tf-debian-vm/main.tf

terraform {
  required_providers {
    libvirt = {
      source = "dmacvicar/libvirt"
    }
  }
}

locals {
  cloudinit_user_data = templatefile("${path.module}/files/cloud_init.cfg.tftpl", {
    name                  = var.name,
    admin_authorized_keys = var.admin_authorized_keys,
    insecure_password     = var.insecure_password,
    use_host_cert         = var.use_host_cert,
    host_cert             = trimspace(null_resource.cert.triggers["cert"]),
    private_key           = tls_private_key.debian.private_key_openssh,
    data_disk             = var.data_disk != null
    fixed_dns             = var.fixed_dns
    add_data_share        = var.add_data_share
  })
  cloudinit_network_config = templatefile("${path.module}/files/network_config.cfg.tftpl", {
    fixed_address = var.fixed_address
  })
  domain_name = coalesce(var.domain_name, var.name)
}

resource "tls_private_key" "debian" {
  algorithm = "ED25519"
}

data "tls_public_key" "debian" {
  private_key_pem = tls_private_key.debian.private_key_pem
}

data "external" "cert" {
  program = ["bash", "${path.module}/files/get_cert.sh"]

  query = {
    pubkey   = trimspace(data.tls_public_key.debian.public_key_openssh)
    host     = var.name
    cahost   = var.ca_host
    cascript = var.ca_script
    cakey    = var.ca_key
  }
}

resource "null_resource" "cert" {
  triggers = {
    cert = data.external.cert.result["cert"]
  }

  lifecycle {
    ignore_changes = [
      triggers
    ]

    postcondition {
      condition     = data.external.cert.result["cert"] != "" || !var.use_host_cert
      error_message = "Error retrieving host certificate."
    }
  }
}

resource "libvirt_volume" "debian" {
  name             = "${local.domain_name}.iso"
  pool             = var.disk_pool
  size             = var.disk_size
  base_volume_name = var.disk_base
  base_volume_pool = var.disk_base_pool

  lifecycle {
    replace_triggered_by = [
      libvirt_cloudinit_disk.debian.id
    ]
  }
}

resource "libvirt_cloudinit_disk" "debian" {
  name           = "${local.domain_name}.iso"
  pool           = var.cloudinit_pool
  user_data      = local.cloudinit_user_data
  network_config = local.cloudinit_network_config
}

resource "libvirt_domain" "debian" {
  name      = local.domain_name
  memory    = var.memory
  vcpu      = 4
  autostart = true

  disk {
    volume_id = libvirt_volume.debian.id
  }

  dynamic "disk" {
    for_each = var.data_disk != null ? [1] : []

    content {
      volume_id = var.data_disk
    }
  }

  dynamic "filesystem" {
    for_each = var.add_data_share ? [1] : []

    content {
      source   = "/data/${local.domain_name}/"
      target   = "data"
      readonly = false
    }
  }

  network_interface {
    bridge   = var.bridge_name
    hostname = var.name
    mac      = var.mac
  }

  cloudinit = libvirt_cloudinit_disk.debian.id

  provisioner "local-exec" {
    command = var.ansible_command
  }

  lifecycle {
    replace_triggered_by = [
      libvirt_cloudinit_disk.debian.id
    ]
  }
}
init 2023-04-05 14:48:38 +00:00			`terraform {`
			`required_providers {`
			`libvirt = {`
			`source = "dmacvicar/libvirt"`
			`}`
			`}`
			`}`

			`locals {`
			`cloudinit_user_data = templatefile("${path.module}/files/cloud_init.cfg.tftpl", {`
			`name = var.name,`
			`admin_authorized_keys = var.admin_authorized_keys,`
			`insecure_password = var.insecure_password,`
			`use_host_cert = var.use_host_cert,`
			`host_cert = trimspace(null_resource.cert.triggers["cert"]),`
format and partition data disk support only one data disk for now 2023-04-07 15:42:54 +00:00			`private_key = tls_private_key.debian.private_key_openssh,`
			`data_disk = var.data_disk != null`
add option for fixed DNS server 2023-04-17 07:31:30 +00:00			`fixed_dns = var.fixed_dns`
add support for file share 2023-04-25 20:33:57 +00:00			`add_data_share = var.add_data_share`
init 2023-04-05 14:48:38 +00:00			`})`
support fixed ip address 2023-04-07 16:05:37 +00:00			`cloudinit_network_config = templatefile("${path.module}/files/network_config.cfg.tftpl", {`
			`fixed_address = var.fixed_address`
			`})`
add ability to change domain name 2023-04-12 13:15:45 +00:00			`domain_name = coalesce(var.domain_name, var.name)`
init 2023-04-05 14:48:38 +00:00			`}`

			`resource "tls_private_key" "debian" {`
			`algorithm = "ED25519"`
			`}`

			`data "tls_public_key" "debian" {`
			`private_key_pem = tls_private_key.debian.private_key_pem`
			`}`

			`data "external" "cert" {`
			`program = ["bash", "${path.module}/files/get_cert.sh"]`

			`query = {`
support multiple SSH CA key pairs 2023-04-25 15:50:02 +00:00			`pubkey = trimspace(data.tls_public_key.debian.public_key_openssh)`
			`host = var.name`
			`cahost = var.ca_host`
parameterize CA script 2023-04-23 22:05:48 +00:00			`cascript = var.ca_script`
support multiple SSH CA key pairs 2023-04-25 15:50:02 +00:00			`cakey = var.ca_key`
init 2023-04-05 14:48:38 +00:00			`}`
			`}`

			`resource "null_resource" "cert" {`
			`triggers = {`
			`cert = data.external.cert.result["cert"]`
			`}`

			`lifecycle {`
			`ignore_changes = [`
			`triggers`
			`]`
support multiple SSH CA key pairs 2023-04-25 15:50:02 +00:00
improve ssh host cert validation 2023-04-21 19:23:01 +00:00			`postcondition {`
support multiple SSH CA key pairs 2023-04-25 15:50:02 +00:00			`condition = data.external.cert.result["cert"] != "" \|\| !var.use_host_cert`
improve ssh host cert validation 2023-04-21 19:23:01 +00:00			`error_message = "Error retrieving host certificate."`
			`}`
init 2023-04-05 14:48:38 +00:00			`}`
			`}`

			`resource "libvirt_volume" "debian" {`
add ability to change domain name 2023-04-12 13:15:45 +00:00			`name = "${local.domain_name}.iso"`
parameterize more values 2023-04-05 15:12:16 +00:00			`pool = var.disk_pool`
init 2023-04-05 14:48:38 +00:00			`size = var.disk_size`
parameterize more values 2023-04-05 15:12:16 +00:00			`base_volume_name = var.disk_base`
			`base_volume_pool = var.disk_base_pool`
init 2023-04-05 14:48:38 +00:00
			`lifecycle {`
			`replace_triggered_by = [`
			`libvirt_cloudinit_disk.debian.id`
			`]`
			`}`
			`}`

			`resource "libvirt_cloudinit_disk" "debian" {`
add ability to change domain name 2023-04-12 13:15:45 +00:00			`name = "${local.domain_name}.iso"`
parameterize more values 2023-04-05 15:12:16 +00:00			`pool = var.cloudinit_pool`
init 2023-04-05 14:48:38 +00:00			`user_data = local.cloudinit_user_data`
support fixed ip address 2023-04-07 16:05:37 +00:00			`network_config = local.cloudinit_network_config`
init 2023-04-05 14:48:38 +00:00			`}`

			`resource "libvirt_domain" "debian" {`
add ability to change domain name 2023-04-12 13:15:45 +00:00			`name = local.domain_name`
init 2023-04-05 14:48:38 +00:00			`memory = var.memory`
			`vcpu = 4`
			`autostart = true`

			`disk {`
			`volume_id = libvirt_volume.debian.id`
			`}`

support data disks 2023-04-07 14:02:02 +00:00			`dynamic "disk" {`
format and partition data disk support only one data disk for now 2023-04-07 15:42:54 +00:00			`for_each = var.data_disk != null ? [1] : []`
add support for file share 2023-04-25 20:33:57 +00:00
support data disks 2023-04-07 14:02:02 +00:00			`content {`
format and partition data disk support only one data disk for now 2023-04-07 15:42:54 +00:00			`volume_id = var.data_disk`
support data disks 2023-04-07 14:02:02 +00:00			`}`
			`}`

add support for file share 2023-04-25 20:33:57 +00:00			`dynamic "filesystem" {`
			`for_each = var.add_data_share ? [1] : []`

			`content {`
			`source = "/data/${local.domain_name}/"`
			`target = "data"`
			`readonly = false`
			`}`
			`}`

init 2023-04-05 14:48:38 +00:00			`network_interface {`
parameterize more values 2023-04-05 15:12:16 +00:00			`bridge = var.bridge_name`
init 2023-04-05 14:48:38 +00:00			`hostname = var.name`
			`mac = var.mac`
			`}`

			`cloudinit = libvirt_cloudinit_disk.debian.id`

fix dynamic provisioner 2023-04-09 09:34:30 +00:00			`provisioner "local-exec" {`
			`command = var.ansible_command`
add ansible provisioner 2023-04-09 08:46:17 +00:00			`}`

init 2023-04-05 14:48:38 +00:00			`lifecycle {`
			`replace_triggered_by = [`
			`libvirt_cloudinit_disk.debian.id`
			`]`
			`}`
			`}`