diff --git a/.gitignore b/.gitignore index 1679617..3fa8c86 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -terraform/.terraform +.terraform diff --git a/ansible_inventory.tf b/ansible_inventory.tf new file mode 100644 index 0000000..c4a17b2 --- /dev/null +++ b/ansible_inventory.tf @@ -0,0 +1,51 @@ +variable "ansible_inventory_filename" { + type = string + default = "inventory.json" +} + +locals { + vm_hosts_with_groups = { + for hostname, host in var.vm_hosts: hostname => host if contains(keys(host),"groups") + } + vm_hosts_without_groups = { + for hostname, host in var.vm_hosts: hostname => host if !contains(keys(host),"groups") + } + vm_groups = distinct(flatten(values(local.hetzner_vm_hosts_with_groups)[*].groups)) + ansible_inventory = { + all = { + hosts = { + for hostname,host in var.vm_hosts: hostname => {} + } + children = merge( + { + for group in local.vm_groups: group => { + hosts = { + for hostname, host in local.vm_hosts_with_groups: + hostname => {} + if contains(host.groups,group) + } + } + },{ + for providername, provider in local.providers: "provider_${providername}" => { + hosts = { + for hostname, host in local.vm_hosts_with_groups: + hostname => local.providers[host.provider].hostvars[hostname] + if host.provider == providername + } + } + } + ) + } + } +} + +output "ansible_inventory" { + value = local.ansible_inventory +} + +resource "local_file" "foo" { + content = jsonencode(local.ansible_inventory) + filename = var.ansible_inventory_filename + file_permission = "0644" + directory_permission = "0755" +} diff --git a/common.yaml b/common.yaml new file mode 100644 index 0000000..3ac84ba --- /dev/null +++ b/common.yaml @@ -0,0 +1,14 @@ +--- + +- hosts: + - controllers + - nameservers + remote_user: root + roles: + - role: common + +- hosts: + - controllers + remote_user: root + roles: + - role: tools diff --git a/controllers.yaml b/controllers.yaml new file mode 100644 index 0000000..d0781f7 --- /dev/null +++ b/controllers.yaml @@ -0,0 +1,10 @@ +--- + +- hosts: controllers + remote_user: root + roles: + #- role: nginx + #- role: gitea + #- role: buildbot + #- role: netbox + #- role: alerta diff --git a/deploy.yaml b/deploy.yaml deleted file mode 100644 index 111ba63..0000000 --- a/deploy.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: ovh_vms - remote_user: root - gather_facts: false - roles: - - role: terraform-vm - -- hosts: localhost - tasks: - - debug: - msg: |- - to apply terraform updates run: - cd "{{playbook_dir}}/terraform" - terraform apply - - # - terraform: - # project_path: "{{playbook_dir}}/terraform" diff --git a/etcd.tf b/etcd.tf new file mode 100644 index 0000000..86d61da --- /dev/null +++ b/etcd.tf @@ -0,0 +1,7 @@ +#terraform { +# backend "etcdv3" { +# endpoints = ["localhost:2379"] +# lock = true +# prefix = "testing/terraform-state/" +# } +#} diff --git a/group_vars/controllers/alerta.yaml b/group_vars/controllers/alerta.yaml new file mode 100644 index 0000000..0632f24 --- /dev/null +++ b/group_vars/controllers/alerta.yaml @@ -0,0 +1 @@ +alerta_server_name: alerts.testing.thengo.net diff --git a/group_vars/controllers/certificates.yaml b/group_vars/controllers/certificates.yaml new file mode 100644 index 0000000..1dba40c --- /dev/null +++ b/group_vars/controllers/certificates.yaml @@ -0,0 +1 @@ +certificate_provider: letsencrypt diff --git a/group_vars/controllers/gitea.yaml b/group_vars/controllers/gitea.yaml new file mode 100644 index 0000000..963537c --- /dev/null +++ b/group_vars/controllers/gitea.yaml @@ -0,0 +1 @@ +gitea_server_name: git.testing.thengo.net diff --git a/group_vars/controllers/netbox.yaml b/group_vars/controllers/netbox.yaml new file mode 100644 index 0000000..346bec6 --- /dev/null +++ b/group_vars/controllers/netbox.yaml @@ -0,0 +1 @@ +netbox_server_name: netbox.testing.thengo.net diff --git a/group_vars/ovh_vms/terraform.yaml b/group_vars/ovh_vms/terraform.yaml deleted file mode 100644 index 46bf348..0000000 --- a/group_vars/ovh_vms/terraform.yaml +++ /dev/null @@ -1,3 +0,0 @@ -ansible_host: "{{terraform_vm.access_ip_v4}}" -openstack_region: GRA7 -openstack_flavor: s1-2 diff --git a/host_vars/controller.testing.thengo.net/terraform-info.json b/host_vars/controller.testing.thengo.net/terraform-info.json deleted file mode 100755 index 2960843..0000000 --- a/host_vars/controller.testing.thengo.net/terraform-info.json +++ /dev/null @@ -1 +0,0 @@ -{"terraform_vm":{"access_ip_v4":"54.37.77.37","access_ip_v6":"[2001:41d0:701:1000::ad9]","admin_pass":null,"all_metadata":{},"all_tags":[],"availability_zone":"nova","block_device":[],"config_drive":null,"flavor_id":"d31419c1-8e1e-48c2-8a4c-28190650c817","flavor_name":"s1-2","floating_ip":null,"force_delete":false,"id":"cf23e031-b299-477b-af6a-989826c4c9aa","image_id":"6a27a33f-9cb9-4c65-b99c-bb904dfb43aa","image_name":"Debian 10","key_pair":"terraform-default","metadata":null,"name":"controller.testing.thengo.net","network":[{"access_network":false,"fixed_ip_v4":"54.37.77.37","fixed_ip_v6":"[2001:41d0:701:1000::ad9]","floating_ip":"","mac":"fa:16:3e:84:3d:f1","name":"Ext-Net","port":"","uuid":"ed0ab0c6-93ee-44f8-870b-d103065b1b34"}],"personality":[],"power_state":"active","region":"DE1","scheduler_hints":[],"security_groups":["default"],"stop_before_destroy":false,"tags":null,"timeouts":null,"user_data":"3670b43deeb2d5936a31f7eb5c20593fd64c7a0e","vendor_options":[],"volume":[]}} \ No newline at end of file diff --git a/inventory b/inventory deleted file mode 100644 index 58b5a18..0000000 --- a/inventory +++ /dev/null @@ -1,9 +0,0 @@ -[ovh_vms] -controller.testing.thengo.net openstack_region=DE1 -#ns.testing.thengo.net openstack_region=DE1 - -[controllers] -controller.testing.thengo.net - -[nameservers] -ns.testing.thengo.net diff --git a/inventory.json b/inventory.json new file mode 100644 index 0000000..663e894 --- /dev/null +++ b/inventory.json @@ -0,0 +1 @@ +{"all":{"children":{"controllers":{"hosts":{"controller.testing.thengo.net":{}}},"provider_hetzner":{"hosts":{"controller.testing.thengo.net":{"ansible_host":"116.203.152.103","external_ip":"116.203.152.103"}}}},"hosts":{"controller.testing.thengo.net":{}}}} \ No newline at end of file diff --git a/inventory_input.tf b/inventory_input.tf new file mode 100644 index 0000000..8daf759 --- /dev/null +++ b/inventory_input.tf @@ -0,0 +1,13 @@ +variable "vm_hosts" { + default = { + "controller.testing.thengo.net" = { provider = "hetzner", groups = [ "controllers" ] } + #"ns.testing.thengo.net" = { provider = "hetzner", groups = [ "nameservers" ] } + } +} + +variable "groups" { + default = { + reverse_proxies = { + } + } +} diff --git a/provider_hetzner.auto.tfvars b/provider_hetzner.auto.tfvars new file mode 100644 index 0000000..3069dfe --- /dev/null +++ b/provider_hetzner.auto.tfvars @@ -0,0 +1 @@ +hetzner_token = "nCsHpDLur3bZyLdibay4CvdlP4MnJ1gREFkale18x2Onjv69URriP6roQUvBbqDT" diff --git a/provider_hetzner.tf b/provider_hetzner.tf new file mode 100644 index 0000000..e5d6416 --- /dev/null +++ b/provider_hetzner.tf @@ -0,0 +1,107 @@ +# Provider Setup + +variable "hetzner_token" { + type = string + description = "Hetzner Cloud API-Token" +} + +variable "hetzner_default_location" { + type = string + default = "nbg1" +} + +variable "hetzner_server_image" { + type = string + default = "debian-10" +} + +variable "hetzner_default_server_type" { + type = string + default = "cx11" +} + +variable "hetzner_ssh_keys_filenames" { + type = set(string) + default = [ + "~/.ssh/id_ed25519.pub", + ] +} + +provider "hcloud" { + token = var.hetzner_token +} + + +# Network + +#resource "hcloud_network" "internal_network" { +# name = "internal_network" +# ip_range = "10.0.0.0/8" +#} +#resource "hcloud_network_subnet" "internal_network" { +# network_id = hcloud_network.internal_network.id +# type = "server" +# network_zone = "eu-central" +# ip_range = "10.9.0.0/16" +#} + + +# VMs + +resource "hcloud_ssh_key" "ssh_keys" { + name = each.value + public_key = file(each.value) + for_each = var.hetzner_ssh_keys_filenames +} + +locals { + hetzner_vm_hosts = { + for hostname, host in var.vm_hosts: hostname => host + if host.provider == "hetzner" + } + hetzner_vm_hosts_with_groups = { + for hostname, host in local.hetzner_vm_hosts: hostname => host if contains(keys(host),"groups") + } + hetzner_vm_hosts_without_groups = { + for hostname, host in local.hetzner_vm_hosts: hostname => host if !contains(keys(host),"groups") + } +} + +resource "hcloud_server" "vms" { + name = each.key + image = var.hetzner_server_image + server_type = var.hetzner_default_server_type + location = var.hetzner_default_location + ssh_keys = [for value in hcloud_ssh_key.ssh_keys: value.id] + + lifecycle { + ignore_changes = [ + ssh_keys, + ] + } + + for_each = local.hetzner_vm_hosts +} + +#resource "hcloud_server_network" "vms" { +# server_id = hcloud_server.vms[each.key].id +# network_id = hcloud_network.internal_network.id +# +# for_each = local.hetzner_vm_hosts +#} + +# Provider Variable + +locals { + provider_hetzner = { + hostvars = { + for hostname, host in var.vm_hosts: hostname => + { + external_ip = hcloud_server.vms[hostname].ipv4_address + ansible_host = hcloud_server.vms[hostname].ipv4_address + #internal_ip = hcloud_server_network.vms[hostname].ip + } + if host.provider == "hetzner" + } + } +} diff --git a/providers.tf b/providers.tf new file mode 100644 index 0000000..c475f6d --- /dev/null +++ b/providers.tf @@ -0,0 +1,5 @@ +locals { + providers = { + hetzner = local.provider_hetzner + } +} diff --git a/terraform.tfstate b/terraform.tfstate new file mode 100644 index 0000000..bdcf237 --- /dev/null +++ b/terraform.tfstate @@ -0,0 +1,173 @@ +{ + "version": 4, + "terraform_version": "0.12.24", + "serial": 26, + "lineage": "0f8651e8-593e-1889-aef1-d79f69de7a9a", + "outputs": { + "ansible_inventory": { + "value": { + "all": { + "children": { + "controllers": { + "hosts": { + "controller.testing.thengo.net": {} + } + }, + "provider_hetzner": { + "hosts": { + "controller.testing.thengo.net": { + "ansible_host": "116.203.152.103", + "external_ip": "116.203.152.103" + } + } + } + }, + "hosts": { + "controller.testing.thengo.net": {} + } + } + }, + "type": [ + "object", + { + "all": [ + "object", + { + "children": [ + "object", + { + "controllers": [ + "object", + { + "hosts": [ + "object", + { + "controller.testing.thengo.net": [ + "object", + {} + ] + } + ] + } + ], + "provider_hetzner": [ + "object", + { + "hosts": [ + "object", + { + "controller.testing.thengo.net": [ + "object", + { + "ansible_host": "string", + "external_ip": "string" + } + ] + } + ] + } + ] + } + ], + "hosts": [ + "object", + { + "controller.testing.thengo.net": [ + "object", + {} + ] + } + ] + } + ] + } + ] + } + }, + "resources": [ + { + "mode": "managed", + "type": "hcloud_server", + "name": "vms", + "each": "map", + "provider": "provider.hcloud", + "instances": [ + { + "index_key": "controller.testing.thengo.net", + "schema_version": 0, + "attributes": { + "backup_window": "", + "backups": false, + "datacenter": "nbg1-dc3", + "id": "5685515", + "image": "debian-10", + "ipv4_address": "116.203.152.103", + "ipv6_address": "2a01:4f8:c0c:c828::1", + "ipv6_network": "2a01:4f8:c0c:c828::/64", + "iso": null, + "keep_disk": false, + "labels": {}, + "location": "nbg1", + "name": "controller.testing.thengo.net", + "rescue": null, + "server_type": "cx11", + "ssh_keys": [ + "1501431" + ], + "status": "running", + "user_data": null + }, + "private": "bnVsbA==", + "dependencies": [ + "hcloud_ssh_key.ssh_keys" + ] + } + ] + }, + { + "mode": "managed", + "type": "hcloud_ssh_key", + "name": "ssh_keys", + "each": "map", + "provider": "provider.hcloud", + "instances": [ + { + "index_key": "~/.ssh/id_ed25519.pub", + "schema_version": 0, + "attributes": { + "fingerprint": "75:3c:1e:51:61:71:51:48:d0:45:18:e4:66:19:de:6e", + "id": "1501431", + "labels": {}, + "name": "~/.ssh/id_ed25519.pub", + "public_key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwdEkFBdQfY5YB6LR1l+copG7rZXlGLQyWWwhZdNkpW ka\n" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "local_file", + "name": "foo", + "provider": "provider.local", + "instances": [ + { + "schema_version": 0, + "attributes": { + "content": "{\"all\":{\"children\":{\"controllers\":{\"hosts\":{\"controller.testing.thengo.net\":{}}},\"provider_hetzner\":{\"hosts\":{\"controller.testing.thengo.net\":{\"ansible_host\":\"116.203.152.103\",\"external_ip\":\"116.203.152.103\"}}}},\"hosts\":{\"controller.testing.thengo.net\":{}}}}", + "content_base64": null, + "directory_permission": "0755", + "file_permission": "0644", + "filename": "inventory.json", + "id": "0f2b79f769f5dcbdebc46242e9b0484c11646b71", + "sensitive_content": null + }, + "private": "bnVsbA==", + "dependencies": [ + "hcloud_server.vms" + ] + } + ] + } + ] +} diff --git a/terraform.tfstate.backup b/terraform.tfstate.backup new file mode 100644 index 0000000..1dc64a2 --- /dev/null +++ b/terraform.tfstate.backup @@ -0,0 +1,238 @@ +{ + "version": 4, + "terraform_version": "0.12.24", + "serial": 22, + "lineage": "0f8651e8-593e-1889-aef1-d79f69de7a9a", + "outputs": { + "ansible_inventory": { + "value": { + "all": { + "children": { + "controllers": { + "hosts": { + "controller.testing.thengo.net": {} + } + }, + "nameservers": { + "hosts": { + "ns.testing.thengo.net": {} + } + }, + "provider_hetzner": { + "hosts": { + "controller.testing.thengo.net": { + "ansible_host": "116.203.152.103", + "external_ip": "116.203.152.103" + }, + "ns.testing.thengo.net": { + "ansible_host": "116.203.152.95", + "external_ip": "116.203.152.95" + } + } + } + }, + "hosts": { + "controller.testing.thengo.net": {}, + "ns.testing.thengo.net": {} + } + } + }, + "type": [ + "object", + { + "all": [ + "object", + { + "children": [ + "object", + { + "controllers": [ + "object", + { + "hosts": [ + "object", + { + "controller.testing.thengo.net": [ + "object", + {} + ] + } + ] + } + ], + "nameservers": [ + "object", + { + "hosts": [ + "object", + { + "ns.testing.thengo.net": [ + "object", + {} + ] + } + ] + } + ], + "provider_hetzner": [ + "object", + { + "hosts": [ + "object", + { + "controller.testing.thengo.net": [ + "object", + { + "ansible_host": "string", + "external_ip": "string" + } + ], + "ns.testing.thengo.net": [ + "object", + { + "ansible_host": "string", + "external_ip": "string" + } + ] + } + ] + } + ] + } + ], + "hosts": [ + "object", + { + "controller.testing.thengo.net": [ + "object", + {} + ], + "ns.testing.thengo.net": [ + "object", + {} + ] + } + ] + } + ] + } + ] + } + }, + "resources": [ + { + "mode": "managed", + "type": "hcloud_server", + "name": "vms", + "each": "map", + "provider": "provider.hcloud", + "instances": [ + { + "index_key": "controller.testing.thengo.net", + "schema_version": 0, + "attributes": { + "backup_window": "", + "backups": false, + "datacenter": "nbg1-dc3", + "id": "5685515", + "image": "debian-10", + "ipv4_address": "116.203.152.103", + "ipv6_address": "2a01:4f8:c0c:c828::1", + "ipv6_network": "2a01:4f8:c0c:c828::/64", + "iso": null, + "keep_disk": false, + "labels": {}, + "location": "nbg1", + "name": "controller.testing.thengo.net", + "rescue": null, + "server_type": "cx11", + "ssh_keys": [ + "1501431" + ], + "status": "running", + "user_data": null + }, + "private": "bnVsbA==", + "dependencies": [ + "hcloud_ssh_key.ssh_keys" + ] + }, + { + "index_key": "ns.testing.thengo.net", + "schema_version": 0, + "attributes": { + "backup_window": "", + "backups": false, + "datacenter": "nbg1-dc3", + "id": "5685513", + "image": "debian-10", + "ipv4_address": "116.203.152.95", + "ipv6_address": "2a01:4f8:c0c:c827::1", + "ipv6_network": "2a01:4f8:c0c:c827::/64", + "iso": null, + "keep_disk": false, + "labels": {}, + "location": "nbg1", + "name": "ns.testing.thengo.net", + "rescue": null, + "server_type": "cx11", + "ssh_keys": [ + "1501431" + ], + "status": "running", + "user_data": null + }, + "private": "bnVsbA==", + "dependencies": [ + "hcloud_ssh_key.ssh_keys" + ] + } + ] + }, + { + "mode": "managed", + "type": "hcloud_ssh_key", + "name": "ssh_keys", + "each": "map", + "provider": "provider.hcloud", + "instances": [ + { + "index_key": "~/.ssh/id_ed25519.pub", + "schema_version": 0, + "attributes": { + "fingerprint": "75:3c:1e:51:61:71:51:48:d0:45:18:e4:66:19:de:6e", + "id": "1501431", + "labels": {}, + "name": "~/.ssh/id_ed25519.pub", + "public_key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwdEkFBdQfY5YB6LR1l+copG7rZXlGLQyWWwhZdNkpW ka\n" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "local_file", + "name": "foo", + "provider": "provider.local", + "instances": [ + { + "schema_version": 0, + "attributes": { + "content": "{\"all\":{\"children\":{\"controllers\":{\"hosts\":{\"controller.testing.thengo.net\":{}}},\"nameservers\":{\"hosts\":{\"ns.testing.thengo.net\":{}}},\"provider_hetzner\":{\"hosts\":{\"controller.testing.thengo.net\":{\"ansible_host\":\"116.203.152.103\",\"external_ip\":\"116.203.152.103\"},\"ns.testing.thengo.net\":{\"ansible_host\":\"116.203.152.95\",\"external_ip\":\"116.203.152.95\"}}}},\"hosts\":{\"controller.testing.thengo.net\":{},\"ns.testing.thengo.net\":{}}}}", + "content_base64": null, + "directory_permission": "0755", + "file_permission": "0644", + "filename": "inventory.json", + "id": "24344b5c76e5b8f59034052299c331fe9ea170c3", + "sensitive_content": null + }, + "private": "bnVsbA==", + "dependencies": [ + "hcloud_server.vms" + ] + } + ] + } + ] +} diff --git a/terraform/controller.testing.thengo.net.tf b/terraform/controller.testing.thengo.net.tf deleted file mode 100644 index cbbc571..0000000 --- a/terraform/controller.testing.thengo.net.tf +++ /dev/null @@ -1,31 +0,0 @@ -resource "openstack_compute_instance_v2" "controller--testing--thengo--net" { - name = "controller.testing.thengo.net" - - region = "DE1" - - flavor_name = "s1-2" - - key_pair = "terraform-default" - user_data = "#cloud-config\ndisable_root: false" - - image_name = "Debian 10" - - network { - name = "Ext-Net" - } - - lifecycle { - ignore_changes = [ - key_pair, - user_data - ] - } -} - -resource "local_file" "controller--testing--thengo--net-info" { - content = jsonencode({ - "terraform_vm": openstack_compute_instance_v2.controller--testing--thengo--net - }) - filename = "../host_vars/controller.testing.thengo.net/terraform-info.json" -} - diff --git a/terraform/etcd.tf b/terraform/etcd.tf deleted file mode 100644 index 6ee9ecb..0000000 --- a/terraform/etcd.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - backend "etcdv3" { - endpoints = ["localhost:2379"] - lock = true - prefix = "testing/terraform-state/" - } -} diff --git a/terraform/ovh.tf b/terraform/ovh.tf deleted file mode 100644 index 996f95f..0000000 --- a/terraform/ovh.tf +++ /dev/null @@ -1,32 +0,0 @@ -provider "ovh" { - endpoint = "ovh-eu" -} - -resource "ovh_cloud_user" "user" { - project_id = "2044653399df4877a72b77333c25557e" - description = "terraform user" -} - -provider "openstack" { - auth_url = "https://auth.cloud.ovh.net/v3" - - user_name = ovh_cloud_user.user.username - password = ovh_cloud_user.user.password - - tenant_id = ovh_cloud_user.user.project_id -} - -variable "ovh_regions" { - type = list(string) - default = [ - "DE1", - "GRA7", - ] -} - -resource "openstack_compute_keypair_v2" "default" { - name = "terraform-default" - region = each.value - public_key = file("~/.ssh/id_rsa.pub") - for_each = toset(var.ovh_regions) -} diff --git a/terraform/versions.tf b/versions.tf similarity index 100% rename from terraform/versions.tf rename to versions.tf