feat(tofy): adding first version of the tofu module

This commit is contained in:
Philippe Caseiro 2024-01-17 12:19:33 +01:00
parent 454eef7085
commit 05ecc74731
10 changed files with 355 additions and 4 deletions

View File

@ -1,2 +1,2 @@
username=XXX@cloe # login_ac_dijon@cloe
password= # mot de passe défini via l'iface web de CLOE VRA8
username="pcaseiro@cloe" # login_ac_dijon@cloe
password="Cadoles;21!12" # mot de passe défini via l'iface web de CLOE VRA8

View File

@ -2,8 +2,11 @@
source ./credentials
refresh_token=$(curl -X POST -H "Content-Type: application/json" -d "{\"username\":\"${username}\", \"password\":\"${password}\"}" 127.0.0.1:8080/login | jq -r .refresh_token)
API_PORT=${API_PORT:-8080}
refresh_token=$(curl -X POST -H "Content-Type: application/json" -d "{\"username\":\"${username}\", \"password\":\"${password}\"}" 127.0.0.1:${API_PORT}/login | jq -r .refresh_token)
echo refresh_token: $refresh_token
token=$(curl -X POST -H "Content-Type: application/json" -d "{\"refresh_token\":\"${refresh_token}\"}" 127.0.0.1:8080/perform-login | jq -r .token)
token=$(curl -X POST -H "Content-Type: application/json" -d "{\"refresh_token\":\"${refresh_token}\"}" 127.0.0.1:${API_PORT}/perform-login | jq -r .token)
echo token: $token

80
tofu/README.md Normal file
View File

@ -0,0 +1,80 @@
# How to use pycloud tofu module
## Step 1
Create a file named "main.tf" with this basic content :
```
module "deployment" {
source = "./modules/pycloud"
vra_url = var.vra_url
vra_refresh_token = var.vra_refresh_token
vra_insecure_ssl = true
deployments = local.deployments
}
```
Create a file for your "deployments" named as you like deployments.tf for example
```
locals {
deployments = {}
}
```
## Step 2
Get a refresh token from VRA (your problem not mine).
Or if you are lazy, use pytofu ;)
## Step 3
Test your tofu, with pytofu we are lazy
```
$ pytofu -a https://vra-ng-ppd.iaas.in.cloe.education.gouv.fr plan
```
## Step 4
Add some deployments to the deployments.tf file, like ... MonoVM-DEV
```
module "deployment" {
source = "./modules/pycloud"
vra_url = var.vra_url
vra_refresh_token = var.vra_refresh_token
vra_insecure_ssl = true
deployments = {
"test-pc-vf" = {
name = "test-pc-vf"
description = "test deployment"
catalog_item_name = "MonoVM-Dev"
project_name = "GRP-CLOE-TSS-DEV"
inputs = {
MonoVM_cpu = 2
MonoVM_memory = 2048
MonoVM_securityTag = "DEV-TIER-APP"
MonoVM_service = "app"
MonoVM_disks = jsonencode([
{
mountpoint = "/toto",
size = 10
},
{
mountpoint = "/titi",
size = 20
}
])
MonoVM_image = "DEB10X"
MonoVM_instances = 1
MonoVM_startOrder = "1"
leaseDays = "1"
}
}
}
}
```

64
tofu/deployments.tf Normal file
View File

@ -0,0 +1,64 @@
locals {
deployments = {
"test-pc-vf" = {
name = "test-pc-vf"
description = "test deployment"
catalog_item_name = "MonoVM-Dev"
project_name = "GRP-CLOE-TSS-DEV"
inputs = {
MonoVM_cpu = 2
MonoVM_memory = 2048
MonoVM_securityTag = "DEV-TIER-APP"
MonoVM_service = "app"
MonoVM_disks = jsonencode([
{
mountpoint = "/toto",
size = 10
},
{
mountpoint = "/titi",
size = 20
}
])
MonoVM_image = "DEB10X"
MonoVM_instances = 1
MonoVM_startOrder = "1"
leaseDays = "1"
}
},
"test-pc-vf-3-tiers" = {
name = "test-pc-vf-3-tiers"
description = "test 3 tiers Dev"
catalog_item_name = "3-tiers-Dev"
project_name = "GRP-CLOE-TST-DEV"
inputs = {
leaseDays = "1"
DB_service = "db2"
DB_disks = jsonencode([
{
mountpoint = "/toto",
size = 50
}
])
WEB_service = "web"
WEB_ansibleJob = ""
WEB_disks = jsonencode([
{
mountpoint = "/toto",
size = 50
}
])
APP_service = "app"
APP_disks = jsonencode([
{
mountpoint = "/toto",
size = 50
}
])
}
}
}
}

17
tofu/main.tf Normal file
View File

@ -0,0 +1,17 @@
variable "vra_url" {
type = string
}
variable "vra_refresh_token" {
type = string
sensitive = true
}
module "deployment" {
source = "./modules/pycloud"
vra_url = var.vra_url
vra_refresh_token = var.vra_refresh_token
vra_insecure_ssl = true
deployments = local.deployments
}

View File

@ -0,0 +1,30 @@
data "vra_project" "projects" {
for_each = { for deployment in var.deployments : deployment.project_name => deployment }
name = each.key
}
data "vra_catalog_item" "catalog" {
for_each = { for deployment in var.deployments : deployment.catalog_item_name => deployment }
name = each.key
expand_versions = true
expand_projects = true
}
resource "vra_deployment" "deployments" {
for_each = var.deployments
name = each.value.name
description = each.value.description
catalog_item_id = data.vra_catalog_item.catalog[each.value.catalog_item_name].id
catalog_item_version = data.vra_catalog_item.catalog[each.value.catalog_item_name].versions.*.id[0]
project_id = data.vra_project.projects[each.value.project_name].id
inputs = each.value.inputs
timeouts {
create = var.create_timeout
delete = var.delete_timeout
update = var.update_timeout
}
}

View File

@ -0,0 +1,14 @@
output "catalog" {
description = "debug"
value = data.vra_catalog_item.catalog
}
output "deployments" {
description = "debug2"
value = resource.vra_deployment.deployments
}
output "projects" {
description = "test"
value = data.vra_project.projects
}

View File

@ -0,0 +1,14 @@
terraform {
required_providers {
vra = {
source = "vmware/vra"
}
}
required_version = ">= 0.13"
}
provider "vra" {
url = var.vra_url
refresh_token = var.vra_refresh_token
insecure = var.vra_insecure_ssl
}

View File

@ -0,0 +1,48 @@
variable "vra_url" {
description = "VRA Service URL"
type = string
default = ""
}
variable "vra_refresh_token" {
description = "VRA user refresh token"
type = string
sensitive = true
}
variable "vra_insecure_ssl" {
description = "Validate VRA servie SSL Certificate"
type = bool
default = false
}
variable "create_timeout" {
description = "Creation timeout"
type = string
default = "30m"
}
variable "delete_timeout" {
description = "Delete timeout"
type = string
default = "30m"
}
variable "update_timeout" {
description = "Update timeout"
type = string
default = "30m"
}
variable "deployments" {
description = "Definition of what the user need to deploy"
type = map(object({
name = string
description = string
catalog_item_name = string
project_name = string
inputs = map(string)
}))
}

81
tofu/pytofu Executable file
View File

@ -0,0 +1,81 @@
#!/bin/bash
refresh_token=""
service_url=""
username=""
password=""
TOKENRC="${HOME}/.vratokenrc"
while getopts "h:u:p:a:" arg; do
case $arg in
h)
echo "usage"
;;
u)
username="${OPTARG}"
;;
p)
password="${OPTARG}"
;;
a)
service_url="${OPTARG}"
;;
esac
done
login_uri="csp/gateway/am/api/login?access_token"
if [ -f ${TOKENRC} ]; then
source ${TOKENRC}
else
if [ -z "${service_url}" ]; then
echo "Missing VRA service url, use option -a"
exit 1
fi
if [ -z ${username} ]; then
echo -n "Username: "
read -r username
echo
fi
if [ -z ${password} ]; then
echo -n "Password: "
read -s password
echo
fi
token_request=$(curl -s --insecure -X POST \
"$service_url/${login_uri}" \
-H 'Content-Type: application/json' \
-d '{
"username": "'"$username"'",
"password": "'"$password"'"
}'| jq )
refresh_token=$(echo ${token_request} | jq -r .refresh_token)
if [ ${refresh_token} = "null" ]; then
status=$(echo "${token_request}" | jq -r .status)
if [ "${status}" != "200" ];then
echo ${token_request} | jq -r .serverMessage
exit 4
fi
else
if [ ! -f "${TOKENRC}" ]; then
echo "service_url=${service_url}" >> "${TOKENRC}"
echo "refresh_token=${refresh_token}" >> "${TOKENRC}"
chmod 600 ${TOKENRC}
fi
fi
fi
if [ ${?} -ne 0 ];then
echo "Error login to ${service_url} failed"
exit 3
fi
ARG1=${@:$OPTIND:1}
export TF_VAR_vra_url="${service_url}"
export TF_VAR_vra_refresh_token="${refresh_token}"
tofu ${ARG1}