Use Ansible Terraform module directly

Author: m-bull

roles/image_build_infra/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 
 image_build_terraform_project_path: "{{ playbook_dir }}/terraform-caas-image-build"
-image_build_cluster_id: "caas-image-build"
+image_build_cluster_name: "caas-image-build"
 
 # Regex to capture existing cloud image names to use as the
 # OpenHPC Slurm base-image

roles/image_build_infra/tasks/main.yml

@@ -1,23 +1,45 @@
 ---
-- name: Get path to the image-buid Terraform templates directory
-  set_fact:
-    image_build_terraform_template_dir: "{{ role_path }}/templates"
-
-- name: Run cluster_infra role with image-build terraform template
+- name: Install Terraform binary
   include_role:
-    name: cluster_infra
-    public: true
-  vars:
-    cluster_id: "{{ image_build_cluster_id }}"
-    cluster_name: "{{ image_build_cluster_id }}"
-    cluster_terraform_template_dir: "{{ image_build_terraform_template_dir }}"
-    terraform_project_path: "{{ image_build_terraform_project_path }}"
+    name: stackhpc.terraform.install
+
+- name: Make Terraform project directory
+  file:
+    path: "{{ image_build_terraform_project_path }}"
+    state: directory
+
+- name: Write backend configuration
+  copy:
+    content: |
+      terraform {
+        backend "{{ terraform_backend_type }}" { }
+      }
+    dest: "{{ image_build_terraform_project_path }}/backend.tf"
+
+- name: Template Terraform files into project directory
+  template:
+    src: "{{ item }}.j2"
+    dest: "{{ image_build_terraform_project_path }}/{{ item }}"
+  loop:
+    - outputs.tf
+    - providers.tf
+    - resources.tf
+
+- name: Provision infrastructure using Terraform
+  terraform:
+    binary_path: "{{ terraform_binary_path or omit }}"
+    project_path: "{{ image_build_terraform_project_path }}"
+    state: "{{ terraform_state }}"
+    backend_config: "{{ terraform_backend_config }}"
+    force_init: yes
+    init_reconfigure: yes
+    variables: "{{ image_build_terraform_variables | default(omit) }}"
+  register: image_build_terraform_provision
 
 - name: Set image build infrastructure facts
   set_fact:
-    image_build_network_id: "{{ terraform_provision.outputs.network_id.value }}"
-    image_build_floating_ip_network: "{{ terraform_provision.outputs.floating_ip_network_id.value }}"
-    image_build_source_image_id: "{{ terraform_provision.outputs.source_image_name.value.ids | first }}"
-    image_build_security_group_id: "{{ terraform_provision.outputs.security_group_id.value }}"
+    image_build_network_id: "{{ image_build_terraform_provision.outputs.network_id.value }}"
+    image_build_floating_ip_network: "{{ image_build_terraform_provision.outputs.floating_ip_network_id.value }}"
+    image_build_source_image_id: "{{ image_build_terraform_provision.outputs.source_image_name.value }}"
+    image_build_security_group_id: "{{ image_build_terraform_provision.outputs.security_group_id.value }}"
   when: cluster_state is not defined or (cluster_state is defined and cluster_state != "absent")
-

roles/image_build_infra/templates/outputs.tf.j2

@@ -5,7 +5,11 @@ output "network_id" {
 
 output "source_image_name" {
   description = "The id of the image used to build the cluster nodes"
-  value       = data.openstack_images_image_ids_v2.image_build_source_image
+  {% if image_build_source_image_id is defined %}
+  value       = "{{ image_build_source_image_id }}"
+  {% else %}
+  value       = data.openstack_images_image_ids_v2.image_build_source_image.ids[0]
+  {% endif %}
 }
 
 output "floating_ip_network_id" {
@@ -15,22 +19,9 @@ output "floating_ip_network_id" {
 
 output "security_group_id" {
   description = "Security group ID to associate with the builder instance"
+  {% if image_build_security_group_id is defined %}
+  value = "{{ image_build_security_group_id }}"
+  {% else %}
   value = openstack_networking_secgroup_v2.caas_image_build_secgroup.id
-}
-
-# Empty values to keep ansible-collection-terraform happy
-output "cluster_nodes" {
-  value = []
-}
-
-output "cluster_gateway_ip" {
-  value = ""
-}
-
-output "cluster_ssh_private_key" {
-  # No need to create a keypair in Terraform, because we use
-  # ephemeral keys generated by Packer, or a specific user
-  # supplied one from image_build_ssh_keypair_name and
-  # image_build_ssh_private_key_file.
-  value = ""
+  {% endif %}
 }

roles/image_build_infra/templates/resources.tf.j2

@@ -8,15 +8,16 @@ data "openstack_networking_network_v2" "caas_image_build_external_network" {
   external = true
 }
 
+{% if image_build_network_id is not defined %}
 {% if image_build_network_name is not defined %}
 # Create a network
 resource "openstack_networking_network_v2" "caas_image_build_network" {
-  name           = "{{ image_build_cluster_id }}"
+  name           = "{{ image_build_cluster_name }}"
   admin_state_up = "true"
 }
 
 resource "openstack_networking_subnet_v2" "caas_image_build_subnet" {
-  name       = "{{ image_build_cluster_id }}"
+  name       = "{{ image_build_cluster_name }}"
   network_id = "${openstack_networking_network_v2.caas_image_build_network.id}"
   cidr       = "192.168.244.0/24"
   {% if image_build_nameservers is defined %}
@@ -30,7 +31,7 @@ resource "openstack_networking_subnet_v2" "caas_image_build_subnet" {
 }
 
 resource "openstack_networking_router_v2" "caas_image_build_router" {
-  name                = "{{ image_build_cluster_id }}"
+  name                = "{{ image_build_cluster_name }}"
   admin_state_up      = true
   external_network_id = "${data.openstack_networking_network_v2.caas_image_build_external_network.id}"
 }
@@ -40,17 +41,21 @@ resource "openstack_networking_router_interface_v2" "caas_image_build_router_int
   subnet_id = "${openstack_networking_subnet_v2.caas_image_build_subnet.id}"
 }
 {% endif %}
+{% endif %}
 
 # Get existing network resource data by name, from either the created
 # network or the network name if supplied
 data "openstack_networking_network_v2" "caas_image_build_network" {
-  {% if image_build_network_name is not defined %}
-  network_id = "${openstack_networking_network_v2.caas_image_build_network.id}"
-  {% else %}
+  {% if image_build_network_id is defined %}
+  network_id = "{{ image_build_network_id }}"
+  {% elif image_build_network_name is defined %}
   name = "{{ image_build_network_name }}"
+  {% else %}
+  network_id = "${openstack_networking_network_v2.caas_image_build_network.id}"  
   {% endif %}
 }
 
+{% if image_build_source_image_id is not defined %}
 ######
 ###### Image build base image
 ######
@@ -59,14 +64,16 @@ data "openstack_images_image_ids_v2" "image_build_source_image" {
   name_regex = "{{ image_build_existing_image_regex }}"
   sort       = "{{ image_build_existing_image_sort_attributes }}"
 }
+{% endif %}
 
+{% if image_build_security_group_id is not defined %}
 ######
 ###### Image build security groups
 ######
 
 # Security group to hold specific rules for the image build instance
 resource "openstack_networking_secgroup_v2" "caas_image_build_secgroup" {
-  name                 = "{{ image_build_cluster_id }}"
+  name                 = "{{ image_build_cluster_name }}"
   description          = "Specific rules for caas image build"
   delete_default_rules = true   # Fully manage with terraform
 }
@@ -87,3 +94,4 @@ resource "openstack_networking_secgroup_rule_v2" "caas_image_build_secgroup_ingr
   port_range_max    = 22
   security_group_id = "${openstack_networking_secgroup_v2.caas_image_build_secgroup.id}"
 }
+{% endif %}