264 lines
7.3 KiB
Terraform
264 lines
7.3 KiB
Terraform
|
terraform {
|
||
|
required_providers {
|
||
|
proxmox = {
|
||
|
source = "bpg/proxmox",
|
||
|
version = "~>0.56.1"
|
||
|
}
|
||
|
random = {
|
||
|
source = "hashicorp/random"
|
||
|
}
|
||
|
local = {
|
||
|
source = "hashicorp/local"
|
||
|
}
|
||
|
}
|
||
|
required_version = ">=1.6.2"
|
||
|
}
|
||
|
|
||
|
module "sshd" {
|
||
|
source = "../sshd"
|
||
|
address_family = "inet"
|
||
|
}
|
||
|
|
||
|
locals {
|
||
|
data_device_path = "/dev/disk/by-path/pci-0000:00:0a.0"
|
||
|
|
||
|
data_disk = {
|
||
|
device = local.data_device_path
|
||
|
partitions = [
|
||
|
{
|
||
|
label = "caddy_data"
|
||
|
number = 1
|
||
|
startMiB = 0
|
||
|
sizeMiB = 100
|
||
|
typeGuid = "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
|
||
|
resize = true
|
||
|
},
|
||
|
{
|
||
|
label = "dhcp_config"
|
||
|
number = 2
|
||
|
startMiB = 0
|
||
|
sizeMiB = 10
|
||
|
typeGuid= "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
|
||
|
resize = true
|
||
|
},
|
||
|
{
|
||
|
label = "dhcp_data"
|
||
|
number = 3
|
||
|
startMiB = 0
|
||
|
sizeMiB = 10
|
||
|
typeGuid= "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
|
||
|
resize = true
|
||
|
},
|
||
|
{
|
||
|
label = "fcos_images"
|
||
|
number = 4
|
||
|
startMiB = 0
|
||
|
sizeMiB = 8192
|
||
|
typeGuid= "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
|
||
|
resize = true
|
||
|
},
|
||
|
{
|
||
|
label = "ign_files"
|
||
|
number = 5
|
||
|
startMiB = 0
|
||
|
sizeMiB = 512
|
||
|
typeGuid= "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
|
||
|
resize = true
|
||
|
},
|
||
|
{
|
||
|
label = "ssh_keys"
|
||
|
number = 6
|
||
|
startMiB = 0
|
||
|
sizeMiB = 10
|
||
|
typeGuid= "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
|
||
|
resize = true
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
|
||
|
hostname_file = {
|
||
|
path = "/etc/hostname"
|
||
|
user = {id = 0}
|
||
|
group = {id = 0}
|
||
|
mode = 420 #0644
|
||
|
contents = {
|
||
|
source = format(
|
||
|
"data:text/plain;base64,%s",
|
||
|
base64encode(var.hostname),
|
||
|
)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
network_config_file = {
|
||
|
path = "/etc/NetworkManager/system-connections/${var.dhcp_iface}.nmconnection"
|
||
|
user = {id = 0}
|
||
|
group = {id = 0}
|
||
|
mode = 384 #0600
|
||
|
contents = {
|
||
|
source = format(
|
||
|
"data:text/plain;base64,%s",
|
||
|
base64encode(templatefile(
|
||
|
"${path.module}/files/dhcp_nmconnection.tftpl",
|
||
|
{
|
||
|
iface = var.dhcp_iface
|
||
|
ip_address = var.dhcp_server_ip_addr
|
||
|
netmask = split("/", var.dhcp_range)[1]
|
||
|
gateway = var.dhcp_gateway
|
||
|
dns_server = var.dhcp_gateway
|
||
|
}
|
||
|
))
|
||
|
)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
core_user = {
|
||
|
name = "core"
|
||
|
passwordHash = "$6$vDMAZf/yOO6mEbcs$6VE7WD8T9/PeotszMFxatOQxB/rFmLDWsNajg4sI0O47OikSuVpqPjkxRbzcueiXn6rBUY1ubCHlp0nnoZ1VI1" # password is "tititoto"; only there for debug; please remove in prod
|
||
|
sshAuthorizedKeys = [
|
||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQnLSYLGzUVmDMMGgEKCNgfAOkIuqhOMGGuvgskACum fmaury@2a01cb00142b3d00ee15f742996f2775.ipv6.abo.wanadoo.fr"
|
||
|
]
|
||
|
}
|
||
|
|
||
|
ignition_config = jsonencode({
|
||
|
ignition = {
|
||
|
version = "3.4.0"
|
||
|
}
|
||
|
storage = {
|
||
|
disks = [
|
||
|
local.data_disk,
|
||
|
]
|
||
|
filesystems = concat(
|
||
|
local.dhcp_filesystems,
|
||
|
local.caddy_filesystems,
|
||
|
local.sftp_filesystems,
|
||
|
)
|
||
|
directories = concat(
|
||
|
local.dhcp_directories,
|
||
|
local.caddy_directories,
|
||
|
local.sftp_directories,
|
||
|
)
|
||
|
files = concat(
|
||
|
[
|
||
|
local.hostname_file,
|
||
|
local.network_config_file,
|
||
|
],
|
||
|
module.sshd.files,
|
||
|
local.dhcp_files,
|
||
|
local.caddy_files,
|
||
|
local.sftp_files,
|
||
|
)
|
||
|
}
|
||
|
systemd = {
|
||
|
units = concat(
|
||
|
local.dhcp_systemd_units,
|
||
|
local.caddy_systemd_units,
|
||
|
module.sshd.systemd_units,
|
||
|
)
|
||
|
}
|
||
|
passwd = {
|
||
|
users = concat(
|
||
|
[
|
||
|
local.core_user
|
||
|
],
|
||
|
module.sshd.users,
|
||
|
)
|
||
|
groups = module.sshd.groups
|
||
|
}
|
||
|
})
|
||
|
}
|
||
|
|
||
|
resource "random_pet" "config_name" {
|
||
|
length = 4
|
||
|
}
|
||
|
|
||
|
locals {
|
||
|
generated_ignition_config_file = "netboot_server_ignition_config_${random_pet.config_name.id}.ign"
|
||
|
}
|
||
|
|
||
|
resource "local_file" "api_token" {
|
||
|
content = "Authorization: PVEAPIToken=${var.pve_api_token}"
|
||
|
filename = "pve_api_token"
|
||
|
file_permission = "0600"
|
||
|
}
|
||
|
|
||
|
resource "local_file" "netboot_server_ignition_config" {
|
||
|
depends_on = [ local_file.api_token ]
|
||
|
content = local.ignition_config
|
||
|
filename = format("${path.module}/%s", local.generated_ignition_config_file)
|
||
|
file_permission = "0644"
|
||
|
|
||
|
# Download ISO to customize
|
||
|
provisioner "local-exec" {
|
||
|
command = <<EOT
|
||
|
podman run --security-opt label=disable --pull=always --rm -v ${path.cwd}/${path.module}:/data -w /data \
|
||
|
quay.io/coreos/coreos-installer:release download -f iso
|
||
|
EOT
|
||
|
}
|
||
|
|
||
|
# Customize ISO
|
||
|
provisioner "local-exec" {
|
||
|
environment = {
|
||
|
KERNEL_ARG = "--live-karg-append=coreos.liveiso.fromram"
|
||
|
IGNITION_ARG = "--live-ignition=./${local.generated_ignition_config_file}"
|
||
|
}
|
||
|
command = <<EOT
|
||
|
rm -f ${path.module}/customized-${random_pet.config_name.id}.iso && \
|
||
|
podman run --security-opt label=disable --pull=always --rm -v ${path.cwd}/${path.module}:/data -w /data \
|
||
|
quay.io/coreos/coreos-installer:release \
|
||
|
iso customize $KERNEL_ARG $IGNITION_ARG \
|
||
|
-o customized-${random_pet.config_name.id}.iso $(basename $(ls -1 ${path.module}/fedora-coreos-*-live.x86_64.iso))
|
||
|
EOT
|
||
|
}
|
||
|
|
||
|
provisioner "local-exec" {
|
||
|
command = <<EOT
|
||
|
curl \
|
||
|
-F "content=iso" \
|
||
|
-F "filename=@${path.module}/customized-${random_pet.config_name.id}.iso;type=application/vnd.efi.iso;filename=fcos-netboot-server-${random_pet.config_name.id}.iso" \
|
||
|
-H "@${local_file.api_token.filename}" \
|
||
|
"${var.pve_api_base_url}api2/json/nodes/${var.pve_node_name}/storage/${var.pve_storage_id}/upload"
|
||
|
EOT
|
||
|
}
|
||
|
}
|
||
|
|
||
|
resource "proxmox_virtual_environment_vm" "netboot_server" {
|
||
|
name = "netboot-server"
|
||
|
node_name = var.pve_node_name
|
||
|
vm_id = var.pve_vm_id
|
||
|
|
||
|
cpu {
|
||
|
architecture = "x86_64"
|
||
|
type = "host"
|
||
|
sockets = 1
|
||
|
cores = 4
|
||
|
}
|
||
|
|
||
|
memory {
|
||
|
dedicated = 4096
|
||
|
}
|
||
|
|
||
|
cdrom {
|
||
|
enabled = true
|
||
|
file_id = "${var.pve_storage_id}:iso/fcos-netboot-server-${random_pet.config_name.id}.iso"
|
||
|
}
|
||
|
|
||
|
disk {
|
||
|
datastore_id = var.pve_storage_id
|
||
|
interface = "virtio0"
|
||
|
size = 10
|
||
|
}
|
||
|
|
||
|
network_device {
|
||
|
bridge = var.prod_network_name
|
||
|
model = "virtio"
|
||
|
}
|
||
|
|
||
|
operating_system {
|
||
|
type = "l26"
|
||
|
}
|
||
|
|
||
|
keyboard_layout = "fr"
|
||
|
vga {}
|
||
|
serial_device{}
|
||
|
}
|