Ansible role tfe

Install and configure tfe on your system.

GitHub	GitLab	Downloads	Version

Example Playbook

This example is taken from molecule/default/converge.yml and is tested on each push, pull request and release.

---
- name: Converge
  hosts: all
  become: true
  gather_facts: true

  roles:
    - role: robertdebock.tfe

The machine needs to be prepared. In CI this is done using molecule/default/prepare.yml:

---
- name: Prepare
  hosts: all
  become: true
  gather_facts: false

  roles:
    - role: robertdebock.bootstrap
    - role: robertdebock.core_dependencies
    - role: robertdebock.docker_ce
    - role: robertdebock.docker_compose

  post_tasks:
    # The role docker_ce skips starting on Docker hosts.
    - name: Start docker daemon
      ansible.builtin.service:
        name: docker
        state: started
        enabled: true

Also see a full explanation and example on how to use these roles.

Role Variables

The default values for the variables are set in defaults/main.yml:

---
# defaults file for tfe

# Select the image to use for Terraform Enterprise. This includes the version.
# The latest tfe version can be found here:
# https://developer.hashicorp.com/terraform/enterprise/releases/2023/v202303-1
tfe_image: "images.releases.hashicorp.com/hashicorp/terraform-enterprise:v202309-1"

# Paste the license of Terraform Enterprise here. It's a long string.
# If the license is not set or empty, many tasks will be skipped, resulting in
# a non-working Terraform Enterprise instance. Not setting a license can help
# with testing.
tfe_license: ""

# Configure a hostname, used to redirect HTTP(S) requests.
tfe_hostname: "tfe.example.com"

# An encryption password for the TFE application.
tfe_encryption_password: "S0meP@ssword"

# A list of CIDR notated subnets that are allowed to create an "Initial Admin
# Token".
tfe_iact_subnets: []
#   - "10.0.0.0/8"
#   - "192.168.0.0/24"

# The following variables are used to configure the TLS certificate and key for
# the web interface of Terraform Enterprise. The certificate and key should be
# placed in the `files` directory of your playbook.
#
# You can create a self-signed certificate with the following command:
#
# openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem \
# -sha256 -days 365
# cp cert.pem bundle.pem
tfe_tls_certificate: "cert.pem"
tfe_tls_key: "key.pem"
tfe_tls_bundle: "bundle.pem"

# You can set the operational mode to either: "disk", "external" or "active-active".
tfe_operational_mode: "active-active"

# Maximum number of Terraform runs that can execute concurrently on each Terraform Enterprise node.
tfe_capacity_concurrency: 10

# Enable log forwarding by setting a path.
# The file (basename) will originate from this Ansible role, unless you have
# a custom file in your `files/` directory of your playbook directory.
# tfe_log_forwarding_config_path: /etc/terraform-enterprise/fluent-bit/fluent-bit.conf

# Details on the database host. This host should already exist, this role
# does not create a database.
# These variables are required when `tfe_operational_mode` is set to `active-active` or `external`.
tfe_database_host: "tfe.RaNdOm.eu-west-1.rds.amazonaws.com"
tfe_database_user: "tfe"
tfe_database_password: "my_pass_c0mpl.x"
tfe_database_name: "tfe"
tfe_database_parameters: "sslmode=disable"

# Detail on the object storage. This role does not create the bucket.
# These variables are required when `tfe_operational_mode` is set to `active-active` or `external`.
tfe_object_storage_s3_endpoint: ""
tfe_object_storage_s3_use_instance_profile: false
tfe_object_storage_s3_bucket: "SomeBucketName"
tfe_object_storage_s3_access_key_id: ""
tfe_object_storage_s3_secret_access_key: ""
tfe_object_storage_s3_region: "eu-west-1"

# Details on the Redis host. This host should already exist, this role
# does not create a Redis instance.
# These variables are required when `tfe_operational_mode` is set to `active-active`.
tfe_redis_host: "tfe.RaNdOm.0001.euw1.cache.amazonaws.com"
tfe_redis_user: "tfe"
tfe_redis_password: "my_pass_c0mpl.x"
tfe_redis_use_tls: false
tfe_redis_use_auth: false

# The internal Vault requires an internal address of the node.
tfe_vault_cluster_address: "https://{{ ansible_default_ipv4.address }}:8201"

Requirements

pip packages listed in requirements.txt.

State of used roles

The following roles are used to prepare a system. You can prepare your system in another way.

Requirement	GitHub	GitLab
robertdebock.bootstrap
robertdebock.core_dependencies
robertdebock.docker_ce
robertdebock.docker_compose

Context

This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.

Here is an overview of related roles:

Compatibility

This role has been tested on these container images:

container	tags
Debian	bullseye
EL	8, 9
Fedora	38, 39
Ubuntu	all

The minimum version of Ansible required is 2.12, tests have been done to:

The previous version.
The current version.
The development version.

If you find issues, please register them in GitHub.

License

Apache-2.0.

Author Information

robertdebock

Please consider sponsoring me.

Name		Name	Last commit message	Last commit date
Latest commit History 40 Commits
.github		.github
defaults		defaults
files		files
handlers		handlers
meta		meta
molecule/default		molecule/default
tasks		tasks
templates		templates
.ansible-lint		.ansible-lint
.gitignore		.gitignore
.gitlab-ci.yml		.gitlab-ci.yml
.pre-commit-config.yaml		.pre-commit-config.yaml
.yamllint		.yamllint
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
README.md		README.md
SECURITY.md		SECURITY.md
requirements.txt		requirements.txt
requirements.yml		requirements.yml
tox.ini		tox.ini

License

robertdebock/ansible-role-tfe

Folders and files

Latest commit

History

Repository files navigation

About

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Sponsor this project

Languages