kinvolk · ipochi · Mar 9, 2021 · Feb 18, 2021
diff --git a/assets/terraform-modules/bare-metal/flatcar-linux/kubernetes/controller_profiles.tf b/assets/terraform-modules/bare-metal/flatcar-linux/kubernetes/controller_profiles.tf
@@ -0,0 +1,17 @@
+module "controller_profile" {
+  source                   = "../../../matchbox-flatcar"
+  count                    = length(var.controller_names)
+  node_name                = var.controller_names[count.index]
+  node_mac                 = var.controller_macs[count.index]
+  download_protocol        = var.download_protocol
+  os_channel               = var.os_channel
+  os_version               = var.os_version
+  http_endpoint            = var.matchbox_http_endpoint
+  kernel_args              = var.kernel_args
+  install_disk             = var.install_disk
+  install_to_smallest_disk = var.install_to_smallest_disk
+  container_linux_oem      = var.container_linux_oem
+  ssh_keys                 = var.ssh_keys
+  ignition_clc_config      = module.controller[count.index].clc_config
+  cached_install           = var.cached_install
+}
diff --git a/assets/terraform-modules/bare-metal/flatcar-linux/kubernetes/groups.tf b/assets/terraform-modules/bare-metal/flatcar-linux/kubernetes/groups.tf
diff --git a/assets/terraform-modules/bare-metal/flatcar-linux/kubernetes/ssh.tf b/assets/terraform-modules/bare-metal/flatcar-linux/kubernetes/ssh.tf
@@ -5,9 +5,7 @@ resource "null_resource" "copy-controller-secrets" {
   # Without depends_on, remote-exec could start and wait for machines before
   # matchbox groups are written, causing a deadlock.
   depends_on = [
-    matchbox_group.install,
-    matchbox_group.controller,
-    matchbox_group.worker,
+    module.controller_profile,
   ]
 
   connection {

diff --git a/assets/terraform-modules/bare-metal/flatcar-linux/kubernetes/worker_profiles.tf b/assets/terraform-modules/bare-metal/flatcar-linux/kubernetes/worker_profiles.tf
@@ -0,0 +1,17 @@
+module "worker_profile" {
+  source                   = "../../../matchbox-flatcar"
+  count                    = length(var.worker_names)
+  node_name                = var.worker_names[count.index]
+  node_mac                 = var.worker_macs[count.index]
+  download_protocol        = var.download_protocol
+  os_channel               = var.os_channel
+  os_version               = var.os_version
+  http_endpoint            = var.matchbox_http_endpoint
+  kernel_args              = var.kernel_args
+  install_disk             = var.install_disk
+  install_to_smallest_disk = var.install_to_smallest_disk
+  container_linux_oem      = var.container_linux_oem
+  ssh_keys                 = var.ssh_keys
+  ignition_clc_config      = module.worker[count.index].clc_config
+  cached_install           = var.cached_install
+}
diff --git a/assets/terraform-modules/matchbox-flatcar/groups.tf b/assets/terraform-modules/matchbox-flatcar/groups.tf
@@ -0,0 +1,25 @@
+resource "matchbox_group" "install" {
+  name = format(
+    "install-%s",
+    var.node_name
+  )
+
+  profile = var.cached_install == true ? matchbox_profile.cached-flatcar-linux-install.name : matchbox_profile.flatcar-install.name
+  selector = {
+    mac = var.node_mac
+  }
+}
+
+resource "matchbox_group" "node" {
+  name = format(
+    "%s",
+    var.node_name
+  )
+  profile = matchbox_profile.node.name
+
+  selector = {
+    mac = var.node_mac
+    os  = "installed"
+  }
+}
+
diff --git a/...etal/flatcar-linux/kubernetes/profiles.tf → ...form-modules/matchbox-flatcar/profiles.tf b/...etal/flatcar-linux/kubernetes/profiles.tf → ...form-modules/matchbox-flatcar/profiles.tf
@@ -1,10 +1,7 @@
-// Flatcar Container Linux install profile (from release.flatcar-linux.net)
 resource "matchbox_profile" "flatcar-install" {
-  count = length(var.controller_names) + length(var.worker_names)
   name = format(
-    "%s-flatcar-install-%s",
-    var.cluster_name,
-    concat(var.controller_names, var.worker_names)[count.index]
+    "flatcar-install-%s",
+    var.node_name
   )
 
   kernel = "${var.download_protocol}://${var.os_channel}.release.flatcar-linux.net/amd64-usr/${var.os_version}/flatcar_production_pxe.vmlinuz"
@@ -15,17 +12,17 @@ resource "matchbox_profile" "flatcar-install" {
 
   args = flatten([
     "initrd=flatcar_production_pxe_image.cpio.gz",
-    "ignition.config.url=${var.matchbox_http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}",
+    "ignition.config.url=${var.http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}",
     "flatcar.first_boot=yes",
     "console=tty0",
     "console=ttyS0",
     var.kernel_args,
   ])
 
-  container_linux_config = templatefile("${path.module}/cl/install.yaml.tmpl", {
+  container_linux_config = templatefile("${path.module}/templates/install.yaml.tmpl", {
     os_channel               = var.os_channel
     os_version               = var.os_version
-    ignition_endpoint        = format("%s/ignition", var.matchbox_http_endpoint)
+    ignition_endpoint        = format("%s/ignition", var.http_endpoint)
     install_disk             = var.install_disk
     container_linux_oem      = var.container_linux_oem
     ssh_keys                 = jsonencode(var.ssh_keys)
@@ -38,11 +35,9 @@ resource "matchbox_profile" "flatcar-install" {
 // Flatcar Container Linux Install profile (from matchbox /assets cache)
 // Note: Admin must have downloaded os_version into matchbox assets/flatcar.
 resource "matchbox_profile" "cached-flatcar-linux-install" {
-  count = length(var.controller_names) + length(var.worker_names)
   name = format(
-    "%s-cached-flatcar-linux-install-%s",
-    var.cluster_name,
-    concat(var.controller_names, var.worker_names)[count.index]
+    "cached-flatcar-linux-install-%s",
+    var.node_name
   )
 
   kernel = "/assets/flatcar/${var.os_version}/flatcar_production_pxe.vmlinuz"
@@ -53,44 +48,31 @@ resource "matchbox_profile" "cached-flatcar-linux-install" {
 
   args = flatten([
     "initrd=flatcar_production_pxe_image.cpio.gz",
-    "ignition.config.url=${var.matchbox_http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}",
+    "ignition.config.url=${var.http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}",
     "flatcar.first_boot=yes",
     "console=tty0",
     "console=ttyS0",
     var.kernel_args,
   ])
 
-  container_linux_config = templatefile("${path.module}/cl/install.yaml.tmpl", {
+  container_linux_config = templatefile("${path.module}/templates/install.yaml.tmpl", {
     os_channel               = var.os_channel
     os_version               = var.os_version
-    ignition_endpoint        = format("%s/ignition", var.matchbox_http_endpoint)
+    ignition_endpoint        = format("%s/ignition", var.http_endpoint)
     install_disk             = var.install_disk
     container_linux_oem      = var.container_linux_oem
     ssh_keys                 = jsonencode(var.ssh_keys)
     install_to_smallest_disk = var.install_to_smallest_disk
     # profile uses -b baseurl to install from matchbox cache
-    baseurl_flag = "-b ${var.matchbox_http_endpoint}/assets/flatcar"
+    baseurl_flag = "-b ${var.http_endpoint}/assets/flatcar"
   })
 }
 
-// Kubernetes Controller profiles
-resource "matchbox_profile" "controllers" {
-  count = length(var.controller_names)
+resource "matchbox_profile" "node" {
   name = format(
-    "%s-controller-%s",
-    var.cluster_name,
-    var.controller_names[count.index]
+    "node-%s",
+    var.node_name
   )
-  raw_ignition = module.controller[count.index].clc_config
+  raw_ignition = var.ignition_clc_config
 }
 
-// Kubernetes Worker profiles
-resource "matchbox_profile" "workers" {
-  count = length(var.worker_names)
-  name = format(
-    "%s-worker-%s",
-    var.cluster_name,
-    var.worker_names[count.index]
-  )
-  raw_ignition = module.worker[count.index].clc_config
-}
diff --git a/...car-linux/kubernetes/cl/install.yaml.tmpl → ...chbox-flatcar/templates/install.yaml.tmpl b/...car-linux/kubernetes/cl/install.yaml.tmpl → ...chbox-flatcar/templates/install.yaml.tmpl
@@ -12,9 +12,9 @@ systemd:
         ExecStart=/opt/installer
         [Install]
         WantedBy=multi-user.target
-    # Avoid using the standard SSH port so terraform apply cannot SSH until
+    # Avoid using the standard SSH port so Terraform apply cannot SSH until
     # post-install. But admins may SSH to debug disk install problems.
-    # After install, sshd will use port 22 and users/terraform can connect.
+    # After install, sshd will use port 22 and users/Terraform can connect.
     - name: sshd.socket
       dropins:
         - name: 10-sshd-port.conf

diff --git a/assets/terraform-modules/matchbox-flatcar/variables.tf b/assets/terraform-modules/matchbox-flatcar/variables.tf
@@ -0,0 +1,72 @@
+variable "http_endpoint" {
+  type        = string
+  description = "Matchbox HTTP read-only endpoint (e.g. http://matchbox.example.com:8080)."
+}
+
+variable "os_channel" {
+  type        = string
+  description = "Flatcar Container Linux channel to install from (stable, beta, alpha, edge)."
+  default     = "stable"
+}
+
+variable "os_version" {
+  type        = string
+  description = "Flatcar Container Linux version to install (for example '2191.5.0' - see https://www.flatcar-linux.org/releases/)."
+  default     = "current"
+}
+
+variable "download_protocol" {
+  type        = string
+  description = "Protocol iPXE should use to download the kernel and initrd. Defaults to https, which requires iPXE compiled with crypto support. Unused if cached_install is true."
+  default     = "https"
+}
+
+variable "cached_install" {
+  type        = bool
+  description = "Whether the operating system should PXE boot and install from matchbox /assets cache. Note that the admin must have downloaded the os_version into matchbox assets."
+  default     = false
+}
+
+variable "install_disk" {
+  type        = string
+  description = "Disk device to which the install profiles should install the operating system (e.g. /dev/sda)."
+  default     = "/dev/sda"
+}
+
+variable "container_linux_oem" {
+  type        = string
+  description = "DEPRECATED: Specify an OEM image id to use as base for the installation (e.g. ami, vmware_raw, xen) or leave blank for the default image."
+  default     = ""
+}
+
+variable "kernel_args" {
+  type        = list(string)
+  description = "Additional kernel arguments to provide at PXE boot."
+  default     = []
+}
+
+variable "install_to_smallest_disk" {
+  type        = bool
+  description = "Install Flatcar Container Linux to the smallest disk."
+  default     = false
+}
+
+variable "ssh_keys" {
+  type        = list(string)
+  description = "SSH public keys for user 'core'."
+}
+
+variable "ignition_clc_config" {
+  type        = string
+  description = "Ignition CLC snippets to include in the configuration."
+}
+
+variable "node_name" {
+  type        = string
+  description = "Name of the node/machine."
+}
+
+variable "node_mac" {
+  type        = string
+  description = "MAC address identifying the node/machine (e.g. 52:54:00:a1:9c:ae)."
+}
diff --git a/assets/terraform-modules/matchbox-flatcar/versions.tf b/assets/terraform-modules/matchbox-flatcar/versions.tf
@@ -0,0 +1,18 @@
+terraform {
+  required_version = ">= 0.13"
+
+  required_providers {
+    template = {
+      source  = "hashicorp/template"
+      version = "2.2.0"
+    }
+    matchbox = {
+      source  = "poseidon/matchbox"
+      version = "0.4.1"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "3.0.0"
+    }
+  }
+}