Compare commits

21 Commits

Author SHA1 Message Date
Ditmar Visser
095c3df4e8 fix: all vars 2025-06-05 10:55:10 +00:00
Ditmar Visser
5d6bd50458 feat: destroy workflow 2025-06-05 10:53:12 +00:00
Ditmar Visser
dc2ab9d9e5 test: change vcpu
All checks were successful
Terraform Provision / Terraform Apply (push) Successful in 1m49s
2025-06-05 09:50:58 +00:00
Ditmar Visser
9a76a4feeb fix: sudo 2025-06-05 09:47:23 +00:00
Ditmar Visser
6b9cae0dd1 feat: install ovftool in runner 2025-06-05 09:45:56 +00:00
Ditmar Visser
ce950908b6 refactor: skylab user ssh pub key as var
Some checks failed
Terraform Provision / Terraform Apply (push) Failing after 22s
2025-06-05 09:34:27 +00:00
Ditmar Visser
81bdd1b698 fix: skylab tagged runner 2025-06-05 09:25:22 +00:00
Ditmar Visser
a835ad306f feat: gitea runner skylab label 2025-06-05 09:23:04 +00:00
Ditmar Visser
b51a9e3da5 feat: on workflow dispatch 2025-06-05 09:05:29 +00:00
Ditmar Visser
c251dfbae6 fix: working directory 2025-06-05 09:02:42 +00:00
Ditmar Visser
f97fa5c7c2 test
Some checks failed
Terraform Provision / Terraform Apply (push) Failing after 7s
2025-06-05 08:50:51 +00:00
Ditmar Visser
3866b528f4 feat: execute terraform workflow 2025-06-05 08:44:40 +00:00
Ditmar Visser
bb7e184e93 fix: prefix 2025-06-04 18:33:59 +00:00
Ditmar Visser
c272c7ea19 feat: create simple vm 2025-06-04 18:29:07 +00:00
Ditmar Visser
2cd943ce77 feat: create terraform state backend 2025-06-04 18:27:42 +00:00
Ditmar Visser
9ad8fdae9b Merge branch 'main' of https://gitea.ditmarvisser.net/HBO-ICT/les-05 2025-06-04 13:37:22 +00:00
Ditmar Visser
ac61b2a34d docs: add demo of assignment 2 2025-06-04 13:36:23 +00:00
13ae69e7db Merge pull request 'demo' (#3) from inventory into main
Reviewed-on: #3
2025-06-04 14:52:57 +02:00
Ditmar Visser
c325db42d3 feat: opdracht 1 2025-06-04 12:37:21 +00:00
a47ca48fee Merge pull request 'fix: inventory' (#2) from inventory into main
Reviewed-on: #2
2025-06-04 14:26:03 +02:00
d61d07082a Merge pull request 'feat: add inventory' (#1) from inventory into main
Reviewed-on: #1
2025-06-04 14:01:58 +02:00
19 changed files with 381 additions and 3 deletions

View File

@@ -11,7 +11,7 @@ jobs:
deploy:
name: Deploy Ansible Playbook
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
runs-on: skylab
steps:
- name: Checkout repository

View File

@@ -0,0 +1,56 @@
name: Terraform Provision
on:
push:
branches:
- main
paths:
- opdracht-3/**/*.tf
- opdracht-3/**/*.tfvars
- opdracht-3/**/*.tftpl
workflow_dispatch:
jobs:
terraform:
name: Terraform Apply
runs-on: skylab
defaults:
run:
working-directory: ./opdracht-3
env:
TF_VAR_esxi_hostname: ${{ secrets.ESXI_HOSTNAME }}
TF_VAR_esxi_username: ${{ secrets.ESXI_USERNAME }}
TF_VAR_esxi_password: ${{ secrets.ESXI_PASSWORD }}
TF_VAR_skylab_ssh_public_key: ${{ secrets.SKYLAB_SSH_PUBLIC_KEY }}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Terraform
uses: hashicorp/setup-terraform@v3
- name: Install ovftool
run: |
wget https://github.com/rgl/ovftool-binaries/raw/main/archive/VMware-ovftool-4.6.3-24031167-lin.x86_64.zip
unzip VMware-ovftool-4.6.3-24031167-lin.x86_64.zip
mv ovftool vmware-ovftool
mv vmware-ovftool /usr/bin/
chmod +x /usr/bin/vmware-ovftool/ovftool*
ln -s /usr/bin/vmware-ovftool/ovftool /usr/bin/ovftool
- name: Terraform Init
run: terraform init
- name: Terraform Format
run: terraform fmt -check
- name: Terraform Validate
run: terraform validate
- name: Terraform Plan
run: terraform plan
- name: Terraform Apply
run: terraform apply -auto-approve

View File

@@ -0,0 +1,37 @@
name: Terraform Provision
on:
workflow_dispatch:
jobs:
terraform:
name: Terraform Apply
runs-on: skylab
defaults:
run:
working-directory: ./opdracht-3
env:
TF_VAR_esxi_hostname: ${{ secrets.ESXI_HOSTNAME }}
TF_VAR_esxi_username: ${{ secrets.ESXI_USERNAME }}
TF_VAR_esxi_password: ${{ secrets.ESXI_PASSWORD }}
TF_VAR_skylab_ssh_public_key: ${{ secrets.SKYLAB_SSH_PUBLIC_KEY }}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Terraform
uses: hashicorp/setup-terraform@v3
- name: Terraform Init
run: terraform init
- name: Terraform Format
run: terraform fmt -check
- name: Terraform Validate
run: terraform validate
- name: Terraform Destroy
run: terraform destroy -auto-approve

42
.gitignore vendored Normal file
View File

@@ -0,0 +1,42 @@
# ---> Ansible
*.retry
# ---> Terraform
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Ignore transient lock info files created by terraform apply
.terraform.tfstate.lock.info
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files
.terraformrc
terraform.rc

BIN
les-05-opdracht-2.gif Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.3 MiB

13
opdracht-1/main.yml Normal file
View File

@@ -0,0 +1,13 @@
- name: Install Apache2 without apt
hosts: localhost
connection: local
become: true
tasks:
- name: Install apache2 using command
ansible.builtin.command: apt-get install -y apache2
register: apache_install
changed_when: "'is already the newest version' not in apache_install.stdout"
- name: fail
ansible.builtin.command: /bin/false

View File

@@ -14,3 +14,4 @@
- geerlingguy.pip
- geerlingguy.docker
- gitea-runner
- terraform-state-backend

View File

@@ -12,5 +12,6 @@
GITEA_INSTANCE_URL: "{{ gitea_instance_url }}"
GITEA_RUNNER_REGISTRATION_TOKEN: "{{ gitea_runner_token }}"
GITEA_RUNNER_NAME: "{{ gitea_runner_name }}"
GITEA_RUNNER_LABELS: "skylab:docker://node:16-bullseye"
volumes:
- /var/run/docker.sock:/var/run/docker.sock

View File

@@ -0,0 +1,5 @@
terraform_state_image: "postgres:14"
terraform_state_container_name: "terraform_state_backend"
terraform_state_user: "terraform"
terraform_state_password: "tfbackend123"
terraform_state_db: "terraform_state"

View File

@@ -0,0 +1,18 @@
- name: Delete existing backend-container
community.docker.docker_container:
name: "{{ terraform_state_container_name }}"
state: absent
- name: Gitea Runner container starten
community.docker.docker_container:
name: "{{ terraform_state_container_name }}"
image: "{{ terraform_state_image }}"
restart_policy: always
ports:
- 5432:5432
env:
POSTGRES_USER: "{{ terraform_state_user }}"
POSTGRES_PASSWORD: "{{ terraform_state_password }}"
POSTGRES_DB: "{{ terraform_state_db }}"
volumes:
- terraform_state_data:/var/lib/postgresql/data

79
opdracht-3/.terraform.lock.hcl generated Normal file
View File

@@ -0,0 +1,79 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/azurerm" {
version = "4.27.0"
constraints = "~> 4.27.0"
hashes = [
"h1:2fs47aLDaEm93ANXXVRdTjlbUBmFBZRsFjyshKoPE3o=",
"zh:0c69edea1995bd3bd9e61980757169c35bf22281b660b5c755b6cb13d08d29d2",
"zh:25b86bf7b9678371d8573983954c571696f3e64a3967133be3b835da36307106",
"zh:49921cff4f26a49bafada60cd07dabb52c5eb35231059ed928a4f4722e269c82",
"zh:4b986166531f9fd1289f01d8220519443e74888a21da512c1b841b006dad6215",
"zh:53fb65b2ca4df637f03e4748a100a7d7fc77249e307c03e294d6259cec0310f6",
"zh:5c0d021a387ca4e2a5a01da009746a08c45f08e971c10d9bda54539d7264d671",
"zh:600043f2b20dc5a45275e43f175c19fe8b6e8e9557a0c884aef018f1f63de90e",
"zh:a0284f6f38912f67bb4cb7829fda3fa75be81fea6a9b21119965c2a839430092",
"zh:a7ac0576e2069ef77557042c6b5157ded364fbd355b2f9bf7f5441622424086e",
"zh:c5db0bcafe986868e28cc6225b68b2d1cf4bf631939d260ca845f17a9aa1677d",
"zh:ce620c0eb71b1fdd925828b30cf232a869abccf1c459180f2f991c4166315251",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
]
}
provider "registry.terraform.io/hashicorp/local" {
version = "2.5.2"
hashes = [
"h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=",
"zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511",
"zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea",
"zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0",
"zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b",
"zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038",
"zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4",
"zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464",
"zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b",
"zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e",
"zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1",
]
}
provider "registry.terraform.io/hashicorp/template" {
version = "2.2.0"
hashes = [
"h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
"zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
"zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
"zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
"zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
"zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
"zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
"zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
"zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
"zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
"zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
]
}
provider "registry.terraform.io/josenk/esxi" {
version = "1.10.3"
hashes = [
"h1:o78ERC8riDT2nHWCbXECt+S/RKwM98/G5ZojJHRm8fA=",
"zh:208a6a8092fa50d63fe1780447f2c4c3115b1987902a0c986452172c2c35677e",
"zh:3a0755aec960e32dbfbb31be61bba6ee2d11aff0513707e93f4eaebe3d557d93",
"zh:3daef19f36c9438771833dc15ae0eddc95faf9df00f9de9ab143bd031314ce50",
"zh:4cb4ba24aa3975f3928f5f16bc535ce0b18159ede16abaee39f93b3e13c36334",
"zh:56f30098aca0874210c4546530a5bfa5dd49bfad63950f3d9f3623cc6767280b",
"zh:716c62ae2d0cb7c64b5b3328792d7e135c4c0905e399e4b7335b7808508a7027",
"zh:81b0e8fab21088785e51f2d6af518ac31959b104facb2a25b0481d586a6fc692",
"zh:8b415ab7e39ca8e16f923bc73a8af418859faa594d97ed73e3a4aff7a736b08f",
"zh:9072bdd960ef85dc735b82423560b027ebb44790af1e84b122f1014f96acfc91",
"zh:9e6e1c2a7bf93c4705d280cea5b3d6bfb84c4540b92563e64fbc3a20155ef775",
"zh:af14c0e96273470dfb398b1701f575e5ea4963c208a32a4436db5ea0e2f2f385",
"zh:c79e772730ab4ac75c58d368f452c7a76abc738bb3666df0cfb567ac01e32c59",
"zh:d0068e7ca381d4b18df8b0219540733c996dfc69a89673b6bf52e4d69350c09a",
"zh:e188b20664bdcda50c45d071a8d0ba9870368941dac9138cd655f50db4ea15d2",
]
}

View File

@@ -0,0 +1 @@
${name} ansible_host=${ip} ansible_user=skylab ansible_ssh_private_key_file=${private_key_file}

56
opdracht-3/main.tf Normal file
View File

@@ -0,0 +1,56 @@
# ESXi
# Render userdata template with skylab SSH key
data "template_file" "esxi_userdata" {
template = file("${path.module}/userdata.tftpl")
vars = {
skylab-ssh-key = trimspace(var.skylab_ssh_public_key)
}
}
resource "esxi_portgroup" "les-5-opdracht-3" {
name = "${var.prefix}-network"
vswitch = "vSwitch0"
}
resource "esxi_guest" "les-5-opdracht-3" {
guest_name = var.prefix
disk_store = "datadisk1"
memsize = "2048"
numvcpus = "2"
power = "on"
ovf_source = "https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.ova"
network_interfaces {
virtual_network = esxi_portgroup.les-5-opdracht-3.name
}
guestinfo = {
"metadata" = base64encode(templatefile("${path.module}/metadata.yaml", {
hostname = "${var.prefix}"
}))
"metadata.encoding" = "base64"
"userdata" = base64encode(data.template_file.esxi_userdata.rendered)
"userdata.encoding" = "base64"
}
}
locals {
inventory = templatefile("${path.module}/ansible-inventory.tmpl", {
name = esxi_guest.les-5-opdracht-3.guest_name
ip = esxi_guest.les-5-opdracht-3.ip_address
private_key_file = var.skylab_ssh_public_key
})
}
resource "local_file" "ansible_inventory" {
content = local.inventory
filename = "${path.module}/inventory.ini"
}
output "ip_addresses" {
value = local_file.ansible_inventory.content
}

2
opdracht-3/metadata.yaml Normal file
View File

@@ -0,0 +1,2 @@
#cloud-config
local-hostname: ${hostname}

22
opdracht-3/providers.tf Normal file
View File

@@ -0,0 +1,22 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.27.0"
}
esxi = {
source = "registry.terraform.io/josenk/esxi"
}
}
backend "pg" {
conn_str = "postgres://terraform:tfbackend123@192.168.1.4/terraform_state?sslmode=disable"
}
}
provider "esxi" {
esxi_hostname = var.esxi_hostname
esxi_hostport = var.esxi_hostport
esxi_hostssl = var.esxi_hostssl
esxi_username = var.esxi_username
esxi_password = var.esxi_password
}

View File

@@ -0,0 +1,3 @@
esxi_hostname = ""
esxi_username = ""
esxi_password = ""

View File

@@ -0,0 +1,7 @@
#cloud-config
users:
- name: skylab
ssh-authorized-keys:
- ${skylab-ssh-key}
shell: /bin/bash
sudo: ['ALL=(ALL) NOPASSWD:ALL']

31
opdracht-3/variables.tf Normal file
View File

@@ -0,0 +1,31 @@
variable "esxi_hostname" {
description = "IP address of the ESXi host"
}
variable "esxi_hostport" {
description = "SSH port of the ESXi host"
default = "22"
}
variable "esxi_hostssl" {
description = "SSL port of the ESXi host"
default = "443"
}
variable "esxi_username" {
description = "Username to connect to the ESXi host"
}
variable "esxi_password" {
description = "Password to connect to the ESXi host"
sensitive = true
}
variable "prefix" {
description = "The Prefix used for all resources"
default = "week-5-opdracht-3"
}
variable "skylab_ssh_public_key" {
description = "Public key of the Skylab user"
}

View File

@@ -1,3 +1,7 @@
For the CI/CD pipelines [this website](https://spacelift.io/blog/github-actions-ansible) was used.
For the CI/CD pipelines [this website for Ansible](https://spacelift.io/blog/github-actions-ansible) and [this website for Terraform](https://spacelift.io/blog/github-actions-terraform) was used.
The runner is installed using the playbook in the `opdracht-2` directory.
The Gitea runner is installed using the playbook in the `opdracht-2` directory. The Terraform state backend is installed using the same playbook. Run this playbook using `ansible-playbook gitea-runner.yml -e @vault.yml --ask-vault-pass`
Demo of assignment 2:
![Demo](les-05-opdracht-2.gif)