From e43ec87a498e77a61f99b83deedcfa4598c025ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20L=C3=A1szl=C3=B3?= <rlacko99@gmail.com>
Date: Sun, 18 Jul 2021 20:29:35 +0200
Subject: [PATCH] Router Terraform config
---
terraform/.gitignore | 3 +
terraform/.terraform.lock.hcl | 53 -------------
terraform/env.sh | 1 +
terraform/init.sh | 17 +++++
terraform/main.tf | 112 ++--------------------------
terraform/router.tf | 35 +++++++++
terraform/secret/env.tfvars.example | 1 +
terraform/secret/login.sh.example | 4 +
8 files changed, 66 insertions(+), 160 deletions(-)
create mode 100755 terraform/env.sh
create mode 100755 terraform/init.sh
create mode 100644 terraform/router.tf
create mode 100644 terraform/secret/env.tfvars.example
create mode 100644 terraform/secret/login.sh.example
diff --git a/terraform/.gitignore b/terraform/.gitignore
index beb38d8..adb896d 100644
--- a/terraform/.gitignore
+++ b/terraform/.gitignore
@@ -32,3 +32,6 @@ override.tf.json
# Ignore CLI configuration files
.terraformrc
terraform.rc
+
+# Secrets
+secret/**/*
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index 1cd9ca8..f803b20 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -1,59 +1,6 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
-provider "registry.terraform.io/hashicorp/local" {
- version = "2.1.0"
- hashes = [
- "h1:EYZdckuGU3n6APs97nS2LxZm3dDtGqyM4qaIvsmac8o=",
- "zh:0f1ec65101fa35050978d483d6e8916664b7556800348456ff3d09454ac1eae2",
- "zh:36e42ac19f5d68467aacf07e6adcf83c7486f2e5b5f4339e9671f68525fc87ab",
- "zh:6db9db2a1819e77b1642ec3b5e95042b202aee8151a0256d289f2e141bf3ceb3",
- "zh:719dfd97bb9ddce99f7d741260b8ece2682b363735c764cac83303f02386075a",
- "zh:7598bb86e0378fd97eaa04638c1a4c75f960f62f69d3662e6d80ffa5a89847fe",
- "zh:ad0a188b52517fec9eca393f1e2c9daea362b33ae2eb38a857b6b09949a727c1",
- "zh:c46846c8df66a13fee6eff7dc5d528a7f868ae0dcf92d79deaac73cc297ed20c",
- "zh:dc1a20a2eec12095d04bf6da5321f535351a594a636912361db20eb2a707ccc4",
- "zh:e57ab4771a9d999401f6badd8b018558357d3cbdf3d33cc0c4f83e818ca8e94b",
- "zh:ebdcde208072b4b0f8d305ebf2bfdc62c926e0717599dcf8ec2fd8c5845031c3",
- "zh:ef34c52b68933bedd0868a13ccfd59ff1c820f299760b3c02e008dc95e2ece91",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/null" {
- version = "3.1.0"
- hashes = [
- "h1:vpC6bgUQoJ0znqIKVFevOdq+YQw42bRq0u+H3nto8nA=",
- "zh:02a1675fd8de126a00460942aaae242e65ca3380b5bb192e8773ef3da9073fd2",
- "zh:53e30545ff8926a8e30ad30648991ca8b93b6fa496272cd23b26763c8ee84515",
- "zh:5f9200bf708913621d0f6514179d89700e9aa3097c77dac730e8ba6e5901d521",
- "zh:9ebf4d9704faba06b3ec7242c773c0fbfe12d62db7d00356d4f55385fc69bfb2",
- "zh:a6576c81adc70326e4e1c999c04ad9ca37113a6e925aefab4765e5a5198efa7e",
- "zh:a8a42d13346347aff6c63a37cda9b2c6aa5cc384a55b2fe6d6adfa390e609c53",
- "zh:c797744d08a5307d50210e0454f91ca4d1c7621c68740441cf4579390452321d",
- "zh:cecb6a304046df34c11229f20a80b24b1603960b794d68361a67c5efe58e62b8",
- "zh:e1371aa1e502000d9974cfaff5be4cfa02f47b17400005a16f14d2ef30dc2a70",
- "zh:fc39cc1fe71234a0b0369d5c5c7f876c71b956d23d7d6f518289737a001ba69b",
- "zh:fea4227271ebf7d9e2b61b89ce2328c7262acd9fd190e1fd6d15a591abfa848e",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/template" {
- version = "2.2.0"
- hashes = [
- "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
- "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
- "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
- "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
- "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
- "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
- "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
- "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
- "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
- "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
- "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
- ]
-}
-
provider "registry.terraform.io/telmate/proxmox" {
version = "2.7.1"
constraints = "2.7.1"
diff --git a/terraform/env.sh b/terraform/env.sh
new file mode 100755
index 0000000..d25564e
--- /dev/null
+++ b/terraform/env.sh
@@ -0,0 +1 @@
+source secret/login.sh
diff --git a/terraform/init.sh b/terraform/init.sh
new file mode 100755
index 0000000..3e00303
--- /dev/null
+++ b/terraform/init.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+source secret/login.sh
+
+PROJ_ID="3419"
+STATE_NAME="maze"
+
+terraform init \
+ -backend-config="address=https://git.sch.bme.hu/api/v4/projects/${PROJ_ID}/terraform/state/${STATE_NAME}" \
+ -backend-config="lock_address=https://git.sch.bme.hu/api/v4/projects/${PROJ_ID}/terraform/state/${STATE_NAME}/lock" \
+ -backend-config="unlock_address=https://git.sch.bme.hu/api/v4/projects/${PROJ_ID}/terraform/state/${STATE_NAME}/lock" \
+ -backend-config="username=${GITLAB_USER}" \
+ -backend-config="password=${GITLAB_REPO_PAT}" \
+ -backend-config="lock_method=POST" \
+ -backend-config="unlock_method=DELETE" \
+ -backend-config="retry_wait_min=5" \
+ -reconfigure
diff --git a/terraform/main.tf b/terraform/main.tf
index b587252..8dd01af 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -5,6 +5,8 @@ terraform {
version = "2.7.1"
}
}
+ backend "http" {
+ }
}
provider "proxmox" {
@@ -12,112 +14,8 @@ provider "proxmox" {
pm_tls_insecure = true
}
-resource "proxmox_lxc" "k8s-mgmt" {
- target_node = "maze"
- hostname = "k8s-mgmt"
- ostemplate = "local:vztmpl/ubuntu-20.04-standard_20.04-1_amd64.tar.gz"
- password = "F4AnvE8VpTVfW5"
- vmid = 101
- start = true
-
- ssh_public_keys = <<EOF
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXuXr/Mz1ENkvZ+Ntc9dF1r8VK62XaZtsMaV7N+CMZ8 rlacko@personal
+locals {
+ ssh_keys = <<EOF
+ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXuXr/Mz1ENkvZ+Ntc9dF1r8VK62XaZtsMaV7N+CMZ8 rlacko
EOF
-
- rootfs {
- storage = "ssd"
- size = "16G"
- }
-
- network {
- name = "eth0"
- bridge = "vmbr0"
- ip = "192.168.96.101/22"
- gw = "192.168.99.254"
- }
}
-
-variable "vms" {
- description = "Map of K8S VM definitions."
- type = map
- default = {
- nfs = {
- vmid = 102,
- storage_size = "50G",
- cores = 2,
- memory = 2048
- },
- k8s-master-01 = {
- vmid = 111,
- storage_size = "16G",
- cores = 4,
- memory = 6000
- },
- # k8s-master-02 = {
- # vmid = 112,
- # storage_size = "16G",
- # cores = 4,
- # memory = 4096
- # },
- # k8s-master-03 = {
- # vmid = 113,
- # storage_size = "16G",
- # cores = 4,
- # memory = 4096
- # },
- k8s-worker-01 = {
- vmid = 121,
- storage_size = "16G",
- cores = 4,
- memory = 8192
- },
- k8s-worker-02 = {
- vmid = 122,
- storage_size = "16G",
- cores = 4,
- memory = 8192
- },
- k8s-worker-03 = {
- vmid = 123,
- storage_size = "16G",
- cores = 4,
- memory = 8192
- },
- }
-}
-
-resource "proxmox_vm_qemu" "vms" {
- for_each = var.vms
-
- name = "${each.key}"
- desc = "Terraform managed vm"
- vmid = each.value.vmid
-
- target_node = "maze"
-
- clone = "ubuntu-20.04-cloudimg"
-
- agent = 1
-
- cores = each.value.cores
- sockets = 1
- vcpus = 0
- memory = each.value.memory
-
- disk {
- size = each.value.storage_size
- type = "virtio"
- storage = "ssd"
- }
-
- network {
- model = "virtio"
- bridge = "vmbr0"
- }
-
- ipconfig0 = "ip=192.168.96.${each.value.vmid}/22,gw=192.168.99.254"
-
- sshkeys = <<EOF
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXuXr/Mz1ENkvZ+Ntc9dF1r8VK62XaZtsMaV7N+CMZ8 rlacko@personal
- EOF
-}
\ No newline at end of file
diff --git a/terraform/router.tf b/terraform/router.tf
new file mode 100644
index 0000000..bb76beb
--- /dev/null
+++ b/terraform/router.tf
@@ -0,0 +1,35 @@
+variable "router_password" {
+ type = string
+}
+
+resource "proxmox_lxc" "router" {
+ target_node = "maze"
+ hostname = "router"
+ ostemplate = "local:vztmpl/ubuntu-20.04-standard_20.04-1_amd64.tar.gz"
+ password = var.router_password
+ vmid = 9254
+ start = true
+ memory = 4096
+ cores = 4
+
+ ssh_public_keys = local.ssh_keys
+
+ rootfs {
+ storage = "ssd"
+ size = "8G"
+ }
+
+ network {
+ name = "eth0"
+ bridge = "vmbr211"
+ ip = "152.66.211.122/24"
+ gw = "152.66.211.254"
+ }
+
+ network {
+ name = "eth1"
+ bridge = "vmbr0"
+ ip = "192.168.99.254/22"
+ ip6 = "fd00::9:254/96"
+ }
+}
diff --git a/terraform/secret/env.tfvars.example b/terraform/secret/env.tfvars.example
new file mode 100644
index 0000000..403b3b7
--- /dev/null
+++ b/terraform/secret/env.tfvars.example
@@ -0,0 +1 @@
+router_password=""
diff --git a/terraform/secret/login.sh.example b/terraform/secret/login.sh.example
new file mode 100644
index 0000000..e590c82
--- /dev/null
+++ b/terraform/secret/login.sh.example
@@ -0,0 +1,4 @@
+export GITLAB_USER=""
+export GITLAB_REPO_PAT=""
+export PM_USER=""
+export PM_PASS=""
\ No newline at end of file
--
GitLab