diff --git a/docs/vagrant/provisioners.md b/docs/vagrant/provisioners.md index e2d5732..1cafae0 100644 --- a/docs/vagrant/provisioners.md +++ b/docs/vagrant/provisioners.md @@ -225,6 +225,7 @@ Supported options are: - [kubefwd](https://github.com/txn2/kubefwd) - Kubernetes port forwarding for local development. - [fzf](https://github.com/junegunn/fzf) - Command line fuzzy finder. - [yq](https://github.com/mikefarah/yq) - A lightweight and portable command-line YAML, JSON and XML processor. + - [terraform](https://www.terraform.io/) - The Hashicorp IaC command line tool. - ``:skip_tags:`` Only plays, roles and tasks that *do not match* these values will be executed. - This parameter can be *string or list* of tags. diff --git a/provisioners/ansible/playbook.yml b/provisioners/ansible/playbook.yml index 8a5752d..ff31445 100644 --- a/provisioners/ansible/playbook.yml +++ b/provisioners/ansible/playbook.yml @@ -35,4 +35,5 @@ - { role: 'repos', tags: 'repos' } - { role: 'fzf', tags: 'fzf' } - { role: 'yq', tags: 'yq' } + - { role: 'terraform', tags: 'terraform' } ... diff --git a/provisioners/ansible/roles/terraform/defaults/main.yml b/provisioners/ansible/roles/terraform/defaults/main.yml new file mode 100644 index 0000000..52518b6 --- /dev/null +++ b/provisioners/ansible/roles/terraform/defaults/main.yml @@ -0,0 +1,4 @@ +--- +tf_version: '1.2.4' +tf_install_dir: '/usr/local/bin' +... diff --git a/provisioners/ansible/roles/terraform/handlers/main.yml b/provisioners/ansible/roles/terraform/handlers/main.yml new file mode 100644 index 0000000..3899cc7 --- /dev/null +++ b/provisioners/ansible/roles/terraform/handlers/main.yml @@ -0,0 +1,20 @@ +--- +- name: 'Check for existing terraform version' + shell: '{{ tf_install_dir }}/terraform version -json' + args: + executable: '/bin/bash' + changed_when: false + failed_when: false + register: 'tf_existing_version' + +- name: 'Define existing terraform version' + set_fact: + tf_installed_version: '{{ tf_existing_version.stdout | from_json }}' + +- name: 'Verify installed terraform version' + assert: + that: + - 'tf_installed_version.terraform_version == tf_version' + fail_msg: 'terraform installation failed, {{ tf_version }} != {{ tf_installed_version.terraform_version }}' + success_msg: 'Installed terraform version is: {{ tf_version }}' +... diff --git a/provisioners/ansible/roles/terraform/tasks/main.yml b/provisioners/ansible/roles/terraform/tasks/main.yml new file mode 100644 index 0000000..e03f3cc --- /dev/null +++ b/provisioners/ansible/roles/terraform/tasks/main.yml @@ -0,0 +1,79 @@ +--- +- name: 'Check if is already installed' + stat: + path: '{{ tf_install_dir }}/terraform' + register: 'tf_path' + +- name: 'Check for existing version' + shell: '{{ tf_install_dir }}/terraform version -json' + args: + executable: '/bin/bash' + changed_when: false + failed_when: false + register: 'tf_existing_version' + when: 'tf_path.stat.exists' + +- name: 'Define existing version' + set_fact: + tf_current_version: '{{ tf_existing_version.stdout | from_json }}' + when: 'tf_path.stat.exists' + +- name: 'Retrieve zip checksums' + set_fact: + tf_zip_checksums: '{{ lookup("url", tf_checksums_url) }}' + when: > + not tf_path.stat.exists + or tf_current_version.terraform_version != tf_version + +- name: 'Convert zip checksums to dictionary' + set_fact: + tf_zip_checksum_dict: '{{ tf_zip_checksums | content_to_dict(",") }}' + when: > + not tf_path.stat.exists + or tf_current_version.terraform_version != tf_version + +- name: 'Set zip checksum' + set_fact: + tf_zip_checksum: '{{ tf_zip_checksum_dict | get_dict_key(tf_zip_name) }}' + when: > + not tf_path.stat.exists + or tf_current_version.terraform_version != tf_version + +- name: 'Download zip' + get_url: + url: '{{ tf_zip_url }}' + dest: '/tmp/{{ tf_zip_name }}' + checksum: 'sha256:{{ tf_zip_checksum }}' + when: > + not tf_path.stat.exists + or tf_current_version.terraform_version != tf_version + +- name: 'Ensure install directory exists' + file: + path: '{{ tf_install_dir }}' + state: 'directory' + mode: 0755 + owner: 'root' + group: 'root' + become: 'yes' + when: > + not tf_path.stat.exists + or tf_current_version.terraform_version != tf_version + +- name: 'Extract {{ tf_zip_name }}' + unarchive: + src: '/tmp/{{ tf_zip_name }}' + dest: '{{ tf_install_dir }}' + remote_src: 'yes' + mode: 0755 + owner: root + group: root + become: 'yes' + notify: + - 'Check for existing terraform version' + - 'Define existing terraform version' + - 'Verify installed terraform version' + when: > + not tf_path.stat.exists + or tf_current_version.terraform_version != tf_version +... diff --git a/provisioners/ansible/roles/terraform/vars/main.yml b/provisioners/ansible/roles/terraform/vars/main.yml new file mode 100644 index 0000000..3da2735 --- /dev/null +++ b/provisioners/ansible/roles/terraform/vars/main.yml @@ -0,0 +1,9 @@ +--- +tf_arch: 'amd64' +tf_os: '{{ ansible_system | lower }}' +tf_binary_name: 'tf_{{ tf_os }}_{{ tf_arch }}' +tf_download_url: 'https://releases.hashicorp.com/terraform' +tf_zip_name: 'terraform_{{ tf_version }}_{{ tf_os }}_{{ tf_arch }}.zip' +tf_zip_url: '{{ tf_download_url }}/{{ tf_version }}/{{ tf_zip_name }}' +tf_checksums_url: '{{ tf_download_url }}/{{ tf_version }}/terraform_{{ tf_version }}_SHA256SUMS' +...