From 2849ae293840b8df22a486facf6c66d59ed34883 Mon Sep 17 00:00:00 2001 From: Nemo Date: Tue, 15 Jan 2019 11:35:18 +0530 Subject: [PATCH 1/3] [terraform/modules/ignition] Adds support for arbitary ignition config --- terraform/common.tf | 22 +++++++++++-------- .../modules/configuration/configuration.tf | 4 ++-- terraform/modules/configuration/variables.tf | 2 +- terraform/modules/ignition/ignition.tf | 6 +++-- terraform/modules/ignition/variables.tf | 7 +++++- terraform/modules/tls/tls.tf | 4 ++-- terraform/platforms/aws/asg.tf | 12 +++++----- terraform/platforms/aws/aws.tf | 2 +- terraform/platforms/aws/route53.tf | 2 +- terraform/platforms/aws/variables.tf | 7 +++++- 10 files changed, 42 insertions(+), 26 deletions(-) diff --git a/terraform/common.tf b/terraform/common.tf index 36f22190..b92bede3 100644 --- a/terraform/common.tf +++ b/terraform/common.tf @@ -30,12 +30,12 @@ variable "instance_ssh_keys" { description = "List of SSH public keys that are allowed to login into nodes" - type = "list" + type = "list" } variable "eco_image" { description = "Container image of ECO to use" - default = "qmachu/etcd-cloud-operator:latest" + default = "qmachu/etcd-cloud-operator:v3.3.3" } variable "eco_enable_tls" { @@ -55,18 +55,20 @@ variable "eco_snapshot_ttl" { description = "Defines the lifespan of each etcd snapshot (e.g. 24h)" } +// 2GB variable "eco_backend_quota" { description = "Defines the maximum amount of data that etcd can store, in bytes, before going into maintenance mode" - default = "2147483648" + default = "2147483648" } variable "ca" { description = "Optional CA keypair from which all certificates should be generated ('cert', 'key', 'alg')" type = "map" - default = { - "cert" = "", - "key" = "", - "alg" = "", + + default = { + "cert" = "" + "key" = "" + "alg" = "" } } @@ -96,8 +98,8 @@ module "configuration" { eco_key_file = "${var.eco_enable_tls == true ? module.ignition.eco_key_file : ""}" eco_require_client_cert = "${var.eco_require_client_certs}" - eco_snapshot_interval = "${var.eco_snapshot_interval}" - eco_snapshot_ttl = "${var.eco_snapshot_ttl}" + eco_snapshot_interval = "${var.eco_snapshot_interval}" + eco_snapshot_ttl = "${var.eco_snapshot_ttl}" eco_backend_quota = "${var.eco_backend_quota}" } @@ -113,6 +115,8 @@ module "ignition" { eco_cert = "${module.tls.clients_server_cert}" eco_key = "${module.tls.clients_server_key}" eco_ca = "${module.tls.ca}" + + ignition_extra_config = "${var.ignition_extra_config}" } // Output. diff --git a/terraform/modules/configuration/configuration.tf b/terraform/modules/configuration/configuration.tf index 4e8f312b..26f8a976 100644 --- a/terraform/modules/configuration/configuration.tf +++ b/terraform/modules/configuration/configuration.tf @@ -19,8 +19,8 @@ data "template_file" "configuration" { asg_provider = "${var.eco_asg_provider}" snapshot_provider = "${var.eco_snapshot_provider}" - unhealthy_member_ttl = "${var.eco_unhealthy_member_ttl}" - advertise_address = "${var.eco_advertise_address}" + unhealthy_member_ttl = "${var.eco_unhealthy_member_ttl}" + advertise_address = "${var.eco_advertise_address}" cert_file = "${var.eco_cert_file}" key_file = "${var.eco_key_file}" diff --git a/terraform/modules/configuration/variables.tf b/terraform/modules/configuration/variables.tf index 27c4cf28..3bc834cc 100644 --- a/terraform/modules/configuration/variables.tf +++ b/terraform/modules/configuration/variables.tf @@ -58,4 +58,4 @@ variable "eco_snapshot_bucket" { variable "eco_backend_quota" { description = "Defines the maximum amount of data that etcd can store, in bytes, before going into maintenance mode" -} \ No newline at end of file +} diff --git a/terraform/modules/ignition/ignition.tf b/terraform/modules/ignition/ignition.tf index 7d94d85e..e14f6368 100644 --- a/terraform/modules/ignition/ignition.tf +++ b/terraform/modules/ignition/ignition.tf @@ -19,7 +19,7 @@ data "ignition_config" "main" { "${data.ignition_file.eco-crt.id}", "${data.ignition_file.eco-key.id}", "${data.ignition_file.eco-health.id}", - "${data.ignition_file.e.id}" + "${data.ignition_file.e.id}", ] systemd = [ @@ -32,10 +32,12 @@ data "ignition_config" "main" { ] users = ["${data.ignition_user.core.id}"] + + append = ["${var.ignition_extra_config}"] } data "ignition_user" "core" { - name = "core" + name = "core" ssh_authorized_keys = "${var.instance_ssh_keys}" } diff --git a/terraform/modules/ignition/variables.tf b/terraform/modules/ignition/variables.tf index e46d3253..2659a6b1 100644 --- a/terraform/modules/ignition/variables.tf +++ b/terraform/modules/ignition/variables.tf @@ -14,7 +14,7 @@ variable "instance_ssh_keys" { description = "List of SSH public keys that are allowed to login into nodes" - type = "list" + type = "list" } variable "eco_image" { @@ -36,3 +36,8 @@ variable "eco_ca" { variable "eco_configuration" { description = "Defines the configuration for ECO" } + +variable "ignition_extra_config" { + description = "Extra ignition configuration that will get appended to the default ECO config" + default = {} +} diff --git a/terraform/modules/tls/tls.tf b/terraform/modules/tls/tls.tf index ad20aa5d..b31a4ba7 100644 --- a/terraform/modules/tls/tls.tf +++ b/terraform/modules/tls/tls.tf @@ -44,8 +44,8 @@ resource "tls_self_signed_cert" "ca" { locals { ca = { "cert" = "${length(var.ca["key"]) == 0 ? join("", tls_self_signed_cert.ca.*.cert_pem) : var.ca["cert"]}" - "key" = "${length(var.ca["key"]) == 0 ? join("", tls_private_key.ca.*.private_key_pem) : var.ca["key"]}" - "alg" = "${length(var.ca["key"]) == 0 ? join("", tls_private_key.ca.*.algorithm) : var.ca["alg"]}" + "key" = "${length(var.ca["key"]) == 0 ? join("", tls_private_key.ca.*.private_key_pem) : var.ca["key"]}" + "alg" = "${length(var.ca["key"]) == 0 ? join("", tls_private_key.ca.*.algorithm) : var.ca["alg"]}" } } diff --git a/terraform/platforms/aws/asg.tf b/terraform/platforms/aws/asg.tf index 569e75b7..0225eaa2 100644 --- a/terraform/platforms/aws/asg.tf +++ b/terraform/platforms/aws/asg.tf @@ -73,8 +73,8 @@ resource "aws_launch_configuration" "main" { associate_public_ip_address = "${var.associate_public_ips}" root_block_device { - volume_type = "gp2" - volume_size = "${var.instance_disk_size}" + volume_type = "gp2" + volume_size = "${var.instance_disk_size}" } lifecycle { @@ -88,10 +88,10 @@ resource "aws_security_group" "instances" { vpc_id = "${var.vpc_id}" ingress { - from_port = 2378 - to_port = 2378 - protocol = "tcp" - self = true + from_port = 2378 + to_port = 2378 + protocol = "tcp" + self = true } ingress { diff --git a/terraform/platforms/aws/aws.tf b/terraform/platforms/aws/aws.tf index 37618f6e..2c53be2f 100644 --- a/terraform/platforms/aws/aws.tf +++ b/terraform/platforms/aws/aws.tf @@ -78,4 +78,4 @@ locals { unhealthy_member_ttl = "3m" snapshot_bucket = "${aws_s3_bucket.backups.bucket}" advertise_address = "${var.route53_enabled == "true" ? join("", aws_route53_record.elb.*.name) : aws_elb.clients.dns_name}" -} \ No newline at end of file +} diff --git a/terraform/platforms/aws/route53.tf b/terraform/platforms/aws/route53.tf index 7234045f..d18f0604 100644 --- a/terraform/platforms/aws/route53.tf +++ b/terraform/platforms/aws/route53.tf @@ -16,4 +16,4 @@ resource "aws_route53_record" "elb" { zone_id = "${aws_elb.clients.zone_id}" evaluate_target_health = true } -} \ No newline at end of file +} diff --git a/terraform/platforms/aws/variables.tf b/terraform/platforms/aws/variables.tf index c0137b28..e38215f9 100644 --- a/terraform/platforms/aws/variables.tf +++ b/terraform/platforms/aws/variables.tf @@ -43,7 +43,7 @@ variable "vpc_id" { variable "route53_enabled" { description = "Defines whether a Route53 record should be created for client connections" - default = "false" + default = "false" } variable "route53_zone_id" { @@ -65,3 +65,8 @@ variable "metrics_security_group_ids" { type = "list" default = [] } + +variable "ignition_extra_config" { + description = "Extra ignition configuration that will get appended to the default ECO config" + default = {} +} From 7a67c81fe2670f9dca2dbd7c5f93545f1c31cb1f Mon Sep 17 00:00:00 2001 From: Nemo Date: Thu, 17 Jan 2019 13:44:16 +0530 Subject: [PATCH 2/3] [docs] Adds sample config for ignition_extra_config --- terraform/modules/ignition/ignition.tf | 5 +++- terraform/platforms/aws/README.md | 40 ++++++++++++++++++++++++-- 2 files changed, 41 insertions(+), 4 deletions(-) diff --git a/terraform/modules/ignition/ignition.tf b/terraform/modules/ignition/ignition.tf index e14f6368..60287447 100644 --- a/terraform/modules/ignition/ignition.tf +++ b/terraform/modules/ignition/ignition.tf @@ -33,7 +33,10 @@ data "ignition_config" "main" { users = ["${data.ignition_user.core.id}"] - append = ["${var.ignition_extra_config}"] + append { + source = "${lookup(var.ignition_extra_config, "source")}" + verification = "${lookup(var.ignition_extra_config, "verification", "")}" + } } data "ignition_user" "core" { diff --git a/terraform/platforms/aws/README.md b/terraform/platforms/aws/README.md index 2cc086ec..959ad4b5 100644 --- a/terraform/platforms/aws/README.md +++ b/terraform/platforms/aws/README.md @@ -16,7 +16,7 @@ terraform init . terraform apply . ``` -A Terraform configuration file (terraform/platforms/aws/terraform.tfvars) should +A Terraform configuration file (terraform/platforms/aws/terraform.tfvars) should then be created. Note that all available ECO configuration knobs are not exposed. ``` @@ -75,6 +75,7 @@ displayed. If client certificates authentication was enabled, they will be displayed as well. Here is a way to query and verify the health of the cluster: + ``` export ETCDCTL_API=3 @@ -115,17 +116,50 @@ module "eco" { load_balancer_internal = "false" load_balancer_security_group_ids = [] metrics_security_group_ids = [] - + eco_image = "qmachu/etcd-cloud-operator:v3.3.3" eco_enable_tls = "true" eco_require_client_certs = "false" eco_snapshot_interval = "30m" eco_snapshot_ttl = "24h" - + eco_backend_quota = "${2 * 1024 * 1024 * 1024}" + + ignition_extra_config = { + source = "${local.ignition_extra_config}" + } +} + +// If you want to add extra ignition config, use like this +data "ignition_config" "extra" { + users = [ + "${data.ignition_user.batman.id}", + ] + + groups = [ + "${data.ignition_group.superheroes.id}", + ] +} + +data "ignition_group" "superheroes" { + name = "superheroes" +} + +data "ignition_user" "batman" { + name = "batman" + home_dir = "/home/batman/" + shell = "/bin/bash" +} + +// Alternatively, instead of using data-uri, you can host this on a web URl and pass that instead. +// See https://www.terraform.io/docs/providers/ignition/d/config.html#append +// for more details +locals { + ignition_extra_config = "data:text/plain;charset=utf-8;base64,${base64encode(data.ignition_config.extra.rendered)}" } ``` The following outputs will be available for use: + - `etcd_address` - `ca`, `clients_cert`, `clients_key` (client certificate authentication) From bc4d3c6cf8a4eff73f4f0f9973e4839410ed2e8b Mon Sep 17 00:00:00 2001 From: Nemo Date: Fri, 18 Jan 2019 16:09:24 +0530 Subject: [PATCH 3/3] [terraform/modules/ignition] Use a empty default config --- terraform/common.tf | 2 +- terraform/modules/ignition/ignition.tf | 4 +++- terraform/modules/ignition/variables.tf | 4 ++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/terraform/common.tf b/terraform/common.tf index b92bede3..d5398975 100644 --- a/terraform/common.tf +++ b/terraform/common.tf @@ -35,7 +35,7 @@ variable "instance_ssh_keys" { variable "eco_image" { description = "Container image of ECO to use" - default = "qmachu/etcd-cloud-operator:v3.3.3" + default = "qmachu/etcd-cloud-operator:v3.3.3b" } variable "eco_enable_tls" { diff --git a/terraform/modules/ignition/ignition.tf b/terraform/modules/ignition/ignition.tf index 60287447..2310dd77 100644 --- a/terraform/modules/ignition/ignition.tf +++ b/terraform/modules/ignition/ignition.tf @@ -34,7 +34,7 @@ data "ignition_config" "main" { users = ["${data.ignition_user.core.id}"] append { - source = "${lookup(var.ignition_extra_config, "source")}" + source = "${lookup(var.ignition_extra_config, "source", local.blank_ignition_config)}" verification = "${lookup(var.ignition_extra_config, "verification", "")}" } } @@ -147,3 +147,5 @@ data "ignition_file" "eco-health" { content = "${file("${path.module}/resources/eco-health.sh")}" } } + +data "ignition_config" "blank" {} diff --git a/terraform/modules/ignition/variables.tf b/terraform/modules/ignition/variables.tf index 2659a6b1..a610a7d6 100644 --- a/terraform/modules/ignition/variables.tf +++ b/terraform/modules/ignition/variables.tf @@ -12,6 +12,10 @@ // See the License for the specific language governing permissions and // limitations under the License. +locals { + blank_ignition_config = "data:text/plain;charset=utf-8;base64,${base64encode(data.ignition_config.blank.rendered)}" +} + variable "instance_ssh_keys" { description = "List of SSH public keys that are allowed to login into nodes" type = "list"