first draft commit

argocd/foundation/app-yamls/certmanager-app.yaml

@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "-8"
+  name: certmanager-app
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  source:
+    path: infra/apps/certmanager
+    repoURL: 'https://gitlab.labs.mojaloop.live/iac/argo.git'
+    targetRevision: HEAD
+    plugin:
+      name: argocd-lovely-plugin
+  destination:
+    namespace: certmanager
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        maxDuration: 3m0s
+        factor: 2
+    syncOptions:
+      - CreateNamespace=true
+      - PrunePropagationPolicy=background
+      - PruneLast=true

argocd/foundation/app-yamls/consul-app.yaml

@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "-9"
+  name: consul-app
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  source:
+    path: infra/apps/consul
+    repoURL: 'https://gitlab.labs.mojaloop.live/iac/argo.git'
+    targetRevision: HEAD
+    plugin:
+      name: argocd-lovely-plugin
+  destination:
+    namespace: consul
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        maxDuration: 3m0s
+        factor: 2
+    syncOptions:
+      - CreateNamespace=true
+      - PrunePropagationPolicy=background
+      - PruneLast=true

argocd/foundation/app-yamls/external-dns-app.yaml

@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "-8"
+  name: external-dns-app
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  source:
+    path: infra/apps/external-dns
+    repoURL: 'https://gitlab.labs.mojaloop.live/iac/argo.git'
+    targetRevision: HEAD
+    plugin:
+      name: argocd-lovely-plugin
+  destination:
+    namespace: external-dns
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        maxDuration: 3m0s
+        factor: 2
+    syncOptions:
+      - CreateNamespace=true
+      - PrunePropagationPolicy=background
+      - PruneLast=true

argocd/foundation/app-yamls/ingress-app.yaml

@@ -0,0 +1,33 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "-7"
+  name: ingress-app
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  source:
+    path: infra/apps/ingress
+    repoURL: 'https://gitlab.labs.mojaloop.live/iac/argo.git'
+    targetRevision: HEAD
+  destination:
+    namespace: argocd
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        maxDuration: 3m0s
+        factor: 2
+    syncOptions:
+      - CreateNamespace=true
+      - PrunePropagationPolicy=background
+      - PruneLast=true

argocd/foundation/app-yamls/stateful-services-app.yaml

@@ -0,0 +1,33 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "-4"
+  name: stateful-services-app
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  source:
+    path: infra/apps/stateful-services
+    repoURL: 'https://gitlab.labs.mojaloop.live/iac/argo.git'
+    targetRevision: HEAD
+  destination:
+    namespace: stateful-services
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        maxDuration: 3m0s
+        factor: 2
+    syncOptions:
+      - CreateNamespace=true
+      - PrunePropagationPolicy=background
+      - PruneLast=true

argocd/foundation/app-yamls/storage-app.yaml

@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "-10"
+  name: storage-app
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  source:
+    path: infra/apps/storage
+    repoURL: 'https://gitlab.labs.mojaloop.live/iac/argo.git'
+    targetRevision: HEAD
+    plugin:
+      name: argocd-lovely-plugin
+  destination:
+    namespace: longhorn-system
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        maxDuration: 3m0s
+        factor: 2
+    syncOptions:
+      - CreateNamespace=true
+      - PrunePropagationPolicy=background
+      - PruneLast=true

argocd/foundation/app-yamls/vault-app.yaml

@@ -0,0 +1,33 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "-5"
+  name: vault-app
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  source:
+    path: infra/apps/vault
+    repoURL: 'https://gitlab.labs.mojaloop.live/iac/argo.git'
+    targetRevision: HEAD
+  destination:
+    namespace: vault
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        maxDuration: 3m0s
+        factor: 2
+    syncOptions:
+      - CreateNamespace=true
+      - PrunePropagationPolicy=background
+      - PruneLast=true

terraform/ansible/control-center-deploy/ansible.tf

@@ -0,0 +1,50 @@
+
+resource "local_sensitive_file" "ansible_inventory" {
+  content = templatefile(
+    "${path.module}/templates/inventory.yaml.tmpl",
+    { all_hosts              = merge(var.docker_hosts, var.gitlab_hosts, var.bastion_hosts),
+      gitlab_hosts           = var.gitlab_hosts,
+      docker_hosts           = var.docker_hosts,
+      bastion_hosts          = var.bastion_hosts,
+      bastion_hosts_var_maps = var.bastion_hosts_var_maps,
+      docker_hosts_var_maps  = merge(var.docker_hosts_var_maps, local.jumphostmap),
+      gitlab_hosts_var_maps  = merge(var.gitlab_hosts_var_maps, local.jumphostmap),
+    all_hosts_var_maps = merge(var.all_hosts_var_maps, local.ssh_private_key_file_map)}
+
+  )
+  filename        = "${local.ansible_output_dir}/inventory"
+  file_permission = "0600"
+}
+
+resource "null_resource" "run_ansible" {
+  provisioner "local-exec" {
+    command     = <<-EOT
+          ansible-galaxy collection install ${var.ansible_collection_url},${var.ansible_collection_tag}
+          ansible-playbook mojaloop.iac.control_center_deploy -i ${local_sensitive_file.ansible_inventory.filename}
+    EOT
+    working_dir = path.module
+  }
+  triggers = {
+    inventory_file_sha_hex = local_sensitive_file.ansible_inventory.id
+    ansible_collection_tag = var.ansible_collection_tag
+  }
+  depends_on = [
+    local_sensitive_file.ansible_inventory
+  ]
+}
+
+resource "local_sensitive_file" "ec2_ssh_key" {
+  content         = var.ansible_bastion_key
+  filename        = "${local.ansible_output_dir}/sshkey"
+  file_permission = "0600"
+}
+
+locals {
+  jumphostmap = {
+    ansible_ssh_common_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ProxyCommand=\"ssh -W %h:%p -i ${local_sensitive_file.ec2_ssh_key.filename} -o StrictHostKeyChecking=no -q ${var.ansible_bastion_os_username}@${var.ansible_bastion_public_ip}\""
+  }
+  ansible_output_dir = "${var.ansible_base_output_dir}/control-center-deploy"
+  ssh_private_key_file_map = {
+    ansible_ssh_private_key_file = local_sensitive_file.ec2_ssh_key.filename
+  }
+}

terraform/ansible/control-center-deploy/templates/inventory.yaml.tmpl

@@ -0,0 +1,40 @@
+all: 
+  hosts: 
+    %{~ for name, ip in all_hosts ~}
+    ${name}:
+      ansible_host: ${ip}
+    %{~ endfor ~}
+  vars:
+    %{~ for varmapkey, varmapval in all_hosts_var_maps ~}
+    ${varmapkey}: '${varmapval}'
+    %{~ endfor ~}
+gitlab: 
+  hosts: 
+    %{~ for name, ip in gitlab_hosts ~}
+    ${name}:
+      ansible_host: ${ip}
+    %{~ endfor ~}
+  vars:
+    %{~ for varmapkey, varmapval in gitlab_hosts_var_maps ~}
+    ${varmapkey}: '${varmapval}'
+    %{~ endfor ~}
+docker: 
+  hosts: 
+    %{~ for name, ip in docker_hosts ~}
+    ${name}:
+      ansible_host: ${ip}
+    %{~ endfor ~}
+  vars:
+    %{~ for varmapkey, varmapval in docker_hosts_var_maps ~}
+    ${varmapkey}: '${varmapval}'
+    %{~ endfor ~}
+bastion: 
+  hosts: 
+    %{~ for name, ip in bastion_hosts ~}
+    ${name}:
+      ansible_host: ${ip}
+    %{~ endfor ~}
+  vars:
+    %{~ for varmapkey, varmapval in bastion_hosts_var_maps ~}
+    ${varmapkey}: '${varmapval}'
+    %{~ endfor ~}

terraform/ansible/control-center-deploy/variables.tf

@@ -0,0 +1,55 @@
+variable "ansible_collection_url" {
+  default = "git+https://github.com/mojaloop/iac-ansible-collection-roles.git#/mojaloop/iac"
+}
+
+variable "ansible_collection_tag" {
+  default = "main"
+}
+
+variable "ansible_bastion_key" {
+  description = "ssh key for bastion host"
+  sensitive = true
+}
+
+variable "ansible_bastion_public_ip" {
+  description = "ip for bastion host"
+}
+
+variable "ansible_bastion_os_username" {
+  description = "username for bastion host"
+}
+
+variable "ansible_base_output_dir" {
+  description = "where to read/write ansible inv/etc"
+  default = "/iac-run-dir/output"
+}
+variable "gitlab_hosts" {
+  type = map
+  description = "map of hosts to run gitlab server"
+}
+variable "docker_hosts" {
+  type = map
+  description = "map of hosts to run docker server"
+}
+variable "bastion_hosts" {
+  type = map
+  description = "map of hosts to run bastion and netclient"
+}
+
+variable "bastion_hosts_var_maps" {
+  type = map
+  description = "var map for bastion hosts"
+}
+
+variable "docker_hosts_var_maps" {
+  type = map
+  description = "var map for docker hosts"
+}
+variable "gitlab_hosts_var_maps" {
+  type = map
+  description = "var map for gitlab hosts"
+}
+variable "all_hosts_var_maps" {
+  type = map
+  description = "var map for all hosts"
+}