Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mazgi/template.containerized-provisioning-project
A template repository for provisioning Cloud :cloud: and Local :computer: powered by Terraform, Ansible, and Docker :whale:
https://github.com/mazgi/template.containerized-provisioning-project
ansible aws azure dockerize gcp template-repository terraform
Last synced: about 1 month ago
JSON representation
A template repository for provisioning Cloud :cloud: and Local :computer: powered by Terraform, Ansible, and Docker :whale:
- Host: GitHub
- URL: https://github.com/mazgi/template.containerized-provisioning-project
- Owner: mazgi
- License: mit
- Created: 2020-10-03T18:18:42.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2023-04-21T09:22:47.000Z (over 1 year ago)
- Last Synced: 2024-10-12T22:34:48.458Z (2 months ago)
- Topics: ansible, aws, azure, dockerize, gcp, template-repository, terraform
- Language: HCL
- Homepage:
- Size: 390 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
# template.containerized-provisioning-project
[](https://github.com/mazgi/template.containerized-provisioning-project/actions/workflows/use-multiple-platforms.yml)
[](https://github.com/mazgi/template.containerized-provisioning-project/actions/workflows/use-one-platform.yml)
This repository is a template for provisioning your Cloud and Local environment using [Terraform](https://www.terraform.io/) and [Ansible](https://www.ansible.com/).
## How to Use
Docker and [Docker Compose](https://docs.docker.com/compose/) are needed. If you want to provision only local environments, that's all.
However, if you want to provision a cloud environment, you need permission that can administer for at least one cloud: [AWS](https://aws.amazon.com/), [Azure](https://azure.microsoft.com/), or [Google Cloud](https://cloud.google.com/).
And you need to set up the repository following steps.
### Step 1. Write out your IDs and credentials in the .env file.
You should write your account IDs and credentials depending on your need, such as AWS, Azure, and Google Cloud, in the `.env` file as follows.
```.env
# UID=1234
# GID=1234
# DOCKER_GID=2345
PROJECT_UNIQUE_ID=my-unique-b78e
_TERRAFORM_BACKEND_TYPE=azurerm
TF_VAR_allowed_ipaddr_list=["203.0.113.0/24"]
#
#
AWS_ACCESS_KEY_ID=AKXXXXXXXX
AWS_ACCOUNT_ID=123456789012
# AWS_DEFAULT_REGION=us-east-1
AWS_SECRET_ACCESS_KEY=AWxxxxxxxx00000000
#
#
#
# AZURE_DEFAULT_LOCATION=centralus
ARM_CLIENT_ID=xxxxxxxx-0000-0000-0000-xxxxxxxxxxxx
ARM_CLIENT_SECRET=********
ARM_SUBSCRIPTION_ID=yyyyyyyy-0000-0000-0000-yyyyyyyyyyyy
ARM_TENANT_ID=zzzzzzzz-0000-0000-0000-zzzzzzzzzzzz
#
#
#
# GCP_DEFAULT_REGION=us-central1
CLOUDSDK_CORE_PROJECT=my-proj-b78e
#
```
:information_source: If you are using Linux, write out UID, GID, and GID for the `docker` group, into the `.env` file to let that as exported on Docker Compose as environment variables.
```console
test $(uname -s) = 'Linux' && {
echo -e "DOCKER_GID=$(getent group docker | cut -d : -f 3)"
echo -e "GID=$(id -g)"
echo -e "UID=$(id -u)"
} >> .env || :
```
:information_source: In addition, if you use Google Cloud, you should place the [key file for Google Cloud Service Account](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) as `config/credentials/google-cloud-keyfile.provisioning-owner.json`.
#### Environment Variable Names
Environment variable names and uses are as follows.
| Name | Required on Linux | Value |
| ---------- | ----------------- | --------------------------------------------------------------------------------------------------------------------------------------- |
| UID | **Yes** | This ID number is used as UID for your Docker user, so this ID becomes the owner of all files and directories created by the container. |
| GID | **Yes** | The same as the above UID. |
| DOCKER_GID | **Yes** | This ID number is used to provide permission to read and write your docker socket on your local machine from your container. |
| Name | Required with Terraform | Value |
| -------------------------- | ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
| PROJECT_UNIQUE_ID | **Yes** | An ID to indicate your environment.
The value is used for the name of the Object Storage bucket or Storage Account for Terraform backend. |
| \_TERRAFORM_BACKEND_TYPE | **Yes** | Acceptable values are `azurerm`, `gcs`, `s3`, and `none`. |
| TF_VAR_allowed_ipaddr_list | no | IP address ranges you want access to your cloud environment. |
AWS
| Name | Required with AWS | Value |
| --------------------- | ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
| AWS_ACCOUNT_ID | **Yes** | A 12-digit AWS Account ID you want to provision.
The S3 bucket is created in this account to store the tfstate file if you choose the S3 backend. |
| AWS_ACCESS_KEY_ID | **Yes** | An AWS Access Key for the IAM user that is used to create the S3 bucket to store tfstate file and apply all in your AWS environment. |
| AWS_SECRET_ACCESS_KEY | **Yes** | |
| AWS_DEFAULT_REGION | no | |
Azure
You are able to generate Azure Service Principal according to the [how-to-create-azure-service-principal.md](docs/how-to-create-azure-service-principal.md).
| Name | Required with Azure | Value |
| ---------------------- | ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| ARM_TENANT_ID | **Yes** | A UUID to indicate Azure Tenant. |
| ARM_SUBSCRIPTION_ID | **Yes** | A UUID to indicate Azure Subscription you want to provision.
The Resource Group, Storage Account, and Blob Container are created in this subscription to store the tfstate file if you choose the AzureRM backend. |
| ARM_CLIENT_ID | **Yes** | |
| ARM_CLIENT_SECRET | **Yes** | |
| AZURE_DEFAULT_LOCATION | no | |
Google Cloud
| Name | Required with Azure | Value |
| --------------------- | ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| CLOUDSDK_CORE_PROJECT | **Yes** | A string Project ID to indicate Google Cloud Project you want to provision, Not Project name or Project number.
The Cloud Storage Bucket is created in this project to store the tfstate file if you choose the GCS backend.
See also https://cloud.google.com/resource-manager/docs/creating-managing-projects |
| GCP_DEFAULT_REGION | no | |
### Step 2. Define your service in the `docker-compose.yml`
You are able to update and define the `provisioning` service to your need in the [`docker-compose.yml`](docker-compose.yml).
```yaml
services:
provisioning:
<<: *provisioning-base
```
Make sure your config.
```console
docker compose config
```
Now, you are able to provision your environment as follows. :tada:
```console
docker compose build
```
```console
docker compose up
```
```console
docker compose exec provisioning terraform apply
```
```console
docker compose down
```
### Step 3. Set secrets for GitHub Actions
The [gh command](https://cli.github.com/) helps set secrets.
```console
gh secret set --app actions --env-file .env
```
```console
cat config/credentials/google-cloud-keyfile.provisioning-owner.json\
| gh secret set GOOGLE_SA_KEY --app=actions
```