[stage-1] complete pre-configuration and terraform init

.gitignore

@@ -0,0 +1 @@
+/.idea

ansible/terraform_init/group_vars/all/secret.yml

@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+36343935353830376566656233623732376238336436613039613730313430353134376265623562
+3364636162316638643764643437323062366238353339340a646137316433336665613739366263
+34643031356235343332316364613138386661653436336137633765383934343439343763626465
+3861613165663234640a633030323235333532323166646266633561626433306637613631623637
+32656636656436346230623234633566386334646637643234366666643563633966633536353032
+38663430646138343034376162656532363365363163373130356431623735616564636561306536
+61636539343864313665356565313263616632333834326365303061653834326362333135323235
+34353239363639613332316638353137626362323530363039313332613530343935636366373161
+65396635613566656366363263373635633465366438383836346233333135373831

ansible/terraform_init/group_vars/all/vars.yml

@@ -0,0 +1,3 @@
+---
+terraform_service_account: terraform-acc
+terraform_yandex_bucket_name: dnc-netology-tf-state

ansible/terraform_init/inventory

@@ -0,0 +1,2 @@
+[server]
+localhost   ansible_connection=local

readme.md

@@ -1 +1,3 @@
-# netology-devops-gw-infra
+## Дипломная работа
+
+Репозиторий содержит конфигурацию terraform для поднятия инфраструктуры для выполнения [дипломной работы](https://github.com/Dannecron/netology-devops/blob/main/src/graduate_work/readme.md).

templates/variables.tf.j2

@@ -0,0 +1,15 @@
+variable "yandex_cloud_id" {
+  default = "{{ terraform_yandex_cloud_id }}"
+}
+
+variable "yandex_folder_id" {
+  default = "{{ terraform_yandex_folder_id }}"
+}
+
+variable "yandex_cloud_token" {
+  default = "{{ terraform_yandex_cloud_token }}"
+}
+
+variable "yandex_bucket_name" {
+  default = "{{ terraform_yandex_bucket_name }}"
+}

terraform/.gitignore

@@ -0,0 +1,38 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.terraform.lock.hcl
+
+variables.tf

terraform/provider.tf

@@ -0,0 +1,28 @@
+terraform {
+  required_providers {
+    yandex = {
+      source = "yandex-cloud/yandex"
+    }
+  }
+  required_version = ">= 0.13"
+
+
+  backend "s3" {
+    endpoint   = "storage.yandexcloud.net"
+    bucket     = "bucket"
+    region     = "ru-central1"
+    key        = "tf/state.tfstate"
+    access_key = "access_key"
+    secret_key = "secret_key"
+
+    skip_region_validation      = true
+    skip_credentials_validation = true
+  }
+}
+
+provider "yandex" {
+  token     = var.yandex_cloud_token
+  cloud_id  = var.yandex_cloud_id
+  folder_id = var.yandex_folder_id
+  zone      = "ru-central1-a"
+}

terraform_init.yml

@@ -0,0 +1,61 @@
+---
+- name: Initialize terraform configuration
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: YC - receive user access token
+      ansible.builtin.command:
+        cmd: yc iam create-token
+      register: create_token_result
+    - name: YC - get token from result
+      set_fact:
+        terraform_yandex_cloud_token={{ create_token_result.stdout }}
+    - name: YC - create service account
+      ansible.builtin.command:
+        cmd: yc iam service-account create --name={{ terraform_service_account }} --format=json
+      register: service_account_create_result
+      failed_when:
+        - service_account_create_result.rc != 0
+        - "'AlreadyExists' not in service_account_create_result.stderr"
+    - name: YC - assign role to service account
+      ansible.builtin.command:
+        cmd: >-
+          yc resource-manager folder add-access-binding --name=default --role=editor
+            --subject=serviceAccount:{{ service_account_create_result.stdout|from_json|json_query('id') }}
+      when: service_account_create_result.rc == 0
+
+    - name: YC - receive service account yc access key
+      ansible.builtin.command:
+        cmd: yc iam access-key create --service-account-name={{ terraform_service_account }} --format=json
+      register: service_account_access_key_result
+    - name: YC - get key id and secret from result
+      set_fact:
+        service_account_key_id={{ service_account_access_key_result.stdout|from_json|json_query('access_key.key_id') }}
+        service_account_secret={{ service_account_access_key_result.stdout|from_json|json_query('secret') }}
+    - name: YC - create bucket
+      ansible.builtin.command:
+        cmd: yc storage bucket create --name={{ terraform_yandex_bucket_name }}
+      register: bucket_create_result
+      failed_when:
+        - bucket_create_result.rc != 0
+        - "'AlreadyExists' not in bucket_create_result.stderr"
+    - name: Terraform - Create variables.tf
+      ansible.builtin.template:
+        src: "templates/variables.tf.j2"
+        dest: "terraform/variables.tf"
+    - name: Terraform - init
+      ansible.builtin.command:
+        chdir: ./terraform
+        cmd: >-
+          terraform init
+            -backend-config="bucket={{ terraform_yandex_bucket_name }}"
+            -backend-config="access_key={{ service_account_key_id }}"
+            -backend-config="secret_key={{ service_account_secret }}"
+    - name: Terraform - create workspace
+      ansible.builtin.command:
+        chdir: ./terraform
+        cmd: terraform workspace new prod
+      register: terraform_new_workspace_result
+      failed_when:
+        - terraform_new_workspace_result.rc != 0
+        - "'already exists' not in terraform_new_workspace_result.stderr"