Update terraform/variables.tf, terraform/main.tf, terraform/defaults.tf, terraform/terraform.tfvars, .gitlab-ci.yml

.gitlab-ci.yml

@@ -3,6 +3,11 @@ stages:
   - apply
   - destroy
 
+include:
+  - project: 'developerdurp/jobtemplates'
+    ref: main
+    file: 'terraform.yml'
+
 before_script:
   - cat $tfvars >> terraform.tfvars
   - cat $ansible > ansible
@@ -10,138 +15,117 @@ before_script:
 
 plan:
   stage: plan
-  allow_failure: true
-  image:
-    name: hashicorp/terraform:light
-    entrypoint:
-      - '/usr/bin/env'
-      - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
   variables:
-    PLAN: plan.tfplan
+    WORKDIR: $CI_PROJECT_DIR\terraform
-    JSON_PLAN_FILE: tfplan.json
+    ARGUMENTS: 
-    TF_IN_AUTOMATION: "true"
+  allow_failure: false
-    GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME}
+  extends: .terraform_plan
-  cache:
-    key: "$CI_COMMIT_SHA"
-    paths:
-      - .terraform
-  script:
-    - apk add --update curl jq
-    - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
-    - terraform --version
-    - terraform init -reconfigure -backend-config="address=${GITLAB_TF_ADDRESS}" -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="username=gitlab-ci-token" -backend-config="password=${CI_JOB_TOKEN}" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5"  
-    - terraform plan -var-file=terraform.tfvars -out=$PLAN
-    - terraform show --json $PLAN | convert_report > $JSON_PLAN_FILE
-  artifacts:
-    reports:
-      terraform: $JSON_PLAN_FILE
   only:
     changes:
-      - terraform.tf 
+      - terraform/*   
-      - terraform.tfvars   
-      - jobs/main.yml      
 
-apply:
+#apply:
-  stage: apply
+#  stage: apply
-  image:
+#  image:
-    name: hashicorp/terraform:light
+#    name: hashicorp/terraform:light
-    entrypoint:
+#    entrypoint:
-      - '/usr/bin/env'
+#      - '/usr/bin/env'
-      - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
+#      - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
-  variables:
+#  variables:
-    PLAN: plan.tfplan
+#    PLAN: plan.tfplan
-    JSON_PLAN_FILE: tfplan.json
+#    JSON_PLAN_FILE: tfplan.json
-    TF_IN_AUTOMATION: "true"
+#    TF_IN_AUTOMATION: "true"
-    GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME}
+#    GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME}
-  cache:
+#  cache:
-    key: "$CI_COMMIT_SHA"
+#    key: "$CI_COMMIT_SHA"
-    paths:
+#    paths:
-      - .terraform
+#      - .terraform
-  script:    
+#  script:    
-    - apk add --update curl jq
+#    - apk add --update curl jq
-    - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
+#    - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
-    - terraform --version
+#    - terraform --version
-    - terraform init -reconfigure -backend-config="address=${GITLAB_TF_ADDRESS}" -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="username=gitlab-ci-token" -backend-config="password=${CI_JOB_TOKEN}" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5"      
+#    - terraform init -reconfigure -backend-config="address=${GITLAB_TF_ADDRESS}" -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="username=gitlab-ci-token" -backend-config="password=${CI_JOB_TOKEN}" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5"      
-    - terraform apply -auto-approve -var-file=terraform.tfvars
+#    - terraform apply -auto-approve -var-file=terraform.tfvars
-  after_script:
+#  after_script:
-    - curl --request PUT --header "PRIVATE-TOKEN:${jobtoken}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/variables/kubeconfig" --form "value=$(cat config)" > null
+#    - curl --request PUT --header "PRIVATE-TOKEN:${jobtoken}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/variables/kubeconfig" --form "value=$(cat config)" > null
-  dependencies:
+#  dependencies:
-    - plan 
+#    - plan 
-  only:
+#  only:
-    changes:
+#    changes:
-      - terraform.tf 
+#      - terraform.tf 
-      - terraform.tfvars    
+#      - terraform.tfvars    
-      - jobs/main.yml      
+#      - jobs/main.yml      
-  when: manual      
+#  when: manual      
-
+#
-ansible-apply:
+#ansible-apply:
-  stage: apply
+#  stage: apply
-  variables:
+#  variables:
-    DEBIAN_FRONTEND: noninteractive
+#    DEBIAN_FRONTEND: noninteractive
-    K8S_AUTH_KUBECONFIG: config
+#    K8S_AUTH_KUBECONFIG: config
-  image:
+#  image:
-    name: ubuntu:latest
+#    name: ubuntu:latest
-  script:
+#  script:
-    - apt update && apt install ansible -y
+#    - apt update && apt install ansible -y
-    - ansible-galaxy install -r $CI_PROJECT_DIR/group_vars/requirements.yml
+#    - ansible-galaxy install -r $CI_PROJECT_DIR/group_vars/requirements.yml
-    - ansible-playbook $CI_PROJECT_DIR/jobs/main.yml
+#    - ansible-playbook $CI_PROJECT_DIR/jobs/main.yml
-  needs:
+#  needs:
-    - apply
+#    - apply
-  only:
+#  only:
-    changes:
+#    changes:
-      - terraform.tf 
+#      - terraform.tf 
-      - terraform.tfvars 
+#      - terraform.tfvars 
-      - jobs/main.yml           
+#      - jobs/main.yml           
-    
+#    
-destroy:
+#destroy:
-  stage: destroy
+#  stage: destroy
-  image:
+#  image:
-    name: hashicorp/terraform:light
+#    name: hashicorp/terraform:light
-    entrypoint:
+#    entrypoint:
-      - '/usr/bin/env'
+#      - '/usr/bin/env'
-      - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
+#      - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
-  variables:
+#  variables:
-    PLAN: plan.tfplan
+#    PLAN: plan.tfplan
-    JSON_PLAN_FILE: tfplan.json
+#    JSON_PLAN_FILE: tfplan.json
-    TF_IN_AUTOMATION: "true"
+#    TF_IN_AUTOMATION: "true"
-    GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME}
+#    GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_PROJECT_NAME}
-  cache:
+#  cache:
-    key: "$CI_COMMIT_SHA"
+#    key: "$CI_COMMIT_SHA"
-    paths:
+#    paths:
-      - .terraform
+#      - .terraform
-  script:
+#  script:
-    - apk add --update curl jq
+#    - apk add --update curl jq
-    - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
+#    - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
-    - terraform --version
+#    - terraform --version
-    - terraform init -reconfigure -backend-config="address=${GITLAB_TF_ADDRESS}" -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="username=gitlab-ci-token" -backend-config="password=${CI_JOB_TOKEN}" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5"      
+#    - terraform init -reconfigure -backend-config="address=${GITLAB_TF_ADDRESS}" -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" -backend-config="username=gitlab-ci-token" -backend-config="password=${CI_JOB_TOKEN}" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5"      
-    - terraform destroy -auto-approve -var-file=terraform.tfvars
+#    - terraform destroy -auto-approve -var-file=terraform.tfvars
-  only:
+#  only:
-    changes:
+#    changes:
-      - terraform.tf 
+#      - terraform.tf 
-      - terraform.tfvars 
+#      - terraform.tfvars 
-      - jobs/main.yml     
+#      - jobs/main.yml     
-  when: manual          
+#  when: manual          
-
+#
-ansible-update:
+#ansible-update:
-  stage: apply
+#  stage: apply
-  image:
+#  image:
-    name: ubuntu:latest
+#    name: ubuntu:latest
-  script:
+#  script:
-    - apt update && apt install ansible -y
+#    - apt update && apt install ansible -y
-    - ansible-galaxy install -r $CI_PROJECT_DIR/group_vars/requirements.yml
+#    - ansible-galaxy install -r $CI_PROJECT_DIR/group_vars/requirements.yml
-    - ansible-playbook $CI_PROJECT_DIR/jobs/update.yml    
+#    - ansible-playbook $CI_PROJECT_DIR/jobs/update.yml    
-  rules:
+#  rules:
-    - if: $CI_PIPELINE_SOURCE == "schedule"
+#    - if: $CI_PIPELINE_SOURCE == "schedule"
-      when: always 
+#      when: always 
-
+#
-ansible-update-dns:
+#ansible-update-dns:
-  stage: apply
+#  stage: apply
-  image:
+#  image:
-    name: ubuntu:latest
+#    name: ubuntu:latest
-  script:
+#  script:
-    - apt update && apt install ansible -y
+#    - apt update && apt install ansible -y
-    - ansible-galaxy install -r $CI_PROJECT_DIR/group_vars/requirements.yml
+#    - ansible-galaxy install -r $CI_PROJECT_DIR/group_vars/requirements.yml
-    - ansible-playbook $CI_PROJECT_DIR/jobs/dns.yml          
+#    - ansible-playbook $CI_PROJECT_DIR/jobs/dns.yml          
-  only:
+#  only:
-      changes:
+#      changes:
-        - jobs/dns.yml     
+#        - jobs/dns.yml     
+#

terraform/defaults.tf

@@ -0,0 +1,18 @@
+terraform {
+  backend "http" {}
+  required_providers {
+    proxmox = {
+      source  = "Telmate/proxmox"
+      version = "~> 2.9.11"
+    }
+  }
+}
+
+provider "proxmox" {
+    pm_parallel     = 3
+    pm_tls_insecure = true
+    pm_api_url      = var.pm_api_url
+    pm_user         = var.pm_user
+    pm_password     = var.pm_password
+    pm_debug        = false
+}

terraform/main.tf

@@ -1,64 +1,6 @@
-#------------------------------------------------------
-#Defaults
-
-terraform {
-  backend "http" {}
-  required_providers {
-    proxmox = {
-      source  = "Telmate/proxmox"
-      version = "~> 2.9.11"
-    }
-  }
-}
-
-provider "proxmox" {
-  pm_parallel     = 3
-  pm_tls_insecure = true
-  pm_api_url      = var.pm_api_url
-  pm_user         = var.pm_user
-  pm_password     = var.pm_password
-  pm_debug        = false
-}
-
-variable "pm_api_url" {}
-variable "dnsserver" {}
-variable "sshkeys" {}
-variable "pm_password" {}
-variable "pm_user" {}
-
 #k3s
 #------------------------------------------------------
 
-variable "k3master" {
-  type = object({
-    count    = number
-    name     = list(string)
-    cores    = number
-    memory   = number
-    drive    = string
-    storage  = string
-    template = string
-    node     = string
-    tag      = number
-    ip       = list(number)   
-  })
-}
-
-variable "k3server" {
-  type = object({
-    count    = number
-    name     = list(string)
-    cores    = list(number)
-    memory   = list(number)
-    drive    = list(string)
-    storage  = list(string)
-    template = string
-    node     = string
-    tag      = number
-    ip       = list(number)   
-  })
-}
-
 resource "proxmox_vm_qemu" "k3master" {
   count       = var.k3master.count
   ciuser      = "administrator"

terraform/variables.tf

@@ -0,0 +1,82 @@
+variable "pm_api_url" {
+    description = "API URL to Proxmox provider"
+    type = string
+}
+
+variable "dnsserver" {
+    description = "DNS provider"
+    type = string
+}
+
+variable "sshkeys" {
+    description = "Public SSH key to inject into CloudInit"
+    type = string
+}
+
+variable "pm_password" {
+    description = "Passowrd to Proxmox provider"
+    type = string
+}
+
+variable "pm_user" {
+    description = "UIsername to Proxmox provider"
+    type = string
+    default = "root@pam"
+}
+
+
+variable "k3master" {
+    description = "Defaults of master nodes in K3S"
+    type = object({
+        count    = number
+        name     = list(string)
+        cores    = number
+        memory   = number
+        drive    = string
+        storage  = string
+        template = string
+        node     = string
+        tag      = number
+        ip       = list(number)   
+    })
+    default = {
+        count    = "1"
+        name     = ["master01"]
+        cores    = "2"
+        memory   = "2048"
+        drive    = "20G"
+        storage  = "domains"
+        template = "CentOS9-Template"
+        node     = "overlord"
+        tag      = "20"
+        ip       = ["121"]
+    }
+}
+
+variable "k3server" {
+    description = "Defaults of worker nodes in K3S"
+    type = object({
+        count    = number
+        name     = list(string)
+        cores    = list(number)
+        memory   = list(number)
+        drive    = list(string)
+        storage  = list(string)
+        template = string
+        node     = string
+        tag      = number
+        ip       = list(number)   
+    })
+        default = {
+        count    = "1"
+        name     = ["node01"]
+        cores    = "2"
+        memory   = "4096"
+        drive    = "60G"
+        storage  = "domains"
+        template = "CentOS9-Template"
+        node     = "overlord"
+        tag      = "20"
+        ip       = ["124"]
+    }
+}