-
-
Save kesor/21f942be0350559b44f7ad1f9d846e7c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
. $(dirname $0)/version.sh | |
# version.sh has this defined - | |
# TERRAFORM_VERSION=0.7.3 | |
fatal() { echo "ERROR: $1" 1>&2; exit 1; } | |
usage() { | |
echo "Create a docker image for building AMIs using Packer" | |
echo "Usage:" | |
echo " $(basename $0) build - create a docker image with packer" | |
echo " $(basename $0) run - use terraform inside the docker image" | |
} | |
download() { | |
download='fatal No downloader found for ' | |
[ -n $(which wget>/dev/null 2>&1) ] && download="wget -nv --show-progess -c" | |
[ -n $(which curl>/dev/null 2>&1) ] && download="curl -#LO" | |
echo Downloading $@ ... | |
$download $@ | |
} | |
custom_build_steps() { | |
[ ! -f terraform_${TERRAFORM_VERSION}_linux_amd64.zip ] && { | |
download "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" | |
download "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS" | |
} | |
sed -i.bak -n -e '/^.*_linux_amd64.zip$/p' terraform_${TERRAFORM_VERSION}_SHA256SUMS | |
sha256sum -c --status terraform_${TERRAFORM_VERSION}_SHA256SUMS || fatal "terraform zip file checksum mistmatch" | |
mkdir -p terraform | |
cd terraform | |
unzip -qu ../terraform_${TERRAFORM_VERSION}_linux_amd64.zip | |
cd .. | |
} | |
case $1 in | |
build) | |
custom_build_steps | |
docker build -t ${DOCKER_IMAGE_NAME} . || fatal "Docker build failed" | |
;; | |
run) | |
shift; # remove 'run' from arg list | |
docker run -ti --rm ${DOCKER_IMAGE_NAME} $@ || fatal "Terraform failed" | |
;; | |
*) | |
usage | |
exit 1 | |
esac |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
. $(dirname $0)/version.sh | |
# DOCKER_IMAGE_NAME is defined in version.sh | |
export DOCKER_IMAGE_NAME | |
export EXTERNAL_IP=$(docker-machine ip) | |
exec docker-compose $@ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "2" | |
services: | |
terraform: | |
build: . | |
# from ./version.sh via ./compose.sh | |
image: ${DOCKER_IMAGE_NAME} | |
command: apply | |
# environment: | |
# - "TF_LOG=DEBUG" | |
dns: | |
# for some reason docker internal dns often fails | |
- 8.8.8.8 | |
- 8.8.4.4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM alpine:3.4 | |
# ca-certificates required to use AWS APIs | |
RUN apk --no-cache add py-pip ca-certificates curl openjdk8-jre-base jq \ | |
&& pip install -U pip \ | |
&& pip install -U awscli | |
# "make terraform work" trick from http://stackoverflow.com/a/35613430 | |
# assume MUSL-libc is compatible "enough" with Glibc for Terraform needs | |
RUN mkdir -p /lib64 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2 | |
# terraform is downloaded by ./build.sh | |
COPY . /opt/terraform | |
COPY terraform/ /usr/local/bin/ | |
WORKDIR /opt/terraform | |
# for a build to succeed - validation must pass! | |
RUN chmod +x /usr/local/bin/terraform* \ | |
&& find . -name "*.sh" -exec chmod +x {} + \ | |
&& terraform validate | |
ENTRYPOINT [ "/opt/terraform/terraform.sh" ] | |
CMD [ "plan" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
fatal() { echo -e "ERROR: $@" 1>&2; exit 1; } | |
action=${1:-"plan"} | |
shift | |
arguments=${@:-"-var-file secrets.tfvars"} | |
# FIRST: check sanity | |
aws --version || fatal 'The `aws` CLI tool is not available.' | |
terraform --version || fatal 'The `terraform` CLI tool is not available.' | |
[ ! -f secrets.tfvars ] && \ | |
fatal "secrets.tfvars with AWS credentials is required.\n" \ | |
"Use example from secrets.tfvars.example." | |
# helper to retrieve a value from secrets.tfvars or its default from variables.tf | |
get_secret() { | |
secret=$(sed -ne 's/^\s*'$1'\s*=[^"]*"\([^"]*\)".*$/\1/gp' secrets.tfvars) | |
[ -z "$secret" ] && \ | |
secret=$(sed -ne 's/variable.*"'$1'"[^"]*"\([^"]*\)*".*$/\1/gp' variables.tf) | |
echo -n $secret | |
} | |
# first, check sanity! | |
terraform validate | |
# configure remote state for pulling/pushing across different sessions | |
terraform remote config \ | |
-backend=s3 \ | |
-backend-config="bucket=$(get_secret tfstate_s3_bucket)" \ | |
-backend-config="access_key=$(get_secret tfstate_aws_access_key)" \ | |
-backend-config="secret_key=$(get_secret tfstate_aws_secret_key)" \ | |
-backend-config="region=$(get_secret tfstate_aws_region)" \ | |
-backend-config="key=$(get_secret tfstate_aws_key)" \ | |
-backend-config="acl=private" | |
# always needs to happen! update modules, even local folder ones. | |
terraform get | |
trap "terraform remote push" EXIT # always push config back to remote | |
case $action in | |
apply) | |
# terraform plan -var-file secrets.tfvars $arguments | |
terraform apply -var-file secrets.tfvars $arguments | |
# apply also displays outputs at the end | |
terraform remote push # push config back to remote | |
;; | |
output) | |
terraform output -var-file secrets.tfvars $arguments | |
;; | |
plan) | |
terraform plan -var-file secrets.tfvars $arguments | |
;; | |
destroy) | |
terraform destroy -force -var-file secrets.tfvars $arguments | |
terraform remote push # push config back to remote | |
;; | |
refresh) | |
terraform refresh -var-file secrets.tfvars $arguments | |
;; | |
*) | |
terraform $action -var-file secrets.tfvars $arguments | |
;; | |
esac | |
echo | |
echo '################################################################################' | |
echo 'Infinite loop for your `docker-compose exec terraform sh`. Ctrl-C to stop.' | |
echo '################################################################################' | |
while true; do sleep 10; done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment