PyTerraBackTYL Installation¶
Install PyTerraBackTYL:¶
- SSH to the host you intend to run the PyTerraBackTYL service on.
- e.g.
ssh user@linuxhost
- e.g.
- Check if
python3
is installed. - e.g.
whereis python3
- e.g.
- Check if
- Install Python 3.x if needed
- RedHat/CentOS (detailed instructions):
- Install yum utils:
yum install yum-utils
- Install libs/dependencies:
yum groupinstall development
- Install the Yum Repo with Python 3.x:
yum -y install https://centos7.iuscommunity.org/ius-release.rpm
- Install Python 3.x:
yum -y install python36u python36u-pip
- Install yum utils:
- Debian/Ubuntu:
- Note: This currently installs Python 3.5, PyTerraBackTYL was developed in Python 3.6.
- Update your local apt cache data: apt-get update
- Install Python 3.x:
apt-get install python3 python3-pip
- Create the directories and service account for PyTerraBackTYL:
- Create the non-privileged user that will run the PyTerraBackTYL service:
adduser tfbackendsvc
(this also creates a directory for the user in /home which you will need.) - Create the directory the PyTerrBackTYL service will run from:
mkdir /opt/pyterrabacktyl
- Create the directory the service will store Terraform states in:
mkdir /opt/pyterrabacktyl/data
- Set directory ownership:
chown -R tfbackendsvc /opt/pyterrabacktyl
- Create the non-privileged user that will run the PyTerraBackTYL service:
- Install PyTerraBackTYL and dependencies:
- Clone the PyTerraBackTYL repository:
cd /opt/pyterrabacktyl
su tfbackendsvc
git clone https://github.com/dev-dull/PyTerraBackTyl.git
- Install the required Python Libraries:
- _Note_: Depending on your OS and Python installation method, the
pip3
command may be something like,pip3.6
. - _Note_: Omit the –user flag and run as root if you want these libraries to be accessible to all users on the system.
pip3 install setuptools --user
requried to install Flask.pip3 install flask pyyaml jsonpath --user
- _Note_: Depending on your OS and Python installation method, the
Configuring PyTerraBackTYL:¶
The contents of the config.yaml
configuration file will largely depend on which backend module you choose to
to use with PyTerraBackTYL. Below are the configuration items for core PyTerraBackTYL service:
Modify config.yaml
and set the following items to the desired values.
BACKEND_SERVICE_IP: ‘127.0.0.1’
- The IP the service should listen for requests on. If you are unsure what to use here, set 0.0.0.0
BACKEND_SERVICE_PORT: 2442
- The port number the service should listen on.
BACKEND_PLUGINS_PATH: ‘backends’
- The directory where PyTerraBackTYL can find the Backend plugins.
- The value shown here means the backends subdirectory where PyTerraBackTYL is installed.
BACKEND_CLASS: ‘pyshelve_backend.PyShelveBackend’
- The file and class name of the PyTerraBackTYL plugin to use; Python will look in a file called pyshelve_backend.py for the class PyShelveBackend
POST_PROCESS_CLASSES: [‘slack_notify_post_processor.SlackNotifyPostProcessor’]
- A list where each item contains a file and class name of a PyTerraBackTYL nonpersistent plugin to use; Python will look in a file called slack_notify_post_processor.py for the class SlackNotifyPostProcessor. Set this to an empty list (i.e. []) if you do not wish to use any post-processors.
LOG_LEVEL: ‘INFO’
- The amount of information to log. Valid values are: INFO, DEBUG, WARNING, ERROR
- If an invalid value is specified, PyTerraBackTYL will default to INFO.
USE_SSL: false
- Disabled by default, this specifies if the service should use SSL (HTTPS) or not (HTTP).
- A Bash script can be found in the
ssl
subdirectory which will generate these keys.
SSL_PUBLIC_KEY: ‘ssl/public.key’
- The path and filename where the SSL public key can be found.
- The value shown here means the ssl/ subdirectory where PyTerraBackTYL is installed.
SSL_PRIVATE_KEY: ‘ssl/private.key’
- The path and filename where the SSL private key can be found.
- The value shown here means the ssl/ subdirectory where PyTerraBackTYL is installed.
HELPER_HOSTNAME_QUERY_MAP:
- Generally, this should not need to be changed.
- Contains key:value pairs where the key is the name of a Terraform provider (an exact match for what is found in a Terraform state file) and the value is a JSONPath that will return the hostnames found in a Terraform state file for that provider type.
- This configuration is used by the TYLHelpers.get_hostnames_from_tfstate function (from abc_tylstore import TYLHelpers)
Full example configuration for the PyTerraBackTYL service¶
## IP and ports to listen on. Defaults shown.
BACKEND_SERVICE_IP: '0.0.0.0'
BACKEND_SERVICE_PORT: 2442
BACKEND_PLUGINS_PATH: 'backends'
BACKEND_CLASS: 'pyshelve_backend.PyShelveBackend'
POST_PROCESS_CLASSES: [] # Remember to remove "[]" before uncommenting the below line.
# - 'slack_notify_post_processor.SlackNotifyPostProcessor'
LOG_LEVEL: 'DEBUG' # INFO, DEBUG, WARNING, ERROR
# openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout private.key -out public.key -passout "pass:"
USE_SSL: false # Disabled by default -- generate SSL key pair then set this to 'true'
SSL_PUBLIC_KEY: 'ssl/public.key' # The path and filename of the public SSL key -- 'ssl/' is a subdirectory where PyTerraBackTYL is installed.
SSL_PRIVATE_KEY: 'ssl/private.key' # The path and file name of the private SSL key.
# Key:Value pairs where the key matches a Terraform provider, and key is a jsonPath to fetch hostnames from the terraform state
HELPER_HOSTNAME_QUERY_MAP:
digitalocean_droplet: 'modules[*].resources.*.primary.attributes.name'
vsphere_virtual_machine: '$.modules[*].resources.[?(@.type == "vsphere_virtual_machine")].primary[?(@.memory != 0)].name'