From 1088fefdb2c67b6df0ac46b8ae6d48a60002af50 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Mon, 10 Apr 2023 11:21:58 +0000 Subject: [PATCH] move to new module setup (#2) Reviewed-on: https://git.pim.kunis.nl/home/hermes/pulls/2 --- ansible/ansible.cfg | 8 --- ansible/inventory/host_vars/hermes.yml | 1 - ansible/inventory/hosts.yml | 6 -- ansible/hermes.yml => hermes.yml | 2 +- main.tf | 56 +++---------------- ansible/resolv.conf => resolv.conf | 0 .../dnsmasq/files/dnsmasq.conf | 0 .../roles => roles}/dnsmasq/tasks/main.yml | 0 {ansible/roles => roles}/nsd/files/nsd.conf | 0 .../nsd/files/zones/geokunis2.nl | 0 .../nsd/files/zones/pim.kunis.nl | 0 .../nsd/files/zones/pizzapim.nl | 0 {ansible/roles => roles}/nsd/tasks/main.yml | 0 {ansible/roles => roles}/ssh/files/ca.sh | 0 .../ssh/files/keys/host_ca_key | 0 .../ssh/files/keys/host_ca_key.pub | 0 .../ssh/files/keys/user_ca_key | 0 .../ssh/files/keys/user_ca_key.pub | 0 {ansible/roles => roles}/ssh/tasks/main.yml | 0 .../util => util}/secret-service-client.sh | 0 20 files changed, 9 insertions(+), 64 deletions(-) delete mode 100644 ansible/ansible.cfg delete mode 100644 ansible/inventory/host_vars/hermes.yml delete mode 100644 ansible/inventory/hosts.yml rename ansible/hermes.yml => hermes.yml (96%) rename ansible/resolv.conf => resolv.conf (100%) rename {ansible/roles => roles}/dnsmasq/files/dnsmasq.conf (100%) rename {ansible/roles => roles}/dnsmasq/tasks/main.yml (100%) rename {ansible/roles => roles}/nsd/files/nsd.conf (100%) rename {ansible/roles => roles}/nsd/files/zones/geokunis2.nl (100%) rename {ansible/roles => roles}/nsd/files/zones/pim.kunis.nl (100%) rename {ansible/roles => roles}/nsd/files/zones/pizzapim.nl (100%) rename {ansible/roles => roles}/nsd/tasks/main.yml (100%) rename {ansible/roles => roles}/ssh/files/ca.sh (100%) rename {ansible/roles => roles}/ssh/files/keys/host_ca_key (100%) rename {ansible/roles => roles}/ssh/files/keys/host_ca_key.pub (100%) rename {ansible/roles => roles}/ssh/files/keys/user_ca_key (100%) rename {ansible/roles => roles}/ssh/files/keys/user_ca_key.pub (100%) rename {ansible/roles => roles}/ssh/tasks/main.yml (100%) rename {ansible/util => util}/secret-service-client.sh (100%) diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg deleted file mode 100644 index 56c7e01..0000000 --- a/ansible/ansible.cfg +++ /dev/null @@ -1,8 +0,0 @@ -[defaults] -roles_path=roles -inventory=inventory -interpreter_python=/usr/bin/python3 -vault_password_file=util/secret-service-client.sh - -[diff] -always = True diff --git a/ansible/inventory/host_vars/hermes.yml b/ansible/inventory/host_vars/hermes.yml deleted file mode 100644 index 73ada3f..0000000 --- a/ansible/inventory/host_vars/hermes.yml +++ /dev/null @@ -1 +0,0 @@ -internal_ip: 192.168.30.7 diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml deleted file mode 100644 index a09a9b6..0000000 --- a/ansible/inventory/hosts.yml +++ /dev/null @@ -1,6 +0,0 @@ -all: - hosts: - hermes: - ansible_connection: ssh - ansible_user: root - ansible_host: 192.168.30.7 diff --git a/ansible/hermes.yml b/hermes.yml similarity index 96% rename from ansible/hermes.yml rename to hermes.yml index 3e90e95..d6541a9 100644 --- a/ansible/hermes.yml +++ b/hermes.yml @@ -7,7 +7,7 @@ wait_for: state: started port: 22 - host: "{{ internal_ip }}" + host: "192.168.30.7" timeout: 300 connect_timeout: 300 search_regex: OpenSSH diff --git a/main.tf b/main.tf index 257d384..4bd908d 100644 --- a/main.tf +++ b/main.tf @@ -1,7 +1,7 @@ terraform { backend "pg" { schema_name = "dmz_dns" - conn_str = "postgres://terraform@10.42.0.1/terraform_state" + conn_str = "postgres://terraform@10.42.0.1/terraform_state" } required_providers { @@ -18,51 +18,11 @@ provider "libvirt" { uri = "qemu+ssh://root@atlas.lan/system" } -resource "libvirt_volume" "main_disk" { - name = "${var.name}.iso" - pool = "disk" - size = 1024 * 1024 * 1024 * 15 - base_volume_name = "debian-bookworm.qcow2" - base_volume_pool = "iso" -} - -resource "libvirt_cloudinit_disk" "cloudinit" { - name = "${var.name}.iso" - pool = "init" - user_data = templatefile("cloud_init.cfg.tftpl", { name = var.name, admin_authorized_keys = var.admin_authorized_keys }) - network_config = templatefile("network_config.cfg.tftpl", { internal_ip = var.internal_ip }) -} - -resource "libvirt_domain" "ubuntu" { - name = var.name - memory = 1024 - vcpu = 4 - autostart = true - - disk { - volume_id = libvirt_volume.main_disk.id - } - - network_interface { - bridge = "dmzbr" - hostname = var.name - mac = "CA:FE:C0:FF:EE:07" - } - - cloudinit = libvirt_cloudinit_disk.cloudinit.id - - provisioner "local-exec" { - command = "ansible-playbook -e internal_ip=${var.internal_ip} -T 60 -u root -i ${var.ansible_inventory} ${var.ansible_playbook}" - - environment = { - ANSIBLE_HOST_KEY_CHECKING = "False" - ANSIBLE_CONFIG = "${var.ansible_cfg}" - } - } - - lifecycle { - replace_triggered_by = [ - libvirt_cloudinit_disk.cloudinit.id - ] - } +module "vm" { + source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian" + name = "hermes" + use_host_cert = false + fixed_address = "192.168.30.7/24" + ansible_command = "ANSIBLE_ROLES_PATH=roles ANSIBLE_HOST_KEY_CHECKING=False ANSIBLE_VAULT_PASSWORD_FILE=util/secret-service-client.sh ansible-playbook -u root -i '192.168.30.7,' hermes.yml" + mac = "CA:FE:C0:FF:EE:07" } diff --git a/ansible/resolv.conf b/resolv.conf similarity index 100% rename from ansible/resolv.conf rename to resolv.conf diff --git a/ansible/roles/dnsmasq/files/dnsmasq.conf b/roles/dnsmasq/files/dnsmasq.conf similarity index 100% rename from ansible/roles/dnsmasq/files/dnsmasq.conf rename to roles/dnsmasq/files/dnsmasq.conf diff --git a/ansible/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml similarity index 100% rename from ansible/roles/dnsmasq/tasks/main.yml rename to roles/dnsmasq/tasks/main.yml diff --git a/ansible/roles/nsd/files/nsd.conf b/roles/nsd/files/nsd.conf similarity index 100% rename from ansible/roles/nsd/files/nsd.conf rename to roles/nsd/files/nsd.conf diff --git a/ansible/roles/nsd/files/zones/geokunis2.nl b/roles/nsd/files/zones/geokunis2.nl similarity index 100% rename from ansible/roles/nsd/files/zones/geokunis2.nl rename to roles/nsd/files/zones/geokunis2.nl diff --git a/ansible/roles/nsd/files/zones/pim.kunis.nl b/roles/nsd/files/zones/pim.kunis.nl similarity index 100% rename from ansible/roles/nsd/files/zones/pim.kunis.nl rename to roles/nsd/files/zones/pim.kunis.nl diff --git a/ansible/roles/nsd/files/zones/pizzapim.nl b/roles/nsd/files/zones/pizzapim.nl similarity index 100% rename from ansible/roles/nsd/files/zones/pizzapim.nl rename to roles/nsd/files/zones/pizzapim.nl diff --git a/ansible/roles/nsd/tasks/main.yml b/roles/nsd/tasks/main.yml similarity index 100% rename from ansible/roles/nsd/tasks/main.yml rename to roles/nsd/tasks/main.yml diff --git a/ansible/roles/ssh/files/ca.sh b/roles/ssh/files/ca.sh similarity index 100% rename from ansible/roles/ssh/files/ca.sh rename to roles/ssh/files/ca.sh diff --git a/ansible/roles/ssh/files/keys/host_ca_key b/roles/ssh/files/keys/host_ca_key similarity index 100% rename from ansible/roles/ssh/files/keys/host_ca_key rename to roles/ssh/files/keys/host_ca_key diff --git a/ansible/roles/ssh/files/keys/host_ca_key.pub b/roles/ssh/files/keys/host_ca_key.pub similarity index 100% rename from ansible/roles/ssh/files/keys/host_ca_key.pub rename to roles/ssh/files/keys/host_ca_key.pub diff --git a/ansible/roles/ssh/files/keys/user_ca_key b/roles/ssh/files/keys/user_ca_key similarity index 100% rename from ansible/roles/ssh/files/keys/user_ca_key rename to roles/ssh/files/keys/user_ca_key diff --git a/ansible/roles/ssh/files/keys/user_ca_key.pub b/roles/ssh/files/keys/user_ca_key.pub similarity index 100% rename from ansible/roles/ssh/files/keys/user_ca_key.pub rename to roles/ssh/files/keys/user_ca_key.pub diff --git a/ansible/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml similarity index 100% rename from ansible/roles/ssh/tasks/main.yml rename to roles/ssh/tasks/main.yml diff --git a/ansible/util/secret-service-client.sh b/util/secret-service-client.sh similarity index 100% rename from ansible/util/secret-service-client.sh rename to util/secret-service-client.sh