Skip to content

Commit 8ce72cc

Browse files
committed
feat: migrate to AWX and shared workflows
- Replace plan.yml/apply.yml with shared opentofu.yml workflow - Update libvirt provider to >= 0.9.0 - Rename aap_* secrets to awx_* for AWX migration - Add aap_inventory_name = libvirt to modules - Add keyfile to libvirt_uri for SSH auth - Align pre-commit-config with other repos - Fix missing newlines in cloud-init files
1 parent 5dda29f commit 8ce72cc

File tree

10 files changed

+71
-199
lines changed

10 files changed

+71
-199
lines changed

.github/workflows/apply.yml

Lines changed: 0 additions & 66 deletions
This file was deleted.

.github/workflows/opentofu.yml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
name: OpenTofu
2+
3+
on:
4+
pull_request:
5+
branches:
6+
- main
7+
push:
8+
branches:
9+
- main
10+
11+
permissions:
12+
contents: read
13+
pull-requests: write
14+
15+
jobs:
16+
opentofu:
17+
uses: makeitworkcloud/shared-workflows/.github/workflows/opentofu.yml@main
18+
with:
19+
runs-on: arc-dind
20+
container: image-registry.openshift-image-registry.svc:5000/public-registry/terraform-runner:latest
21+
setup-ssh: true
22+
secrets:
23+
SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
24+
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
25+
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}

.github/workflows/plan.yml

Lines changed: 0 additions & 95 deletions
This file was deleted.

.pre-commit-config.yaml

Lines changed: 16 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,9 @@
11
repos:
2-
- repo: https://github.com/pre-commit/pre-commit-hooks
3-
rev: v6.0.0
2+
- repo: https://github.com/compilerla/conventional-pre-commit
3+
rev: v4.0.0
44
hooks:
5-
- id: check-case-conflict
6-
- id: check-merge-conflict
7-
- id: check-symlinks
8-
- id: check-vcs-permalinks
9-
- id: destroyed-symlinks
10-
- id: detect-private-key
11-
- id: mixed-line-ending
12-
- id: trailing-whitespace
5+
- id: conventional-pre-commit
6+
stages: [commit-msg]
137
- repo: https://github.com/antonbabenko/pre-commit-terraform
148
rev: v1.104.0
159
hooks:
@@ -35,3 +29,15 @@ repos:
3529
- id: terraform_docs
3630
args:
3731
- --args=--config=.terraform-docs.yml
32+
- repo: https://github.com/pre-commit/pre-commit-hooks
33+
rev: v6.0.0
34+
hooks:
35+
- id: check-case-conflict
36+
- id: check-merge-conflict
37+
- id: check-symlinks
38+
- id: check-vcs-permalinks
39+
- id: destroyed-symlinks
40+
- id: detect-private-key
41+
- id: end-of-file-fixer
42+
- id: mixed-line-ending
43+
- id: trailing-whitespace

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ migrate:
5656
@${TERRAFORM} init -migrate-state -backend-config="key=${S3_KEY}" -backend-config="bucket=${S3_BUCKET}" -backend-config="region=${S3_REGION}" -backend-config="access_key=${S3_ACCESS_KEY}" -backend-config="secret_key=${S3_SECRET_KEY}"
5757

5858
test: .git/hooks/pre-commit
59-
@OPENTOFU_BACKEND=false pre-commit run -a
59+
@pre-commit run -a
6060

6161
DEPS_PRE_COMMIT=$(shell which pre-commit || echo "pre-commit not found")
6262
DEPS_TERRAFORM_DOCS=$(shell which terraform-docs || echo "terraform-docs not found")

cloud-init/meta_data.cfg

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
11
instance-id: ${hostname}
2-
local-hostname: ${hostname}
2+
local-hostname: ${hostname}

cloud-init/network_config.cfg

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,4 +5,4 @@ ethernets:
55
ens4:
66
dhcp4: false
77
addresses:
8-
- ${private_ip_addr}/24
8+
- ${private_ip_addr}/24

main.tf

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ module "runner" {
2222
private_ip_addr = data.sops_file.secret_vars.data["runner_ip_addr"]
2323
proxyhost = data.sops_file.secret_vars.data["proxyhost"]
2424
enable_aap = true
25+
aap_inventory_name = "libvirt"
2526
}
2627

2728
module "torwww" {
@@ -38,4 +39,5 @@ module "torwww" {
3839
private_ip_addr = data.sops_file.secret_vars.data["torwww_ip_addr"]
3940
proxyhost = data.sops_file.secret_vars.data["proxyhost"]
4041
enable_aap = true
42+
aap_inventory_name = "libvirt"
4143
}

providers.tf

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,10 @@ terraform {
66
required_providers {
77
libvirt = {
88
source = "dmacvicar/libvirt"
9-
version = ">= 0.8.2"
9+
version = ">= 0.9.0"
1010
}
1111
aap = {
12-
source = "ansible/aap"
12+
source = "registry.terraform.io/ansible/aap"
1313
version = ">= 1.3.0"
1414
}
1515
sops = {
@@ -24,9 +24,9 @@ provider "libvirt" {
2424
}
2525

2626
provider "aap" {
27-
host = data.sops_file.secret_vars.data["aap_controller"]
28-
username = data.sops_file.secret_vars.data["aap_username"]
29-
password = data.sops_file.secret_vars.data["aap_password"]
27+
host = data.sops_file.secret_vars.data["awx_controller"]
28+
username = data.sops_file.secret_vars.data["awx_username"]
29+
password = data.sops_file.secret_vars.data["awx_password"]
3030
}
3131

3232
provider "sops" {}

secrets/secrets.yaml

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1,28 +1,28 @@
1-
proxyhost: ENC[AES256_GCM,data:/icWDAmtkvSxjDtHs/yBkzunpdi4RhtWSOo=,iv:JYGLJ+eJnzu/pd2xaheb08sc9JLgFzm3YNad7RpR+tw=,tag:Q2qSa1uRp1JuxQktB8sj6Q==,type:str]
2-
aap_controller: ENC[AES256_GCM,data:Rwxynd3UKvjswQbV9i9vMLpZFumV7Hdixu88Mj2EYq4=,iv:U6aQYm/0OfmBJAph1/4g7q+ZR6q7vYZwzmOwlqD4ZYI=,tag:0r/0x+/yjqkajH63a5o5/w==,type:str]
3-
aap_username: ENC[AES256_GCM,data:ocx+igg=,iv:a9/NUR8KsCreLk1o9WEVPdu9eQqqiuLySyQXP3GZKso=,tag:NAG+LeZeU8JzqMkktK3YDA==,type:str]
4-
aap_password: ENC[AES256_GCM,data:/9RTHF/jsRiMfAbAC/DFj0pqxIjuLBXIFrHHYNefJtg=,iv:2RJxCIAScikrDJKoLvYnehQRS1P2F09u05mX3Dy007Y=,tag:YhLoeqXrsIlKFIUOYY7tbw==,type:str]
5-
torwww_ip_addr: ENC[AES256_GCM,data:XVsdB2WISbDu1/30hIA=,iv:m7k8+Nc2JvMmpXV2tIe505ke9CfGoxW/P2x63XVGA6Y=,tag:GUzkHEMHCBbLgwIc4Xm4mg==,type:str]
6-
runner_ip_addr: ENC[AES256_GCM,data:S+WZkRpT5fcr8VXqlYA=,iv:iUNQdnEImzFT2U36j2LT7a7dmlVXn1xCUslJhVGAICU=,tag:Qz2PFOXeXSLkQE5zzJlRvQ==,type:str]
7-
ssh_admin_pubkey: ENC[AES256_GCM,data:6DCqXStCEBbEr2KHVP/DsTaipw+6W8kQfjHfhOWLQSuYyo8TnSgfyKpmju3s5LJOH6po2nqKAu9pxQks6r9z98KWi/zMIhWF2oyuPXX8eZwT7u8H8QwKyP0zOqgVeHYK/lhFf9E13MB38f0YEL/oCiweahHCuRe95y5D7AaDccdz1CEZfxVkyLXPle6Ei4jOjWyYwSatLPoGKfhLYuvR3jhHg5synvmeh8WjCWCFAWy2jz3xYyIFejNd6SAJQE1Yr8a9XHrYbDABIkCT+YrRCAC6ODqecJ1yHE8wDSfLUmowkYA9UIIbVgxm47bBNWwB/0OArJHJDSMMVDPdK+CulyJcvUEuVMU5V9vPEtdQ3wZhboS/tEDIqCFvbAo6V5J4/Sl29Tk3kDwi6d/rAGDkQqNQhwy22f/HUXyfySIhXJ3T0F+LQvx+nkGOlmqF31v6iTBFLaswbLAn1L99OyjUCwZEGEXaXgJts2u+Oe3DHga6Vc0doG/1gmQBIRUhi7lLwEf0iL6R/jsEQd4qDnZz5rTno0v/GTbRnhOOecdUcTWcizHscgIveWGiiOAdLW2LWuXJa6sGCzzQTCk1DCCKo0QJCiw4BlwQZUzpt5dc5SirdDsU6M8IiP9ZjBF8uEQmvcpuDX8pM0M+5qSwLc7lJDlY6Wip80nRd5yQNTQNibAOXtZk5IQDrHJ7a3iR8h2dS51vw7wDBhuJRzzaaOMBBmB0C7/kvqx498hoa2XjL2Z6JYYtW3TxXX391ZdfS+TXdAwDTvZpWJZ9rWpuHsEZvXS8NgjmGMz5yG8cDCJEimCbdpC6QLx61czNXRV1IGufHXPtz8ctdZniIuGkwS57LX27mcpeqteTONc9aeiSTF9XWLjQaS8Ni/XELWcV+MjYy0Atrm0TGD8mTXxx0DCD02CPvW5qtG/qyfU0XMryESeX8NMOhLD8fTyDBYwTPIlouOJJGA==,iv:gT01Y/zgwlM6abfxROZJNMBe3gN1E3sSm3M9Sf836bQ=,tag:AX3pGSI00sFg9JtHiZXvSw==,type:str]
8-
libvirt_uri: ENC[AES256_GCM,data:T6LmWPhu5q/or41NgVEyAYGPrgfNf28TQcY0NQ4Fk1OYVgrDd/cOZdyJzEBSMbTBtDV7yAYrr329wDqB,iv:lHVJ313PLOhqjyY0Mt6h2t6oDkjDu1Wo+0p65HrrSgM=,tag:bzejrUSqqr2uqaFnEAXecQ==,type:str]
9-
s3_bucket: ENC[AES256_GCM,data:+MQgHNBrA9uo/QZcZRxjQy1xrLqp,iv:MATvS4d0BbJNw0wGIUkLOPUK1E7oQZvkC3tls5dT4fg=,tag:zQEgGmyTCpPMwtJEmgMG2Q==,type:str]
10-
s3_key: ENC[AES256_GCM,data:MnSLvEUyD3TpAetiOeh9mA==,iv:IzbWRtPZJAXWSG7/+4vpWyNLWnAsqJkDtSsu3rMiCvg=,tag:c7N6RDnxZDqDsfju5ZsDWQ==,type:str]
11-
s3_region: ENC[AES256_GCM,data:bW9LX1MvGLUW,iv:XsmnFQ7xqKnOeAwQ6Fgyexvn9YXQIDtZTJm1PJYckxA=,tag:95El6ki7awk1iwswHGgHYg==,type:str]
12-
s3_access_key: ENC[AES256_GCM,data:XY7zjs5rrmai3B89291zyze9zSY=,iv:e4Hm9RDSYaikfj2xZarCWCiOM9PKjx/6b397g/oYv7Q=,tag:mEisqO8fLSfmWyp//mx4Ug==,type:str]
13-
s3_secret_key: ENC[AES256_GCM,data:phGSI2mGnPDMGgCZ5iAT6ZFqwiB6MAMmB5TTAY4Rzu8cL1o3/GQ7hg==,iv:Z/MLAm+l6awU7BZtv/mhSCdUKEL18rrlU7ohazKIuaY=,tag:4JTx40ysaMMV/snNV0oLLg==,type:str]
1+
proxyhost: ENC[AES256_GCM,data:LeAR5fm+FVBhPQbUMldvYAdp2JU9I6O6eog=,iv:QNZe0OIVfqepmNz90XySziJvJit82I6uFS+3mBq7nSY=,tag:IskeIIWDwE8i1jwl0n44HQ==,type:str]
2+
torwww_ip_addr: ENC[AES256_GCM,data:g8wz/KtzZ9Vh01VfPgw=,iv:6rrx9IzoD3CenJEC6lMhb/DbQgeR1/YptPt9W3UWFGI=,tag:1DyH/NrPO4U+GMwZWNed1w==,type:str]
3+
runner_ip_addr: ENC[AES256_GCM,data:hGhUN/UZkLB17+zskW0=,iv:HHgLXBDCtM+tVAkdBb/aJFLaWuWLMNRUMphjC8MjHNQ=,tag:5C9P9WxR2nJKlco1OGwgOg==,type:str]
4+
ssh_admin_pubkey: ENC[AES256_GCM,data:Yir4qZwormceT2M5Mr5/nrNqis4qiNDVJY2HSsOnKu+suATI+KB0NNoaj32moWzQs1GGUj2ygbB0Dy6Eg5qyAbvWG0bj+kVsXunkoOI50yRZwGUZMrDFeqSBhIUFnGvg17x5uNtHdvEMj2pcfymRGgi9h/WgaCo9eOzOCEMtCdJddrNIWamUNBMo4e/JsAPB9NYa5UBcKU6hVSNyKXb7GVxNWP6Y9r/ZlWidxVrECjZr1nQFpvRpAxOTn8qKfBDBgSJD5bDWc3XCfQh5E+9UDQU8buH9hGeXJQIXXkh5JStEzum6+8jhcdCOQfNoSGH9y0wWx7m2upccZTC+vLtkhGZRdfBXZHfLSqGbtKYRUFR0RbVHcTxEjdv7fjIZA7mj8kLEEGCW5fbiA7LTe4Zxj51XvQ3nh8R3vhkssrX1zq6zwv5dwgEc1TEM1e4Q8ECgQsYQyDHtWcjAEwHOSGpQlrHt6+t/xa756+LCK00maqddeGnmFiowfBxgyDoyIRatu5auSfiYRFHfizudfZshkcRMEhnBb6K3Gheeclvn2obbotBReXQS71tXOjrLdd7Zzby+caaeJ76Mvwg+u6wiIpZWyI/zG1aOCSF4GtnDN6CMrpagey33h9lzFwO2cls9pCwXYZzvOSrf0l9DdQyV/UMvedtXIT0XsJ+Yrn/AhN41yVYWrrSYN8f3dqvWf0Ueg7abR1vjiRubbjK3ENlzddIYv8lDERI/waI/i4GJl49JF0X0Ux5GBfQl4UvEbGoy4P6TGujAqdiZdw56s6NhpxuyChiSkUp+sQVgjlqpHpKOtJ8LR84jUZgnDWnJ4xcxFe6NtxPRdmEqJ6IwL+aKLWgt4xzjWxVTolhxZMFH/R0p/SItlgjPYaIfx4EbJTYrMvM4LVK+Oe2xVLindyR/LUWHaevs/gXqLH7On1w+hIhWHnbqNXrgLrF9m18SFq1k2v/xyQ==,iv:ayzcRvxzKc+x3dgYMZrzr8QOq/Zsapb+W+RTgQ44WhE=,tag:zy062T9+EwFgRCg1YVdy1Q==,type:str]
5+
libvirt_uri: ENC[AES256_GCM,data:YHyZjDd065W2t2kdP+7kysYtrwSRvJiCfXmqJxlKJnDGjoQf+gRzqb4hE2wlWVbrzMcYDheNQcKGFglyN6yi/34mHi1tLW9tSBZrSjuTp+njWA==,iv:+YoLFO3hbROrGJOHw3dQBmSc3zITyr3mb0dHR+7nRe4=,tag:UB4JtVkKaQWB1V7H2W/ayA==,type:str]
6+
s3_bucket: ENC[AES256_GCM,data:ZP5MpWzjM3iZsiNL21y6j+k7Fq4O,iv:BhER0FjvQJYQAO1g4ngitu+Yx3Cw9reGOUFgWWOZ0nA=,tag:gUJyIkUgGJluYeQDB7FJXg==,type:str]
7+
s3_key: ENC[AES256_GCM,data:zx49aN4VuY4ejdFASJAA3w==,iv:0AJGsg7uG2ekmPK/Wu/EHcreP1JJsQObOlNDAjeeUwk=,tag:eSU5dHZM4RcjVDCSeJTvZA==,type:str]
8+
s3_region: ENC[AES256_GCM,data:XW+G7meDa6DY,iv:otrxE/N2I+K/j0ScPfB7FJfla1FQJywWV/9UVkXhQOg=,tag:TDSFSVWrmxdogPd15mrFWQ==,type:str]
9+
s3_access_key: ENC[AES256_GCM,data:bX0xzUN8F/9Lik3+dl3ETfOuEqs=,iv:zy0Yt78q5kY8FmJ1EAzS9x/89WMjnlHE/zwzwHqm1hA=,tag:zHLYG5RUCFnlaL9Dc52Kdw==,type:str]
10+
s3_secret_key: ENC[AES256_GCM,data:XaCjZ4JtlG7tyvD0mOY0gG8yigNOYTSpFFPJEfYtkDCVX4CMbWwfjA==,iv:+dwvmpTAOPA++NsRwmiS/oH5xjx430W45bgVsObQOm0=,tag:6I88iVbyth1MI88+6UZi8Q==,type:str]
11+
awx_controller: ENC[AES256_GCM,data:dCaEGKwFg2DbldF4zpJwrZOypTvxMy2/lI3izJ2gmrk=,iv:mwc8HryS9ERmlnuTrsDlPStxGjK7p3PhmD8RFiAUeoE=,tag:h50Xky7N23wifuYaOXLe8Q==,type:str]
12+
awx_username: ENC[AES256_GCM,data:ppSLWlU=,iv:VQxpWSHWmHm5zxatXFGcqu66NR8HaP7VnMOka94+P6o=,tag:/CamONaLQcPeSvfSWrWSYw==,type:str]
13+
awx_password: ENC[AES256_GCM,data:JSd6lrCmWPaBLVULcqB4rouTisudVHQVYlwmIZynKl0=,iv:wTVwZcBVazXkjHFnfJasyBNCni+el2GUAIJOHgWcisE=,tag:miWK7wWE1JFFxILni0HKLg==,type:str]
1414
sops:
1515
age:
1616
- recipient: age152ek83tm4fj5u70r3fecytn4kg7c5xca24erjchxexx4pfqg6das7q763l
1717
enc: |
1818
-----BEGIN AGE ENCRYPTED FILE-----
19-
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqa1V4WGpuWGVlY2xMcVk5
20-
QlJFeHk3ZjdrcVpnRDFRSmlRQ2FTZnE4WTFRCjQ5UmRONDV3a2xTc3Mya0wvekN6
21-
RmJrQ09nZzk4VkZxRGlremcrUWU1Z2MKLS0tIHpFZFVpV3lpOUJNSDFwdDRpazJK
22-
d2pVcDh3cDNqY1gzSVR5Z2NXcld1Qm8KRdv8vKhMBi1R8fGIphdmY4pfHV1sAqSb
23-
nAXWA6Ut5/KAPIluSnBtWFkcakulcXYT01XorziztVS0X4nJDzEvMg==
19+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRV0dFc0hiKzQ0TnVRdFUz
20+
aE5iMkE3S3R2dFZPZnhsSFBTZ3N4RFJiQVQ4CmhwclZ4dUQyYVdvZHhUMkxJM0dL
21+
MTFBaitmS1ROVDFPRWU5eWdGZ2NKQlkKLS0tIDlaemNHRGpxM2MvQVNOdnlvL0NW
22+
Zjc3NWxtVWNSYmQrTTNOTC9qUktrREUKGcow4vWQub9YwDJiemIppgpfFFWQyyKA
23+
UDHzLiAbqLTHKiWr76XTA8rT9DMmoPBm2mLA1m3QlNvPbvW1qQ73Xw==
2424
-----END AGE ENCRYPTED FILE-----
25-
lastmodified: "2025-09-30T04:30:10Z"
26-
mac: ENC[AES256_GCM,data:8cu+EgGa1t2W3S0U3fEZ1rCLSYx/0yNQY1sWOZXMaRJIQCR5R5z6rEjpfsyOUC96Wp0rSoUaEZKVqMtLYIM5snYJxsvb9xm5MXUk6hdOWulegICNlqeSZlgUDRKaOU50T7wWLSB7s0+g/r7LNVcE/jNq8YJkZCHWDUquayTevZU=,iv:qUlG4dno3HYEd+hinhECQdmCStX5jF6gTuVb/wUMbMk=,tag:BMn2+CSJn7pdOscRvFINfw==,type:str]
25+
lastmodified: "2025-12-22T00:50:43Z"
26+
mac: ENC[AES256_GCM,data:ZCOcQgIYB+CG5vI5O4cQ/3YWci5l2GfvP4Tn222pNFP+rm/dZvnuc5/xcTvahCS+WTPH36jI2H2qOL/4MpvwKZqgkNrEdhW25YCPGlceN8sEAqrx8oQ3DTfFu5bBbzN9SXkDz4nr2W6xoBNwciCb66BwW8IYcVD1iKL0Bmte61c=,iv:CtdWpLQ9KfTUy39v/qU22cg/dBhwNHYUP0FgMsIMAak=,tag:u5n33dP5/e+9B1HYs7X22Q==,type:str]
2727
unencrypted_suffix: _unencrypted
2828
version: 3.10.2

0 commit comments

Comments
 (0)