fix: all vars

Reviewed-on: #3

.gitea/workflows/deploy_playbook.yaml

@@ -11,7 +11,7 @@ jobs:
   deploy:
     name: Deploy Ansible Playbook
     if: github.event.pull_request.merged == true
-    runs-on: ubuntu-latest
+    runs-on: skylab
 
     steps:
       - name: Checkout repository

.gitea/workflows/opdracht-3.yaml

@@ -0,0 +1,56 @@
+name: Terraform Provision
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - opdracht-3/**/*.tf
+      - opdracht-3/**/*.tfvars
+      - opdracht-3/**/*.tftpl
+  workflow_dispatch:
+
+jobs:
+  terraform:
+    name: Terraform Apply
+    runs-on: skylab
+    defaults:
+      run:
+        working-directory: ./opdracht-3
+
+    env:
+      TF_VAR_esxi_hostname: ${{ secrets.ESXI_HOSTNAME }}
+      TF_VAR_esxi_username: ${{ secrets.ESXI_USERNAME }}
+      TF_VAR_esxi_password: ${{ secrets.ESXI_PASSWORD }}
+      TF_VAR_skylab_ssh_public_key: ${{ secrets.SKYLAB_SSH_PUBLIC_KEY }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Install ovftool
+        run: |
+          wget https://github.com/rgl/ovftool-binaries/raw/main/archive/VMware-ovftool-4.6.3-24031167-lin.x86_64.zip
+          unzip VMware-ovftool-4.6.3-24031167-lin.x86_64.zip
+          mv ovftool vmware-ovftool
+          mv vmware-ovftool /usr/bin/
+          chmod +x /usr/bin/vmware-ovftool/ovftool*
+          ln -s /usr/bin/vmware-ovftool/ovftool /usr/bin/ovftool
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Terraform Format
+        run: terraform fmt -check
+
+      - name: Terraform Validate
+        run: terraform validate
+
+      - name: Terraform Plan
+        run: terraform plan
+
+      - name: Terraform Apply
+        run: terraform apply -auto-approve

.gitea/workflows/terraform_destroy.yaml

@@ -0,0 +1,37 @@
+name: Terraform Provision
+
+on:
+  workflow_dispatch:
+
+jobs:
+  terraform:
+    name: Terraform Apply
+    runs-on: skylab
+    defaults:
+      run:
+        working-directory: ./opdracht-3
+
+    env:
+      TF_VAR_esxi_hostname: ${{ secrets.ESXI_HOSTNAME }}
+      TF_VAR_esxi_username: ${{ secrets.ESXI_USERNAME }}
+      TF_VAR_esxi_password: ${{ secrets.ESXI_PASSWORD }}
+      TF_VAR_skylab_ssh_public_key: ${{ secrets.SKYLAB_SSH_PUBLIC_KEY }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Terraform Format
+        run: terraform fmt -check
+
+      - name: Terraform Validate
+        run: terraform validate
+
+      - name: Terraform Destroy
+        run: terraform destroy -auto-approve

.gitignore

@@ -0,0 +1,42 @@
+# ---> Ansible
+*.retry
+
+# ---> Terraform
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+

opdracht-1/main.yml

@@ -0,0 +1,13 @@
+- name: Install Apache2 without apt
+  hosts: localhost
+  connection: local
+  become: true
+  tasks:
+
+    - name: Install apache2 using command
+      ansible.builtin.command: apt-get install -y apache2
+      register: apache_install
+      changed_when: "'is already the newest version' not in apache_install.stdout"
+
+    - name: fail
+      ansible.builtin.command: /bin/false

opdracht-2/gitea-runner.yml

@@ -14,3 +14,4 @@
     - geerlingguy.pip
     - geerlingguy.docker
     - gitea-runner
+    - terraform-state-backend

opdracht-2/roles/gitea-runner/tasks/main.yml

@@ -12,5 +12,6 @@
       GITEA_INSTANCE_URL: "{{ gitea_instance_url }}"
       GITEA_RUNNER_REGISTRATION_TOKEN: "{{ gitea_runner_token }}"
       GITEA_RUNNER_NAME: "{{ gitea_runner_name }}"
+      GITEA_RUNNER_LABELS: "skylab:docker://node:16-bullseye"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock

opdracht-2/roles/terraform-state-backend/defaults/main.yml

@@ -0,0 +1,5 @@
+terraform_state_image: "postgres:14"
+terraform_state_container_name: "terraform_state_backend"
+terraform_state_user: "terraform"
+terraform_state_password: "tfbackend123"
+terraform_state_db: "terraform_state"

opdracht-2/roles/terraform-state-backend/tasks/main.yml

@@ -0,0 +1,18 @@
+- name: Delete existing backend-container
+  community.docker.docker_container:
+    name: "{{ terraform_state_container_name }}"
+    state: absent
+
+- name: Gitea Runner container starten
+  community.docker.docker_container:
+    name: "{{ terraform_state_container_name }}"
+    image: "{{ terraform_state_image }}"
+    restart_policy: always
+    ports:
+      - 5432:5432
+    env:
+      POSTGRES_USER: "{{ terraform_state_user }}"
+      POSTGRES_PASSWORD: "{{ terraform_state_password }}"
+      POSTGRES_DB: "{{ terraform_state_db }}"
+    volumes:
+      - terraform_state_data:/var/lib/postgresql/data

opdracht-3/.terraform.lock.hcl

@@ -0,0 +1,79 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/azurerm" {
+  version     = "4.27.0"
+  constraints = "~> 4.27.0"
+  hashes = [
+    "h1:2fs47aLDaEm93ANXXVRdTjlbUBmFBZRsFjyshKoPE3o=",
+    "zh:0c69edea1995bd3bd9e61980757169c35bf22281b660b5c755b6cb13d08d29d2",
+    "zh:25b86bf7b9678371d8573983954c571696f3e64a3967133be3b835da36307106",
+    "zh:49921cff4f26a49bafada60cd07dabb52c5eb35231059ed928a4f4722e269c82",
+    "zh:4b986166531f9fd1289f01d8220519443e74888a21da512c1b841b006dad6215",
+    "zh:53fb65b2ca4df637f03e4748a100a7d7fc77249e307c03e294d6259cec0310f6",
+    "zh:5c0d021a387ca4e2a5a01da009746a08c45f08e971c10d9bda54539d7264d671",
+    "zh:600043f2b20dc5a45275e43f175c19fe8b6e8e9557a0c884aef018f1f63de90e",
+    "zh:a0284f6f38912f67bb4cb7829fda3fa75be81fea6a9b21119965c2a839430092",
+    "zh:a7ac0576e2069ef77557042c6b5157ded364fbd355b2f9bf7f5441622424086e",
+    "zh:c5db0bcafe986868e28cc6225b68b2d1cf4bf631939d260ca845f17a9aa1677d",
+    "zh:ce620c0eb71b1fdd925828b30cf232a869abccf1c459180f2f991c4166315251",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/local" {
+  version = "2.5.2"
+  hashes = [
+    "h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=",
+    "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511",
+    "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea",
+    "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0",
+    "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b",
+    "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038",
+    "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4",
+    "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464",
+    "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b",
+    "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e",
+    "zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/template" {
+  version = "2.2.0"
+  hashes = [
+    "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
+    "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
+    "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
+    "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
+    "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
+    "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
+    "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
+    "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
+    "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
+    "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
+    "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
+  ]
+}
+
+provider "registry.terraform.io/josenk/esxi" {
+  version = "1.10.3"
+  hashes = [
+    "h1:o78ERC8riDT2nHWCbXECt+S/RKwM98/G5ZojJHRm8fA=",
+    "zh:208a6a8092fa50d63fe1780447f2c4c3115b1987902a0c986452172c2c35677e",
+    "zh:3a0755aec960e32dbfbb31be61bba6ee2d11aff0513707e93f4eaebe3d557d93",
+    "zh:3daef19f36c9438771833dc15ae0eddc95faf9df00f9de9ab143bd031314ce50",
+    "zh:4cb4ba24aa3975f3928f5f16bc535ce0b18159ede16abaee39f93b3e13c36334",
+    "zh:56f30098aca0874210c4546530a5bfa5dd49bfad63950f3d9f3623cc6767280b",
+    "zh:716c62ae2d0cb7c64b5b3328792d7e135c4c0905e399e4b7335b7808508a7027",
+    "zh:81b0e8fab21088785e51f2d6af518ac31959b104facb2a25b0481d586a6fc692",
+    "zh:8b415ab7e39ca8e16f923bc73a8af418859faa594d97ed73e3a4aff7a736b08f",
+    "zh:9072bdd960ef85dc735b82423560b027ebb44790af1e84b122f1014f96acfc91",
+    "zh:9e6e1c2a7bf93c4705d280cea5b3d6bfb84c4540b92563e64fbc3a20155ef775",
+    "zh:af14c0e96273470dfb398b1701f575e5ea4963c208a32a4436db5ea0e2f2f385",
+    "zh:c79e772730ab4ac75c58d368f452c7a76abc738bb3666df0cfb567ac01e32c59",
+    "zh:d0068e7ca381d4b18df8b0219540733c996dfc69a89673b6bf52e4d69350c09a",
+    "zh:e188b20664bdcda50c45d071a8d0ba9870368941dac9138cd655f50db4ea15d2",
+  ]
+}

opdracht-3/ansible-inventory.tmpl

@@ -0,0 +1 @@
+${name} ansible_host=${ip} ansible_user=skylab ansible_ssh_private_key_file=${private_key_file}

opdracht-3/main.tf

@@ -0,0 +1,56 @@
+# ESXi
+
+# Render userdata template with skylab SSH key
+data "template_file" "esxi_userdata" {
+  template = file("${path.module}/userdata.tftpl")
+  vars = {
+    skylab-ssh-key = trimspace(var.skylab_ssh_public_key)
+  }
+}
+
+resource "esxi_portgroup" "les-5-opdracht-3" {
+  name    = "${var.prefix}-network"
+  vswitch = "vSwitch0"
+}
+
+
+resource "esxi_guest" "les-5-opdracht-3" {
+  guest_name = var.prefix
+  disk_store = "datadisk1"
+
+  memsize  = "2048"
+  numvcpus = "2"
+  power    = "on"
+
+  ovf_source = "https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.ova"
+
+  network_interfaces {
+    virtual_network = esxi_portgroup.les-5-opdracht-3.name
+  }
+
+  guestinfo = {
+    "metadata" = base64encode(templatefile("${path.module}/metadata.yaml", {
+      hostname = "${var.prefix}"
+    }))
+    "metadata.encoding" = "base64"
+    "userdata"          = base64encode(data.template_file.esxi_userdata.rendered)
+    "userdata.encoding" = "base64"
+  }
+}
+
+locals {
+  inventory = templatefile("${path.module}/ansible-inventory.tmpl", {
+    name             = esxi_guest.les-5-opdracht-3.guest_name
+    ip               = esxi_guest.les-5-opdracht-3.ip_address
+    private_key_file = var.skylab_ssh_public_key
+  })
+}
+
+resource "local_file" "ansible_inventory" {
+  content  = local.inventory
+  filename = "${path.module}/inventory.ini"
+}
+
+output "ip_addresses" {
+  value = local_file.ansible_inventory.content
+}

opdracht-3/metadata.yaml

@@ -0,0 +1,2 @@
+#cloud-config
+local-hostname: ${hostname}

opdracht-3/providers.tf

@@ -0,0 +1,22 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 4.27.0"
+    }
+    esxi = {
+      source = "registry.terraform.io/josenk/esxi"
+    }
+  }
+  backend "pg" {
+    conn_str = "postgres://terraform:tfbackend123@192.168.1.4/terraform_state?sslmode=disable"
+  }
+}
+
+provider "esxi" {
+  esxi_hostname = var.esxi_hostname
+  esxi_hostport = var.esxi_hostport
+  esxi_hostssl  = var.esxi_hostssl
+  esxi_username = var.esxi_username
+  esxi_password = var.esxi_password
+}

opdracht-3/secrets.auto.tfvars.example

@@ -0,0 +1,3 @@
+esxi_hostname = ""
+esxi_username = ""
+esxi_password = ""

opdracht-3/userdata.tftpl

@@ -0,0 +1,7 @@
+#cloud-config
+users:
+  - name: skylab
+    ssh-authorized-keys:
+      - ${skylab-ssh-key}
+    shell: /bin/bash
+    sudo: ['ALL=(ALL) NOPASSWD:ALL']

opdracht-3/variables.tf

@@ -0,0 +1,31 @@
+variable "esxi_hostname" {
+  description = "IP address of the ESXi host"
+}
+
+variable "esxi_hostport" {
+  description = "SSH port of the ESXi host"
+  default     = "22"
+}
+
+variable "esxi_hostssl" {
+  description = "SSL port of the ESXi host"
+  default     = "443"
+}
+
+variable "esxi_username" {
+  description = "Username to connect to the ESXi host"
+}
+
+variable "esxi_password" {
+  description = "Password to connect to the ESXi host"
+  sensitive   = true
+}
+
+variable "prefix" {
+  description = "The Prefix used for all resources"
+  default     = "week-5-opdracht-3"
+}
+
+variable "skylab_ssh_public_key" {
+  description = "Public key of the Skylab user"
+}

readme.md

@@ -1,3 +1,7 @@
-For the CI/CD pipelines [this website](https://spacelift.io/blog/github-actions-ansible) was used.
+For the CI/CD pipelines [this website for Ansible](https://spacelift.io/blog/github-actions-ansible) and [this website for Terraform](https://spacelift.io/blog/github-actions-terraform) was used.
 
-The runner is installed using the playbook in the `opdracht-2` directory.
+The Gitea runner is installed using the playbook in the `opdracht-2` directory. The Terraform state backend is installed using the same playbook. Run this playbook using `ansible-playbook gitea-runner.yml -e @vault.yml --ask-vault-pass`
+
+Demo of assignment 2:
+
+![Demo](les-05-opdracht-2.gif)