Merge branch '3-setup-gitlab-ci-pipeline-for-terraform' into 'main'

Resolve "Setup gitlab-ci pipeline for Terraform" Closes #3 See merge request !6

Merge branch '3-setup-gitlab-ci-pipeline-for-terraform' into 'main'
ab0ce713 · Aksel Skaar Leirvaag · 1ef83c0d · 3dab25b9 · ab0ce713 · ab0ce713
Commit ab0ce713 authored 3 years ago by Aksel Skaar Leirvaag
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+stages:
+  - init
+  - validate
+  - test
+  - build
+  - deploy
+  - cleanup
 include:
  - local: .gitlab-ci/generated-ci/.gitlab-ci.yml
+  - local: .gitlab-ci/terraform/terraform.yml
\ No newline at end of file
--- a/.gitlab-ci/cue/gitlab-ci.cue
+++ b/.gitlab-ci/cue/gitlab-ci.cue
@@ -5,22 +5,15 @@ let TerraformModules = [
 	'flux',
 ]
-stages: [
-	'test'
-]
 {for module in TerraformModules {
 	"\(module)": {
 		stage: "test"
 		image: "akselleirv/terratest:0.0.9"
-			before_script: [
-				". ./IIKG3005_H21_akselsle-openrc.sh",
-			]
 		script: [
 			"cd modules/\(module)/test",
 			"go test -v -timeout 30m 2>&1 | tee test_output.log",
 			"terratest_log_parser -testlog test_output.log -outputdir test_output",
-				"cat test_output.log | go-junit-report > report.xml"
+			"cat test_output.log | go-junit-report > report.xml",
 		]
 		artifacts: {
 			paths: [
@@ -37,4 +30,3 @@ stages: [
 	}
 }
 }
--- a/.gitlab-ci/generated-ci/.gitlab-ci.yml
+++ b/.gitlab-ci/generated-ci/.gitlab-ci.yml
-stages:
- test
 k0s-cluster:
  stage: test
  image: akselleirv/terratest:0.0.9
-  before_script:
-  - . ./IIKG3005_H21_akselsle-openrc.sh
  script:
  - cd modules/k0s-cluster/test
  - go test -v -timeout 30m 2>&1 | tee test_output.log
@@ -22,8 +18,6 @@ k0s-cluster:
 k0s-config-generator:
  stage: test
  image: akselleirv/terratest:0.0.9
-  before_script:
-  - . ./IIKG3005_H21_akselsle-openrc.sh
  script:
  - cd modules/k0s-config-generator/test
  - go test -v -timeout 30m 2>&1 | tee test_output.log
@@ -41,8 +35,6 @@ k0s-config-generator:
 openstack-cluster:
  stage: test
  image: akselleirv/terratest:0.0.9
-  before_script:
-  - . ./IIKG3005_H21_akselsle-openrc.sh
  script:
  - cd modules/openstack-cluster/test
  - go test -v -timeout 30m 2>&1 | tee test_output.log
@@ -60,8 +52,6 @@ openstack-cluster:
 flux:
  stage: test
  image: akselleirv/terratest:0.0.9
-  before_script:
-  - . ./IIKG3005_H21_akselsle-openrc.sh
  script:
  - cd modules/flux/test
  - go test -v -timeout 30m 2>&1 | tee test_output.log

--- a/.gitlab-ci/terraform/terraform.yml
+++ b/.gitlab-ci/terraform/terraform.yml
+image:
+  name: registry.gitlab.com/gitlab-org/terraform-images/stable:latest
+variables:
+  TF_HTTP_ADDRESS: https://gitlab.stud.idi.ntnu.no/api/v4/projects/12496/terraform/state/project-production
+  TF_HTTP_USERNAME: simenram
+  TF_HTTP_PASSWORD: $TF_STATE_PASSWORD
+  TF_HTTP_UNLOCK_METHOD: DELETE
+  TF_HTTP_LOCK_METHOD: POST
+  PROJECT_PROD_DIR: ${CI_PROJECT_DIR}/project-production
+  TF_STATE_NAME: project-production
+cache:
+  key: "${PROJECT_PROD_DIR}"
+  paths:
+    - ${PROJECT_PROD_DIR}/.terraform/
+terraform-fmt:
+  stage: validate
+  script:
+    - gitlab-terraform fmt -recursive
+  allow_failure: true
+terraform-validate:
+  stage: validate
+  script:
+    - cd ${PROJECT_PROD_DIR}
+    - gitlab-terraform validate
+terraform-build:
+  stage: build
+  script:
+    - cd ${PROJECT_PROD_DIR}
+    - gitlab-terraform plan
+    - gitlab-terraform plan-json
+  resource_group: ${TF_STATE_NAME}
+  artifacts:
+    paths:
+      - ${PROJECT_PROD_DIR}/plan.cache
+    reports:
+      terraform: ${PROJECT_PROD_DIR}/plan.json
+terraform-deploy:
+  stage: deploy
+  script:
+    - cd ${PROJECT_PROD_DIR}
+    - gitlab-terraform apply
+  resource_group: ${TF_STATE_NAME}
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      when: manual
+terraform-destroy:
+  stage: cleanup
+  script:
+    - cd ${PROJECT_PROD_DIR}
+    - gitlab-terraform destroy
+  resource_group: ${TF_STATE_NAME}
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      when: manual
--- a/modules/flux/examples/main.tf
+++ b/modules/flux/examples/main.tf
@@ -2,8 +2,8 @@ module "k0s_cluster" {
  source = "../../k0s-cluster"
  cluster_name         = var.cluster_name
-  public_key_path      = var.public_key_path
  rsa_private_key_path = var.rsa_private_key_path
+  public_key_openssh   = var.public_key_openssh
 }
 module "flux" {

--- a/modules/flux/examples/variables.tf
+++ b/modules/flux/examples/variables.tf
@@ -8,9 +8,9 @@ variable "rsa_private_key_path" {
  description = "The path to the private key which can connect to the VM instances."
 }
-variable "public_key_path" {
+variable "public_key_openssh" {
  type        = string
-  description = "The path to the public key to be used to SSH to the Openstack instances."
+  description = "The public key to be used to SSH to the Openstack instances."
 }
 variable "gitlab_username" {

--- a/modules/flux/main.tf
+++ b/modules/flux/main.tf
--- a/modules/flux/test/flux_test.go
+++ b/modules/flux/test/flux_test.go
@@ -18,19 +18,15 @@ import (
 )
 func TestFlux(t *testing.T) {
-	privateKeyPath, publicKeyPath, cleanupRSAKeys := generateTempRSAKey(t)
+	privateKeyPath, publicKeyOpenSSH, cleanupRSAKeys := generateTempRSAKey(t)
 	defer cleanupRSAKeys()
 	tfOpts := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
 		TerraformDir: "../examples",
 		Vars: map[string]interface{}{
 			"cluster_name":         "k0s-cluster-test-" + strings.ToLower(random.UniqueId()),
-			"public_key_path":      publicKeyPath,
+			"public_key_openssh":   publicKeyOpenSSH,
 			"rsa_private_key_path": privateKeyPath,
 		},
-		EnvVars: map[string]string{
-			"TF_VAR_gitlab_username": mustGetEnv(t, "gitlab_username"),
-			"TF_VAR_gitlab_token":    mustGetEnv(t, "gitlab_token"),
-		},
 	})
 	defer terraform.Destroy(t, tfOpts)
 	terraform.InitAndApply(t, tfOpts)
@@ -45,26 +41,20 @@ func validateFlux(t *testing.T, kubeConfigFilePath string) {
 	k8s.WaitUntilPodAvailable(t, k8sOpts, "nginx", 15, 5*time.Second)
 }
-func generateTempRSAKey(t *testing.T) (privateKeyPath string, publicKeyPath string, cleanupKeys func()) {
+func generateTempRSAKey(t *testing.T) (privateKeyPath string, publicKeyOpenSSH string, cleanupKeys func()) {
 	rsaKey, err := rsa.GenerateKey(rand.Reader, 4096)
 	if err != nil {
 		t.Fatal(err)
 	}
 	privateKeyPath = os.TempDir() + "/rsa_private_key"
 	writeFile(t, privateKeyPath, privateKeyToBytes(rsaKey))
+	publicKeyOpenSSH = "ssh-rsa " + rsaKeyToOpenSSHFormat(t, rsaKey)
-	publicKeyPath = os.TempDir() + "/rsa_public_key"
+	return privateKeyPath, publicKeyOpenSSH, func() {
-	writeFile(t, publicKeyPath, []byte("ssh-rsa "+rsaKeyToOpenSSHFormat(t, rsaKey)))
-	return privateKeyPath, publicKeyPath, func() {
 		err = os.RemoveAll(privateKeyPath)
 		if err != nil {
 			t.Fatal(err)
 		}
-		err = os.RemoveAll(publicKeyPath)
-		if err != nil {
-			t.Fatal(err)
-		}
 	}
 }

--- a/modules/flux/variables.tf
+++ b/modules/flux/variables.tf
--- a/modules/k0s-cluster/examples/main.tf
+++ b/modules/k0s-cluster/examples/main.tf
@@ -2,6 +2,6 @@ module "k0s_cluster" {
  source = "../"
  cluster_name         = var.cluster_name
-  public_key_path      = var.public_key_path
+  public_key_openssh   = var.public_key_openssh
  rsa_private_key_path = var.rsa_private_key_path
 }
--- a/modules/k0s-cluster/examples/variables.tf
+++ b/modules/k0s-cluster/examples/variables.tf
@@ -8,7 +8,7 @@ variable "rsa_private_key_path" {
  description = "The path to the private key which can connect to the VM instances."
 }
-variable "public_key_path" {
+variable "public_key_openssh" {
  type        = string
-  description = "The path to the public key to be used to SSH to the Openstack instances."
+  description = "The public key to be used to SSH to the Openstack instances."
 }
\ No newline at end of file
--- a/modules/k0s-cluster/main.tf
+++ b/modules/k0s-cluster/main.tf
@@ -2,7 +2,7 @@ module "openstack_cluster" {
  source          = "../openstack-cluster"
  cluster_name    = var.cluster_name
  number_of_nodes = 2
-  public_key      = file(var.public_key_path)
+  public_key      = var.public_key_openssh
 }
 module "k0s_config_generator" {

--- a/modules/k0s-cluster/test/k0s_cluster_test.go
+++ b/modules/k0s-cluster/test/k0s_cluster_test.go
@@ -19,12 +19,12 @@ import (
 const tfOptsPath = "/tmp/k0s-cluster"
 func TestK0sCluster(t *testing.T) {
-	privateKeyPath, publicKeyPath, cleanupRSAKeys := generateTempRSAKey(t)
+	privateKeyPath, publicKeyOpenSSH, cleanupRSAKeys := generateTempRSAKey(t)
 	tfOpts := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
 		TerraformDir: "../examples",
 		Vars: map[string]interface{}{
 			"cluster_name":         "k0s-cluster-test-" + strings.ToLower(random.UniqueId()),
-			"public_key_path":      publicKeyPath,
+			"public_key_openssh":   publicKeyOpenSSH,
 			"rsa_private_key_path": privateKeyPath,
 		},
 	})
@@ -47,7 +47,7 @@ func TestK0sCluster(t *testing.T) {
 	k8s.GetNodes(t, k8sOpts)
 }
-func generateTempRSAKey(t *testing.T) (privateKeyPath string, publicKeyPath string, cleanupKeys func()) {
+func generateTempRSAKey(t *testing.T) (privateKeyPath string, publicKeyOpenSSH string, cleanupKeys func()) {
 	rsaKey, err := rsa.GenerateKey(rand.Reader, 4096)
 	if err != nil {
 		t.Fatal(err)
@@ -55,18 +55,13 @@ func generateTempRSAKey(t *testing.T) (privateKeyPath string, publicKeyPath stri
 	privateKeyPath = os.TempDir() + "/rsa_private_key"
 	writeFile(t, privateKeyPath, privateKeyToBytes(rsaKey))
-	publicKeyPath = os.TempDir() + "/rsa_public_key"
+	publicKeyOpenSSH = "ssh-rsa " + rsaKeyToOpenSSHFormat(t, rsaKey)
-	writeFile(t, publicKeyPath, []byte("ssh-rsa "+rsaKeyToOpenSSHFormat(t, rsaKey)))
-	return privateKeyPath, publicKeyPath, func() {
+	return privateKeyPath, publicKeyOpenSSH, func() {
 		err = os.RemoveAll(privateKeyPath)
 		if err != nil {
 			t.Fatal(err)
 		}
-		err = os.RemoveAll(publicKeyPath)
-		if err != nil {
-			t.Fatal(err)
-		}
 	}
 }

--- a/modules/k0s-cluster/variables.tf
+++ b/modules/k0s-cluster/variables.tf
@@ -8,7 +8,7 @@ variable "rsa_private_key_path" {
  description = "The path to the private key which can connect to the VM instances."
 }
-variable "public_key_path" {
+variable "public_key_openssh" {
  type        = string
-  description = "The path to the public key to be used to SSH to the Openstack instances."
+  description = "The public key to be used to SSH to the Openstack instances."
 }
\ No newline at end of file
--- a/modules/k0s-config-generator/examples/variables.tf
+++ b/modules/k0s-config-generator/examples/variables.tf
--- a/modules/k0s-config-generator/main.tf
+++ b/modules/k0s-config-generator/main.tf
--- a/modules/openstack-cluster/examples/variables.tf
+++ b/modules/openstack-cluster/examples/variables.tf
--- a/modules/openstack-cluster/main.tf
+++ b/modules/openstack-cluster/main.tf
--- a/modules/openstack-cluster/outputs.tf
+++ b/modules/openstack-cluster/outputs.tf
--- a/production/main.tf
+++ b/production/main.tf
-module "openstack_cluster" {
-  source          = "../modules/openstack-cluster"
-  cluster_name    = "test"
-  number_of_nodes = 2
-  public_key      = file("/home/aksel/.ssh/id_rsa.pub")
-}
-module "k0s_config_generator" {
-  source               = "../modules/k0s-config-generator"
-  cluster_name         = module.openstack_cluster.cluster_name
-  ips                  = module.openstack_cluster.ips
-  rsa_private_key_path = "/home/aksel/.ssh/id_rsa"
-}
-module "k0s" {
-  source              = "../modules/k0s-apply"
-  k0s_config_filepath = module.k0s_config_generator.file_path
-}
\ No newline at end of file