2023-03-12 10:05:24 -07:00
|
|
|
SLEEP_FOR ?= 10
|
2022-11-02 11:26:52 -07:00
|
|
|
VENV ?= venv
|
|
|
|
|
2023-03-12 10:05:24 -07:00
|
|
|
.PHONY: sleep
|
|
|
|
sleep:
|
|
|
|
sleep $(SLEEP_FOR)
|
|
|
|
|
2022-11-02 11:26:52 -07:00
|
|
|
.PHONY: default
|
|
|
|
default: check
|
2022-02-16 09:56:18 -08:00
|
|
|
|
2022-11-27 22:44:55 -08:00
|
|
|
.PHONY: all
|
|
|
|
all: cluster bootstrap-values apply
|
|
|
|
|
2022-02-16 09:56:18 -08:00
|
|
|
.PHONY: cluster
|
2022-05-18 14:22:21 -07:00
|
|
|
cluster: ansible-cluster
|
2022-02-17 14:03:42 -08:00
|
|
|
|
2022-11-02 11:26:52 -07:00
|
|
|
# Ensures virtualenv is present
|
|
|
|
$(VENV):
|
|
|
|
python3 -m venv $(VENV)
|
|
|
|
$(VENV)/bin/pip install -r requirements.txt
|
|
|
|
|
|
|
|
# Installs pre-commit hooks
|
|
|
|
.PHONY: install-hooks
|
|
|
|
install-hooks: $(VENV)
|
|
|
|
$(VENV)/bin/pre-commit install --install-hooks
|
|
|
|
|
|
|
|
# Checks files for encryption
|
|
|
|
.PHONY: check
|
|
|
|
check: $(VENV)
|
|
|
|
$(VENV)/bin/pre-commit run --all-files
|
|
|
|
|
|
|
|
# Creates a new secrets baseline
|
|
|
|
.secrets-baseline: $(VENV)
|
|
|
|
$(VENV)/bin/detect-secrets scan --exclude-secrets '(\$${.*}|from_env|fake|!secret)' > .secrets-baseline
|
|
|
|
|
|
|
|
# Audits secrets against baseline
|
|
|
|
.PHONY: secrets-audit
|
|
|
|
secrets-audit: $(VENV) .secrets-baseline
|
|
|
|
$(VENV)/bin/detect-secrets audit .secrets-baseline
|
|
|
|
|
|
|
|
# Updates secrets baseline
|
|
|
|
.PHONY: secrets-update
|
|
|
|
secrets-update: $(VENV) .secrets-baseline
|
|
|
|
$(VENV)/bin/detect-secrets scan --baseline .secrets-baseline
|
2022-02-27 14:49:00 -08:00
|
|
|
|
2022-11-02 14:20:09 -07:00
|
|
|
.PHONY: ansible_galaxy
|
|
|
|
ansible_galaxy: ansible_galaxy/ansible_collections ansible_galaxy/roles
|
|
|
|
|
|
|
|
ansible_galaxy/ansible_collections: $(VENV) ./ansible_galaxy/requirements.yml
|
2022-11-20 17:26:33 -08:00
|
|
|
$(VENV)/bin/ansible-galaxy collection install -p ./ansible_galaxy -r ./ansible_galaxy/requirements.yml
|
2022-11-02 14:20:09 -07:00
|
|
|
|
|
|
|
ansible_galaxy/roles: $(VENV) ./ansible_galaxy/requirements.yml
|
2022-11-20 17:26:33 -08:00
|
|
|
$(VENV)/bin/ansible-galaxy install -p ./ansible_galaxy/roles -r ./ansible_galaxy/requirements.yml
|
2022-07-25 15:40:22 -07:00
|
|
|
|
|
|
|
.PHONY: ansible-cluster
|
2022-11-02 14:20:09 -07:00
|
|
|
ansible-cluster: $(VENV) ansible_galaxy
|
2023-02-14 16:29:04 -08:00
|
|
|
env VIRTUAL_ENV=$(VENV) $(VENV)/bin/ansible-playbook -K -vv \
|
2022-05-24 20:09:16 -07:00
|
|
|
$(shell test -f vault-keys.json && echo '-e "@vault-keys.json"') \
|
2022-11-02 14:20:09 -07:00
|
|
|
./ansible_playbooks/setup-cluster.yml
|
2022-02-16 09:56:18 -08:00
|
|
|
|
2022-07-25 15:40:22 -07:00
|
|
|
.PHONY: bootstrap-values
|
2022-11-10 10:18:02 -08:00
|
|
|
bootstrap-values: $(VENV) ansible_galaxy
|
2022-11-02 11:26:52 -07:00
|
|
|
env VIRTUAL_ENV=$(VENV) $(VENV)/bin/ansible-playbook -vv \
|
|
|
|
-e "@vault-keys.json" \
|
2022-11-02 14:20:09 -07:00
|
|
|
./ansible_playbooks/bootstrap-values.yml
|
2022-07-25 15:40:22 -07:00
|
|
|
|
2023-01-07 14:09:38 -08:00
|
|
|
.PHONY: recover-consul
|
|
|
|
recover-consul: $(VENV)
|
2023-02-14 16:29:04 -08:00
|
|
|
$(VENV)/bin/ansible-playbook -K ./ansible_playbooks/recover-consul.yaml
|
2023-01-07 14:09:38 -08:00
|
|
|
|
|
|
|
.PHONY: recover-nomad
|
|
|
|
recover-nomad: $(VENV)
|
2023-02-14 16:29:04 -08:00
|
|
|
$(VENV)/bin/ansible-playbook -K ./ansible_playbooks/recover-nomad.yaml
|
2023-01-07 14:09:38 -08:00
|
|
|
|
2022-09-07 11:05:27 -07:00
|
|
|
.PHONY: unseal-vault
|
2023-01-07 14:09:38 -08:00
|
|
|
unseal-vault: $(VENV)
|
2023-02-14 12:28:19 -08:00
|
|
|
env VIRTUAL_ENV=$(VENV) $(VENV)/bin/ansible-playbook -vv \
|
2022-11-02 11:26:52 -07:00
|
|
|
-e "@vault-keys.json" \
|
2022-11-02 14:20:09 -07:00
|
|
|
./ansible_playbooks/unseal-vault.yml
|
2022-09-07 11:05:27 -07:00
|
|
|
|
2022-07-25 10:50:12 -07:00
|
|
|
.PHONY: init
|
|
|
|
init:
|
|
|
|
@terraform init
|
|
|
|
|
2022-02-16 09:56:18 -08:00
|
|
|
.PHONY: plan
|
|
|
|
plan:
|
2022-05-24 20:09:16 -07:00
|
|
|
@terraform plan \
|
|
|
|
-var "nomad_secret_id=$(shell jq -r .SecretID nomad_bootstrap.json)" \
|
2022-02-16 09:56:18 -08:00
|
|
|
|
|
|
|
.PHONY: apply
|
|
|
|
apply:
|
2022-05-24 20:09:16 -07:00
|
|
|
@terraform apply \
|
2022-11-27 22:44:55 -08:00
|
|
|
-auto-approve \
|
2022-05-24 20:09:16 -07:00
|
|
|
-var "nomad_secret_id=$(shell jq -r .SecretID nomad_bootstrap.json)" \
|
2022-11-27 22:44:55 -08:00
|
|
|
|
|
|
|
.PHONY: clean
|
|
|
|
clean:
|
|
|
|
env VIRTUAL_ENV=$(VENV) $(VENV)/bin/ansible-playbook -vv \
|
|
|
|
./ansible_playbooks/clear-data.yml
|
|
|
|
find -name "*.tfstate" -exec rm '{}' \;
|
|
|
|
rm -f ./vault-keys.json ./nomad_bootstrap.json
|