cloudera-labs · wmudge · Oct 5, 2023 · Oct 2, 2023
diff --git a/roles/provision/README.md b/roles/provision/README.md
@@ -0,0 +1,65 @@
+# Provision
+
+A role that provisions Cloudera-specific inventory.
+
+The role requires the following two files that are locatable by the enclosing play:
+
+* *hostvars.j2* - a Jinja macro that outputs a host's variables in a static inventory file
+* *instance_vars.j2* - a Jinja macro that outputs an instance's metadata, i.e. tags, in the provider
+
+These two Jinja macros _expect variables on the host_ which are assigned via the `add_host` call
+within the role. To set these variables, use the `module_defaults` assignment within the enclosing
+play of the role.
+
+## Examples
+
+### module_defaults
+
+The `node` variable is in scope of the `add_host` module and contains the output of the Terraform
+node provisioning configuration.
+
+```yaml
+- name: Provision resources
+  hosts: localhost
+  connection: local
+  gather_facts: no
+  module_defaults:
+    ansible.builtin.add_host:
+      groups: "{{ node.groups | default(omit) }}"
+      host_template: "{{ node.metadata.host_template | default(omit) }}"
+      storage_volumes: "{{ node.storage_volumes | default([]) }}"
+      tls: "{{ node.metadata.tls | default(omit) }}"
+  tasks: ...
+```
+
+### hostvars.j2
+
+```jinja
+{# Collect and output individual host variables #}
+{% macro host_variables(host) %}
+{% set fields = [] %}
+{% set _ = fields.append("ansible_user=" + host['ansible_user']) if 'ansible_user' in host %}
+{% set _ = fields.append("host_template=" + host['host_template']) if 'host_template' in host %}
+{% set _ = fields.append("label=" + host['label']) if 'label' in host %}
+{% set _ = fields.append("tls=" + host['tls'] | string) if 'tls' in host %}
+{{ host['inventory_hostname'] }} {{ fields | join(' ') }}
+{%- endmacro %}
+```
+
+### instance_vars.j2
+
+```jinja
+{# Define the metadata tags for the individual Openstack instances #}
+{# Output should be TF map _entries_, not a map itself #}
+
+{% macro instance_tags(host) %}
+{% set tags = {} %}
+{% set _ = tags.update({ 'ansible_user': host.ansible_user }) if host.ansible_user is defined %}
+{% set _ = tags.update({ 'host_template': host.host_template }) if host.host_template is defined %}
+{% set _ = tags.update({ 'groups': host.groups | join(', ') }) if host.groups is defined %}
+{% set _ = tags.update({ 'tls': host.tls | string }) if host.tls is defined %}
+{% for k, v in tags.items() %}
+            {{ k }} = "{{ v }}"{{ "," if not loop.last else "" }}
+{% endfor %}
+{%- endmacro %}
+```
diff --git a/roles/provision/defaults/main.yml b/roles/provision/defaults/main.yml
@@ -0,0 +1,31 @@
+---
+provision_state: present # absent
+provision_provider: aws # aws, etc.
+provision_directory: tf_deployment
+
+provision_inventory_file: "{{ undef(hint='Static inventory file') }}" # inventory_static.ini
+
+# provision_terraform_parallelism: 
+provision_state_storage: local # remote_s3
+# provision_remote_storage_s3_region:
+# provision_remote_storage_s3_bucket:
+provision_create_remote_storage: False
+
+provision_name_prefix: "{{ undef(hint='Deployment name prefix') }}"
+provision_domain_suffix: "{{ undef(hint='DNS domain suffix') }}"
+provision_ssh_keypair_label: "{{ undef(hint='SSH keypair label') }}"
+provision_ssh_keypair_public_key: "{{ undef(hint='SSH keypair public key text') }}"
+provision_owner_email: "{{ undef(hint='Resource owner email') }}"
+provision_tags: {}
+
+provision_aws_ec2_region: "{{ undef(hint='AWS EC2 region') }}"
+#provision_aws_ec2_default_ami_filters: "{{ undef(hint='AWS EC2 filters for default AMI') }}"
+#provision_aws_ec2_default_ami_owners: "{{ undef(hint='AWS EC2 AMI owner filter') }}"
+#provision_aws_ec2_vpc_name:
+provision_aws_ec2_vpc_enable_dns_support: true
+provision_aws_ec2_vpc_enable_dns_hostnames: true
+#provision_aws_ec2_public_subnets:
+#provision_aws_ec2_private_subnets:
+
+#provision_default_instance_user: 
+provision_instances: "{{ undef(hint='Instance definitions') }}"
diff --git a/roles/provision/files/aws/keypair.tf b/roles/provision/files/aws/keypair.tf
@@ -0,0 +1,31 @@
+variable "ssh_keypair_name" {
+  type = string
+  description = "AWS SSH key pair name"
+  validation {
+    condition     = length(var.ssh_keypair_name) > 4
+    error_message = "The SSH key pair name must be greater than 4 characters."
+  }
+}
+
+variable "ssh_keypair_public_key_text" {
+  type = string
+  description = "AWS SSH key pair public key text"
+  validation {
+    condition     = length(var.ssh_keypair_public_key_text) > 0
+    error_message = "The SSH key pair public key text must not be empty."
+  }
+}
+
+resource "aws_key_pair" "deployment_keypair" {
+  key_name   = var.ssh_keypair_name
+  public_key = var.ssh_keypair_public_key_text
+}
+
+output "ssh_keypair" {
+  value = {
+    name = aws_key_pair.deployment_keypair.key_name
+    public_key = var.ssh_keypair_public_key_text
+    fingerprint = aws_key_pair.deployment_keypair.fingerprint
+  }
+  description = "Deployment SSH keypair"
+}