Anton Iakimov
7cf87fbedc
all: fix the code alignment
2024-10-16 15:54:10 +02:00
Jakub Sokołowski
7f81a048da
ansible/vault: add ability to call plugin via CLI
...
Usage:
```
> ansible/lookup_plugins/vault.py eth2/prod/grafana/admin user
['admin']
```
Helpful when debugging issues.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-10-16 15:48:42 +02:00
Jakub Sokołowski
7b96dfb457
flake: fix two versions of python in shell
...
Fixes:
```
Traceback (most recent call last):
File "/home/jakubgs/work/infra-eth2/ansible/lookup_plugins/vault.py", line 6, in <module>
import hvac
ModuleNotFoundError: No module named 'hvac'
```
Before.
```
> echo $PATH | tr ':' '\n' | grep python3-
/nix/store/04gg5w1s662l329a8kh9xcwyp0k64v5a-python3-3.12.4/bin
/nix/store/38nsff4vmhjmvfsi864yb23y9rk9gw5c-python3-3.11.9-env/bin
```
After the fix.
```
> echo $PATH | tr ':' '\n' | grep python3-
/nix/store/04gg5w1s662l329a8kh9xcwyp0k64v5a-python3-3.12.4/bin
/nix/store/pxgdzih20d368bx0h0kzyln5hl5cjgyl-python3-3.12.4-env/bin
```
Caused by upgrade to `unstable` without checking default Python version.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-10-15 19:32:24 +02:00
Jakub Sokołowski
69b599f056
ansible/README.md: include vault in secrets section
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-10-01 12:08:29 +02:00
Anton Iakimov
dafd993b99
nix: pin unstable nixpkgs to fix bitwarden-cli issue on macOS
...
See: https://github.com/NixOS/nixpkgs/issues/339576
2024-09-30 14:14:44 +02:00
Alexis Pentori
9c28b12568
lookup: vault plugin use env and stage in path
...
- Read env and stage variable to create path
- Override options
- Adding logs for debug
Signed-off-by: Alexis Pentori <alexis@status.im>
2024-09-25 16:13:18 +02:00
Jakub Sokołowski
ed56e80310
ansible/lookup/bitwarden: fix notes lookup failure
...
Issues:
- The `notes` field can be `None`, so it can't be checked with `in`.
- Some errors are returned via STDERR, we need to check that.
- Unnecessary call to `_run()` in `get_notes()`.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-09-24 08:22:55 +02:00
Alexis Pentori
bfcfec9fad
all: migration bootstrap var to vault
...
Signed-off-by: Alexis Pentori <alexis@status.im>
2024-09-20 11:51:01 +02:00
Alexis Pentori
7207048797
bitwarden: verifing if secret has been migrated to vault
...
Signed-off-by: Alexis Pentori <alexis@status.im>
2024-09-20 11:35:54 +02:00
Alexis Pentori
019772b96c
secret: adding vault address
...
Signed-off-by: Alexis Pentori <alexis@status.im>
2024-09-20 11:21:56 +02:00
Jakub Sokołowski
a1b9500b5d
gitignore: add .direnv/ directory
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-09-19 19:35:53 +02:00
Anton Iakimov
32a8552eaf
flake: open nix flake devShell automatically with direnv (nix-direnv)
...
Benefits:
- everyone running the same environemnt
- no PYTHONPATH setup needed for Ansible
- showing roles.py on dir entry for status
Docs:
- https://github.com/nix-community/nix-direnv
- https://github.com/direnv/direnv/wiki/Nix
To make direnv less verbose: `export DIRENV_LOG_FORMAT=`
2024-09-18 12:28:44 +02:00
markoburcul
affa41a334
terraform-script: Extend script for inventory
...
Extend terraform.py script to populate inventory file with variables
`ansible_become_method`, `ansible_become_user` and `ansible_shell_type`.
The values for these variables are fetched from terraform state if
present, otherwise the defaults are set.
Referenced issue: https://github.com/status-im/infra-template/issues/10
Signed-off-by: markoburcul <marko@status.im>
2024-09-12 14:52:43 +02:00
Jakub Sokołowski
d68fcfbb54
flake.nix: add vault to Nix shell
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-09-02 16:50:21 +02:00
Alexis Pentori
06b8e8067d
flake: add direnv to load vault variables
...
Signed-off-by: Alexis Pentori <alexis@status.im>
2024-08-21 10:07:54 +02:00
Alexis Pentori
c1b14ab9b5
vault: add lookup plugin and certificate file
...
Signed-off-by: Alexis Pentori <alexis@status.im>
2024-08-06 15:50:58 +02:00
Jakub Sokołowski
adde766742
Makefile: add check for CONSUL_HTTP_TOKEN
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-07-15 11:33:30 +02:00
Jakub Sokołowski
909e367ac0
ansible/roles.py: detect updated version correctly
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-07-05 11:38:59 +02:00
Jakub Sokołowski
f5b5f8dbcf
ansible/roles.py: mark branch with no upstream as dirty
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-07-05 10:50:48 +02:00
Jakub Sokołowski
7aecbf2a75
ansible/roles.py: use StrictHostKeyChecking=accept-new
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-07-05 10:04:21 +02:00
Jakub Sokołowski
3ae654e94b
ansible/roles.py: create .ansible folder before symlink
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-07-05 09:34:02 +02:00
Jakub Sokołowski
61c50a0e43
flake: add Nix shell for infrastructure work
...
This is an initial version we can expand later.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-07-05 09:10:48 +02:00
Jakub Sokołowski
b2dda7792f
versions.tf: upgrade pass provider to 2.1.1
...
This release includes builds for `arm64` MacOS hosts:
https://github.com/camptocamp/terraform-provider-pass/releases/tag/v2.1.1
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-24 11:49:35 +02:00
Jakub Sokołowski
92c6c74bcf
ansible/roles.py: fix pull call to handle up-to-date repo
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-24 08:47:40 +02:00
Jakub Sokołowski
bebd6df798
ansible/bootstrap: fix use of versioncheck.py
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-20 11:59:02 +02:00
Jakub Sokołowski
7b8ce348d9
providers:tf: drop unnecessary account_id for CloudFlare
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-20 11:52:07 +02:00
Jakub Sokołowski
0936584248
main.tf: fix path to clearly show placeholder
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-20 11:41:21 +02:00
Jakub Sokołowski
78dcae18c7
drop unused variables.tf file
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-20 11:40:47 +02:00
Jakub Sokołowski
b2e7060508
ansible/roles.py: fix colors when called via ansible
...
Asnible colors things, and we don't want them colored.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-13 17:10:33 +02:00
Jakub Sokołowski
f31c778de0
ansible/roles.py: avoid unnecessary git calls
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-13 17:10:21 +02:00
Jakub Sokołowski
6515c4b281
ansible/roles.py: fix checking ancestry during update
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-13 17:09:53 +02:00
Jakub Sokołowski
c17561ec12
ansible/roles.py: fix checking git ancestry
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-13 15:26:45 +02:00
Jakub Sokołowski
750e12d1ad
ansible/roles.py: fix formating of role names
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-13 15:18:35 +02:00
Jakub Sokołowski
49df6d5996
roles.py: script to replace Ansible Galaxy
...
Usage:
```
usage: roles.py [-h] [-f FILTER] [-w WORKERS] [-r REQUIREMENTS] [-s ROLES_SYMLINK] [-l LOG_LEVEL] [-d] [-a] [-i | -c | -u]
This tool managed Ansible roles as Git repositories.
It is both faster and simpler than Ansible Galaxy.
By default ~/.ansible/roles is symlinked to ~/work.
Override it using --roles-symlink or ROLES_SYMLINK.
Installation behavior:
- If no version is specified newest is pulled.
- If version is matching nothing is done.
- If repo is dirty or detached nothing is done.
- If version is newer user is notified.
options:
-h, --help show this help message and exit
-f FILTER, --filter FILTER
Filter role repo names.
-w WORKERS, --workers WORKERS
Max workers to run in parallel.
-r REQUIREMENTS, --requirements REQUIREMENTS
Location of requirements.yml file.
-s ROLES_SYMLINK, --roles-symlink ROLES_SYMLINK
Actual location of installed roles.
-l LOG_LEVEL, --log-level LOG_LEVEL
Logging level.
-d, --fail-dirty Fail if repo is dirty.
-a, --fail-detached Fail if repo has detached head.
-i, --install Clone and update required roles.
-c, --check Only check roles, no installing.
-u, --update Update requirements with current commits.
Examples:
./roles.py --install
./roles.py --check
./roles.py --update
```
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-06-13 14:07:14 +02:00
Jakub Sokołowski
23d081362e
lookup_plugins/bitwarden: ignore stderr
...
Otherwise we get weird JSON parsing errors:
```
An unhandled exception occurred while running the lookup plugin 'bitwarden'.
Error was a <class 'json.decoder.JSONDecodeError'>, original message:
Extra data: line 1 column 843 (char 842). Extra data: line 1 column 843 (char 842)
```
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-05-07 14:36:33 +02:00
Jakub Sokołowski
54614d2988
requirements: use full repo names
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-03-09 10:40:09 +01:00
Anton Iakimov
74a022d3d2
terraform: bump requires version
2023-10-05 14:34:22 +02:00
Anton Iakimov
8372392ef1
minor updates after infra-shards
...
1. add consul certs
2. don't fix ansible roles version
3. README to update infra-repos
2023-10-05 14:02:30 +02:00
Jakub Sokołowski
be8917fe20
add ansibe/files/README.md to keep the dir
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2023-01-29 14:21:31 +01:00
Jakub Sokołowski
6e52a28aa0
versions: upgrade cloudflare from 2.21.0 to 3.26.0
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2023-01-11 11:21:39 +01:00
Jakub Sokołowski
8c63394bbe
add CloudFlare zone access boilerplate
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-06-20 13:17:13 +02:00
Jakub Sokołowski
2f11233f7c
upgrade Terraform to version 1.2.0
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-06-20 13:17:00 +02:00
Jakub Sokołowski
1dc2e6dd20
ansible/upgrade.yml: remove packages after reboot
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-17 19:04:15 +02:00
Jakub Sokołowski
627ceb51b9
readme: add reminder to change path in main.tf
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-12 10:23:30 +02:00
Jakub Sokołowski
0f872c3914
Makefile: drop creating cosul-ca.key file
...
It's not necessary for Terraform backend.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-12 09:51:47 +02:00
Jakub Sokołowski
697e1debe3
ansible.cfg: drop remote_user=admin
...
Doesn't make sense if there are multiple admin users.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-11 15:29:38 +02:00
Jakub Sokołowski
2739b26b37
add README
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-11 14:52:20 +02:00
Jakub Sokołowski
18b55da6f9
add Ansible boilerplate
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-11 14:46:01 +02:00
Jakub Sokołowski
d2fffa77b6
add Terraform boilerplate
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-11 14:29:16 +02:00
Jakub Sokołowski
650171adbe
add makefile
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-11 14:25:26 +02:00