Automatic variable resolution

As a result of combining the Terraform and Ansible, certain configuration (e.g. passwords, endpoints, secrets) is required by both Terraform and Ansible. There also exists configuration for Ansible that is a result of Terraform operations. To prevent hard coding configuration, and thus running the risk of using outdated credentials, logic is added to manage sharing configuration between Terraform and Ansible.

When creating a new solution, we first run an Ansible playbook which creates some required configuration for Terraform. With that configuration being set, we can now run Terraform commands (e.g. terraform apply). During the Terraform runs, a (local) file is generated in ansible/terraform_vars.yml which contains the result of certain Terraform operations. Ansible uses this file to provision the cluster. By default, GET adds a number of Ansible vars (e.g. internal_lb_host, postgres_host etc.) but you also have to option to add solution specific vars. To do this, you can use the ansible_vars variable:

# terraform/environment.tf

module "gitlab_cluster" {
  source = "git.glhd.nl/glh/gitlab-environment-toolkit/aws"
  version = "3.0.0"

  prefix = var.prefix

  # Additional variables ...

  ansible_vars = {
    solution_specific_endpoint = aws_vpc_endpoint.solution_specific_resource.dns_name,
    solution_specific_service  = "result of some resource",
  }
}

The resulting ansible/terraform_vars.yml file will look something like this:

# ansible/terraform_vars.yml
all:
  vars:
    internal_lb_host: "https://internal_lb_host"
    postgres_host: "https://postgres_host"
    solution_specific_endpoint: "https://dns_name"
    solution_specific_service: "result of some resource"