diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1a52daa..ed7cf3f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -3,6 +3,11 @@ stages: - apply - destroy +include: + - project: 'developerdurp/jobtemplates' + ref: main + file: 'terraform.yml' + before_script: - cat $tfvars >> terraform.tfvars - cat $ansible > ansible @@ -10,138 +15,117 @@ before_script: plan: stage: plan - allow_failure: true - image: - name: hashicorp/terraform:light - entrypoint: - - '/usr/bin/env' - - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' variables: - PLAN: plan.tfplan - JSON_PLAN_FILE: tfplan.json - TF_IN_AUTOMATION: "true" - GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME} - cache: - key: "$CI_COMMIT_SHA" - paths: - - .terraform - script: - - apk add --update curl jq - - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'" - - terraform --version - - terraform init -reconfigure -backend-config="address=${GITLAB_TF_ADDRESS}" -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="username=gitlab-ci-token" -backend-config="password=${CI_JOB_TOKEN}" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5" - - terraform plan -var-file=terraform.tfvars -out=$PLAN - - terraform show --json $PLAN | convert_report > $JSON_PLAN_FILE - artifacts: - reports: - terraform: $JSON_PLAN_FILE + WORKDIR: $CI_PROJECT_DIR\terraform + ARGUMENTS: + allow_failure: false + extends: .terraform_plan only: changes: - - terraform.tf - - terraform.tfvars - - jobs/main.yml + - terraform/* -apply: - stage: apply - image: - name: hashicorp/terraform:light - entrypoint: - - '/usr/bin/env' - - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' - variables: - PLAN: plan.tfplan - JSON_PLAN_FILE: tfplan.json - TF_IN_AUTOMATION: "true" - GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME} - cache: - key: "$CI_COMMIT_SHA" - paths: - - .terraform - script: - - apk add --update curl jq - - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'" - - terraform --version - - terraform init -reconfigure -backend-config="address=${GITLAB_TF_ADDRESS}" -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="username=gitlab-ci-token" -backend-config="password=${CI_JOB_TOKEN}" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5" - - terraform apply -auto-approve -var-file=terraform.tfvars - after_script: - - curl --request PUT --header "PRIVATE-TOKEN:${jobtoken}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/variables/kubeconfig" --form "value=$(cat config)" > null - dependencies: - - plan - only: - changes: - - terraform.tf - - terraform.tfvars - - jobs/main.yml - when: manual - -ansible-apply: - stage: apply - variables: - DEBIAN_FRONTEND: noninteractive - K8S_AUTH_KUBECONFIG: config - image: - name: ubuntu:latest - script: - - apt update && apt install ansible -y - - ansible-galaxy install -r $CI_PROJECT_DIR/group_vars/requirements.yml - - ansible-playbook $CI_PROJECT_DIR/jobs/main.yml - needs: - - apply - only: - changes: - - terraform.tf - - terraform.tfvars - - jobs/main.yml - -destroy: - stage: destroy - image: - name: hashicorp/terraform:light - entrypoint: - - '/usr/bin/env' - - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' - variables: - PLAN: plan.tfplan - JSON_PLAN_FILE: tfplan.json - TF_IN_AUTOMATION: "true" - GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME} - cache: - key: "$CI_COMMIT_SHA" - paths: - - .terraform - script: - - apk add --update curl jq - - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'" - - terraform --version - - terraform init -reconfigure -backend-config="address=${GITLAB_TF_ADDRESS}" -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="username=gitlab-ci-token" -backend-config="password=${CI_JOB_TOKEN}" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5" - - terraform destroy -auto-approve -var-file=terraform.tfvars - only: - changes: - - terraform.tf - - terraform.tfvars - - jobs/main.yml - when: manual - -ansible-update: - stage: apply - image: - name: ubuntu:latest - script: - - apt update && apt install ansible -y - - ansible-galaxy install -r $CI_PROJECT_DIR/group_vars/requirements.yml - - ansible-playbook $CI_PROJECT_DIR/jobs/update.yml - rules: - - if: $CI_PIPELINE_SOURCE == "schedule" - when: always - -ansible-update-dns: - stage: apply - image: - name: ubuntu:latest - script: - - apt update && apt install ansible -y - - ansible-galaxy install -r $CI_PROJECT_DIR/group_vars/requirements.yml - - ansible-playbook $CI_PROJECT_DIR/jobs/dns.yml - only: - changes: - - jobs/dns.yml +#apply: +# stage: apply +# image: +# name: hashicorp/terraform:light +# entrypoint: +# - '/usr/bin/env' +# - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' +# variables: +# PLAN: plan.tfplan +# JSON_PLAN_FILE: tfplan.json +# TF_IN_AUTOMATION: "true" +# GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME} +# cache: +# key: "$CI_COMMIT_SHA" +# paths: +# - .terraform +# script: +# - apk add --update curl jq +# - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'" +# - terraform --version +# - terraform init -reconfigure -backend-config="address=${GITLAB_TF_ADDRESS}" -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="username=gitlab-ci-token" -backend-config="password=${CI_JOB_TOKEN}" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5" +# - terraform apply -auto-approve -var-file=terraform.tfvars +# after_script: +# - curl --request PUT --header "PRIVATE-TOKEN:${jobtoken}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/variables/kubeconfig" --form "value=$(cat config)" > null +# dependencies: +# - plan +# only: +# changes: +# - terraform.tf +# - terraform.tfvars +# - jobs/main.yml +# when: manual +# +#ansible-apply: +# stage: apply +# variables: +# DEBIAN_FRONTEND: noninteractive +# K8S_AUTH_KUBECONFIG: config +# image: +# name: ubuntu:latest +# script: +# - apt update && apt install ansible -y +# - ansible-galaxy install -r $CI_PROJECT_DIR/group_vars/requirements.yml +# - ansible-playbook $CI_PROJECT_DIR/jobs/main.yml +# needs: +# - apply +# only: +# changes: +# - terraform.tf +# - terraform.tfvars +# - jobs/main.yml +# +#destroy: +# stage: destroy +# image: +# name: hashicorp/terraform:light +# entrypoint: +# - '/usr/bin/env' +# - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' +# variables: +# PLAN: plan.tfplan +# JSON_PLAN_FILE: tfplan.json +# TF_IN_AUTOMATION: "true" +# GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME} +# cache: +# key: "$CI_COMMIT_SHA" +# paths: +# - .terraform +# script: +# - apk add --update curl jq +# - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'" +# - terraform --version +# - terraform init -reconfigure -backend-config="address=${GITLAB_TF_ADDRESS}" -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="username=gitlab-ci-token" -backend-config="password=${CI_JOB_TOKEN}" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5" +# - terraform destroy -auto-approve -var-file=terraform.tfvars +# only: +# changes: +# - terraform.tf +# - terraform.tfvars +# - jobs/main.yml +# when: manual +# +#ansible-update: +# stage: apply +# image: +# name: ubuntu:latest +# script: +# - apt update && apt install ansible -y +# - ansible-galaxy install -r $CI_PROJECT_DIR/group_vars/requirements.yml +# - ansible-playbook $CI_PROJECT_DIR/jobs/update.yml +# rules: +# - if: $CI_PIPELINE_SOURCE == "schedule" +# when: always +# +#ansible-update-dns: +# stage: apply +# image: +# name: ubuntu:latest +# script: +# - apt update && apt install ansible -y +# - ansible-galaxy install -r $CI_PROJECT_DIR/group_vars/requirements.yml +# - ansible-playbook $CI_PROJECT_DIR/jobs/dns.yml +# only: +# changes: +# - jobs/dns.yml +# diff --git a/terraform/defaults.tf b/terraform/defaults.tf new file mode 100644 index 0000000..8ae7df3 --- /dev/null +++ b/terraform/defaults.tf @@ -0,0 +1,18 @@ +terraform { + backend "http" {} + required_providers { + proxmox = { + source = "Telmate/proxmox" + version = "~> 2.9.11" + } + } +} + +provider "proxmox" { + pm_parallel = 3 + pm_tls_insecure = true + pm_api_url = var.pm_api_url + pm_user = var.pm_user + pm_password = var.pm_password + pm_debug = false +} diff --git a/terraform.tf b/terraform/main.tf similarity index 73% rename from terraform.tf rename to terraform/main.tf index a3a8c60..dbb28b2 100644 --- a/terraform.tf +++ b/terraform/main.tf @@ -1,64 +1,6 @@ -#------------------------------------------------------ -#Defaults - -terraform { - backend "http" {} - required_providers { - proxmox = { - source = "Telmate/proxmox" - version = "~> 2.9.11" - } - } -} - -provider "proxmox" { - pm_parallel = 3 - pm_tls_insecure = true - pm_api_url = var.pm_api_url - pm_user = var.pm_user - pm_password = var.pm_password - pm_debug = false -} - -variable "pm_api_url" {} -variable "dnsserver" {} -variable "sshkeys" {} -variable "pm_password" {} -variable "pm_user" {} - #k3s #------------------------------------------------------ -variable "k3master" { - type = object({ - count = number - name = list(string) - cores = number - memory = number - drive = string - storage = string - template = string - node = string - tag = number - ip = list(number) - }) -} - -variable "k3server" { - type = object({ - count = number - name = list(string) - cores = list(number) - memory = list(number) - drive = list(string) - storage = list(string) - template = string - node = string - tag = number - ip = list(number) - }) -} - resource "proxmox_vm_qemu" "k3master" { count = var.k3master.count ciuser = "administrator" diff --git a/terraform.tfvars b/terraform/terraform.tfvars similarity index 100% rename from terraform.tfvars rename to terraform/terraform.tfvars diff --git a/terraform/variables.tf b/terraform/variables.tf new file mode 100644 index 0000000..425582a --- /dev/null +++ b/terraform/variables.tf @@ -0,0 +1,82 @@ +variable "pm_api_url" { + description = "API URL to Proxmox provider" + type = string +} + +variable "dnsserver" { + description = "DNS provider" + type = string +} + +variable "sshkeys" { + description = "Public SSH key to inject into CloudInit" + type = string +} + +variable "pm_password" { + description = "Passowrd to Proxmox provider" + type = string +} + +variable "pm_user" { + description = "UIsername to Proxmox provider" + type = string + default = "root@pam" +} + + +variable "k3master" { + description = "Defaults of master nodes in K3S" + type = object({ + count = number + name = list(string) + cores = number + memory = number + drive = string + storage = string + template = string + node = string + tag = number + ip = list(number) + }) + default = { + count = "1" + name = ["master01"] + cores = "2" + memory = "2048" + drive = "20G" + storage = "domains" + template = "CentOS9-Template" + node = "overlord" + tag = "20" + ip = ["121"] + } +} + +variable "k3server" { + description = "Defaults of worker nodes in K3S" + type = object({ + count = number + name = list(string) + cores = list(number) + memory = list(number) + drive = list(string) + storage = list(string) + template = string + node = string + tag = number + ip = list(number) + }) + default = { + count = "1" + name = ["node01"] + cores = "2" + memory = "4096" + drive = "60G" + storage = "domains" + template = "CentOS9-Template" + node = "overlord" + tag = "20" + ip = ["124"] + } +}