Commit Graph

52 Commits

Author SHA1 Message Date
Anton Iakimov 7cf87fbedc
all: fix the code alignment 2024-10-16 15:54:10 +02:00
Jakub Sokołowski 7f81a048da
ansible/vault: add ability to call plugin via CLI
Usage:
```
 > ansible/lookup_plugins/vault.py eth2/prod/grafana/admin user
['admin']
```
Helpful when debugging issues.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-10-16 15:48:42 +02:00
Jakub Sokołowski 7b96dfb457
flake: fix two versions of python in shell
Fixes:
```
Traceback (most recent call last):
  File "/home/jakubgs/work/infra-eth2/ansible/lookup_plugins/vault.py", line 6, in <module>
    import hvac
ModuleNotFoundError: No module named 'hvac'
```
Before.
```
 > echo $PATH | tr ':' '\n' | grep python3-
/nix/store/04gg5w1s662l329a8kh9xcwyp0k64v5a-python3-3.12.4/bin
/nix/store/38nsff4vmhjmvfsi864yb23y9rk9gw5c-python3-3.11.9-env/bin
```
After the fix.
```
 > echo $PATH | tr ':' '\n' | grep python3-
/nix/store/04gg5w1s662l329a8kh9xcwyp0k64v5a-python3-3.12.4/bin
/nix/store/pxgdzih20d368bx0h0kzyln5hl5cjgyl-python3-3.12.4-env/bin
```
Caused by upgrade to `unstable` without checking default Python version.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-10-15 19:32:24 +02:00
Jakub Sokołowski 69b599f056
ansible/README.md: include vault in secrets section
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-10-01 12:08:29 +02:00
Anton Iakimov dafd993b99
nix: pin unstable nixpkgs to fix bitwarden-cli issue on macOS
See: https://github.com/NixOS/nixpkgs/issues/339576
2024-09-30 14:14:44 +02:00
Alexis Pentori 9c28b12568
lookup: vault plugin use env and stage in path
- Read env and stage variable to create path
  - Override options
  - Adding logs for debug

Signed-off-by: Alexis Pentori <alexis@status.im>
2024-09-25 16:13:18 +02:00
Jakub Sokołowski ed56e80310
ansible/lookup/bitwarden: fix notes lookup failure
Issues:

- The `notes` field can be `None`, so it can't be checked with `in`.
- Some errors are returned via STDERR, we need to check that.
- Unnecessary call to `_run()` in `get_notes()`.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-09-24 08:22:55 +02:00
Alexis Pentori bfcfec9fad
all: migration bootstrap var to vault
Signed-off-by: Alexis Pentori <alexis@status.im>
2024-09-20 11:51:01 +02:00
Alexis Pentori 7207048797
bitwarden: verifing if secret has been migrated to vault
Signed-off-by: Alexis Pentori <alexis@status.im>
2024-09-20 11:35:54 +02:00
Alexis Pentori 019772b96c
secret: adding vault address
Signed-off-by: Alexis Pentori <alexis@status.im>
2024-09-20 11:21:56 +02:00
Jakub Sokołowski a1b9500b5d
gitignore: add .direnv/ directory
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-09-19 19:35:53 +02:00
Anton Iakimov 32a8552eaf
flake: open nix flake devShell automatically with direnv (nix-direnv)
Benefits:
- everyone running the same environemnt
- no PYTHONPATH setup needed for Ansible
- showing roles.py on dir entry for status

Docs:
- https://github.com/nix-community/nix-direnv
- https://github.com/direnv/direnv/wiki/Nix

To make direnv less verbose: `export DIRENV_LOG_FORMAT=`
2024-09-18 12:28:44 +02:00
markoburcul affa41a334 terraform-script: Extend script for inventory
Extend terraform.py script to populate inventory file with variables
`ansible_become_method`, `ansible_become_user` and `ansible_shell_type`.
The values for these variables are fetched from terraform state if
present, otherwise the defaults are set.

Referenced issue: https://github.com/status-im/infra-template/issues/10

Signed-off-by: markoburcul <marko@status.im>
2024-09-12 14:52:43 +02:00
Jakub Sokołowski d68fcfbb54
flake.nix: add vault to Nix shell
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-09-02 16:50:21 +02:00
Alexis Pentori 06b8e8067d
flake: add direnv to load vault variables
Signed-off-by: Alexis Pentori <alexis@status.im>
2024-08-21 10:07:54 +02:00
Alexis Pentori c1b14ab9b5
vault: add lookup plugin and certificate file
Signed-off-by: Alexis Pentori <alexis@status.im>
2024-08-06 15:50:58 +02:00
Jakub Sokołowski adde766742
Makefile: add check for CONSUL_HTTP_TOKEN
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-07-15 11:33:30 +02:00
Jakub Sokołowski 909e367ac0
ansible/roles.py: detect updated version correctly
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-07-05 11:38:59 +02:00
Jakub Sokołowski f5b5f8dbcf
ansible/roles.py: mark branch with no upstream as dirty
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-07-05 10:50:48 +02:00
Jakub Sokołowski 7aecbf2a75
ansible/roles.py: use StrictHostKeyChecking=accept-new
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-07-05 10:04:21 +02:00
Jakub Sokołowski 3ae654e94b
ansible/roles.py: create .ansible folder before symlink
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-07-05 09:34:02 +02:00
Jakub Sokołowski 61c50a0e43
flake: add Nix shell for infrastructure work
This is an initial version we can expand later.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-07-05 09:10:48 +02:00
Jakub Sokołowski b2dda7792f
versions.tf: upgrade pass provider to 2.1.1
This release includes builds for `arm64` MacOS hosts:
https://github.com/camptocamp/terraform-provider-pass/releases/tag/v2.1.1

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-24 11:49:35 +02:00
Jakub Sokołowski 92c6c74bcf
ansible/roles.py: fix pull call to handle up-to-date repo
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-24 08:47:40 +02:00
Jakub Sokołowski bebd6df798
ansible/bootstrap: fix use of versioncheck.py
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-20 11:59:02 +02:00
Jakub Sokołowski 7b8ce348d9
providers:tf: drop unnecessary account_id for CloudFlare
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-20 11:52:07 +02:00
Jakub Sokołowski 0936584248
main.tf: fix path to clearly show placeholder
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-20 11:41:21 +02:00
Jakub Sokołowski 78dcae18c7
drop unused variables.tf file
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-20 11:40:47 +02:00
Jakub Sokołowski b2e7060508
ansible/roles.py: fix colors when called via ansible
Asnible colors things, and we don't want them colored.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-13 17:10:33 +02:00
Jakub Sokołowski f31c778de0
ansible/roles.py: avoid unnecessary git calls
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-13 17:10:21 +02:00
Jakub Sokołowski 6515c4b281
ansible/roles.py: fix checking ancestry during update
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-13 17:09:53 +02:00
Jakub Sokołowski c17561ec12
ansible/roles.py: fix checking git ancestry
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-13 15:26:45 +02:00
Jakub Sokołowski 750e12d1ad
ansible/roles.py: fix formating of role names
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-13 15:18:35 +02:00
Jakub Sokołowski 49df6d5996
roles.py: script to replace Ansible Galaxy
Usage:
```
usage: roles.py [-h] [-f FILTER] [-w WORKERS] [-r REQUIREMENTS] [-s ROLES_SYMLINK] [-l LOG_LEVEL] [-d] [-a] [-i | -c | -u]

This tool managed Ansible roles as Git repositories.
It is both faster and simpler than Ansible Galaxy.

By default ~/.ansible/roles is symlinked to ~/work.
Override it using --roles-symlink or ROLES_SYMLINK.

Installation behavior:
- If no version is specified newest is pulled.
- If version is matching nothing is done.
- If repo is dirty or detached nothing is done.
- If version is newer user is notified.

options:
  -h, --help            show this help message and exit
  -f FILTER, --filter FILTER
                        Filter role repo names.
  -w WORKERS, --workers WORKERS
                        Max workers to run in parallel.
  -r REQUIREMENTS, --requirements REQUIREMENTS
                        Location of requirements.yml file.
  -s ROLES_SYMLINK, --roles-symlink ROLES_SYMLINK
                        Actual location of installed roles.
  -l LOG_LEVEL, --log-level LOG_LEVEL
                        Logging level.
  -d, --fail-dirty      Fail if repo is dirty.
  -a, --fail-detached   Fail if repo has detached head.
  -i, --install         Clone and update required roles.
  -c, --check           Only check roles, no installing.
  -u, --update          Update requirements with current commits.

Examples:
./roles.py --install
./roles.py --check
./roles.py --update
```

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-13 14:07:14 +02:00
Jakub Sokołowski 23d081362e
lookup_plugins/bitwarden: ignore stderr
Otherwise we get weird JSON parsing errors:
```
An unhandled exception occurred while running the lookup plugin 'bitwarden'.
Error was a <class 'json.decoder.JSONDecodeError'>, original message:
Extra data: line 1 column 843 (char 842). Extra data: line 1 column 843 (char 842)
```

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-05-07 14:36:33 +02:00
Jakub Sokołowski 54614d2988
requirements: use full repo names
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-03-09 10:40:09 +01:00
Anton Iakimov 74a022d3d2
terraform: bump requires version 2023-10-05 14:34:22 +02:00
Anton Iakimov 8372392ef1
minor updates after infra-shards
1. add consul certs
2. don't fix ansible roles version
3. README to update infra-repos
2023-10-05 14:02:30 +02:00
Jakub Sokołowski be8917fe20
add ansibe/files/README.md to keep the dir
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2023-01-29 14:21:31 +01:00
Jakub Sokołowski 6e52a28aa0
versions: upgrade cloudflare from 2.21.0 to 3.26.0
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2023-01-11 11:21:39 +01:00
Jakub Sokołowski 8c63394bbe
add CloudFlare zone access boilerplate
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-06-20 13:17:13 +02:00
Jakub Sokołowski 2f11233f7c
upgrade Terraform to version 1.2.0
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-06-20 13:17:00 +02:00
Jakub Sokołowski 1dc2e6dd20
ansible/upgrade.yml: remove packages after reboot
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-17 19:04:15 +02:00
Jakub Sokołowski 627ceb51b9
readme: add reminder to change path in main.tf
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-12 10:23:30 +02:00
Jakub Sokołowski 0f872c3914
Makefile: drop creating cosul-ca.key file
It's not necessary for Terraform backend.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-12 09:51:47 +02:00
Jakub Sokołowski 697e1debe3
ansible.cfg: drop remote_user=admin
Doesn't make sense if there are multiple admin users.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-11 15:29:38 +02:00
Jakub Sokołowski 2739b26b37
add README
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-11 14:52:20 +02:00
Jakub Sokołowski 18b55da6f9
add Ansible boilerplate
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-11 14:46:01 +02:00
Jakub Sokołowski d2fffa77b6
add Terraform boilerplate
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-11 14:29:16 +02:00
Jakub Sokołowski 650171adbe
add makefile
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-11 14:25:26 +02:00