Skip to content
Snippets Groups Projects
Commit 1bc5b56f authored by MUNIER Florian's avatar MUNIER Florian
Browse files

[add] project terraform & ansible

parent 83616179
Branches
No related tags found
No related merge requests found
Showing
with 229 additions and 11 deletions
......@@ -6,3 +6,7 @@ private_ips.txt
public_ips.txt
ip_files
hosts.ini
.ssh
hosts.ini
*.pem
*.pub
\ No newline at end of file
---
- name: Deploy Vapormap App
hosts: bastion
gather_facts: false
tasks:
- name: Déploiement de VaporMap
ansible.builtin.include_role:
name: bootstrap
---
- name: Destroy Vapormap App
hosts: bastion
gather_facts: false
tasks:
- name: Destruction de VaporMap
ansible.builtin.include_role:
name: bootstrap
tasks_from: destroy
---
# ID GitLab
USERNAME: 'gitlab+deploy-token-21'
PASSWORD: 'yg3gvipZRNDTGHVJbwae'
# User
VAPORMAP_GROUP: 'app-vapormap'
VAPORMAP_USER: 'app-vapormap'
VAPORMAP_USER_PASS: 'app-vapormap'
HOME_DIR: '/home/app-vapormap'
# Chemin du dossier vapormap-prod
VAPORMAP_DIR: '{{HOME_DIR}}/vapormap'
# Chemin du fichier de variables db
ENV_FILE: '{{VAPORMAP_DIR}}/env/.env.db'
---
- name: Suppression de Docker
ansible.builtin.include_role:
name: docker
tasks_from: destroy
- name: Suppression de l'environnement
ansible.builtin.include_role:
name: environment
tasks_from: destroy
---
- name: Environnement
ansible.builtin.include_role:
name: environment
- name: Docker
ansible.builtin.include_role:
name: docker
---
- name: Arrêt du docker-compose
become: true
community.docker.docker_compose:
project_src: "{{VAPORMAP_DIR}}"
build: false
env_file: "{{ENV_FILE}}"
stopped: true
register: output
- name: Déconnexion à la registry docker
become: true
community.docker.docker_login:
state: absent
---
- name: Installation docker / docker-compose
become: true
ansible.builtin.pip:
name:
- docker
- docker-compose
state: latest
- name: Connexion à la registry docker
become: true
community.docker.docker_login:
registry_url: gitlab-registry.imt-atlantique.fr/f21munie/vapormap/
username: "{{USERNAME}}"
password: "{{PASSWORD}}"
- name: Lancement du docker-compose
become: true
community.docker.docker_compose:
project_src: "{{VAPORMAP_DIR}}"
build: false
env_file: "{{ENV_FILE}}"
register: output
---
- name: Suppression du dossier vapormap
become: true
ansible.builtin.file:
path: "{{VAPORMAP_DIR}}"
state: absent
- name: Suppression utilisateur app-vapormap
become: true
ansible.builtin.user:
name: "{{VAPORMAP_USER}}"
state: absent
remove: true
- name: Suppression groupe app-vapormap
become: true
ansible.builtin.group:
name: "{{VAPORMAP_GROUP}}"
state: absent
---
- name: Mise à jour du système
become: true
ansible.builtin.apt:
name: "*"
state: latest
update_cache: true
- name: Groupe app-vapormap
become: true
ansible.builtin.group:
name: "{{VAPORMAP_GROUP}}"
state: present
- name: Utilisateur app-vapormap
become: true
ansible.builtin.user:
name: "{{VAPORMAP_USER}}"
password: "{{VAPORMAP_USER_PASS}}"
group: "{{VAPORMAP_GROUP}}"
home: "{{HOME_DIR}}"
shell: /bin/bash
- name: Installation des pré-requis
become: true
ansible.builtin.apt:
name:
- git
- vim
- nano
- python3
- python3-pip
state: latest
- name: Git clone
become: true
ansible.builtin.git:
repo: "https://{{USERNAME}}:{{PASSWORD}}@gitlab.imt-atlantique.fr/f21munie/vapormap.git"
dest: "{{VAPORMAP_DIR}}"
ignore_errors: true
- name: Gestion des droits de vapormap-prod
become: true
ansible.builtin.file:
path: "{{VAPORMAP_DIR}}"
recurse: true
owner: "{{VAPORMAP_USER}}"
group: "{{VAPORMAP_GROUP}}"
mode: "755"
---
- name: Suppression du dossier vapormap
become: true
ansible.builtin.file:
path: "{{VAPORMAP_DIR}}"
state: absent
- name: Suppression utilisateur app-vapormap
become: true
ansible.builtin.user:
name: "{{VAPORMAP_USER}}"
state: absent
remove: true
- name: Suppression groupe app-vapormap
become: true
ansible.builtin.group:
name: "{{VAPORMAP_GROUP}}"
state: absent
---
- name: Create a k8s namespace
kubernetes.core.k8s:
name: testing
api_version: v1
kind: Namespace
state: present
- name: Create a Deployment by reading the definition from a local file
kubernetes.core.k8s:
state: present
src: /testing/deployment.yml
- name: Create a Deployment by reading the definition from a local file
kubernetes.core.k8s:
state: present
src: service.yml
\ No newline at end of file
module "mod-os-private-network" {
source = "./mod-os-private-network/"
KEYPAIR_PATH = "$HOME/.ssh"
EXTERNAL_NETWORK = "external"
ROUTER_NAME = "router"
NETWORK_NAME = "network"
SUBNET_NAME = "subnet"
SUBNET_IP_RANGE = "192.168.3.0/24"
DNS = ["192.44.75.10"]
INSTANCE_BASTION_NAME = "bastion"
INSTANCE_BASTION_IMAGE = "imta-docker"
INSTANCE_BASTION_FLAVOR = "s10.medium"
INSTANCE_BASTION_KEY_PAIR = "projet_terraform2"
INSTANCE_ORCHEST_NAME = ["node01", "node02", "node03"]
INSTANCE_ORCHEST_IMAGE = "imta-docker"
INSTANCE_ORCHEST_FLAVOR = "s10.medium"
INSTANCE_ORCHEST_KEY_PAIR = "id_rsa2"
SECGROUP_BASTION_NAME = "secgroup_bastion2"
SECGROUP_APPLICATION_NAME = "secgroup_application2"
SECGROUP_INTERNAL_NETWORK_NAME = "secgroup_internal_network2"
}
# lancement du playbook ansible
resource "null_resource" "ansible" {
provisioner "local-exec" {
interpreter = ["/bin/bash", "-c"]
#command = "source /home/user/TP/Ansible/venv/ansible/bin/activate; ANSIBLE_HOST_KEY_CHECKING=False ansible -i ../Ansible/hosts.ini all -m ping --private-key .ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pem -e pub_key=.ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pub; deactivate"
#command = "ANSIBLE_HOST_KEY_CHECKING=False ansible -i hosts.ini all -m ping --private-key .ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pem -e pub_key=.ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pub"
command = "source /home/user/TP/Ansible/venv/ansible/bin/activate; ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ../Ansible/hosts.ini ../Ansible/deploy.yml; deactivate"
}
depends_on = [
openstack_compute_instance_v2.bastion_instance,
openstack_compute_instance_v2.orchestration_instance,
null_resource.copy_keypair_cluster,
null_resource.copy_local_ip_bastion
]
}
......@@ -5,7 +5,8 @@ resource "openstack_networking_floatingip_v2" "floatip_admin" {
# Copie IP publique dans un fichier .txt sur la machine hébergeante
provisioner "local-exec" {
command = "mkdir ip_files; echo '${var.INSTANCE_BASTION_NAME} : ${self.address}' > ${var.PROJECT_PATH}/terraform/ip_files/public_ips.txt"
command = "mkdir ip_files; echo '${var.INSTANCE_BASTION_NAME} : ${self.address}' > ip_files/public_ips.txt"
}
}
......@@ -24,7 +25,7 @@ resource "openstack_networking_floatingip_v2" "floatip_application" {
# Copie IP publique dans un fichier .txt sur la machine hébergeante
provisioner "local-exec" {
command = "echo '${var.INSTANCE_ORCHEST_NAME[0]} : ${self.address}' >> ${var.PROJECT_PATH}/terraform/ip_files/public_ips.txt"
command = "echo '${var.INSTANCE_ORCHEST_NAME[0]} : ${self.address}' >> ip_files/public_ips.txt"
}
depends_on = [openstack_networking_floatingip_v2.floatip_admin]
......
......@@ -14,7 +14,7 @@ resource "openstack_compute_instance_v2" "bastion_instance" {
# Copie des IP locales dans un fichier .txt sur la machine hébergeante
# Inventaire Ansible
provisioner "local-exec" {
command = "echo '${self.name} : ${self.access_ip_v4}' > ${var.PROJECT_PATH}/terraform/ip_files/private_ips.txt; echo '[app]' > ${var.PROJECT_PATH}/ansible/hosts.ini; echo ${self.name} ansible_host=${openstack_networking_floatingip_v2.floatip_admin.address} ansible_user=ubuntu ansible_ssh_private_key_file='${var.KEYPAIR_PATH}/${var.INSTANCE_BASTION_KEY_PAIR}.pem' >> ${var.PROJECT_PATH}/ansible/hosts.ini"
command = "echo '${self.name} : ${self.access_ip_v4}' > ip_files/private_ips.txt; echo '[app]' > ../Ansible/hosts.ini; echo ${self.name} ansible_host=${openstack_networking_floatingip_v2.floatip_admin.address} ansible_user=ubuntu ansible_ssh_private_key_file='../.ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pem' >> ../Ansible/hosts.ini"
}
depends_on = [openstack_compute_keypair_v2.keypair_project,
......@@ -40,7 +40,7 @@ resource "openstack_compute_instance_v2" "orchestration_instance" {
# Copie des IP locales dans un fichier .txt sur la machine hébergeante
# Inventaire Ansible
provisioner "local-exec" {
command = "echo '${self.name} : ${self.access_ip_v4}' >> ${var.PROJECT_PATH}/terraform/ip_files/private_ips.txt; echo ${self.name} ansible_host=${self.access_ip_v4} ansible_user=ubuntu ansible_ssh_private_key_file='${var.INSTANCE_ORCHEST_KEY_PAIR}.pem'>> ${var.PROJECT_PATH}/ansible/hosts.ini"
command = "echo '${self.name} : ${self.access_ip_v4}' >> ip_files/private_ips.txt; echo ${self.name} ansible_host=${self.access_ip_v4} ansible_user=ubuntu ansible_ssh_private_key_file='${var.INSTANCE_ORCHEST_KEY_PAIR}.pem'>> ../Ansible/hosts.ini"
}
depends_on = [openstack_compute_instance_v2.bastion_instance,
......@@ -62,7 +62,7 @@ resource "null_resource" "copy_local_ip_bastion" {
# Copie de private_ips.txt sur l'instance bastion
provisioner "file" {
source = "${var.PROJECT_PATH}/terraform/ip_files/private_ips.txt"
source = "ip_files/private_ips.txt"
destination = "private_ips.txt"
}
......@@ -89,7 +89,7 @@ resource "null_resource" "copy_local_ip_cluster" {
# Copie de private_ips.txt sur les instances du cluster
provisioner "file" {
source = "${var.PROJECT_PATH}/terraform/ip_files/private_ips.txt"
source = "ip_files/private_ips.txt"
destination = "private_ips.txt"
}
......
......@@ -4,7 +4,7 @@ resource "openstack_compute_keypair_v2" "keypair_project" {
# Copie de la paire de clés sur la machine hébergeante
provisioner "local-exec" {
command = "echo '${self.private_key}' > ${var.KEYPAIR_PATH}/${var.INSTANCE_BASTION_KEY_PAIR}.pem; echo '${self.public_key}' > ${var.KEYPAIR_PATH}/${var.INSTANCE_BASTION_KEY_PAIR}.pub; chmod 600 ${var.KEYPAIR_PATH}/${var.INSTANCE_BASTION_KEY_PAIR}.pem; chmod 600 ${var.KEYPAIR_PATH}/${var.INSTANCE_BASTION_KEY_PAIR}.pub"
command = "mkdir ../.ssh; echo '${self.private_key}' > ../.ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pem; echo '${self.public_key}' > ../.ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pub; chmod 600 ../.ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pem; chmod 600 ../.ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pub"
}
}
......@@ -29,10 +29,11 @@ resource "null_resource" "copy_keypair_cluster" {
# Ajout des droits
provisioner "remote-exec" {
inline = [
"echo '${openstack_compute_keypair_v2.keypair_cluster.public_key}' > ${var.INSTANCE_ORCHEST_KEY_PAIR}.pub",
"echo '${openstack_compute_keypair_v2.keypair_cluster.private_key}' > ${var.INSTANCE_ORCHEST_KEY_PAIR}.pem",
"chmod 600 ${var.INSTANCE_ORCHEST_KEY_PAIR}.pub",
"chmod 600 ${var.INSTANCE_ORCHEST_KEY_PAIR}.pem"]
"mkdir .ssh",
"echo '${openstack_compute_keypair_v2.keypair_cluster.public_key}' > ${var.KEYPAIR_PATH}/${var.INSTANCE_ORCHEST_KEY_PAIR}.pub",
"echo '${openstack_compute_keypair_v2.keypair_cluster.private_key}' > ${var.KEYPAIR_PATH}/${var.INSTANCE_ORCHEST_KEY_PAIR}.pem",
"chmod 600 ${var.KEYPAIR_PATH}/${var.INSTANCE_ORCHEST_KEY_PAIR}.pub",
"chmod 600 ${var.KEYPAIR_PATH}/${var.INSTANCE_ORCHEST_KEY_PAIR}.pem"]
}
depends_on = [openstack_compute_keypair_v2.keypair_project,
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment