This contains all of the Terraform bits for hosted Travis CI
This is what allows us to manage our cloud environments from a central place,
and change them over time. It should be possible to bring up (or re-create) a
complete environment with a few
In production. Patches welcome. Please review the code of conduct.
Terraform manages pretty much everything that is not running on Heroku, and even a little bit of some of what is running on Heroku. We use terraform to manage our main cloud environments as well as some other services:
- Amazon Web Services
- Google Cloud Platform
- terraform 0.9.0+
trvs, a Travis CI tool shrouded in mystery, along with access to secret secrets for making secret stuff
- Ruby 2.2 or higher (to make sure trvs functions correctly)
- Clone this repo
- Make sure
trvsis installed and added to your
$PATH. (You can try running
trvs generate-config -H travis-scheduler-prodto check)
- Set all required environment variables (see the list below). This can achieved
by doing something like:
- Manually sourcing an
- Using autoenv
- Fetching values from your own pass vault
- Manually sourcing an
Required environment variables
TRAVIS_KEYCHAIN_DIR- should be the parent directory of your keychain repos
MacStadium & GCE access creds are shared and come from keychain, not personal accounts, so there are no infrastructure-specific access keys for them.
$TF_VAR_ssh_user isn't needed for AWS and can just be set to
$USER, if your
local username and your SSH username are the same. If you have an SSH key
passphrase, consider starting
ssh-agent and doing
See http://rabexc.org/posts/using-ssh-agent for more details.
# move into a given infrastructure directory, e.g.: cd ./gce-staging-1 # terraform plan, which will automatically configure terraform from remote and # generate config files via `trvs` make plan # if it looks OK, terraform apply make apply # as some configuration is generated and cached locally, changes to # configuration sources may require cleaning before further plan/apply make clean
make checkwill verify a few common setup requirements.
- Verify you have been added to the relevant Heroku organizations.
- Try passing the
maketo see which commands are being run.
- this will show various curl commands (e.g. heroku) which may be
-fs); try running these directly without the
-fsflags to make sure they succeed
- this will show various curl commands (e.g. heroku) which may be silenced (
terraform consolewill allow you to use an interactive console for testing interpolations and looking into the existing state.
- Terraform state errors may be due to insufficient AWS permissions. See the
.example-aws-iam-policy.jsonfor example minimum permissions.