Added ansible for build container, remove require build container in module.tf once the build is over, reapply to destroy the build container once the file is extracted.

Author: MOBergeron

ctf/deploy.py

@@ -20,6 +20,7 @@
     get_all_available_tracks,
     get_terraform_tracks_from_modules,
     parse_track_yaml,
+    remove_tracks_from_terraform_modules,
     terraform_binary,
     validate_track_can_be_deployed,
 )
@@ -76,9 +77,7 @@ def deploy(
         distinct_tracks = tmp_tracks
 
         add_tracks_to_terraform_modules(
-            tracks=distinct_tracks - get_terraform_tracks_from_modules(),
-            remote=remote,
-            production=production,
+            tracks=distinct_tracks - get_terraform_tracks_from_modules()
         )
     else:
         # Run generate first.
@@ -137,10 +136,70 @@ def deploy(
 
     for track in distinct_tracks:
         if track.require_build_container:
-            # TODO: Ansible build containers here
-            
-            # TODO: Set the "build_container" OpenTofu variable to false in module.tf
-            pass
+            run_ansible_playbook(
+                remote=remote,
+                production=production,
+                track=track.name,
+                path=os.path.join(
+                    find_ctf_root_directory(), "challenges", track.name, "ansible"
+                ),
+                playbook="build.yaml",
+                execute_common=False,
+            )
+
+            remove_tracks_from_terraform_modules(
+                {track}, remote=remote, production=production
+            )
+            add_tracks_to_terraform_modules(
+                {
+                    Track(
+                        name=track.name,
+                        remote=track.remote,
+                        production=track.production,
+                        require_build_container=False,
+                    )
+                }
+            )
+
+            try:
+                subprocess.run(
+                    args=[terraform_binary(), "apply", "-auto-approve"],
+                    cwd=os.path.join(find_ctf_root_directory(), ".deploy"),
+                    check=True,
+                )
+            except subprocess.CalledProcessError:
+                LOG.warning(
+                    f"The project could not deploy due to instable state. It is often due to CTRL+C while deploying as {os.path.basename(terraform_binary())} was not able to save the state of each object created."
+                )
+
+                if (
+                    input("Do you want to clean and start over? [Y/n] ").lower() or "y"
+                ) != "y":
+                    exit(code=1)
+
+                force = True
+                destroy(
+                    tracks=tracks, production=production, remote=remote, force=force
+                )
+
+                distinct_tracks = generate(
+                    tracks=tracks, production=production, remote=remote
+                )
+
+                subprocess.run(
+                    args=[terraform_binary(), "apply", "-auto-approve"],
+                    cwd=os.path.join(find_ctf_root_directory(), ".deploy"),
+                    check=True,
+                )
+            except KeyboardInterrupt:
+                LOG.warning(
+                    "CTRL+C was detected during Terraform deployment. Destroying everything..."
+                )
+                force = True
+                destroy(
+                    tracks=tracks, production=production, remote=remote, force=force
+                )
+                exit(code=0)
 
         if not os.path.exists(
             path=(
@@ -244,31 +303,39 @@ def deploy(
             )
 
 
-def run_ansible_playbook(remote: str, production: bool, track: str, path: str) -> None:
+def run_ansible_playbook(
+    remote: str,
+    production: bool,
+    track: str,
+    path: str,
+    playbook: str = "deploy.yaml",
+    execute_common: bool = True,
+) -> None:
     extra_args = []
     if remote:
         extra_args += ["-e", f"ansible_incus_remote={remote}"]
 
     if production:
         extra_args += ["-e", "nsec_production=true"]
 
-    LOG.info(msg=f"Running common yaml with ansible for track {track}...")
-    ansible_args = [
-        "ansible-playbook",
-        os.path.join("..", "..", "..", ".deploy", "common.yaml"),
-        "-i",
-        "inventory",
-    ] + extra_args
-    subprocess.run(
-        args=ansible_args,
-        cwd=path,
-        check=True,
-    )
+    if execute_common:
+        LOG.info(msg=f"Running common yaml with ansible for track {track}...")
+        ansible_args = [
+            "ansible-playbook",
+            os.path.join("..", "..", "..", ".deploy", "common.yaml"),
+            "-i",
+            "inventory",
+        ] + extra_args
+        subprocess.run(
+            args=ansible_args,
+            cwd=path,
+            check=True,
+        )
 
-    LOG.info(msg=f"Running deploy.yaml with ansible for track {track}...")
+    LOG.info(msg=f"Running {playbook} with ansible for track {track}...")
     ansible_args = [
         "ansible-playbook",
-        "deploy.yaml",
+        playbook,
         "-i",
         "inventory",
     ] + extra_args

ctf/destroy.py

@@ -117,7 +117,9 @@ def destroy(
             *(
                 []  # If every track needs to be destroyed, destroy everything including the network zone as well.
                 if total_deployed_tracks == len(terraform_tracks)
-                else [f"-target=module.track-{track.name}" for track in terraform_tracks]
+                else [
+                    f"-target=module.track-{track.name}" for track in terraform_tracks
+                ]
             ),
         ],
         cwd=os.path.join(find_ctf_root_directory(), ".deploy"),
@@ -176,7 +178,9 @@ def destroy(
                 )
 
         if (tmp_module_name := module.name[0:15]) in networks:
-            LOG.warning(msg=f"The network {tmp_module_name} was not destroyed properly.")
+            LOG.warning(
+                msg=f"The network {tmp_module_name} was not destroyed properly."
+            )
             if (
                 force
                 or (input("Do you want to destroy it? [Y/n] ").lower() or "y") == "y"
@@ -191,7 +195,9 @@ def destroy(
         if (tmp_module := module) in network_acls or (
             tmp_module := f"{module.name}-default"
         ) in network_acls:
-            LOG.warning(msg=f"The network ACL {tmp_module.name} was not destroyed properly.")
+            LOG.warning(
+                msg=f"The network ACL {tmp_module.name} was not destroyed properly."
+            )
             if (
                 force
                 or (input("Do you want to destroy it? [Y/n] ").lower() or "y") == "y"

ctf/generate.py

@@ -69,11 +69,7 @@ def generate(
             )
         distinct_tracks = tmp_tracks
 
-        add_tracks_to_terraform_modules(
-            tracks=distinct_tracks,
-            remote=remote,
-            production=production,
-        )
+        add_tracks_to_terraform_modules(tracks=distinct_tracks)
 
         for track in distinct_tracks:
             relpath = os.path.relpath(

ctf/utils.py

@@ -93,9 +93,7 @@ def validate_track_can_be_deployed(track: Track) -> bool:
     )
 
 
-def add_tracks_to_terraform_modules(
-    tracks: set[Track], remote: str, production: bool = False
-):
+def add_tracks_to_terraform_modules(tracks: set[Track]):
     with open(
         file=os.path.join(find_ctf_root_directory(), ".deploy", "modules.tf"), mode="a"
     ) as fd:
@@ -105,16 +103,9 @@ def add_tracks_to_terraform_modules(
                     {% for track in tracks %}
                     module "track-{{ track.name }}" {
                       source = "../challenges/{{ track.name }}/terraform"
-
                       build_container = {{ 'true' if track.require_build_container else 'false' }}
-
-                    {% if track.production %}
-                      deploy = "production"
-                    {% endif %}
-                    {% if track.remote %}
-                      incus_remote = "{{ track.remote }}"
-                    {% endif %}
-
+                      {% if track.production %}deploy = "production"{% endif %}
+                      {% if track.remote %}incus_remote = "{{ track.remote }}"{% endif %}
                       depends_on = [module.common]
                     }
                     {% endfor %}
@@ -124,9 +115,6 @@ def add_tracks_to_terraform_modules(
         fd.write(
             template.render(
                 tracks=tracks - get_terraform_tracks_from_modules(),
-                build_container=True,  # build_container,
-                production=production,
-                remote=remote,
             )
         )
 
@@ -140,12 +128,8 @@ def create_terraform_modules_file(remote: str, production: bool = False):
                 text="""\
                     module "common" {
                       source = "./common"
-                    {% if production %}
-                      deploy = "production"
-                    {% endif %}
-                    {% if remote %}
-                      incus_remote = "{{ remote }}"
-                    {% endif %}
+                      {% if production %}deploy = "production"{% endif %}
+                      {% if remote %}incus_remote = "{{ remote }}"{% endif %}
                     }
                     """
             )
@@ -212,9 +196,7 @@ def remove_tracks_from_terraform_modules(
     current_tracks = get_terraform_tracks_from_modules()
 
     create_terraform_modules_file(remote=remote, production=production)
-    add_tracks_to_terraform_modules(
-        tracks=(current_tracks - tracks), remote=remote, production=production
-    )
+    add_tracks_to_terraform_modules(tracks=(current_tracks - tracks))
 
 
 def get_all_file_paths_recursively(path: str) -> Generator[str, None, None]: