imfreedom/terraform
Add an ansible role for setting up tailscale and call it on the freebsd agents
--- a/.hgignore Tue Jul 25 00:09:53 2023 -0500
+++ b/.hgignore Tue Jul 25 04:19:07 2023 -0500
@@ -3,3 +3,9 @@
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ansible-edit-vault Tue Jul 25 04:19:07 2023 -0500
@@ -0,0 +1,4 @@
+ansible-vault edit --vault-password-file=ansible_vault_password ansible/vault.yml --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ansible.tf Tue Jul 25 04:19:07 2023 -0500
@@ -0,0 +1,7 @@
+# Use the archive_file data source to detect changes in the ansible scripts +data "archive_file" "ansible_scripts" { + source_dir = "ansible/" + output_path = "ansible.zip" --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ansible/ansible.cfg Tue Jul 25 04:19:07 2023 -0500
@@ -0,0 +1,3 @@
+vault_password_file = ../ansible_vault_password --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ansible/roles/tailscale/defaults/main.yml Tue Jul 25 04:19:07 2023 -0500
@@ -0,0 +1,4 @@
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ansible/roles/tailscale/tasks/freebsd.yml Tue Jul 25 04:19:07 2023 -0500
@@ -0,0 +1,18 @@
+- name: install tailscale +- name: enable tailscale + dest: /etc/rc.conf.d/tailscaled + tailscaled_enable="YES" +- name: start tailscaled --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ansible/roles/tailscale/tasks/main.yml Tue Jul 25 04:19:07 2023 -0500
@@ -0,0 +1,12 @@
+- name: check required variables + fail: msg="Variable '{{ item }}' is not defined" + with_items: "{{ required_vars }}" +- include_tasks: freebsd.yml + when: ansible_facts['os_family'] == "FreeBSD" +- name: login to tailscale + ansible.builtin.command: "tailscale up --auth-key {{ tailscale_auth_key }}" --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ansible/tailscale.yml Tue Jul 25 04:19:07 2023 -0500
@@ -0,0 +1,6 @@
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ansible/vault.yml Tue Jul 25 04:19:07 2023 -0500
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256 +61303430613263636436656161306331303066323331353736396335353563636334636663663833 +3733646135623665643333623065396666353963613061320a643530393430643266613631623037 +62336238396233643763376365323562656335373438316165363163653031653666353263646165 +6365356262353162360a373539643833366633646433323762343632323661333739643639353537 +35346433633032643533626665363936353864386134613437333262353939313136623961666164 +65376262323564616432333364613131623734393364656263313639656631366234336433386263 +39353335376530383931656461623865303963383731343635303134626334393261633039386339 +62346636363439383761663139616130313761653563373634316262353631396131346433373065 --- a/instance-freebsd-amd64.tf Tue Jul 25 00:09:53 2023 -0500
+++ b/instance-freebsd-amd64.tf Tue Jul 25 04:19:07 2023 -0500
@@ -109,9 +109,50 @@
+ network_interface.0.hostname +# Create the ansible inventory +resource "local_file" "freebsd_amd64_ansible_inventory" { + count = "${var.freebsd_amd64_count > 0 ? 1 : 0 }" + content = "${join("\n", + "%s ansible_ssh_common_args='-o ProxyJump=%s -o StrictHostKeyChecking=off' ansible_user=admin ansible_host=%s", + libvirt_domain.freebsd_amd64.*.name, # get the name of the libvirt_domain + regex("(?:.*://([^/]+)/.*)", var.libvirt_uri)[0], # pull the user and hostname out of the libvirt_uri. + flatten(libvirt_domain.freebsd_amd64.*.network_interface.0.addresses) # get the address of the first network interface. + filename = "${path.module}/inventory.freebsd_amd64"
- value = "${flatten(libvirt_domain.freebsd_amd64.*.network_interface.0.addresses)}" +# Run ansible against the machines +resource "null_resource" "freebsd_amd64_ansible" { + count = "${var.freebsd_amd64_count > 0 ? 1 : 0 }" + hosts = "${sha1(local_file.freebsd_amd64_ansible_inventory.0.content)}" + ansible = "${data.archive_file.ansible_scripts.output_sha}" + provisioner "local-exec" { + command = "${join(" ", [ + "--inventory=${path.module}/inventory.freebsd_amd64", + "--vault-password-file=ansible_vault_password", + "ansible/tailscale.yml", + ANSIBLE_CONFIG = "./ansible/ansible.cfg"
