Terraform is an open-source infrastructure as code software tool created by HashiCorp. Users define and provide data center infrastructure using a declarative configuration language known as HashiCorp Configuration Language, or optionally JSON.
The Rundeck Terraform provider(opens new window) allows Terraform to create and configure Projects, Jobs and Keys in Rundeck. The project resource allows Rundeck projects to be managed by Terraform. In Rundeck a project is the container object for a set of jobs and the configuration for which servers those jobs can be run on.
Login as admin to your Welcome Project (same steps Community or Enterprise)
In the upper right corner click the person icon and choose Profile
Click the plus (+) next to User API Tokens
Name the token terraform
User can remain admin
Rest of the fields can be blank/defaults.
Click Generate New Token
A box will pop up. Be sure to copy the API Token somewhere before clicking Close. The API token will be used in the next Exercise.
Copy API Token
Create a working directory on your machine for this exercise.
Copy the contents from the Terraform Plan File (tabs below) to a file called rundeck-build.tf in your working directory.
Replace the your-auth-token value on line 13 with the value from the Create API Key steps.
Copy the contents from the ACL Example File (tabs below) to a file called acl.yaml in your working directory.
In your computer's terminal program navigate to your working directory.
Execute the command terraform init
Execute the command terraform apply
Type yes to confirm the changes
The following items will have been added to your Welcome Project
A new Project called "Terraform Example"
Two entries in the Key Storage under the "terraform" folder
A new ACL Entry that would allow any one in the "terraform" group full access to this project and read access to others. (Note: The group is not created, but for extra credit give it a try!)
This requires a success with Exercise 1
To see the power of managing Rundeck Projects with Terraform we can make some minor adjustments to the Plan File and apply those changes.
On line 31 of the rundeck-build.tf file change the "project.label" = "Terraform Example" to "project.label" = "My Terraform Example"
Execute the command terraform apply
Type yes to confirm the changes
The project will be updated with a new Label value. To confirm click the Rundeck logo in the upper left of the interface to load the project list.
terraform {
required_providers {
rundeck = {
source = "rundeck/rundeck"
version = "0.4.2"
}
}
}
provider "rundeck" {
url = "http://localhost:4440/"
api_version = "38"
auth_token = "your-auth-token"
}
resource "rundeck_project" "terraform" {
name = "terraform"
description = "Sample Application Created by Terraform Plan"
ssh_key_storage_path = "${rundeck_private_key.terraform.path}"
resource_model_source {
type = "file"
config = {
format = "resourcexml"
# This path is interpreted on the Rundeck server.
file = "/home/rundeck/resources.xml"
writable = "true"
generateFileAutomatically = "true"
}
}
extra_config = {
"project.label" = "Terraform Example"
}
}
resource "rundeck_job" "bounceweb" {
name = "Bounce All Web Servers"
project_name = "${rundeck_project.terraform.name}"
node_filter_query = "tags: web"
description = "Restart the service daemons on all the web servers"
command {
shell_command = "sudo service anvils restart"
}
}
resource "rundeck_public_key" "terraform" {
path = "terraform/id_rsa.pub"
key_material = "ssh-rsa yada-yada-yada"
}
resource "rundeck_private_key" "terraform" {
path = "terraform/id_rsa"
key_material = "$${file(\"id_rsa.pub\")}"
}
data "local_file" "acl" {
filename = "${path.cwd}/acl.yaml"
}
resource "rundeck_acl_policy" "example" {
name = "ExampleAcl.aclpolicy"
policy = "${data.local_file.acl.content}"
}
