Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Terraform setup #276

Merged
merged 9 commits into from
Sep 7, 2020
Merged

Fix Terraform setup #276

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
c7f3853
Fix Terraform setup
Sep 2, 2020
5629713
update terraform to 0.13 with 3.0.1 Packet provider
displague Sep 2, 2020
9ea6a7b
terraform: add multiple workers, safer resource names, retryable prov…
displague Sep 2, 2020
c0d8d5b
terraform: add a dependency on worker network_type for port_vlan_atta…
displague Sep 3, 2020
1970128
terraform: chmod scripts before during provision
displague Sep 3, 2020
69bb79b
terraform: terraform 0.13upgrade
displague Sep 3, 2020
41d92cd
terraform: generate hardware-data-0.json on provisioner, include sos …
displague Sep 4, 2020
5d9099c
terraform: fix file provisioning for worker and provisioner
displague Sep 4, 2020
da4ea2d
Merge branch 'master' into fix/update-terraform-setup
mergify[bot] Sep 7, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 27 additions & 20 deletions deploy/terraform/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,43 +10,46 @@ provider "packet" {
}

# Create a new VLAN in datacenter "ewr1"
resource "packet_vlan" "provisioning-vlan" {
description = "provisioning-vlan"
resource "packet_vlan" "provisioning_vlan" {
description = "provisioning_vlan"
facility = var.facility
project_id = var.project_id
}

# Create a device and add it to tf_project_1
resource "packet_device" "tink-provisioner" {
resource "packet_device" "tink_provisioner" {
hostname = "tink-provisioner"
plan = var.device_type
facilities = [var.facility]
operating_system = "ubuntu_18_04"
billing_cycle = "hourly"
project_id = var.project_id
user_data = file("install_package.sh")
}

resource "null_resource" "tink_directory" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gianarb by moving the provisioning to a null_resource, provisioning failures (like a missing ssh key) will not require the tink_provisioner host to be recreated. Changes to the tink/ directory can be reapplied (rsync'd) independently. terraform taint null_resource.tink_directory; terraform apply

connection {
type = "ssh"
user = var.ssh_user
host = packet_device.tink_provisioner.network[0].address
}

provisioner "file" {
source = "./../../../tink"
destination = "/root/"

connection {
type = "ssh"
user = var.ssh_user
host = packet_device.tink-provisioner.network[0].address
private_key = file(var.ssh_private_key)
Copy link
Member

@displague displague Sep 2, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gianarb I removed the private_key because Terraform will use your ssh-agent by default.

The problem with defaulting to "~/.ssh/id_rsa" is that this file is usually encrypted, and Terraform can not use that.

My suggestion is that we ask the user to add the key they want to use to their SSH agent before running terraform apply. For most users, this should already be the case - nothing to do.

An alternative is to ask users to ssh-keygen create a new key in this directory, and tell Terraform to use that.

If we can make private_key optional (use the agent if ssh_private_key is empty) that would be even better. I can look into this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added the ssh-agent note as part of the documentation. We can do the fallback work as follow up work 👍

}
}
}

resource "packet_device_network_type" "tink-provisioner-network-type" {
device_id = packet_device.tink-provisioner.id
resource "packet_device_network_type" "tink_provisioner_network_type" {
device_id = packet_device.tink_provisioner.id
type = "hybrid"
}

# Create a device and add it to tf_project_1
resource "packet_device" "tink-worker" {
hostname = "tink-worker"
resource "packet_device" "tink_worker" {
count = var.worker_count

hostname = "tink-worker-${count.index}"
plan = var.device_type
facilities = [var.facility]
operating_system = "custom_ipxe"
Expand All @@ -56,21 +59,25 @@ resource "packet_device" "tink-worker" {
project_id = var.project_id
}

resource "packet_device_network_type" "tink-worker-network-type" {
device_id = packet_device.tink-worker.id
resource "packet_device_network_type" "tink_worker_network_type" {
count = var.worker_count

device_id = packet_device.tink_worker[count.index].id
type = "layer2-individual"
}

# Attach VLAN to provisioner
resource "packet_port_vlan_attachment" "provisioner" {
device_id = packet_device.tink-provisioner.id
device_id = packet_device.tink_provisioner.id
Copy link
Member

@displague displague Sep 2, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ran into Error: POST https://api.packet.net/ports/bff62cf9-5f23-49fd-b500-686e3d8730b6/assign: 422 still bonded once while testing this. A follow-up terraform apply was successful.

It may make sense to add depends_on = packet_device_network_type.tink_provisioner_network_type here 🤔

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It sounds like a reasonable dependency to me, so let's be clear about that and write it down 👍

port_name = "eth1"
vlan_vnid = packet_vlan.provisioning-vlan.vxlan
vlan_vnid = packet_vlan.provisioning_vlan.vxlan
}

# Attach VLAN to worker
resource "packet_port_vlan_attachment" "worker" {
device_id = packet_device.tink-worker.id
count = var.worker_count

device_id = packet_device.tink_worker[count.index].id
port_name = "eth0"
vlan_vnid = packet_vlan.provisioning-vlan.vxlan
vlan_vnid = packet_vlan.provisioning_vlan.vxlan
}
6 changes: 3 additions & 3 deletions deploy/terraform/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
output "provisioner_dns_name" {
value = "${split("-", packet_device.tink-provisioner.id)[0]}.packethost.net"
value = "${split("-", packet_device.tink_provisioner.id)[0]}.packethost.net"
}

output "provisioner_ip" {
value = packet_device.tink-provisioner.network[0].address
value = packet_device.tink_provisioner.network[0].address
}

output "worker_mac_addr" {
value = packet_device.tink-worker.ports[1].mac
value = packet_device.tink_worker[0].ports[1].mac
}
11 changes: 5 additions & 6 deletions deploy/terraform/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,11 @@ variable "project_id" {
type = string
}

variable "worker_count" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't checked tinkerbell/tinkerbell.org#129 to see if multiple workers will require any additional doc changes.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, they will just work! Nice!

description = "Number of Workers"
type = number
default = 1
}
variable "facility" {
description = "Packet facility to provision in"
type = string
Expand All @@ -25,9 +30,3 @@ variable "ssh_user" {
type = string
default = "root"
}

variable "ssh_private_key" {
description = "privatekey that will be used to transfer file from your local environment to the provisioner via ssh"
type = string
default = "~/.ssh/id_rsa"
}