remove output_file_generated folder from gitignore, add ssh_key file generation for ansible

.gitignore

 .idea
 *.tar.gz
 icgparser/doml/*domlx
-output_files_generated/*
+# output_files_generated/*
 
 # Byte-compiled / optimized / DLL files
 __pycache__/

output_file_example/nginx_openstack/ansible/config.yaml

 ---
 input:
-  - instance_server_public_key
+  - instance_server_private_key
   - instance_ip
 output: []
 engine: ansible

output_file_example/nginx_openstack/ansible/inventory.j2

@@ -4,4 +4,4 @@
 [vms:vars]
 ansible_connection=ssh
 ansible_user=ubuntu
-ansible_ssh_private_key_file={{ ssh_key_file }}
+ansible_ssh_private_key_file=ssh_key

output_file_example/nginx_openstack/ansible/ssh_key.j2

+{{ instance_server_private_key }}
\ No newline at end of file

output_file_example/nginx_openstack/terraform/main.tf

@@ -18,19 +18,11 @@ data "openstack_networking_network_v2" "external" {
   name = "external"
 }
 
-data "openstack_identity_project_v3" "test_tenant" {
-  name = "admin"
-}
-
-data "openstack_networking_secgroup_v2" "default" {
-  name = "default"
-  tenant_id = data.openstack_identity_project_v3.test_tenant.id
-}
 # Create virtual machine
 resource "openstack_compute_instance_v2" "nginx" {
   name        = "nginx-host"
   image_name  = "Ubuntu-Focal-20.04-Daily-2022-04-19"
-  flavor_name = "ubuntu"
+  flavor_name = "łubuntu"
   key_pair    = openstack_compute_keypair_v2.user_key.name
   network {
     port = openstack_networking_port_v2.nginx.id
@@ -75,7 +67,8 @@ resource "openstack_networking_port_v2" "nginx" {
   network_id     = openstack_networking_network_v2.generic.id
   admin_state_up = true
   security_group_ids = [
-    data.openstack_networking_secgroup_v2.default.id        #default flavour id
+    openstack_compute_secgroup_v2.ssh.id,
+    openstack_compute_secgroup_v2.http.id
   ]
   fixed_ip {
     subnet_id = openstack_networking_subnet_v2.nginx.id

output_files_generated/nginx_openstack/ansible/config.yaml

+
+---
+input:
+  - instance_ip_nginx-host
+  - instance_server_private_key_
+output: []
+engine: ansible
+...

output_files_generated/nginx_openstack/ansible/inventory.j2

+
+
+[servers_for_nginx]
+{{ instance_ip_nginx-host }}
+
+[servers_for_nginx:vars]
+ansible_connection=ssh
+ansible_user=
+ansible_ssh_private_key_file={{ instance_server_private_key_ }}

output_files_generated/nginx_openstack/ansible/nginx.yaml

+
+
+---
+- hosts: servers_for_nginx
+  gather_facts: no
+  become: yes
+  tasks:
+    - name: Update repositories
+      apt:
+        update_cache: yes
+
+    - name: Install nginx
+      package:
+        name: nginx
+
+    - name: Start nginx
+      service:
+        name: nginx
+        enabled: yes
+        state: started
+
+    - name: Set attributes
+      set_stats:
+        data:
+          site_config_dir: /etc/nginx/conf.d
+
+    - name: Install sample site
+      copy:
+        dest: "{{ item }}"
+        content: |
+          <!doctype html>
+          <html lang="en">
+          <head>
+            <title>Hello World!</title>
+          </head>
+          <body>
+            <h1>Sample web page</h1>
+            <p>With little content ;)</p>
+          </body>
+          </html>
+      with_items:
+        - /var/www/html/index.html
+        - /usr/share/nginx/html/index.html
+

output_files_generated/nginx_openstack/ansible/ssh_key.j2

+{{ instance_server_private_key }}
\ No newline at end of file

output_files_generated/nginx_openstack/config.yaml

+---
+iac:
+- terraform
+- ansible
+...
\ No newline at end of file

output_files_generated/nginx_openstack/terraform/ansible/playbooks/pma/ansible.cfg

+# https://docs.ansible.com/ansible/latest/reference_appendices/config.html
+[defaults]
+host_key_checking = False
+inventory = {{CWD}}/hosts.yaml  ; This points to the file that lists your hosts
+remote_user = esilab
+deprecation_warnings=False ; to remove the python version depretation warning
+display_skipped_hosts = no 
\ No newline at end of file

output_files_generated/nginx_openstack/terraform/ansible/playbooks/pma/ansible_requirements.yml

+roles:
+#  - name: dj-wasabi.telegraf
+#    version: 0.13.2
+#    source: https://galaxy.ansible.com
+  - name: dj-wasabi.telegraf
+    src: https://github.com/dj-wasabi/ansible-telegraf.git
+    scm: git
+    version: 0.13.2

output_files_generated/nginx_openstack/terraform/ansible/playbooks/pma/hosts.yaml

+all:
+  hosts:
+    localhost:
+      ansible_connection: local

output_files_generated/nginx_openstack/terraform/ansible/playbooks/pma/install_playbook_requirements.sh

+#!/bin/bash
+set -e
+
+SCRIPT_DIR=$(dirname "$0")
+
+# to avoid the being run in a world writable directory we explicitly assign the ANSIBLE_CONFIG variable 
+if [[ -f ./ansible.cfg ]]
+then
+    export ANSIBLE_CONFIG=./ansible.cfg
+else 
+    if [[ -f $SCRIPT_DIR/ansible.cfg ]]
+    then
+        export ANSIBLE_CONFIG=$SCRIPT_DIR/ansible.cfg
+    fi
+fi
+
+if [[ -z "$ANSIBLE_CONFIG" ]]
+then 
+    echo ANSIBLE_CONFIG to assigned using default https://docs.ansible.com/ansible/latest/reference_appendices/config.html
+else 
+    echo ANSIBLE_CONFIG=$ANSIBLE_CONFIG
+fi
+
+if [[ -z "$1" ]]
+then 
+    # echo without params 
+    echo ansible-playbook $SCRIPT_DIR/site_requirements.yaml
+    ansible-playbook $SCRIPT_DIR/site_requirements.yaml
+else 
+    # echo with params
+    echo ansible-playbook $SCRIPT_DIR/site_requirements.yaml --extra-vars "$1"
+    ansible-playbook $SCRIPT_DIR/site_requirements.yaml --extra-vars "$1"
+fi

output_files_generated/nginx_openstack/terraform/ansible/playbooks/pma/run-playbook.sh

+#!/bin/bash
+set -e
+
+SCRIPT_DIR=$(dirname "$0")
+
+# to avoid the being run in a world writable directory we explicitly assign the ANSIBLE_CONFIG variable 
+if [[ -f ./ansible.cfg ]]
+then
+    export ANSIBLE_CONFIG=./ansible.cfg
+else 
+    if [[ -f $SCRIPT_DIR/ansible.cfg ]]
+    then
+        export ANSIBLE_CONFIG=$SCRIPT_DIR/ansible.cfg
+    fi
+fi
+
+if [[ -z "$ANSIBLE_CONFIG" ]]
+then 
+    echo ANSIBLE_CONFIG to assigned using default https://docs.ansible.com/ansible/latest/reference_appendices/config.html
+else 
+    echo ANSIBLE_CONFIG=$ANSIBLE_CONFIG
+fi
+
+if [[ -z "$1" ]]
+then 
+    # echo without params 
+    echo ansible-playbook $SCRIPT_DIR/site.yaml
+    ansible-playbook $SCRIPT_DIR/site.yaml
+else 
+    # echo with params
+    echo ansible-playbook $SCRIPT_DIR/site.yaml --extra-vars "$1"
+    ansible-playbook $SCRIPT_DIR/site.yaml --extra-vars "$1"
+fi

output_files_generated/nginx_openstack/terraform/ansible/playbooks/pma/site.yaml

+- hosts: all
+  pre_tasks:
+    - name: Check parameters
+      fail:
+        msg: 'variable {{item}} not defined'
+      when: item is not defined
+      with_items:
+        - pma_deployment_id
+        - pma_influxdb_bucket
+        - pma_influxdb_token
+        - pma_influxdb_org
+        - pma_influxdb_addr
+    - name: Print parameters
+      debug:
+        msg: 
+          - "pma_deployment_id: {{ pma_deployment_id }}"
+          - "pma_influxdb_bucket: {{ pma_influxdb_bucket }}"
+          - "pma_influxdb_token: {{ pma_influxdb_token }}"
+          - "pma_influxdb_org: {{ pma_influxdb_org }}"
+          - "pma_influxdb_addr: {{ pma_influxdb_addr }}"
+    - name: Ensure gnupg package
+      package:
+        name: gnupg
+        state: present
+      become: true
+      
+  vars_files:
+    - vars/main.yaml
+  roles:
+    - dj-wasabi.telegraf

output_files_generated/nginx_openstack/terraform/ansible/playbooks/pma/site_requirements.yaml

+- hosts: localhost
+  tasks:
+    - name: print disclamer
+      debug:
+        msg: this can also be done with "ansible-galaxy install -r requirements"
+    - name: install telegraf from galaxy
+      community.general.ansible_galaxy_install:
+        type: role
+        requirements_file: ansible_requirements.yml

output_files_generated/nginx_openstack/terraform/ansible/playbooks/pma/vars/main.yaml

+telegraf_agent_package_state: latest
+
+telegraf_agent_output:
+  - type: influxdb_v2
+    config:
+      - urls = ["{{ pma_influxdb_addr }}"]
+      - token = "{{ pma_influxdb_token }}"
+      - organization = "{{ pma_influxdb_org }}"
+      - bucket = "{{ pma_influxdb_bucket }}"
+      - insecure_skip_verify = true
+
+telegraf_global_tags:
+  - tag_name: deployment_id
+    tag_value: "{{ pma_deployment_id }}"
+
+telegraf_plugins_default:
+  - plugin: cpu
+  - plugin: mem
+  - plugin: processes
+  - plugin: disk
+  - plugin: net
+  
+  

output_files_generated/nginx_openstack/terraform/config.yaml

+
+
+---
+engine: terraform
+input:
+  - OS_USERNAME
+  - OS_PASSWORD
+  - OS_AUTH_URL
+  - OS_PROJECT_NAME
+output:
+
+  - instance_server_public_key_
+  - instance_server_private_key_
+  - instance_ip_nginx-host
+
+...

output_files_generated/nginx_openstack/terraform/main.tf

+
+
+terraform {
+required_version = ">= 0.14.0"
+  required_providers {
+    openstack = {
+      source  = "terraform-provider-openstack/openstack"
+      version = "~> 1.35.0"
+    }
+  }
+}
+
+# Configure the OpenStack Provider
+provider "openstack" {
+  #user_name   = var.openstack_username
+  #tenant_name = "admin"
+  #password    = var.openstack_password
+  #auth_url    = var.openstack_auth_url
+  insecure    = true
+}
+
+# Retrieve data
+data "openstack_networking_network_v2" "external" {
+  name = "external"
+}
+
+data "openstack_identity_project_v3" "test_tenant" {
+  name = "admin"
+}
+
+data "openstack_networking_secgroup_v2" "default" {
+  name = "default"
+  tenant_id = data.openstack_identity_project_v3.test_tenant.id
+}
+
+
+# Create virtual machine
+resource "openstack_compute_instance_v2" "vm1" {
+  name        = "nginx-host"
+  image_name  = "Ubuntu-Focal-20.04-Daily-2022-04-19"
+  flavor_name = "small"
+  key_pair    = openstack_compute_keypair_v2.ssh_key.name
+  network {
+    port = openstack_networking_port_v2.net1.id
+  }
+
+  ## AGENTS TO ADD
+  # this is subject to be moved to IEM as part of its baseline
+    provisioner "local-exec" {
+    command = "ansible-galaxy collection install community.general"
+  }
+
+  # this is subject to be moved to IEM as part of its baseline
+  provisioner "local-exec" {
+    command = "ansible-playbook ansible/playbooks/pma/site_requirements.yaml"
+  }
+
+  # secrets can be taken from environment variables at IEM but these security issues I will leave them to y2, the user can also be problematic ubuntu/root/centos/...
+  provisioner "local-exec" {
+    command = "ansible-playbook -u root -i '${openstack_networking_floatingip_v2.vm1_floating_ip.address},' ansible/playbooks/pma/site.yaml --extra-vars '{\"pma_deployment_id\": \"123e4567-e89b-12d3-a456-426614174002\", \"pma_influxdb_bucket\": \"bucket\", \"pma_influxdb_token\": \"piacerePassword\", \"pma_influxdb_org\": \"piacere\", \"pma_influxdb_addr\": \"https://influxdb.pm.ci.piacere.digital.tecnalia.dev\" }'"
+  }
+
+}
+
+# Create floating ip
+resource "openstack_networking_floatingip_v2" "vm1_floating_ip" {
+  pool = "external"
+  # fixed_ip = ""
+}
+
+# Attach floating ip to instance
+resource "openstack_compute_floatingip_associate_v2" "vm1_floating_ip_association" {
+  floating_ip = openstack_networking_floatingip_v2.vm1_floating_ip.address
+  instance_id = openstack_compute_instance_v2.vm1.id
+}
+
+
+
+## Network
+
+# Create Network
+resource "openstack_networking_network_v2" "net1" {
+  name = "concrete_net"
+}
+
+# Create Subnet
+resource "openstack_networking_subnet_v2" "net1_subnet" {
+  name            = "concrete_net_subnet"
+  network_id      = openstack_networking_network_v2.net1.id
+  cidr            = "16.0.0.0/24"
+  dns_nameservers = ["8.8.8.8", "8.8.8.4"]
+}
+
+# Attach networking port
+resource "openstack_networking_port_v2" "net1" {
+  name           = "concrete_net"
+  network_id     = openstack_networking_network_v2.net1.id
+  admin_state_up = true
+  security_group_ids = [
+    data.openstack_networking_secgroup_v2.default.id        #default flavour id
+  ]
+  fixed_ip {
+    subnet_id = openstack_networking_subnet_v2.net1_subnet.id
+  }
+}
+
+# Create router
+resource "openstack_networking_router_v2" "net1_router" {
+  name                = "net1_router"
+  external_network_id = data.openstack_networking_network_v2.external.id    #External network id
+}
+# Router interface configuration
+resource "openstack_networking_router_interface_v2" "net1_router_interface" {
+  router_id = openstack_networking_router_v2.net1_router.id
+  subnet_id = openstack_networking_subnet_v2.net1_subnet.id
+}
+
+
+
+# Create ssh keys
+resource "openstack_compute_keypair_v2" "ssh_key" {
+  name       = "ubuntu"
+  # public_key = "ubuntu"
+}
+
+
+
+# CREATING SECURITY_GROUP
+  
+resource "openstack_compute_secgroup_v2" "icmp" {
+  name        = "icmp"
+  description  = "Security group rule for port -1"
+  rule {
+    from_port   = -1
+    to_port     = -1
+    ip_protocol = "icmp"
+    cidr        = "0.0.0.0/0"
+  }
+}
+ 
+resource "openstack_compute_secgroup_v2" "http" {
+  name        = "http"
+  description  = "Security group rule for port 80"
+  rule {
+    from_port   = 80
+    to_port     = 80
+    ip_protocol = "tcp"
+    cidr        = "0.0.0.0/0"
+  }
+}
+ 
+resource "openstack_compute_secgroup_v2" "https" {
+  name        = "https"
+  description  = "Security group rule for port 443"
+  rule {
+    from_port   = 443
+    to_port     = 443
+    ip_protocol = "tcp"
+    cidr        = "0.0.0.0/0"
+  }
+}
+ 
+resource "openstack_compute_secgroup_v2" "ssh" {
+  name        = "ssh"
+  description  = "Security group rule for port 22"
+  rule {
+    from_port   = 22
+    to_port     = 22
+    ip_protocol = "tcp"
+    cidr        = "0.0.0.0/0"
+  }
+}
+
+