Patrick de Ruiter
eaab76901a
All checks were successful
Code Quality & Security Scan / TFLint (push) Successful in 20s
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 26s
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 40s
Code Quality & Security Scan / Terraform Validate (push) Successful in 30s
Code Quality & Security Scan / SonarQube Scan (push) Successful in 43s
Code Quality & Security Scan / Terraform Plan (push) Successful in 1m16s
Code Quality & Security Scan / Terraform Apply (push) Successful in 3m27s
Updated Docker provider configuration: - Changed from tcp://192.168.2.170:2376 to ssh://ansible@wbyc-srv-docker01.bsdserver.lan:22 - Added ssh_opts with path to SSH key and StrictHostKeyChecking=no - Removed cert_path configuration (not needed for SSH) This matches the working configuration from terraform-docker-eda module and uses the SSH key retrieved from Vault via setup-ssh.sh script.
53 lines
1.3 KiB
HCL
53 lines
1.3 KiB
HCL
terraform {
|
|
required_version = ">= 1.5.0"
|
|
|
|
required_providers {
|
|
docker = {
|
|
source = "kreuzwerker/docker"
|
|
version = "~> 3.0"
|
|
}
|
|
vault = {
|
|
source = "hashicorp/vault"
|
|
version = "~> 3.25"
|
|
}
|
|
dns = {
|
|
source = "hashicorp/dns"
|
|
version = "~> 3.4"
|
|
}
|
|
}
|
|
}
|
|
|
|
# Configure the DNS Provider
|
|
provider "dns" {
|
|
update {
|
|
server = data.vault_generic_secret.dns.data["dns_server"]
|
|
key_name = data.vault_generic_secret.dns.data["key_name"]
|
|
key_algorithm = data.vault_generic_secret.dns.data["key_algorithm"]
|
|
key_secret = data.vault_generic_secret.dns.data["key_secret"]
|
|
}
|
|
}
|
|
|
|
# Configure the Docker Provider
|
|
provider "docker" {
|
|
host = "ssh://ansible@wbyc-srv-docker01.bsdserver.lan:22"
|
|
|
|
ssh_opts = ["-i", "${path.module}/.ssh/id_rsa", "-o", "StrictHostKeyChecking=no"]
|
|
}
|
|
|
|
# Configure the Vault Provider
|
|
provider "vault" {
|
|
address = "https://wbyc-srv-docker01.bsdserver.lan:8200"
|
|
|
|
# Skip TLS verification for self-signed certificates in CI/CD
|
|
# Set VAULT_SKIP_VERIFY=true environment variable in pipeline
|
|
skip_tls_verify = tobool(coalesce(try(var.vault_skip_tls_verify, null), false))
|
|
|
|
auth_login {
|
|
path = "auth/approle/login"
|
|
parameters = {
|
|
role_id = var.role_id
|
|
secret_id = var.secret_id
|
|
}
|
|
}
|
|
}
|