Permalink
Browse files

Merge pull request #28 from razorpay/ignition-override

[terraform/modules/ignition] Adds support for arbitary ignition config
  • Loading branch information...
Quentin-M committed Jan 18, 2019
2 parents 27b8c5e + bc4d3c6 commit 78eee7e1bc1837af58b95c56da3a1858859c248b
@@ -30,12 +30,12 @@

variable "instance_ssh_keys" {
description = "List of SSH public keys that are allowed to login into nodes"
type = "list"
type = "list"
}

variable "eco_image" {
description = "Container image of ECO to use"
default = "qmachu/etcd-cloud-operator:latest"
default = "qmachu/etcd-cloud-operator:v3.3.3b"
}

variable "eco_enable_tls" {
@@ -55,18 +55,20 @@ variable "eco_snapshot_ttl" {
description = "Defines the lifespan of each etcd snapshot (e.g. 24h)"
}

// 2GB
variable "eco_backend_quota" {
description = "Defines the maximum amount of data that etcd can store, in bytes, before going into maintenance mode"
default = "2147483648"
default = "2147483648"
}

variable "ca" {
description = "Optional CA keypair from which all certificates should be generated ('cert', 'key', 'alg')"
type = "map"
default = {
"cert" = "",
"key" = "",
"alg" = "",

default = {
"cert" = ""
"key" = ""
"alg" = ""
}
}

@@ -96,8 +98,8 @@ module "configuration" {
eco_key_file = "${var.eco_enable_tls == true ? module.ignition.eco_key_file : ""}"
eco_require_client_cert = "${var.eco_require_client_certs}"

eco_snapshot_interval = "${var.eco_snapshot_interval}"
eco_snapshot_ttl = "${var.eco_snapshot_ttl}"
eco_snapshot_interval = "${var.eco_snapshot_interval}"
eco_snapshot_ttl = "${var.eco_snapshot_ttl}"

eco_backend_quota = "${var.eco_backend_quota}"
}
@@ -113,6 +115,8 @@ module "ignition" {
eco_cert = "${module.tls.clients_server_cert}"
eco_key = "${module.tls.clients_server_key}"
eco_ca = "${module.tls.ca}"

ignition_extra_config = "${var.ignition_extra_config}"
}

// Output.
@@ -19,8 +19,8 @@ data "template_file" "configuration" {
asg_provider = "${var.eco_asg_provider}"
snapshot_provider = "${var.eco_snapshot_provider}"

unhealthy_member_ttl = "${var.eco_unhealthy_member_ttl}"
advertise_address = "${var.eco_advertise_address}"
unhealthy_member_ttl = "${var.eco_unhealthy_member_ttl}"
advertise_address = "${var.eco_advertise_address}"

cert_file = "${var.eco_cert_file}"
key_file = "${var.eco_key_file}"
@@ -58,4 +58,4 @@ variable "eco_snapshot_bucket" {

variable "eco_backend_quota" {
description = "Defines the maximum amount of data that etcd can store, in bytes, before going into maintenance mode"
}
}
@@ -19,7 +19,7 @@ data "ignition_config" "main" {
"${data.ignition_file.eco-crt.id}",
"${data.ignition_file.eco-key.id}",
"${data.ignition_file.eco-health.id}",
"${data.ignition_file.e.id}"
"${data.ignition_file.e.id}",
]

systemd = [
@@ -32,10 +32,15 @@ data "ignition_config" "main" {
]

users = ["${data.ignition_user.core.id}"]

append {
source = "${lookup(var.ignition_extra_config, "source", local.blank_ignition_config)}"
verification = "${lookup(var.ignition_extra_config, "verification", "")}"
}
}

data "ignition_user" "core" {
name = "core"
name = "core"
ssh_authorized_keys = "${var.instance_ssh_keys}"
}

@@ -142,3 +147,5 @@ data "ignition_file" "eco-health" {
content = "${file("${path.module}/resources/eco-health.sh")}"
}
}

data "ignition_config" "blank" {}
@@ -12,9 +12,13 @@
// See the License for the specific language governing permissions and
// limitations under the License.

locals {
blank_ignition_config = "data:text/plain;charset=utf-8;base64,${base64encode(data.ignition_config.blank.rendered)}"
}

variable "instance_ssh_keys" {
description = "List of SSH public keys that are allowed to login into nodes"
type = "list"
type = "list"
}

variable "eco_image" {
@@ -36,3 +40,8 @@ variable "eco_ca" {
variable "eco_configuration" {
description = "Defines the configuration for ECO"
}

variable "ignition_extra_config" {
description = "Extra ignition configuration that will get appended to the default ECO config"
default = {}
}
@@ -44,8 +44,8 @@ resource "tls_self_signed_cert" "ca" {
locals {
ca = {
"cert" = "${length(var.ca["key"]) == 0 ? join("", tls_self_signed_cert.ca.*.cert_pem) : var.ca["cert"]}"
"key" = "${length(var.ca["key"]) == 0 ? join("", tls_private_key.ca.*.private_key_pem) : var.ca["key"]}"
"alg" = "${length(var.ca["key"]) == 0 ? join("", tls_private_key.ca.*.algorithm) : var.ca["alg"]}"
"key" = "${length(var.ca["key"]) == 0 ? join("", tls_private_key.ca.*.private_key_pem) : var.ca["key"]}"
"alg" = "${length(var.ca["key"]) == 0 ? join("", tls_private_key.ca.*.algorithm) : var.ca["alg"]}"
}
}

@@ -124,6 +124,38 @@ module "eco" {
eco_snapshot_ttl = "24h"
eco_backend_quota = "${2 * 1024 * 1024 * 1024}"
ignition_extra_config = {
source = "${local.ignition_extra_config}"
}
}
// If you want to add extra ignition config, use like this
data "ignition_config" "extra" {
users = [
"${data.ignition_user.batman.id}",
]
groups = [
"${data.ignition_group.superheroes.id}",
]
}
data "ignition_group" "superheroes" {
name = "superheroes"
}
data "ignition_user" "batman" {
name = "batman"
home_dir = "/home/batman/"
shell = "/bin/bash"
}
// Alternatively, instead of using data-uri, you can host this on a web URl and pass that instead.
// See https://www.terraform.io/docs/providers/ignition/d/config.html#append
// for more details
locals {
ignition_extra_config = "data:text/plain;charset=utf-8;base64,${base64encode(data.ignition_config.extra.rendered)}"
}
```

@@ -73,8 +73,8 @@ resource "aws_launch_configuration" "main" {
associate_public_ip_address = "${var.associate_public_ips}"

root_block_device {
volume_type = "gp2"
volume_size = "${var.instance_disk_size}"
volume_type = "gp2"
volume_size = "${var.instance_disk_size}"
}

lifecycle {
@@ -88,10 +88,10 @@ resource "aws_security_group" "instances" {
vpc_id = "${var.vpc_id}"

ingress {
from_port = 2378
to_port = 2378
protocol = "tcp"
self = true
from_port = 2378
to_port = 2378
protocol = "tcp"
self = true
}

ingress {
@@ -78,4 +78,4 @@ locals {
unhealthy_member_ttl = "3m"
snapshot_bucket = "${aws_s3_bucket.backups.bucket}"
advertise_address = "${var.route53_enabled == "true" ? join("", aws_route53_record.elb.*.name) : aws_elb.clients.dns_name}"
}
}
@@ -16,4 +16,4 @@ resource "aws_route53_record" "elb" {
zone_id = "${aws_elb.clients.zone_id}"
evaluate_target_health = true
}
}
}
@@ -43,7 +43,7 @@ variable "vpc_id" {

variable "route53_enabled" {
description = "Defines whether a Route53 record should be created for client connections"
default = "false"
default = "false"
}

variable "route53_zone_id" {
@@ -65,3 +65,8 @@ variable "metrics_security_group_ids" {
type = "list"
default = []
}

variable "ignition_extra_config" {
description = "Extra ignition configuration that will get appended to the default ECO config"
default = {}
}

0 comments on commit 78eee7e

Please sign in to comment.