From 63a83f2ec339d2188511e9c7d6be700eea4599d7 Mon Sep 17 00:00:00 2001 From: Matthew Stobbs Date: Sat, 22 Mar 2025 17:36:09 -0600 Subject: [PATCH] finish adding terraform and vault archive --- tasks/archive/pulumi.yml | 4 +-- tasks/archive/terraform.yml | 49 ++++++++++++++++++++++++++++--------- tasks/archive/vault.yml | 37 ++++++++++++++++++++++++++++ tasks/config/terraform.yml | 6 ++++- tasks/config/vault.yml | 21 +++++++++++++++- tasks/pkgs/vault.yml | 14 ++++++++--- vars/pkgs/terraform.yml | 15 +++++++++--- vars/pkgs/vault.yml | 15 ++++++++++++ 8 files changed, 139 insertions(+), 22 deletions(-) create mode 100644 tasks/archive/vault.yml diff --git a/tasks/archive/pulumi.yml b/tasks/archive/pulumi.yml index f74c30d..ed2b3a4 100644 --- a/tasks/archive/pulumi.yml +++ b/tasks/archive/pulumi.yml @@ -15,14 +15,14 @@ url: "{{ pulumi.dlurl }}" decompress: false mode: '0644' - + - name: Extract pulumi archive become: "{{ ext_become }}" ansible.builtin.unarchive: dest: "{{ path.archive }}" src: "{{ d_tempdir.path }}/{{ pulumi.archive }}" remote_src: true - + - name: Link pulumi executable become: "{{ ext_become }}" ansible.builtin.file: diff --git a/tasks/archive/terraform.yml b/tasks/archive/terraform.yml index a7eadd4..39d4a1c 100644 --- a/tasks/archive/terraform.yml +++ b/tasks/archive/terraform.yml @@ -1,13 +1,38 @@ -- name: Download terraform archive - ansible.builtin.get_url: - dest: "{{ d_tempdir.path }}/{{ terraform.file }}" - url: "{{ terraform.url }}/{{ terraform.file }}" - decompress: false - mode: '0644' +# vim: set filetype=yaml.ansible : +--- +- name: Check if terraform is already installed + register: r_terraform_inst + ansible.builtin.stat: + path: "{{ terraform.bin }}" -- name: Extract terraform archive - become: "{{ ext_become }}" - ansible.builtin.unarchive: - dest: "{{ path.archive }}/terraform" - src: "{{ d_tempdir.path }}/{{ terraform.file }}" - remote_src: true +- name: Download and install terraform + when: + - not r_terraform_inst.stat.exists + block: + - name: Download terraform archive + ansible.builtin.get_url: + dest: "{{ d_tempdir.path }}/{{ terraform.archive }}" + url: "{{ terraform.url }}/{{ terraform.archive }}" + mode: '0644' + decompress: false + + - name: Ensure vault archive dir exists + become: "{{ ext_become }}" + ansible.builtin.file: + state: directory + path: "{{ terraform.path }}" + mode: '0755' + + - name: Extract terraform archive + become: "{{ ext_become }}" + ansible.builtin.unarchive: + dest: "{{ terraform.path }}" + src: "{{ d_tempdir.path }}/{{ terraform.archive }}" + remote_src: true + + - name: Link terraform executable + become: "{{ ext_become }}" + ansible.builtin.file: + state: link + src: "{{ terraform.path }}/terraform" + path: "{{ terraform.bin }}" diff --git a/tasks/archive/vault.yml b/tasks/archive/vault.yml new file mode 100644 index 0000000..e406d1b --- /dev/null +++ b/tasks/archive/vault.yml @@ -0,0 +1,37 @@ +# vim: set filetype=yaml.ansible : --- +- name: Check if vault is already installed + register: r_vault_inst + ansible.builtin.stat: + path: "{{ vault.bin }}" + +- name: Download and install vault + when: + - not r_vault_inst.stat.exists + block: + - name: Download vault archive + ansible.builtin.get_url: + dest: "{{ d_tempdir.path }}/{{ vault.archive }}" + url: "{{ vault.url }}/{{ vault.archive }}" + mode: '0644' + decompress: false + + - name: Ensure vault archive dir exists + become: "{{ ext_become }}" + ansible.builtin.file: + state: directory + path: "{{ vault.path }}" + mode: '0755' + + - name: Extract vault archive + become: "{{ ext_become }}" + ansible.builtin.unarchive: + dest: "{{ vault.path }}" + src: "{{ d_tempdir.path }}/{{ vault.archive }}" + remote_src: true + + - name: Link vault executable + become: "{{ ext_become }}" + ansible.builtin.file: + state: link + src: "{{ vault.path }}/vault" + path: "{{ vault.bin }}" diff --git a/tasks/config/terraform.yml b/tasks/config/terraform.yml index fd573ea..f76c1e6 100644 --- a/tasks/config/terraform.yml +++ b/tasks/config/terraform.yml @@ -4,6 +4,8 @@ method: "{{ pkgconfig.terraform.method[ansible_os_family] | default(pkgconfig.terraform.method.default) }}" - name: Set terraform config + when: + - terraform.method == 'sys' ansible.builtin.set_fact: terraform: method: "{{ terraform.method }}" @@ -15,5 +17,7 @@ ansible.builtin.set_fact: terraform: method: "{{ terraform.method }}" + archive: "terraform_{{ pkgconfig.terraform.version }}_{{ pkgconfig.terraform[sysmap] }}_{{ pkgconfig.terraform[archmap] }}.zip" url: "{{ pkgconfig.terraform.archive.baseurl }}/{{ pkgconfig.terraform.version }}" - file: "terraform_{{ pkgconfig.terraform.version }}_linux_amd64.zip" + path: "{{ path.archive }}/terraform" + bin: "{{ path.bin }}/terraform" diff --git a/tasks/config/vault.yml b/tasks/config/vault.yml index e986501..4362bba 100644 --- a/tasks/config/vault.yml +++ b/tasks/config/vault.yml @@ -1,4 +1,23 @@ -- name: Set vault config +- name: Set vault install method ansible.builtin.set_fact: vault: + method: "{{ pkgconfig.vault.method[ansible_os_family] | default(pkgconfig.vault.method.default) }}" + +- name: Set vault config {{ vault.method }} + when: + - vault.method == 'sys' + ansible.builtin.set_fact: + vault: + method: "{{ vault.method }}" pkgs: "{{ pkgconfig.vault.pkgs[ansible_system] }}" + +- name: Set vault config {{ vault.method }} + when: + - vault.method == 'archive' + ansible.builtin.set_fact: + vault: + method: "{{ vault.method }}" + archive: "vault_{{ pkgconfig.vault.version }}_{{ pkgconfig.vault[ansible_system] }}_{{ pkgconfig.vault[ansible_architecture] }}.zip" + url: "{{ pkgconfig.vault.baseurl }}/{{ pkgconfig.vault.version }}" + path: "{{ path.arhive }}/vault" + bin: "{{ path.bin }}/vault" diff --git a/tasks/pkgs/vault.yml b/tasks/pkgs/vault.yml index c560a95..a5da8fa 100644 --- a/tasks/pkgs/vault.yml +++ b/tasks/pkgs/vault.yml @@ -9,6 +9,8 @@ file: config/vault.yml - name: Append vault + when: + - vault.method == 'sys' block: - name: Append vault to pkg_tap when: @@ -28,6 +30,12 @@ ansible.builtin.set_fact: pkg_sys: "{{ pkg_sys + vault.pkgs }}" - - name: Set vault_configured - ansible.builtin.set_fact: - vault_configured: true + - name: Append vault to pkg_archive + when: + - vault.method == 'archive' + ansible.builtin.set_fact: + pkg_archive: "{{ pkg_archive + ['vault'] }}" + + - name: Set vault_configured + ansible.builtin.set_fact: + vault_configured: true diff --git a/vars/pkgs/terraform.yml b/vars/pkgs/terraform.yml index 1b80f8c..4403413 100644 --- a/vars/pkgs/terraform.yml +++ b/vars/pkgs/terraform.yml @@ -2,11 +2,20 @@ terraform: version: 1.11.2 archive: baseurl: https://releases.hashicorp.com/terraform - method: - default: sys - Alpine: archive + sysmap: + Darwin: darwin + Linux: linux + archmap: + x86_64: amd64 + arm64: arm64 + aarch64: arm64 pkgs: Linux: - terraform Darwin: - hashicorp/tap/terraform + method: + default: sys + Alpine: archive + RedHat: sys + Darwin: sys diff --git a/vars/pkgs/vault.yml b/vars/pkgs/vault.yml index 017a153..c4492b7 100644 --- a/vars/pkgs/vault.yml +++ b/vars/pkgs/vault.yml @@ -1,6 +1,21 @@ vault: + version: 1.19.0 + archive: + baseurl: https://releases.hashicorp.com/vault + sysmap: + Darwin: darwin + Linux: linux + archmap: + x86_64: amd64 + arm64: arm64 + aarch64: arm64 pkgs: Linux: - vault Darwin: - hashicorp/tap/vault + method: + default: sys + Alpine: archive + RedHat: sys + Darwin: sys