2023-04-05 14:48:38 +00:00
|
|
|
terraform {
|
|
|
|
required_providers {
|
|
|
|
libvirt = {
|
|
|
|
source = "dmacvicar/libvirt"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
locals {
|
|
|
|
cloudinit_user_data = templatefile("${path.module}/files/cloud_init.cfg.tftpl", {
|
|
|
|
name = var.name,
|
|
|
|
admin_authorized_keys = var.admin_authorized_keys,
|
|
|
|
insecure_password = var.insecure_password,
|
|
|
|
use_host_cert = var.use_host_cert,
|
|
|
|
host_cert = trimspace(null_resource.cert.triggers["cert"]),
|
2023-04-07 15:42:54 +00:00
|
|
|
private_key = tls_private_key.debian.private_key_openssh,
|
|
|
|
data_disk = var.data_disk != null
|
2023-04-17 07:31:30 +00:00
|
|
|
fixed_dns = var.fixed_dns
|
2023-04-25 20:33:57 +00:00
|
|
|
add_data_share = var.add_data_share
|
2023-04-05 14:48:38 +00:00
|
|
|
})
|
2023-04-07 16:05:37 +00:00
|
|
|
cloudinit_network_config = templatefile("${path.module}/files/network_config.cfg.tftpl", {
|
|
|
|
fixed_address = var.fixed_address
|
|
|
|
})
|
2023-04-12 13:15:45 +00:00
|
|
|
domain_name = coalesce(var.domain_name, var.name)
|
2023-04-05 14:48:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "tls_private_key" "debian" {
|
|
|
|
algorithm = "ED25519"
|
|
|
|
}
|
|
|
|
|
|
|
|
data "tls_public_key" "debian" {
|
|
|
|
private_key_pem = tls_private_key.debian.private_key_pem
|
|
|
|
}
|
|
|
|
|
|
|
|
data "external" "cert" {
|
|
|
|
program = ["bash", "${path.module}/files/get_cert.sh"]
|
|
|
|
|
|
|
|
query = {
|
2023-04-25 15:50:02 +00:00
|
|
|
pubkey = trimspace(data.tls_public_key.debian.public_key_openssh)
|
|
|
|
host = var.name
|
|
|
|
cahost = var.ca_host
|
2023-04-23 22:05:48 +00:00
|
|
|
cascript = var.ca_script
|
2023-04-25 15:50:02 +00:00
|
|
|
cakey = var.ca_key
|
2023-04-05 14:48:38 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "null_resource" "cert" {
|
|
|
|
triggers = {
|
|
|
|
cert = data.external.cert.result["cert"]
|
|
|
|
}
|
|
|
|
|
|
|
|
lifecycle {
|
|
|
|
ignore_changes = [
|
|
|
|
triggers
|
|
|
|
]
|
2023-04-25 15:50:02 +00:00
|
|
|
|
2023-04-21 19:23:01 +00:00
|
|
|
postcondition {
|
2023-04-25 15:50:02 +00:00
|
|
|
condition = data.external.cert.result["cert"] != "" || !var.use_host_cert
|
2023-04-21 19:23:01 +00:00
|
|
|
error_message = "Error retrieving host certificate."
|
|
|
|
}
|
2023-04-05 14:48:38 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "libvirt_volume" "debian" {
|
2023-04-12 13:15:45 +00:00
|
|
|
name = "${local.domain_name}.iso"
|
2023-04-05 15:12:16 +00:00
|
|
|
pool = var.disk_pool
|
2023-04-05 14:48:38 +00:00
|
|
|
size = var.disk_size
|
2023-04-05 15:12:16 +00:00
|
|
|
base_volume_name = var.disk_base
|
|
|
|
base_volume_pool = var.disk_base_pool
|
2023-04-05 14:48:38 +00:00
|
|
|
|
|
|
|
lifecycle {
|
|
|
|
replace_triggered_by = [
|
|
|
|
libvirt_cloudinit_disk.debian.id
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "libvirt_cloudinit_disk" "debian" {
|
2023-04-12 13:15:45 +00:00
|
|
|
name = "${local.domain_name}.iso"
|
2023-04-05 15:12:16 +00:00
|
|
|
pool = var.cloudinit_pool
|
2023-04-05 14:48:38 +00:00
|
|
|
user_data = local.cloudinit_user_data
|
2023-04-07 16:05:37 +00:00
|
|
|
network_config = local.cloudinit_network_config
|
2023-04-05 14:48:38 +00:00
|
|
|
}
|
|
|
|
|
2023-04-25 20:50:13 +00:00
|
|
|
resource "null_resource" "data_share" {
|
|
|
|
connection {
|
|
|
|
type = "ssh"
|
|
|
|
user = "root"
|
|
|
|
host = "atlas.hyp"
|
|
|
|
}
|
|
|
|
|
|
|
|
provisioner "remote-exec" {
|
|
|
|
inline = [
|
2023-04-25 20:53:23 +00:00
|
|
|
"${var.add_data_share} && mkdir -p --mode=og=rw /data/${local.domain_name}"
|
2023-04-25 20:50:13 +00:00
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-04-05 14:48:38 +00:00
|
|
|
resource "libvirt_domain" "debian" {
|
2023-04-12 13:15:45 +00:00
|
|
|
name = local.domain_name
|
2023-04-05 14:48:38 +00:00
|
|
|
memory = var.memory
|
|
|
|
vcpu = 4
|
|
|
|
autostart = true
|
|
|
|
|
|
|
|
disk {
|
|
|
|
volume_id = libvirt_volume.debian.id
|
|
|
|
}
|
|
|
|
|
2023-04-07 14:02:02 +00:00
|
|
|
dynamic "disk" {
|
2023-04-07 15:42:54 +00:00
|
|
|
for_each = var.data_disk != null ? [1] : []
|
2023-04-25 20:33:57 +00:00
|
|
|
|
2023-04-07 14:02:02 +00:00
|
|
|
content {
|
2023-04-07 15:42:54 +00:00
|
|
|
volume_id = var.data_disk
|
2023-04-07 14:02:02 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-04-25 20:33:57 +00:00
|
|
|
dynamic "filesystem" {
|
|
|
|
for_each = var.add_data_share ? [1] : []
|
|
|
|
|
|
|
|
content {
|
|
|
|
source = "/data/${local.domain_name}/"
|
|
|
|
target = "data"
|
|
|
|
readonly = false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-04-05 14:48:38 +00:00
|
|
|
network_interface {
|
2023-04-05 15:12:16 +00:00
|
|
|
bridge = var.bridge_name
|
2023-04-05 14:48:38 +00:00
|
|
|
hostname = var.name
|
|
|
|
mac = var.mac
|
|
|
|
}
|
|
|
|
|
|
|
|
cloudinit = libvirt_cloudinit_disk.debian.id
|
|
|
|
|
2023-04-09 09:34:30 +00:00
|
|
|
provisioner "local-exec" {
|
|
|
|
command = var.ansible_command
|
2023-04-09 08:46:17 +00:00
|
|
|
}
|
|
|
|
|
2023-04-05 14:48:38 +00:00
|
|
|
lifecycle {
|
|
|
|
replace_triggered_by = [
|
|
|
|
libvirt_cloudinit_disk.debian.id
|
|
|
|
]
|
|
|
|
}
|
2023-04-25 20:50:13 +00:00
|
|
|
|
|
|
|
depends_on = [
|
|
|
|
null_resource.data_share
|
|
|
|
]
|
2023-04-05 14:48:38 +00:00
|
|
|
}
|