Cleanup of Terraform tasks and variables

Signed-off-by: Jim Enright <[email protected]>

Author: jimright

roles/infrastructure/tasks/setup_terraform.yml

@@ -23,7 +23,7 @@
   ansible.builtin.copy:
     src: "{{ infra__terraform_template_dir }}/infra/"
     dest: "{{ infra__terraform_workspace_dir }}/workspace/infra"
-  # when: not workdir.stat.exists # TODO: This won't override if any changes to .tf are made. Good or Bad?
+  # when: not workdir.stat.exists # NOTE: When uncommented won't override workspace dir if any changes to .tf are made.
 
 - name: Copy Terraform infra code to the artefact directory
   ansible.builtin.copy:
@@ -59,4 +59,26 @@
   ansible.builtin.file:
     path: "{{ infra__terraform_workspace_dir }}/workspace/infra"
     state: absent
-  when: infra__terraform_state_storage in ['remote_s3']
+  when: infra__terraform_state_storage in ['remote_s3']
+
+# If created Utility Instance via Terraform then
+# need to get it's info and add to an Ansible host group
+- name: Add Utility Instance to host group
+  when: infra__create_utility_service
+  block:
+    - name: Discover the Utility Instance details
+      community.aws.ec2_instance_info:
+        region: "{{ infra__region }}"
+        filters: "{{ __filters | items2dict }}"
+      vars:
+        __filters:
+          - key: "tag:Name"
+            value: "{{ infra__namespace }}*"
+      register: __infra_utility_compute_discovered
+
+    - name: Add discovered Utility Instance to host group
+      ansible.builtin.add_host:
+        hostname: "{{__infra_utility_compute_discovered.instances[0].public_ip_address}}"
+        ansible_user: "{{ infra__dynamic_inventory_images_default[infra__type][infra__dynamic_inventory_os].user }}"
+        ansible_ssh_private_key_file: "{{ (infra__private_key_file == '') | ternary(omit, infra__private_key_file) }}"
+        groupname: cldr_utility

roles/infrastructure/template/aws/infra_aws_storage.tf.j2

@@ -4,7 +4,16 @@
 resource "aws_s3_bucket" "{{ __aws_storage_location_item }}" {
   bucket        = "{{ __aws_storage_location_item }}"
   acl           = "private"
+
+{% if infra__teardown_deletes_data %}
   force_destroy = true
+{% else %}
+  {# TODO: How to skip teardown of this resource if infra__teardown_deletes_data is False #}
+  lifecycle {
+    # A Terraform destroy of this resource will result in an error message.
+    prevent_destroy = true
+  }
+{% endif %}
 
   tags          = merge(var.env_tags,{Name = "{{ __aws_storage_location_item }}"})
 }

roles/platform/tasks/initialize_setup_aws.yml

@@ -58,10 +58,6 @@
           "tag:Name": "{{ plat__vpc_name }}"
       register: __aws_vpc_info
 
-    - name: jenright Debug Print Discover AWS VPC
-      ansible.builtin.debug:
-        var: __aws_vpc_info
-
     - name: Set fact for AWS VPC ID
       when: __aws_vpc_info is defined
       ansible.builtin.set_fact:
@@ -72,18 +68,6 @@
   ansible.builtin.set_fact:
     plat__aws_vpc_id: "{{ infra__aws_vpc_id }}"
 
-
-- name: jenright Debug Print Set AWS VPC ID by assignment
-  ansible.builtin.debug:
-    msg: 
-      - "infra__aws_vpc_id = {{ infra__aws_vpc_id | default('THIS_IS_UNDEFINED')}}"
-      - "plat__aws_vpc_id = {{ plat__aws_vpc_id }}"
-
-- name: Prompt added by jenright 
-  pause:
-    prompt: "Check value of plat__aws_vpc_id"
-  when: debug_terraform | default(false) | bool
-
 - name: Discover AWS VPC Subnets
   when: infra__aws_subnet_ids is undefined
   block:
@@ -95,7 +79,6 @@
           "tag:Name": "{{ plat__namespace }}*"
       register: __aws_subnets_info
 
-    # NOTE: jenright I had to change this for Terraform created subnets, why?
     - name: Set fact for AWS Subnet IDs
       when: __aws_subnets_info is defined
       ansible.builtin.set_fact:
@@ -110,30 +93,12 @@
   ansible.builtin.set_fact:
     plat__aws_subnet_ids: "{{ infra__aws_subnet_ids }}"
 
-- name: jenright Debug value of plat__aws_subnet_ids
-  ansible.builtin.debug:
-    msg: 
-      - "infra__aws_subnet_ids: {{ infra__aws_subnet_ids | default('BLANK') }}"
-      - "__aws_subnets_info: {{ __aws_subnets_info | default('BLANK') }}"
-      - "plat__aws_subnet_ids: {{ plat__aws_subnet_ids | default('BLANK') }}"
-
-- name: Prompt added by jenright 
-  pause:
-    prompt: "Check value of plat__aws_subnet_ids"
-  when: debug_terraform | default(false) | bool
-
 - name: Set public subnets for public endpoint access
   when: plat__public_endpoint_access
   block:
     - name: Discover AWS Public Subnets
       when: infra__aws_public_subnet_ids is not defined
-      block:
-        - name: Print infra__vpc_public_subnets_info names
-          debug:
-            msg:
-              - "{{ item }}"
-          loop: "{{ infra__vpc_public_subnets_info | map(attribute='name' ) }}"
-            
+      block:           
         # TODO: Change infra__vpc_public_subnets_info to plat__vpc_public_subnets_info
         - name: Query AWS Public Subnets
           amazon.aws.ec2_vpc_subnet_info:
@@ -143,15 +108,8 @@
           loop: "{{ infra__vpc_public_subnets_info | map(attribute='name' ) }}"
           register: __aws_public_subnet_info
 
-        - name: jenright Debug Print Discover AWS Public Subnets
-          ansible.builtin.debug:
-            msg: 
-            #  - "{{ __aws_public_subnet_info }}"
-             - "{{ __aws_public_subnet_info.results | community.general.json_query('[*].subnets[*].id') | flatten }}"
-
         - name: Set fact for AWS Public Subnets
           ansible.builtin.set_fact:
-            # plat__aws_public_subnet_ids: "{{ __aws_public_subnet_info.subnets|map(attribute='id')| list }}"
             plat__aws_public_subnet_ids: "{{ __aws_public_subnet_info.results | community.general.json_query('[*].subnets[*].id') | flatten }}"
             plat__endpoint_access_scheme: "PUBLIC"
 
@@ -161,15 +119,6 @@
         plat__aws_public_subnet_ids: "{{ infra__aws_public_subnet_ids }}"
         plat__endpoint_access_scheme: "PUBLIC"
 
-- name: jenright Debug Final Value of plat__aws_public_subnet_ids
-  ansible.builtin.debug:
-    var: plat__aws_public_subnet_ids
-
-- name: Prompt added by jenright 
-  pause:
-    prompt: "Check value of AWS Public Subnets"
-  when: debug_terraform | default(false) | bool
-
 - name: Discover AWS Security Group for Knox
   when: infra__aws_security_group_knox_id is undefined
   block:

roles/platform/tasks/setup_aws_terraform_authz.yml

@@ -23,7 +23,7 @@
   ansible.builtin.copy:
     src: "{{ plat__terraform_template_dir }}/plat/"
     dest: "{{ plat__terraform_workspace_dir }}/workspace/plat"
-  # when: not workdir.stat.exists # TODO: This won't override if any changes to .tf are made. Good or Bad?
+  # when: not workdir.stat.exists # NOTE: When uncommented won't override workspace dir if any changes to .tf are made.
 
 - name: Copy Terraform plat code to the artefact directory
   ansible.builtin.copy: