Skip to content
Snippets Groups Projects
Verified Commit 3a0dc5f7 authored by Rafael László's avatar Rafael László :speech_balloon:
Browse files

Remove old terraform config

parent acd2c734
No related branches found
No related tags found
No related merge requests found
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
# Exclude all .tfvars files, which are likely to contain sentitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
#
*.tfvars
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
#
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files
.terraformrc
terraform.rc
.idea
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/template" {
version = "2.2.0"
constraints = "2.2.0"
hashes = [
"h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
"zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
"zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
"zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
"zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
"zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
"zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
"zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
"zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
"zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
"zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
]
}
provider "registry.terraform.io/hashicorp/vsphere" {
version = "2.0.2"
constraints = "2.0.2"
hashes = [
"h1:/9qlE9Ni7mhl3cTHLhmYg1AFuyBnXqie53Q5Ujor6oU=",
"zh:0b72856d2a89b118adf64dcfc75a0b0f7d8875e9872c637a9a0549d4a3dd9383",
"zh:2cf50f17464feeac60039f4d36656835895260798d4d9167a1ff2d4e1e464dce",
"zh:39d5f1c99bd4024d88b95892711f234afeb2b83700cdbd3df68a60c6b3bb0ac7",
"zh:551b68f91f5eefa4daee4d826d27d2bc10236e0642fdafd066604884b2a06816",
"zh:8454b5e7dbbf0300bbab1ecd73c12511cf35c0c493ad18e31742d58798e11026",
"zh:84a8233a60240e0020de513668a20d015a7fbc760ad6ab639d52e6ddabfa3376",
"zh:95574b7f092e77f9c629770b802d1635903f14d8d88d3828a96f58ca072876a5",
"zh:a262c779c112e4d6ac47152d6c6303308180dfd4d5929b980cf24707ca9218e9",
"zh:c7622cfa8bab6a6f122c0ab3d4767ecf0f52ccf32d64020aa4e9581f91da5586",
"zh:e01cfc79d21c7151c97047afdc79dfe7bf37c0063908829200480a03359e4c2e",
"zh:f64c3f283c31477886c3d16592426dbefa2cab55f2885cb3351cef094ad898a0",
]
}
#!/bin/bash
BASEDIR=$(dirname "$0")
if ! [ -f "$BASEDIR/secret/login.sh" ]; then
echo "Please create the login.sh file!"
exit 0
fi
source $BASEDIR/secret/login.sh
if [ -d "$BASEDIR/.terraform" ]; then
echo ".terraform folder exists."
else
terraform init \
-backend-config="address=https://git.sch.bme.hu/api/v4/projects/${GITLAB_PROJECT_ID}/terraform/state/${GITLAB_STATE_NAME}" \
-backend-config="lock_address=https://git.sch.bme.hu/api/v4/projects/${GITLAB_PROJECT_ID}/terraform/state/${GITLAB_STATE_NAME}/lock" \
-backend-config="unlock_address=https://git.sch.bme.hu/api/v4/projects/${GITLAB_PROJECT_ID}/terraform/state/${GITLAB_STATE_NAME}/lock" \
-backend-config="username=${GITLAB_USER}" \
-backend-config="password=${GITLAB_REPO_TOKEN}" \
-backend-config="lock_method=POST" \
-backend-config="unlock_method=DELETE" \
-backend-config="retry_wait_min=5" \
-reconfigure
fi
echo "Environment has been set up."
# to stay in our comfy virtualenv
exec "${SHELL:bash}"
\ No newline at end of file
#cloud-config
write_files:
- content: |
network:
version: 2
renderer: networkd
ethernets:
wan:
optional: false
match:
macaddress: 00:50:56:a8:cf:aa
set-name: wan0
dhcp4: true
path: /etc/netplan/50-cloud-init.yaml
- content: |
Protocol 2
Port 10022
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
MaxAuthTries 6
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
UsePAM yes
AllowAgentForwarding yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
AllowUsers ubuntu
path: /etc/ssh/sshd_config
runcmd:
- "netplan apply"
- "systemctl restart ssh"
# Fix slow sudo, because it tries to dns lookup the hostname first
- echo "127.0.1.1 $(hostname)" >> /etc/hosts
# Disable floppy
- echo "blacklist floppy" | sudo tee /etc/modprobe.d/blacklist-floppy.conf
- rmmod floppy || true
- update-initramfs -u
\ No newline at end of file
terraform {
required_providers {
vsphere = {
source = "hashicorp/vsphere"
version = "2.0.2"
}
template = {
source = "hashicorp/template"
version = "2.2.0"
}
}
backend "http" {
}
}
# Vsphere provider config
variable "vsphere_user" {
description = "Administrator user"
type = string
sensitive = false
default = "required"
}
variable "vsphere_password" {
description = "Administrator password"
type = string
sensitive = true
default = "required"
}
provider "vsphere" {
user = var.vsphere_user
password = var.vsphere_password
vsphere_server = "horizont.sch.bme.hu"
allow_unverified_ssl = true
}
data "vsphere_datacenter" "dc" {
name = "SCH"
}
data "vsphere_compute_cluster" "SCH-Cluster-01" {
name = "SCH-Cluster-01"
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_resource_pool" "kubernetes" {
name = "Kubernetes"
datacenter_id = data.vsphere_datacenter.dc.id
}
# * Templates
data "vsphere_virtual_machine" "ubuntu2004-cloud-init" {
name = "ubuntu2004-cloud-init"
datacenter_id = data.vsphere_datacenter.dc.id
}
# * Datastores
data "vsphere_datastore_cluster" "SCH-Cluster-FujiStorage" {
name = "SCH-Cluster-FujiStorage"
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_datastore" "Memory-Blitzkrieg" {
name = "Memory-Blitzkrieg"
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_datastore" "Memory-Storage" {
name = "Memory-Storage"
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_datastore" "N1_SSD-01" {
name = "N1_SSD-01"
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_datastore" "N2_SSD-01" {
name = "N2_SSD-01"
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_datastore" "N3_SSD-01" {
name = "N3_SSD-01"
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_datastore" "N4_SSD-01" {
name = "N4_SSD-01"
datacenter_id = data.vsphere_datacenter.dc.id
}
# * Network
data "vsphere_network" "dvPG-208-Szerver" {
name = "dvPG-208-Szerver"
datacenter_id = data.vsphere_datacenter.dc.id
}
locals {
vm_map = {
harbor = {
num_cpus = 2
memory = 2048
template_uuid = data.vsphere_virtual_machine.ubuntu2004-cloud-init.id
datastore_cluster_id = data.vsphere_datastore_cluster.SCH-Cluster-FujiStorage.id
vapp_properties = {
public-keys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpH+TNAwcmxYc5cVctH04wUU83Pba6s/AkKXOnhDn+m rlacko@zen"
user-data = base64encode(file("${path.module}/cloud-init/harbor.yaml"))
}
disk_map = {
0 = { size = 80 }
}
network_interface_map = {
01 = {
id = data.vsphere_network.dvPG-208-Szerver.id
mac_address = "00:50:56:a8:cf:aa"
}
}
}
}
}
resource "vsphere_virtual_machine" "vm" {
for_each = { for k, v in local.vm_map : k => v }
name = each.key
resource_pool_id = data.vsphere_resource_pool.kubernetes.id
guest_id = try(each.value.guest_id, "ubuntu64Guest")
num_cpus = try(each.value.num_cpus, 1)
memory = try(each.value.memory, 1024)
firmware = try(each.value.firmware, "efi")
folder = "KSZK/sysadmin/k8s"
wait_for_guest_net_timeout = try(each.value.wait_for_guest_net_timeout, 0)
wait_for_guest_ip_timeout = try(each.value.wait_for_guest_ip_timeout, 0)
sync_time_with_host = true
sync_time_with_host_periodically = false
datastore_cluster_id = try(each.value.datastore_cluster_id, null)
datastore_id = try(each.value.datastore_id, null)
dynamic "clone" {
for_each = can(each.value.template_uuid) ? [1] : []
content {
template_uuid = each.value.template_uuid
}
}
dynamic "vapp" {
for_each = can(each.value.template_uuid) ? [1] : []
content {
properties = {
public-keys = each.value.vapp_properties.public-keys
hostname = try(each.value.vapp_properties.hostname, each.key)
instance-id = try(each.value.vapp_properties.instance-id, each.key)
password = try(each.value.vapp_properties.password, null)
user-data = try(each.value.vapp_properties.user-data, null)
}
}
}
dynamic "network_interface" {
for_each = each.value.network_interface_map
content {
network_id = network_interface.value.id
use_static_mac = can(network_interface.value.mac_address)
mac_address = try(network_interface.value.mac_address, null)
}
}
dynamic "disk" {
for_each = each.value.disk_map
content {
thin_provisioned = false
label = "disk${tostring(disk.key)}"
size = disk.value.size
unit_number = tonumber(disk.key)
}
}
dynamic "cdrom" {
for_each = can(each.value.template_uuid) ? [1] : []
content {
client_device = true
}
}
}
login.sh
\ No newline at end of file
#!/bin/bash
# Gitlab Project ID, this will be used as state store
export GITLAB_PROJECT_ID="0"
# If you want to rename the terraform state name, feel free.
export GITLAB_STATE_NAME="state"
# GitLab username
export GITLAB_USER="user"
# Access token with API Acces to the repo
export GITLAB_REPO_TOKEN="acces token"
# vSphere Username
export TF_VAR_vsphere_user="username"
# vSphere Password
export TF_VAR_vsphere_password="pw"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment