From e2dfae9a53479fe18d8893592801cbf221f7a093 Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Mon, 9 Dec 2024 11:17:22 +0100 Subject: [PATCH] chore(do): initialise terraform for example (#5) * chore(do): initialise terraform for example Signed-off-by: Bruce Becker * ci: run CI on PRs to devel and master Signed-off-by: Bruce Becker * ci: run lint with backwards compat as well as latest Signed-off-by: Bruce Becker * ci: use matrix version in CI Signed-off-by: Bruce Becker * ci: so much for github workflow validation Signed-off-by: Bruce Becker * ci: what's up with matrix Signed-off-by: Bruce Becker * chore: check if it's the @$ that's breaking Signed-off-by: Bruce Becker * ci: bump version to 24.2.1 Signed-off-by: Bruce Becker * ci: fix task name Signed-off-by: Bruce Becker * build(do): add database and user Signed-off-by: Bruce Becker * build(do): add droplet and db firewall Signed-off-by: Bruce Becker --------- Signed-off-by: Bruce Becker --- .github/workflows/lint.yml | 8 ++- examples/digital-ocean/.gitignore | 37 ++++++++++++ examples/digital-ocean/.terraform.lock.hcl | 26 ++++++++ examples/digital-ocean/main.tf | 70 ++++++++++++++++++++++ examples/digital-ocean/terraform.tf | 12 ++++ examples/digital-ocean/variables.tf | 35 +++++++++++ 6 files changed, 186 insertions(+), 2 deletions(-) create mode 100644 examples/digital-ocean/.gitignore create mode 100644 examples/digital-ocean/.terraform.lock.hcl create mode 100644 examples/digital-ocean/main.tf create mode 100644 examples/digital-ocean/terraform.tf create mode 100644 examples/digital-ocean/variables.tf diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 0d53aefa..ca3e6420 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -2,12 +2,16 @@ name: ansible-lint on: pull_request: - branches: ["main"] + branches: ["devel", "master"] jobs: build: + # Apparently, variables do not have a context until actions are actually executed + # so we cannot make a matrix out of action versions. + # Thanks, Obama. + # See https://github.com/orgs/community/discussions/110550 name: Ansible Lint runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Run ansible-lint - uses: ansible/ansible-lint@v6.22.2 + uses: ansible/ansible-lint@v24.2.1 diff --git a/examples/digital-ocean/.gitignore b/examples/digital-ocean/.gitignore new file mode 100644 index 00000000..3a70aaf0 --- /dev/null +++ b/examples/digital-ocean/.gitignore @@ -0,0 +1,37 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +# Ignore ssh keys +do +do.pub diff --git a/examples/digital-ocean/.terraform.lock.hcl b/examples/digital-ocean/.terraform.lock.hcl new file mode 100644 index 00000000..90411861 --- /dev/null +++ b/examples/digital-ocean/.terraform.lock.hcl @@ -0,0 +1,26 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/digitalocean/digitalocean" { + version = "2.36.0" + constraints = "~> 2.36" + hashes = [ + "h1:RJRiSKNguA33LlEZ2KmK7EpvogdV8lUVlCD5M8lVqtE=", + "zh:023d11f654e4049e80254d8edb950f6c84c993134c8ffb5ec09a71e77f486cbe", + "zh:1aa4d213d18c06df0d791aa154188517ea3efaac69f14e2de3f8e152961e22fd", + "zh:1c6adfc92a8b450ff915e5c449b3f6d0e5736c10250327467333003e119005e8", + "zh:271adfcf7a9d57bb0916118e1d6b04fba2b7730db583a654821d575f5581266e", + "zh:42bc0912cd2ab539cacb40aa22ca107306e6e16d0d6544237d93c62223c7f3ac", + "zh:5083fb44847461a3839eec222540283f2cb5db71beab0581c1ac26a2c8ed2a61", + "zh:561e5e85a3f443f93f49b8b4013f3674dc291a6b48a2ef11e055f9c07d2b5c7b", + "zh:57cef0755470862dcda9294629649e643657b86e36f2272ce75413c14614d5de", + "zh:7a31ae9c07984a9cc1b23d1d4e0df247f52dcf9be52052cdfb6bf70eeb924e56", + "zh:8176d64c4c3ce75c81f91bf508f021708d92e5326a025f5ea98b5988983617c9", + "zh:829375a4b78f956e418d5e18dd8972db430111617304d84dda38114eaf9e41e0", + "zh:8c68d7a0e6ad9684227b35aa050e2217f50424d89fd85fc48316c2b106d98158", + "zh:b109589e5462b5749993453e0f0d6a46f96b1e5c4eaecd3ba6a66e41cdd7d49e", + "zh:b3c1a8af6f29a7e671fce29eca56f00e057d416b5bfc46c1a7efa4c6863956b1", + "zh:ee8bea37be084a438870b72b0974c0f53476d045b813f9c222aec73012caa831", + "zh:ef95d44d8f70de4091c7714c3e261666106a366ab291349d98cdea72be043dc9", + ] +} diff --git a/examples/digital-ocean/main.tf b/examples/digital-ocean/main.tf new file mode 100644 index 00000000..a147cd17 --- /dev/null +++ b/examples/digital-ocean/main.tf @@ -0,0 +1,70 @@ +resource "digitalocean_vpc" "rciam" { + name = "rciam-${var.deployment_name}" + region = var.region +} + +resource "digitalocean_database_cluster" "rciam" { + name = "rciam-db-${var.deployment_name}" + engine = "pg" + version = var.pg_version + region = var.region + node_count = 1 + size = var.db_size +} + +resource "digitalocean_database_user" "rciam" { + name = var.db_user + cluster_id = digitalocean_database_cluster.rciam.id +} + +resource "digitalocean_database_db" "rciam" { + name = var.db_name + cluster_id = digitalocean_database_cluster.rciam.id +} + +resource "digitalocean_ssh_key" "rciam" { + name = "value" + public_key = file("${path.module}/do.pub") +} + +data "digitalocean_images" "ubuntu" { + filter { + key = "distribution" + values = ["Ubuntu"] + } + filter { + key = "regions" + values = ["ams3"] + } + + sort { + key = "name" + direction = "desc" + } +} +resource "digitalocean_droplet" "keycloak" { + name = "keycloak-${var.deployment_name}" + vpc_uuid = digitalocean_vpc.rciam.id + size = "value" + ssh_keys = [digitalocean_ssh_key.rciam.id] + image = data.digitalocean_images.ubuntu.images[0].id + backups = false + monitoring = true + ipv6 = false + region = "ams3" + droplet_agent = true +} + +resource "digitalocean_database_firewall" "keycloak" { + cluster_id = digitalocean_database_cluster.rciam.id + rule { + type = "droplet" + value = digitalocean_droplet.keycloak.id + } +} + + +# name: Configure PostgreSQL client authentication +# name: Configure PostgreSQL users +# name: Configure privileges of PostgreSQL users +# name: Configure PostgreSQL databases diff --git a/examples/digital-ocean/terraform.tf b/examples/digital-ocean/terraform.tf new file mode 100644 index 00000000..3c8dfdeb --- /dev/null +++ b/examples/digital-ocean/terraform.tf @@ -0,0 +1,12 @@ +terraform { + required_version = "~> 1.7" + required_providers { + digitalocean = { + source = "digitalocean/digitalocean" + version = "~> 2.36" + } + } + backend "local" {} +} + +provider "digitalocean" {} diff --git a/examples/digital-ocean/variables.tf b/examples/digital-ocean/variables.tf new file mode 100644 index 00000000..0756802d --- /dev/null +++ b/examples/digital-ocean/variables.tf @@ -0,0 +1,35 @@ +variable "deployment_name" { + type = string + description = "Name of the deployment of this instance" + default = "default" +} + +variable "region" { + type = string + description = "Name of the DigitalOcean region we are creating the VPC in" + default = "ams3" +} + +variable "pg_version" { + type = string + description = "Postgres version of managed DB" + default = "11" +} + +variable "db_size" { + type = string + description = "Instance size for PostgreSQL db." + default = "db-s-1-vcpu-1gb" +} + +variable "db_user" { + type = string + description = "Username to connect to DB" + default = "postgres" +} + +variable "db_name" { + type = string + description = "Name fo the PostGres database for RCIAM" + default = "rciam" +}