mirror of
https://github.com/Dannecron/netology-devops-gw-infra.git
synced 2025-12-25 15:22:36 +03:00
62 lines
2.7 KiB
YAML
62 lines
2.7 KiB
YAML
---
|
|
- name: Initialize terraform configuration
|
|
hosts: all
|
|
gather_facts: false
|
|
tasks:
|
|
- name: YC - receive user access token
|
|
ansible.builtin.command:
|
|
cmd: yc iam create-token
|
|
register: create_token_result
|
|
- name: YC - get token from result
|
|
set_fact:
|
|
terraform_yandex_cloud_token={{ create_token_result.stdout }}
|
|
- name: YC - create service account
|
|
ansible.builtin.command:
|
|
cmd: yc iam service-account create --name={{ terraform_service_account }} --format=json
|
|
register: service_account_create_result
|
|
failed_when:
|
|
- service_account_create_result.rc != 0
|
|
- "'AlreadyExists' not in service_account_create_result.stderr"
|
|
- name: YC - assign role to service account
|
|
ansible.builtin.command:
|
|
cmd: >-
|
|
yc resource-manager folder add-access-binding --name=default --role=editor
|
|
--subject=serviceAccount:{{ service_account_create_result.stdout|from_json|json_query('id') }}
|
|
when: service_account_create_result.rc == 0
|
|
|
|
- name: YC - receive service account yc access key
|
|
ansible.builtin.command:
|
|
cmd: yc iam access-key create --service-account-name={{ terraform_service_account }} --format=json
|
|
register: service_account_access_key_result
|
|
- name: YC - get key id and secret from result
|
|
set_fact:
|
|
service_account_key_id={{ service_account_access_key_result.stdout|from_json|json_query('access_key.key_id') }}
|
|
service_account_secret={{ service_account_access_key_result.stdout|from_json|json_query('secret') }}
|
|
- name: YC - create bucket
|
|
ansible.builtin.command:
|
|
cmd: yc storage bucket create --name={{ terraform_yandex_bucket_name }}
|
|
register: bucket_create_result
|
|
failed_when:
|
|
- bucket_create_result.rc != 0
|
|
- "'AlreadyExists' not in bucket_create_result.stderr"
|
|
- name: Terraform - Create variables.tf
|
|
ansible.builtin.template:
|
|
src: "templates/variables.tf.j2"
|
|
dest: "terraform/variables.tf"
|
|
- name: Terraform - init
|
|
ansible.builtin.command:
|
|
chdir: ./terraform
|
|
cmd: >-
|
|
terraform init
|
|
-backend-config="bucket={{ terraform_yandex_bucket_name }}"
|
|
-backend-config="access_key={{ service_account_key_id }}"
|
|
-backend-config="secret_key={{ service_account_secret }}"
|
|
- name: Terraform - create workspace
|
|
ansible.builtin.command:
|
|
chdir: ./terraform
|
|
cmd: terraform workspace new prod
|
|
register: terraform_new_workspace_result
|
|
failed_when:
|
|
- terraform_new_workspace_result.rc != 0
|
|
- "'already exists' not in terraform_new_workspace_result.stderr"
|