server.garden privileged automation agent

main.tf 1.5KB

    variable "ssh_private_key_filepath" { type = string } variable "domain_name" { type = string } variable "ingress_host_list" { type = list(object({ ipv4 = string ipv6 = string arch = string username = string known_hosts_file_name = string })) } resource "null_resource" "ansible_playbook" { count = length(var.ingress_host_list) // things that trigger this playbook to run: // - when the ingress host changes // ( known_hosts_file_name is the name of the known-hosts file in object storage, // which is unique to the cloud instance ) // - when the domain name changes triggers = { id = var.ingress_host_list[count.index].known_hosts_file_name domain = var.domain_name } // now that the servers in the ingress_host_list have had thier host keys added to known_hosts, // we can proceed with runnning ansible (ssh to the server and install things). // the ansible-playbook-wrapper as well as the ansible config & roles folder will be linked into this directory // from ${path.root}/ansible-wrapper/ // by TerraformPlanAndApply in terraformActions.go before terraform apply is run. provisioner "local-exec" { command = "./ansible-playbook-wrapper --private-key '${var.ssh_private_key_filepath}' -i '${var.ingress_host_list[count.index].ipv4},' -u ${var.ingress_host_list[count.index].username} -e 'domain=${var.domain_name} arch=${var.ingress_host_list[count.index].arch}' playbook.yml" working_dir = path.module } }