fmaury/iac
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
iac/modules/netboot_server/main.tf
Florian Maury 0dd3b5bdfe initial
2024-06-04 17:31:09 +02:00

263 lines
7.3 KiB
HCL
Raw Blame History

terraform {
required_providers {
proxmox = {
source = "bpg/proxmox",
version = "~>0.56.1"
}
random = {
source = "hashicorp/random"
}
local = {
source = "hashicorp/local"
}
}
required_version = ">=1.6.2"
}
module "sshd" {
source = "../sshd"
address_family = "inet"
}
locals {
data_device_path = "/dev/disk/by-path/pci-0000:00:0a.0"
data_disk = {
device = local.data_device_path
partitions = [
{
label = "caddy_data"
number = 1
startMiB = 0
sizeMiB = 100
typeGuid = "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
resize = true
},
{
label = "dhcp_config"
number = 2
startMiB = 0
sizeMiB = 10
typeGuid= "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
resize = true
},
{
label = "dhcp_data"
number = 3
startMiB = 0
sizeMiB = 10
typeGuid= "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
resize = true
},
{
label = "fcos_images"
number = 4
startMiB = 0
sizeMiB = 8192
typeGuid= "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
resize = true
},
{
label = "ign_files"
number = 5
startMiB = 0
sizeMiB = 512
typeGuid= "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
resize = true
},
{
label = "ssh_keys"
number = 6
startMiB = 0
sizeMiB = 10
typeGuid= "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
resize = true
}
]
}
hostname_file = {
path = "/etc/hostname"
user = {id = 0}
group = {id = 0}
mode = 420 #0644
contents = {
source = format(
"data:text/plain;base64,%s",
base64encode(var.hostname),
)
}
}
network_config_file = {
path = "/etc/NetworkManager/system-connections/${var.dhcp_iface}.nmconnection"
user = {id = 0}
group = {id = 0}
mode = 384 #0600
contents = {
source = format(
"data:text/plain;base64,%s",
base64encode(templatefile(
"${path.module}/files/dhcp_nmconnection.tftpl",
{
iface = var.dhcp_iface
ip_address = var.dhcp_server_ip_addr
netmask = split("/", var.dhcp_range)[1]
gateway = var.dhcp_gateway
dns_server = var.dhcp_gateway
}
))
)
}
}
core_user = {
name = "core"
passwordHash = "$6$vDMAZf/yOO6mEbcs$6VE7WD8T9/PeotszMFxatOQxB/rFmLDWsNajg4sI0O47OikSuVpqPjkxRbzcueiXn6rBUY1ubCHlp0nnoZ1VI1" # password is "tititoto"; only there for debug; please remove in prod
sshAuthorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQnLSYLGzUVmDMMGgEKCNgfAOkIuqhOMGGuvgskACum fmaury@2a01cb00142b3d00ee15f742996f2775.ipv6.abo.wanadoo.fr"
]
}
ignition_config = jsonencode({
ignition = {
version = "3.4.0"
}
storage = {
disks = [
local.data_disk,
]
filesystems = concat(
local.dhcp_filesystems,
local.caddy_filesystems,
local.sftp_filesystems,
)
directories = concat(
local.dhcp_directories,
local.caddy_directories,
local.sftp_directories,
)
files = concat(
[
local.hostname_file,
local.network_config_file,
],
module.sshd.files,
local.dhcp_files,
local.caddy_files,
local.sftp_files,
)
}
systemd = {
units = concat(
local.dhcp_systemd_units,
local.caddy_systemd_units,
module.sshd.systemd_units,
)
}
passwd = {
users = concat(
[
local.core_user
],
module.sshd.users,
)
groups = module.sshd.groups
}
})
}
resource "random_pet" "config_name" {
length = 4
}
locals {
generated_ignition_config_file = "netboot_server_ignition_config_${random_pet.config_name.id}.ign"
}
resource "local_file" "api_token" {
content = "Authorization: PVEAPIToken=${var.pve_api_token}"
filename = "pve_api_token"
file_permission = "0600"
}
resource "local_file" "netboot_server_ignition_config" {
depends_on = [ local_file.api_token ]
content = local.ignition_config
filename = format("${path.module}/%s", local.generated_ignition_config_file)
file_permission = "0644"
# Download ISO to customize
provisioner "local-exec" {
command = <<EOT
podman run --security-opt label=disable --pull=always --rm -v ${path.cwd}/${path.module}:/data -w /data \
quay.io/coreos/coreos-installer:release download -f iso
EOT
}
# Customize ISO
provisioner "local-exec" {
environment = {
KERNEL_ARG = "--live-karg-append=coreos.liveiso.fromram"
IGNITION_ARG = "--live-ignition=./${local.generated_ignition_config_file}"
}
command = <<EOT
rm -f ${path.module}/customized-${random_pet.config_name.id}.iso && \
podman run --security-opt label=disable --pull=always --rm -v ${path.cwd}/${path.module}:/data -w /data \
quay.io/coreos/coreos-installer:release \
iso customize $KERNEL_ARG $IGNITION_ARG \
-o customized-${random_pet.config_name.id}.iso $(basename $(ls -1 ${path.module}/fedora-coreos-*-live.x86_64.iso))
EOT
}
provisioner "local-exec" {
command = <<EOT
curl \
-F "content=iso" \
-F "filename=@${path.module}/customized-${random_pet.config_name.id}.iso;type=application/vnd.efi.iso;filename=fcos-netboot-server-${random_pet.config_name.id}.iso" \
-H "@${local_file.api_token.filename}" \
"${var.pve_api_base_url}api2/json/nodes/${var.pve_node_name}/storage/${var.pve_storage_id}/upload"
EOT
}
}
resource "proxmox_virtual_environment_vm" "netboot_server" {
name = "netboot-server"
node_name = var.pve_node_name
vm_id = var.pve_vm_id
cpu {
architecture = "x86_64"
type = "host"
sockets = 1
cores = 4
}
memory {
dedicated = 4096
}
cdrom {
enabled = true
file_id = "${var.pve_storage_id}:iso/fcos-netboot-server-${random_pet.config_name.id}.iso"
}
disk {
datastore_id = var.pve_storage_id
interface = "virtio0"
size = 10
}
network_device {
bridge = var.prod_network_name
model = "virtio"
}
operating_system {
type = "l26"
}
keyboard_layout = "fr"
vga {}
serial_device{}
}
Reference in a new issue View git blame Copy permalink