Skip to content
Snippets Groups Projects
Commit 77542f9c authored by debora.benedetto@hpe.com's avatar debora.benedetto@hpe.com
Browse files

update icg files example generation

parent 541b964d
No related branches found
No related tags found
No related merge requests found
Showing
with 421 additions and 4 deletions
{
"output_path": "output_files_generated/nginx_openstack/",
"steps": [
{
"data": {
"credentials": [
{
"algorithm": "RSA",
"bits": 4096,
"keyfile": "/home/user1/.ssh/openstack.key",
"name": "ssh_key",
"user": "ubuntu"
}
],
"networks": [
{
"addressRange": "16.0.0.0/24",
"infra_element_name": "net1",
"name": "concrete_net",
"protocol": "tcp/ip"
}
],
"provider": "openstack",
"vmImages": [
{
"infra_element_name": "v_img",
"kind": "SCRIPT",
"name": "concrete_vm_image"
}
],
"vms": [
{
"credentials": "ssh_key",
"generatedFrom": "v_img",
"group": "sg",
"i1": {
"associated": "sg",
"belongsTo": "net1",
"endPoint": "16.0.0.1",
"name": "i1"
},
"infra_element_name": "vm1",
"name": "concrete_vm",
"os": "ubuntu-20.04.3",
"vm_flavor": "small",
"vm_key_name": "user1",
"vm_name": "nginx-host"
}
]
},
"programming_language": "terraform"
}
]
}
\ No newline at end of file
---
input: []
input:
- instance_server_public_key
output: []
engine: ansible
...
......@@ -3,7 +3,7 @@
gather_facts: no
become: yes
vars:
ansible_ssh_private_key_file: "/home/user1/.ssh/openstack.key"
ansible_ssh_private_key_file: "{{instance_server_public_key}}"
ansible_ssh_user: "ubuntu"
tasks:
- name: Update repositories
......
---
engine: terraform
input: []
output: []
output:
- instance_server_public_key
- instance_server_private_key
...
......@@ -33,7 +33,7 @@ data "openstack_networking_secgroup_v2" "default" {
# Create virtual machine
resource "openstack_compute_instance_v2" "nginx" {
name = "nginx-host"
image_name = "cirros"
image_name = "ubuntu-18.04"
flavor_name = "m1.tiny"
key_pair = openstack_compute_keypair_v2.user_key.name
network {
......
output "instance_server_public_key" {
value = openstack_compute_keypair_v2.user_key.public_key
}
output "instance_server_private_key" {
value = openstack_compute_keypair_v2.user_key.private_key
}
\ No newline at end of file
---
input: []
output: []
engine: ansible
...
---
- hosts: 16.0.0.1
gather_facts: no
become: yes
vars:
ansible_ssh_private_key_file: "/home/user1/.ssh/openstack.key"
ansible_ssh_user: "ubuntu"
tasks:
- name: Update repositories
apt:
update_cache: yes
- name: Install nginx
package:
name: nginx
- name: Start nginx
service:
name: nginx
enabled: yes
state: started
- name: Set attributes
set_stats:
data:
site_config_dir: /etc/nginx/conf.d
- name: Install sample site
copy:
dest: ""
content: |
<!doctype html>
<html lang="en">
<head>
<title>Hello World!</title>
</head>
<body>
<h1>Sample web page</h1>
<p>With little content ;)</p>
</body>
</html>
with_items:
- /var/www/html/index.html
- /usr/share/nginx/html/index.html
---
iac:
- terraform
- ansible
...
\ No newline at end of file
# https://docs.ansible.com/ansible/latest/reference_appendices/config.html
[defaults]
host_key_checking = False
inventory = {{CWD}}/hosts.yaml ; This points to the file that lists your hosts
remote_user = esilab
deprecation_warnings=False ; to remove the python version depretation warning
display_skipped_hosts = no
\ No newline at end of file
roles:
# - name: dj-wasabi.telegraf
# version: 0.13.2
# source: https://galaxy.ansible.com
- name: dj-wasabi.telegraf
src: https://github.com/dj-wasabi/ansible-telegraf.git
scm: git
version: 0.13.2
all:
hosts:
localhost:
ansible_connection: local
#!/bin/bash
set -e
SCRIPT_DIR=$(dirname "$0")
# to avoid the being run in a world writable directory we explicitly assign the ANSIBLE_CONFIG variable
if [[ -f ./ansible.cfg ]]
then
export ANSIBLE_CONFIG=./ansible.cfg
else
if [[ -f $SCRIPT_DIR/ansible.cfg ]]
then
export ANSIBLE_CONFIG=$SCRIPT_DIR/ansible.cfg
fi
fi
if [[ -z "$ANSIBLE_CONFIG" ]]
then
echo ANSIBLE_CONFIG to assigned using default https://docs.ansible.com/ansible/latest/reference_appendices/config.html
else
echo ANSIBLE_CONFIG=$ANSIBLE_CONFIG
fi
if [[ -z "$1" ]]
then
# echo without params
echo ansible-playbook $SCRIPT_DIR/site_requirements.yaml
ansible-playbook $SCRIPT_DIR/site_requirements.yaml
else
# echo with params
echo ansible-playbook $SCRIPT_DIR/site_requirements.yaml --extra-vars "$1"
ansible-playbook $SCRIPT_DIR/site_requirements.yaml --extra-vars "$1"
fi
#!/bin/bash
set -e
SCRIPT_DIR=$(dirname "$0")
# to avoid the being run in a world writable directory we explicitly assign the ANSIBLE_CONFIG variable
if [[ -f ./ansible.cfg ]]
then
export ANSIBLE_CONFIG=./ansible.cfg
else
if [[ -f $SCRIPT_DIR/ansible.cfg ]]
then
export ANSIBLE_CONFIG=$SCRIPT_DIR/ansible.cfg
fi
fi
if [[ -z "$ANSIBLE_CONFIG" ]]
then
echo ANSIBLE_CONFIG to assigned using default https://docs.ansible.com/ansible/latest/reference_appendices/config.html
else
echo ANSIBLE_CONFIG=$ANSIBLE_CONFIG
fi
if [[ -z "$1" ]]
then
# echo without params
echo ansible-playbook $SCRIPT_DIR/site.yaml
ansible-playbook $SCRIPT_DIR/site.yaml
else
# echo with params
echo ansible-playbook $SCRIPT_DIR/site.yaml --extra-vars "$1"
ansible-playbook $SCRIPT_DIR/site.yaml --extra-vars "$1"
fi
- hosts: all
pre_tasks:
- name: Check parameters
fail:
msg: 'variable {{item}} not defined'
when: item is not defined
with_items:
- pma_deployment_id
- pma_influxdb_bucket
- pma_influxdb_token
- pma_influxdb_org
- pma_influxdb_addr
- name: Print parameters
debug:
msg:
- "pma_deployment_id: {{ pma_deployment_id }}"
- "pma_influxdb_bucket: {{ pma_influxdb_bucket }}"
- "pma_influxdb_token: {{ pma_influxdb_token }}"
- "pma_influxdb_org: {{ pma_influxdb_org }}"
- "pma_influxdb_addr: {{ pma_influxdb_addr }}"
- name: Ensure gnupg package
package:
name: gnupg
state: present
become: true
vars_files:
- vars/main.yaml
roles:
- dj-wasabi.telegraf
- hosts: localhost
tasks:
- name: print disclamer
debug:
msg: this can also be done with "ansible-galaxy install -r requirements"
- name: install telegraf from galaxy
community.general.ansible_galaxy_install:
type: role
requirements_file: ansible_requirements.yml
telegraf_agent_package_state: latest
telegraf_agent_output:
- type: influxdb_v2
config:
- urls = ["{{ pma_influxdb_addr }}"]
- token = "{{ pma_influxdb_token }}"
- organization = "{{ pma_influxdb_org }}"
- bucket = "{{ pma_influxdb_bucket }}"
- insecure_skip_verify = true
telegraf_global_tags:
- tag_name: deployment_id
tag_value: "{{ pma_deployment_id }}"
telegraf_plugins_default:
- plugin: cpu
- plugin: mem
- plugin: processes
- plugin: disk
- plugin: net
---
engine: terraform
input: []
output:
- instance_server_key_public_key
- instance_server_key_private_key
...
terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source = "terraform-provider-openstack/openstack"
version = "~> 1.35.0"
}
}
}
# Configure the OpenStack Provider
provider "openstack" {
user_name = var.openstack_username
tenant_name = "admin"
password = var.openstack_password
auth_url = var.openstack_auth_url
insecure = true
}
# Retrieve data
data "openstack_networking_network_v2" "external" {
name = "external"
}
data "openstack_identity_project_v3" "test_tenant" {
name = "admin"
}
data "openstack_networking_secgroup_v2" "default" {
name = "default"
tenant_id = data.openstack_identity_project_v3.test_tenant.id
}
# Create virtual machine
resource "openstack_compute_instance_v2" "nginx" {
name = "nginx-host"
image_name = "cirros"
flavor_name = "m1.tiny"
key_pair = openstack_compute_keypair_v2.user_key.name
network {
port = openstack_networking_port_v2.nginx.id
}
## AGENTS TO ADD
# this is subject to be moved to IEM as part of its baseline
provisioner "local-exec" {
command = "ansible-galaxy collection install community.general"
}
# this is subject to be moved to IEM as part of its baseline
provisioner "local-exec" {
command = "ansible-playbook ansible/playbooks/pma/site_requirements.yaml"
}
# secrets can be taken from environment variables at IEM but these security issues I will leave them to y2, the user can also be problematic ubuntu/root/centos/...
provisioner "local-exec" {
command = "ansible-playbook -u root -i '${openstack_networking_floatingip_v2.nginx.address},' ansible/playbooks/pma/site.yaml --extra-vars '{\"pma_deployment_id\": \"123e4567-e89b-12d3-a456-426614174002\", \"pma_influxdb_bucket\": \"bucket\", \"pma_influxdb_token\": \"piacerePassword\", \"pma_influxdb_org\": \"piacere\", \"pma_influxdb_addr\": \"https://influxdb.pm.ci.piacere.digital.tecnalia.dev\" }'"
}
}
# Create ssh keys
resource "openstack_compute_keypair_v2" "user_key" {
name = "user1"
public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsRO3dcuZVB0but7Ti9eN+Ti4FvRzQfZT6DugkOnasGSwQkuBUxr0RGHYG2O+C/ul4bN4wcM8VZ4aX9bk9vwkvBkk2uJhy0ZHqIzuwzTOmRPScHWApkxGEANO4QYiYdPYdjmGgAVuKhdqPYOJc5Spkf3n4sYrU89rhC4rLyRs7doYofxpwBVaDfUExPLAtwFb2UGGzC6c0SJzqX4ZFq72NC0zs"
}
# Create floating ip
resource "openstack_networking_floatingip_v2" "nginx" {
pool = "external"
}
# Attach floating ip to instance
resource "openstack_compute_floatingip_associate_v2" "nginx" {
floating_ip = openstack_networking_floatingip_v2.nginx.address
instance_id = openstack_compute_instance_v2.nginx.id
}
## Network
# Create Network
resource "openstack_networking_network_v2" "generic" {
name = " "
}
# Create Subnet
resource "openstack_networking_subnet_v2" "nginx" {
name = "subnet-nginx"
network_id = openstack_networking_network_v2.generic.id
cidr = "16.0.0.0/24"
dns_nameservers = ["8.8.8.8", "8.8.8.4"]
}
# Attach networking port
resource "openstack_networking_port_v2" "nginx" {
name = "nginx"
network_id = openstack_networking_network_v2.generic.id
admin_state_up = true
security_group_ids = [
data.openstack_networking_secgroup_v2.default.id #default flavour id
]
fixed_ip {
subnet_id = openstack_networking_subnet_v2.nginx.id
}
}
# Router creation. UUID external gateway
resource "openstack_networking_router_v2" "generic" {
name = "router-generic"
external_network_id = data.openstack_networking_network_v2.external.id #External network id
}
# Router interface configuration
resource "openstack_networking_router_interface_v2" "nginx" {
router_id = openstack_networking_router_v2.generic.id
subnet_id = openstack_networking_subnet_v2.nginx.id
}
resource "openstack_compute_secgroup_v2" "http" {
name = "http"
description = "Open input http port"
rule {
from_port = 80
to_port = 80
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
}
resource "openstack_compute_secgroup_v2" "ssh" {
name = "ssh"
description = "Open input ssh port"
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
}
output "instance_server_key_public_key" {
value = openstack_compute_keypair_v2.user_key.public_key
}
output "instance_server_key_private_key" {
value = openstack_compute_keypair_v2.user_key.private_key
}
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment