Add a variable to separate deployments by environment

chatops_deployment/ansible/roles/elastic/tasks/elasticsearch.yml

@@ -60,7 +60,7 @@
 - name: Copy certificate and key
   become: true
   ansible.builtin.copy:
-    src: "./SSL/elasticsearch.{{ item }}"
+    src: "./{{ env }}_ssl/elasticsearch.{{ item }}"
     dest: "/etc/elasticsearch/certs/elasticsearch.{{ item }}"
     owner: root
     group: elasticsearch

chatops_deployment/ansible/roles/terraform/tasks/deploy.yml

@@ -15,13 +15,13 @@
   block:
     # We can ignore this warning as this command doesn't change anything when it runs.
     - name: Check Bastion public key is valid # noqa: no-changed-when
-      ansible.builtin.command: "ssh-keygen -l -f '../terraform/bastion-key.pub'"
+      ansible.builtin.command: "ssh-keygen -l -f '../terraform/{{ env }}-bastion-key.pub'"
       ignore_errors: true
       register: terraform_public_key_state
 
     # We can ignore this warning as this command doesn't change anything when it runs.
     - name: Check Bastion private key is valid # noqa: no-changed-when
-      ansible.builtin.command: "ssh-keygen -l -f '../ansible/bastion-key'"
+      ansible.builtin.command: "ssh-keygen -l -f '../ansible/{{ env }}-bastion-key'"
       ignore_errors: true
       register: terraform_private_key_state
 
@@ -30,7 +30,7 @@
       block:
         - name: Generate key
           community.crypto.openssh_keypair:
-            path: /tmp/bastion-key
+            path: "/tmp/{{ env }}-bastion-key"
             force: true
             passphrase: "{{ bastion_key_passphrase }}"
             size: 4096
@@ -41,16 +41,16 @@
 
         - name: Move private key
           ansible.builtin.copy:
-            src: /tmp/bastion-key
-            dest: "./bastion-key"
+            src: "/tmp/{{ env }}-bastion-key"
+            dest: "./{{ env }}-bastion-key"
             owner: "{{ ansible_env.USER }}"
             group: "{{ ansible_env.USER }}"
             mode: "0700"
 
         - name: Move public key
           ansible.builtin.copy:
-            src: /tmp/bastion-key.pub
-            dest: "../terraform/bastion-key.pub"
+            src: "/tmp/{{ env }}-bastion-key.pub"
+            dest: "../terraform/{{ env }}-bastion-key.pub"
             owner: "{{ ansible_env.USER }}"
             group: "{{ ansible_env.USER }}"
             mode: "0774"
@@ -60,8 +60,8 @@
             path: "{{ item }}"
             state: absent
           loop:
-            - /tmp/bastion-key
-            - /tmp/bastion-key.pub
+            - "/tmp/{{ env }}-bastion-key"
+            - "/tmp/{{ env }}-bastion-key.pub"
 
 - name: Install Terraform
   community.general.snap:
@@ -81,6 +81,7 @@
     project_path: "../terraform"
     state: present
     force_init: true
+    workspace: "{{ env }}"
   register: terraform_output
 
 - name: Write ansible inventory file from Terraform outputs

chatops_deployment/ansible/roles/terraform/tasks/destroy.yml

@@ -1,7 +1,7 @@
 ---
 - name: Create / check the bastion public key file exists
   ansible.builtin.file:
-    path: "../terraform/bastion-key.pub"
+    path: "../terraform/{{ env }}-bastion-key.pub"
     state: touch
     owner: "{{ ansible_env.USER }}"
     group: "{{ ansible_env.USER }}"
@@ -12,6 +12,7 @@
     project_path: "../terraform"
     state: absent
     complex_vars: true
+    workspace: "{{ env }}"
     variables:
       deployment: "{{ terraform_deployment }}"
       external_network_id: "{{ terraform_external_network_id }}"
@@ -26,10 +27,10 @@
 
     - name: Remove private key file
       ansible.builtin.file:
-        path: bastion-key
+        path: "{{ env }}-bastion-key"
         state: absent
 
     - name: Remove public key file
       ansible.builtin.file:
-        path: "../terraform/bastion-key.pub"
+        path: "../terraform/{{ env }}-bastion-key.pub"
         state: absent

chatops_deployment/terraform/main.tf

@@ -27,4 +27,5 @@ module "compute" {
   floating_ip           = var.floating_ip
   deployment            = var.deployment
   stack_volume_id = var.stack_volume_id
+  environment = var.environment
 }

chatops_deployment/terraform/modules/compute/main.tf

@@ -14,7 +14,7 @@ provider "openstack" {
 
 resource "openstack_compute_keypair_v2" "bastion_keypair" {
   name       = "bastion-keypair-${var.deployment}"
-  public_key = file("bastion-key.pub")
+  public_key = file("${var.environment}-bastion-key.pub")
 }
 
 resource "openstack_compute_instance_v2" "stack" {

chatops_deployment/terraform/modules/compute/variables.tf

@@ -3,4 +3,5 @@ variable "private_network" {}
 variable "floating_ip" {}
 variable "private_subnet" {}
 variable "stack_volume_id" {}
+variable "environment" {}
 variable "stack_secgroup" {}

chatops_deployment/terraform/variables.tf

@@ -17,3 +17,8 @@ variable "stack_volume_id" {
   type        = string
   description = "ID of the ChatOps Stack volume in your project."
 }
+
+variable "environment" {
+  type = string
+  description = "The environment being deployed into. E.g. dev, staging, prod"
+}