05-11 12:25:26 +00:00
|
|
|
terraform init -upgrade=true
|
|
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
|
rm -r $(TF_PLUGINS_DIR)/$(ARCHIVE)
|
