digitalocean: initial commit

s-urbaniak · Jul 18, 2017 · d79cd1c · d79cd1c
1 parent c8d28fe
commit d79cd1c
Show file tree

Hide file tree

Showing 32 changed files with 1,181 additions and 0 deletions.
diff --git a/Documentation/variables/digitalocean.md b/Documentation/variables/digitalocean.md
@@ -0,0 +1,38 @@
+<!-- DO NOT EDIT. THIS FILE IS GENERATED BY THE MAKEFILE. -->
+# Terraform variables
+This document gives an overview of variables used in the DigitalOcean platform of the Tectonic SDK.
+
+## Inputs
+
+| Name | Description | Type | Default |
+|------|-------------|:----:|:-----:|
+| tectonic_vmware_cluster | vCenter Cluster used to create VMs under | string | - |
+| tectonic_vmware_controller_domain | The domain name which resolves to controller node(s) | string | - |
+| tectonic_vmware_datacenter | Virtual DataCenter to deploy VMs | string | - |
+| tectonic_vmware_datastore | Datastore to deploy Tectonic | string | - |
+| tectonic_vmware_etcd_gateway | Default Gateway IP address for etcd nodes(s) | string | - |
+| tectonic_vmware_etcd_hostnames | Terraform map of etcd node(s) Hostnames, Example:    tectonic_vmware_etcd_hostnames = {   "0" = "mycluster-etcd-0"   "1" = "mycluster-etcd-1"   "2" = "mycluster-etcd-2" } | map | - |
+| tectonic_vmware_etcd_ip | Terraform map of etcd node(s) IP Addresses, Example:    tectonic_vmware_etcd_ip = {   "0" = "192.168.246.10/24"   "1" = "192.168.246.11/24"   "2" = "192.168.246.12/24" } | map | - |
+| tectonic_vmware_etcd_memory | etcd node(s) VM Memory Size in MB | string | `4096` |
+| tectonic_vmware_etcd_vcpu | etcd node(s) VM vCPU count | string | `1` |
+| tectonic_vmware_folder | vSphere Folder to create and add the Tectonic nodes | string | - |
+| tectonic_vmware_ingress_domain | The domain name which resolves to Tectonic Ingress (i.e. worker node(s)) | string | - |
+| tectonic_vmware_master_gateway | Default Gateway IP address for Master nodes(s) | string | - |
+| tectonic_vmware_master_hostnames | Terraform map of Master node(s) Hostnames, Example:    tectonic_vmware_master_hostnames = {   "0" = "mycluster-master-0"   "1" = "mycluster-master-1" } | map | - |
+| tectonic_vmware_master_ip | Terraform map of Master node(s) IP Addresses, Example:    tectonic_vmware_master_ip = {   "0" = "192.168.246.20/24"   "1" = "192.168.246.21/24" } | map | - |
+| tectonic_vmware_master_memory | Master node(s) Memory Size in MB | string | `4096` |
+| tectonic_vmware_master_vcpu | Master node(s) vCPU count | string | `1` |
+| tectonic_vmware_network | Portgroup to attach the cluster nodes | string | - |
+| tectonic_vmware_node_dns | DNS Server to be useddd by Virtual Machine(s) | string | - |
+| tectonic_vmware_server | vCenter Server IP/FQDN | string | - |
+| tectonic_vmware_ssh_authorized_key | SSH public key to use as an authorized key. Example: `"ssh-rsa AAAB3N..."` | string | - |
+| tectonic_vmware_ssh_private_key_path | SSH private key file in .pem format corresponding to tectonic_vmware_ssh_authorized_key. If not provided, SSH agent will be used. | string | `` |
+| tectonic_vmware_sslselfsigned | Is the vCenter certificate Self-Signed? Example: `tectonic_vmware_sslselfsigned = "true"` | string | - |
+| tectonic_vmware_vm_template | Virtual Machine template of CoreOS Container Linux. | string | - |
+| tectonic_vmware_vm_template_folder | Folder for VM template of CoreOS Container Linux. | string | - |
+| tectonic_vmware_worker_gateway | Default Gateway IP address for Master nodes(s) | string | - |
+| tectonic_vmware_worker_hostnames | Terraform map of Worker node(s) Hostnames, Example:    tectonic_vmware_worker_hostnames = {   "0" = "mycluster-worker-0"   "1" = "mycluster-worker-1" } | map | - |
+| tectonic_vmware_worker_ip | Terraform map of Worker node(s) IP Addresses, Example:    tectonic_vmware_worker_ip = {   "0" = "192.168.246.30/24"   "1" = "192.168.246.31/24" } | map | - |
+| tectonic_vmware_worker_memory | Worker node(s) Memory Size in MB | string | `4096` |
+| tectonic_vmware_worker_vcpu | Worker node(s) vCPU count | string | `1` |
+
diff --git a/Makefile b/Makefile
@@ -91,8 +91,13 @@ docs:
 			'This document gives an overview of variables used in the VMware platform of the Tectonic SDK.', \
 			platforms/vmware/variables.tf)
 
+
 .PHONY: examples
 examples:
+	$(call terraform-docs, Documentation/variables/digitalocean.md, \
+			'This document gives an overview of variables used in the DigitalOcean platform of the Tectonic SDK.', \
+			platforms/vmware/variables.tf)
+
 	$(call terraform-examples, examples/terraform.tfvars.aws, \
 			config.tf, \
 			platforms/aws/variables.tf)
@@ -119,6 +124,11 @@ examples:
 
 .PHONY: clean
 clean: destroy
+	$(call terraform-examples, \
+			examples/terraform.tfvars.digitalocean, \
+			config.tf, \
+			platforms/digitalocean/variables.tf)
+
 	rm -rf $(BUILD_DIR)
 	$(MAKE) clean -C $(TOP_DIR)/installer
 	rm -f $(TF_RC)

diff --git a/examples/terraform.tfvars.digitalocean b/examples/terraform.tfvars.digitalocean
@@ -0,0 +1,165 @@
+
+// The e-mail address used to login as the admin user to the Tectonic Console.
+// 
+// Note: This field MUST be set manually prior to creating the cluster.
+tectonic_admin_email = ""
+
+// The bcrypt hash of admin user password to login to the Tectonic Console.
+// Use the bcrypt-hash tool (https://github.com/coreos/bcrypt-tool/releases/tag/v1.0.0) to generate it.
+// 
+// Note: This field MUST be set manually prior to creating the cluster.
+tectonic_admin_password_hash = ""
+
+// The base DNS domain of the cluster.
+// 
+// Example: `openstack.dev.coreos.systems`.
+// 
+// Note: This field MUST be set manually prior to creating the cluster.
+// This applies only to cloud platforms.
+tectonic_base_domain = ""
+
+// (optional) The content of the PEM-encoded CA certificate, used to generate Tectonic Console's server certificate.
+// If left blank, a CA certificate will be automatically generated.
+// tectonic_ca_cert = ""
+
+// (optional) The content of the PEM-encoded CA key, used to generate Tectonic Console's server certificate.
+// This field is mandatory if `tectonic_ca_cert` is set.
+// tectonic_ca_key = ""
+
+// (optional) The algorithm used to generate tectonic_ca_key.
+// The default value is currently recommend.
+// This field is mandatory if `tectonic_ca_cert` is set.
+// tectonic_ca_key_alg = "RSA"
+
+// The Container Linux update channel.
+// 
+// Examples: `stable`, `beta`, `alpha`
+tectonic_cl_channel = "stable"
+
+// This declares the IP range to assign Kubernetes pod IPs in CIDR notation.
+tectonic_cluster_cidr = "10.2.0.0/16"
+
+// The name of the cluster.
+// If used in a cloud-environment, this will be prepended to `tectonic_base_domain` resulting in the URL to the Tectonic console.
+// 
+// Note: This field MUST be set manually prior to creating the cluster.
+// Warning: Special characters in the name like '.' may cause errors on OpenStack platforms due to resource name constraints.
+tectonic_cluster_name = ""
+
+// (optional) This only applies if you use the modules/dns/ddns module.
+// 
+// Specifies the RFC2136 Dynamic DNS server key algorithm.
+// tectonic_ddns_key_algorithm = ""
+
+// (optional) This only applies if you use the modules/dns/ddns module.
+// 
+// Specifies the RFC2136 Dynamic DNS server key name.
+// tectonic_ddns_key_name = ""
+
+// (optional) This only applies if you use the modules/dns/ddns module.
+// 
+// Specifies the RFC2136 Dynamic DNS server key secret.
+// tectonic_ddns_key_secret = ""
+
+// (optional) This only applies if you use the modules/dns/ddns module.
+// 
+// Specifies the RFC2136 Dynamic DNS server IP/host to register IP addresses to.
+// tectonic_ddns_server = ""
+
+// Droplet image.
+tectonic_do_droplet_image = "coreos-stable"
+
+// The droplet region.
+tectonic_do_droplet_region = "nyc1"
+
+// Droplet size for the etcd node(s). Example: `512mb`.
+tectonic_do_etcd_droplet_size = "512mb"
+
+// Amount of swap memory for etcd nodes
+tectonic_do_etcd_swap = "1024m"
+
+// 
+tectonic_do_extra_tags = ""
+
+// Instance size for the master node(s). Example: `512mb`.
+tectonic_do_master_droplet_size = "1gb"
+
+// Amount of swap memory for master nodes
+tectonic_do_master_swap = "1024m"
+
+// A list of SSH IDs to enable.
+tectonic_do_ssh_keys = ""
+
+// DigitalOcean API token.
+tectonic_do_token = ""
+
+// Instance size for the worker node(s). Example: `512mb`.
+tectonic_do_worker_droplet_size = "512mb"
+
+// Amount of swap memory for worker nodes
+tectonic_do_worker_swap = "1024m"
+
+// (optional) The path of the file containing the CA certificate for TLS communication with etcd.
+// 
+// Note: This works only when used in conjunction with an external etcd cluster.
+// If set, the variables `tectonic_etcd_servers`, `tectonic_etcd_client_cert_path`, and `tectonic_etcd_client_key_path` must also be set.
+// tectonic_etcd_ca_cert_path = "/dev/null"
+
+// (optional) The path of the file containing the client certificate for TLS communication with etcd.
+// 
+// Note: This works only when used in conjunction with an external etcd cluster.
+// If set, the variables `tectonic_etcd_servers`, `tectonic_etcd_ca_cert_path`, and `tectonic_etcd_client_key_path` must also be set.
+// tectonic_etcd_client_cert_path = "/dev/null"
+
+// (optional) The path of the file containing the client key for TLS communication with etcd.
+// 
+// Note: This works only when used in conjunction with an external etcd cluster.
+// If set, the variables `tectonic_etcd_servers`, `tectonic_etcd_ca_cert_path`, and `tectonic_etcd_client_cert_path` must also be set.
+// tectonic_etcd_client_key_path = "/dev/null"
+
+// The number of etcd nodes to be created.
+// If set to zero, the count of etcd nodes will be determined automatically.
+// 
+// Note: This is currently only supported on AWS.
+tectonic_etcd_count = "0"
+
+// (optional) List of external etcd v3 servers to connect with (hostnames/IPs only).
+// Needs to be set if using an external etcd cluster.
+// 
+// Example: `["etcd1", "etcd2", "etcd3"]`
+// tectonic_etcd_servers = ""
+
+// (optional) If set to `true`, TLS secure communication for self-provisioned etcd. will be used.
+// 
+// Note: If `tectonic_experimental` is set to `true` this variable has no effect, because the experimental self-hosted etcd always uses TLS.
+// tectonic_etcd_tls_enabled = true
+
+// If set to true, experimental Tectonic assets are being deployed.
+tectonic_experimental = false
+
+// The path to the tectonic licence file.
+// 
+// Note: This field MUST be set manually prior to creating the cluster unless `tectonic_vanilla_k8s` is set to `true`.
+tectonic_license_path = ""
+
+// The number of master nodes to be created.
+// This applies only to cloud platforms.
+tectonic_master_count = "1"
+
+// The path the pull secret file in JSON format.
+// 
+// Note: This field MUST be set manually prior to creating the cluster unless `tectonic_vanilla_k8s` is set to `true`.
+tectonic_pull_secret_path = ""
+
+// This declares the IP range to assign Kubernetes service cluster IPs in CIDR notation. The maximum size of this IP range is /12
+tectonic_service_cidr = "10.3.0.0/16"
+
+// The Tectonic statistics collection URL to which to report.
+tectonic_stats_url = "https://stats-collector.tectonic.com"
+
+// If set to true, a vanilla Kubernetes cluster will be deployed, omitting any Tectonic assets.
+tectonic_vanilla_k8s = false
+
+// The number of worker nodes to be created.
+// This applies only to cloud platforms.
+tectonic_worker_count = "3"
diff --git a/modules/digitalocean/etcd/dns.tf b/modules/digitalocean/etcd/dns.tf
@@ -0,0 +1,8 @@
+resource "digitalocean_record" "etcd_nodes" {
+  count  = "${var.droplet_count}"
+  domain = "${var.cluster_domain}"
+  name   = "${var.cluster_name}-etcd-${count.index}"
+  ttl    = 60
+  type   = "A"
+  value  = "${digitalocean_droplet.etcd_node.*.ipv4_address[count.index]}"
+}
diff --git a/modules/digitalocean/etcd/ignition.tf b/modules/digitalocean/etcd/ignition.tf
@@ -0,0 +1,114 @@
+data "ignition_config" "etcd" {
+  count = "${var.droplet_count}"
+
+  systemd = [
+    "${data.ignition_systemd_unit.locksmithd.*.id[count.index]}",
+    "${data.ignition_systemd_unit.etcd3.*.id[count.index]}",
+    "${data.ignition_systemd_unit.etcd_unzip_tls.id}",
+  ]
+
+  files = [
+    "${data.ignition_file.node_hostname.*.id[count.index]}",
+    "${data.ignition_file.etcd_tls_zip.id}",
+  ]
+}
+
+data "ignition_file" "node_hostname" {
+  count      = "${var.droplet_count}"
+  path       = "/etc/hostname"
+  mode       = 0644
+  filesystem = "root"
+
+  content {
+    content = "${var.cluster_name}-etcd-${count.index}.${var.cluster_domain}"
+  }
+}
+
+data "ignition_file" "etcd_tls_zip" {
+  path       = "/etc/ssl/etcd/tls.zip"
+  mode       = 0400
+  uid        = 0
+  gid        = 0
+  filesystem = "root"
+
+  content {
+    mime    = "application/octet-stream"
+    content = "${var.tls_zip}"
+  }
+}
+
+data "ignition_systemd_unit" "etcd_unzip_tls" {
+  name    = "etcd-unzip-tls.service"
+  enable  = true
+  content = "${file("${path.module}/resources/etcd-unzip-tls.service")}"
+}
+
+data "template_file" "locksmithd" {
+  count    = "${var.droplet_count}"
+  template = "${file("${path.module}/resources/locksmithd.service")}"
+
+  vars = {
+    cluster_domain = "${var.cluster_domain}"
+    env_ca_file    = "${var.tls_enabled ? "Environment=\"LOCKSMITHD_ETCD_CAFILE=/etc/ssl/etcd/ca.crt\"" : ""}"
+    env_cert_file  = "${var.tls_enabled ? "Environment=\"LOCKSMITHD_ETCD_CERTFILE=/etc/ssl/etcd/client.crt\"" : ""}"
+    env_key_file   = "${var.tls_enabled ? "Environment=\"LOCKSMITHD_ETCD_KEYFILE=/etc/ssl/etcd/client.key\"" : ""}"
+    etcd_name      = "${var.cluster_name}-etcd-${count.index}"
+    scheme         = "${var.tls_enabled ? "https" : "http"}"
+  }
+}
+
+data "ignition_systemd_unit" "locksmithd" {
+  count  = "${var.droplet_count}"
+  name   = "locksmithd.service"
+  enable = true
+
+  dropin = [
+    {
+      content = "${data.template_file.locksmithd.*.rendered[count.index]}"
+      name    = "40-etcd-lock.conf"
+    },
+  ]
+}
+
+data "template_file" "initial-cluster" {
+  count = "${var.droplet_count}"
+
+  template = "${file("${path.module}/resources/initial-cluster.tpl")}"
+
+  vars = {
+    scheme       = "${var.tls_enabled ? "https" : "http"}"
+    etcd_name    = "${var.cluster_name}-etcd-${count.index}"
+    etcd_address = "${var.cluster_name}-etcd-${count.index}.${var.cluster_domain}"
+  }
+}
+
+data "template_file" "etcd-cluster-conf" {
+  count = "${var.droplet_count}"
+
+  template = "${file("${path.module}/resources/etcd-cluster.conf")}"
+
+  vars = {
+    cluster_domain  = "${var.cluster_domain}"
+    container_image = "${var.container_image}"
+    etcd_name       = "${var.cluster_name}-etcd-${count.index}"
+    initial_cluster = "${join(",", data.template_file.initial-cluster.*.rendered)}"
+    scheme          = "${var.tls_enabled ? "https" : "http"}"
+
+    cert_args = "${var.tls_enabled
+      ? "--cert-file=/etc/ssl/etcd/server.crt --key-file=/etc/ssl/etcd/server.key --peer-cert-file=/etc/ssl/etcd/peer.crt --peer-key-file=/etc/ssl/etcd/peer.key --peer-trusted-ca-file=/etc/ssl/etcd/ca.crt -peer-client-cert-auth=true"
+      : ""}"
+  }
+}
+
+data "ignition_systemd_unit" "etcd3" {
+  count  = "${var.droplet_count}"
+  name   = "etcd-member.service"
+  enable = true
+
+  dropin = [
+    {
+      content = "${data.template_file.etcd-cluster-conf.*.rendered[count.index]}"
+      name    = "40-etcd-cluster.conf"
+    },
+  ]
+}
diff --git a/modules/digitalocean/etcd/nodes.tf b/modules/digitalocean/etcd/nodes.tf
@@ -0,0 +1,10 @@
+resource "digitalocean_droplet" "etcd_node" {
+  count     = "${var.droplet_count}"
+  name      = "${var.cluster_name}-etcd-${count.index}"
+  image     = "${var.droplet_image}"
+  region    = "${var.droplet_region}"
+  size      = "${var.droplet_size}"
+  ssh_keys  = ["${var.ssh_keys}"]
+  tags      = ["${var.extra_tags}"]
+  user_data = "${data.ignition_config.etcd.*.rendered[count.index]}"
+}
diff --git a/modules/digitalocean/etcd/outputs.tf b/modules/digitalocean/etcd/outputs.tf
@@ -0,0 +1,3 @@
+output "endpoints" {
+  value = ["${digitalocean_record.etcd_nodes.*.fqdn}"]
+}
diff --git a/modules/digitalocean/etcd/resources/etcd-cluster.conf b/modules/digitalocean/etcd/resources/etcd-cluster.conf
@@ -0,0 +1,14 @@
+[Service]
+Environment="ETCD_IMAGE=${container_image}"
+Environment="RKT_RUN_ARGS=\
+  --volume etcd-ssl,kind=host,source=/etc/ssl/etcd \
+  --mount volume=etcd-ssl,target=/etc/ssl/etcd"
+ExecStart=
+ExecStart=/usr/lib/coreos/etcd-wrapper \
+  --name=${etcd_name} \
+  --advertise-client-urls=${scheme}://${etcd_name}.${cluster_domain}:2379 \
+  ${cert_args} \
+  --initial-advertise-peer-urls=${scheme}://${etcd_name}.${cluster_domain}:2380 \
+  --listen-client-urls=${scheme}://0.0.0.0:2379 \
+  --listen-peer-urls=${scheme}://0.0.0.0:2380 \
+  --initial-cluster="${initial_cluster}"
diff --git a/modules/digitalocean/etcd/resources/etcd-unzip-tls.service b/modules/digitalocean/etcd/resources/etcd-unzip-tls.service
@@ -0,0 +1,12 @@
+[Unit]
+ConditionPathExists=!/etc/ssl/etcd/ca.crt
+[Service]
+Type=oneshot
+WorkingDirectory=/etc/ssl/etcd
+ExecStart=/usr/bin/bash -c 'unzip /etc/ssl/etcd/tls.zip && \
+chown etcd:etcd /etc/ssl/etcd/peer.* && \
+chown etcd:etcd /etc/ssl/etcd/server.* && \
+chmod 0400 /etc/ssl/etcd/peer.* /etc/ssl/etcd/server.* /etc/ssl/etcd/client.*'
+[Install]
+WantedBy=multi-user.target
+RequiredBy=etcd-member.service locksmithd.service