Skip to content

Instantly share code, notes, and snippets.

@kesor kesor/Dockerfile Secret
Last active Sep 6, 2019

Embed
What would you like to do?
#!/bin/sh
. $(dirname $0)/version.sh
# version.sh has this defined -
# TERRAFORM_VERSION=0.7.3
fatal() { echo "ERROR: $1" 1>&2; exit 1; }
usage() {
echo "Create a docker image for building AMIs using Packer"
echo "Usage:"
echo " $(basename $0) build - create a docker image with packer"
echo " $(basename $0) run - use terraform inside the docker image"
}
download() {
download='fatal No downloader found for '
[ -n $(which wget>/dev/null 2>&1) ] && download="wget -nv --show-progess -c"
[ -n $(which curl>/dev/null 2>&1) ] && download="curl -#LO"
echo Downloading $@ ...
$download $@
}
custom_build_steps() {
[ ! -f terraform_${TERRAFORM_VERSION}_linux_amd64.zip ] && {
download "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip"
download "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS"
}
sed -i.bak -n -e '/^.*_linux_amd64.zip$/p' terraform_${TERRAFORM_VERSION}_SHA256SUMS
sha256sum -c --status terraform_${TERRAFORM_VERSION}_SHA256SUMS || fatal "terraform zip file checksum mistmatch"
mkdir -p terraform
cd terraform
unzip -qu ../terraform_${TERRAFORM_VERSION}_linux_amd64.zip
cd ..
}
case $1 in
build)
custom_build_steps
docker build -t ${DOCKER_IMAGE_NAME} . || fatal "Docker build failed"
;;
run)
shift; # remove 'run' from arg list
docker run -ti --rm ${DOCKER_IMAGE_NAME} $@ || fatal "Terraform failed"
;;
*)
usage
exit 1
esac
#!/bin/sh
. $(dirname $0)/version.sh
# DOCKER_IMAGE_NAME is defined in version.sh
export DOCKER_IMAGE_NAME
export EXTERNAL_IP=$(docker-machine ip)
exec docker-compose $@
version: "2"
services:
terraform:
build: .
# from ./version.sh via ./compose.sh
image: ${DOCKER_IMAGE_NAME}
command: apply
# environment:
# - "TF_LOG=DEBUG"
dns:
# for some reason docker internal dns often fails
- 8.8.8.8
- 8.8.4.4
FROM alpine:3.4
# ca-certificates required to use AWS APIs
RUN apk --no-cache add py-pip ca-certificates curl openjdk8-jre-base jq \
&& pip install -U pip \
&& pip install -U awscli
# "make terraform work" trick from http://stackoverflow.com/a/35613430
# assume MUSL-libc is compatible "enough" with Glibc for Terraform needs
RUN mkdir -p /lib64 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2
# terraform is downloaded by ./build.sh
COPY . /opt/terraform
COPY terraform/ /usr/local/bin/
WORKDIR /opt/terraform
# for a build to succeed - validation must pass!
RUN chmod +x /usr/local/bin/terraform* \
&& find . -name "*.sh" -exec chmod +x {} + \
&& terraform validate
ENTRYPOINT [ "/opt/terraform/terraform.sh" ]
CMD [ "plan" ]
#!/bin/sh
fatal() { echo -e "ERROR: $@" 1>&2; exit 1; }
action=${1:-"plan"}
shift
arguments=${@:-"-var-file secrets.tfvars"}
# FIRST: check sanity
aws --version || fatal 'The `aws` CLI tool is not available.'
terraform --version || fatal 'The `terraform` CLI tool is not available.'
[ ! -f secrets.tfvars ] && \
fatal "secrets.tfvars with AWS credentials is required.\n" \
"Use example from secrets.tfvars.example."
# helper to retrieve a value from secrets.tfvars or its default from variables.tf
get_secret() {
secret=$(sed -ne 's/^\s*'$1'\s*=[^"]*"\([^"]*\)".*$/\1/gp' secrets.tfvars)
[ -z "$secret" ] && \
secret=$(sed -ne 's/variable.*"'$1'"[^"]*"\([^"]*\)*".*$/\1/gp' variables.tf)
echo -n $secret
}
# first, check sanity!
terraform validate
# configure remote state for pulling/pushing across different sessions
terraform remote config \
-backend=s3 \
-backend-config="bucket=$(get_secret tfstate_s3_bucket)" \
-backend-config="access_key=$(get_secret tfstate_aws_access_key)" \
-backend-config="secret_key=$(get_secret tfstate_aws_secret_key)" \
-backend-config="region=$(get_secret tfstate_aws_region)" \
-backend-config="key=$(get_secret tfstate_aws_key)" \
-backend-config="acl=private"
# always needs to happen! update modules, even local folder ones.
terraform get
trap "terraform remote push" EXIT # always push config back to remote
case $action in
apply)
# terraform plan -var-file secrets.tfvars $arguments
terraform apply -var-file secrets.tfvars $arguments
# apply also displays outputs at the end
terraform remote push # push config back to remote
;;
output)
terraform output -var-file secrets.tfvars $arguments
;;
plan)
terraform plan -var-file secrets.tfvars $arguments
;;
destroy)
terraform destroy -force -var-file secrets.tfvars $arguments
terraform remote push # push config back to remote
;;
refresh)
terraform refresh -var-file secrets.tfvars $arguments
;;
*)
terraform $action -var-file secrets.tfvars $arguments
;;
esac
echo
echo '################################################################################'
echo 'Infinite loop for your `docker-compose exec terraform sh`. Ctrl-C to stop.'
echo '################################################################################'
while true; do sleep 10; done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.