Merge pull request #28 from razorpay/ignition-override

[terraform/modules/ignition] Adds support for arbitary ignition config

terraform/common.tf

@@ -30,12 +30,12 @@
 
 variable "instance_ssh_keys" {
   description = "List of SSH public keys that are allowed to login into nodes"
-  type = "list"
+  type        = "list"
 }
 
 variable "eco_image" {
   description = "Container image of ECO to use"
-  default     = "qmachu/etcd-cloud-operator:latest"
+  default     = "qmachu/etcd-cloud-operator:v3.3.3b"
 }
 
 variable "eco_enable_tls" {
@@ -55,18 +55,20 @@ variable "eco_snapshot_ttl" {
   description = "Defines the lifespan of each etcd snapshot (e.g. 24h)"
 }
 
+// 2GB
 variable "eco_backend_quota" {
   description = "Defines the maximum amount of data that etcd can store, in bytes, before going into maintenance mode"
-  default = "2147483648"
+  default     = "2147483648"
 }
 
 variable "ca" {
   description = "Optional CA keypair from which all certificates should be generated ('cert', 'key', 'alg')"
   type        = "map"
-  default     = {
-    "cert" = "",
-    "key"  = "",
-    "alg"  = "",
+
+  default = {
+    "cert" = ""
+    "key"  = ""
+    "alg"  = ""
   }
 }
 
@@ -96,8 +98,8 @@ module "configuration" {
   eco_key_file            = "${var.eco_enable_tls == true ? module.ignition.eco_key_file : ""}"
   eco_require_client_cert = "${var.eco_require_client_certs}"
 
-  eco_snapshot_interval             = "${var.eco_snapshot_interval}"
-  eco_snapshot_ttl                  = "${var.eco_snapshot_ttl}"
+  eco_snapshot_interval = "${var.eco_snapshot_interval}"
+  eco_snapshot_ttl      = "${var.eco_snapshot_ttl}"
 
   eco_backend_quota = "${var.eco_backend_quota}"
 }
@@ -113,6 +115,8 @@ module "ignition" {
   eco_cert = "${module.tls.clients_server_cert}"
   eco_key  = "${module.tls.clients_server_key}"
   eco_ca   = "${module.tls.ca}"
+
+  ignition_extra_config = "${var.ignition_extra_config}"
 }
 
 // Output.

terraform/modules/configuration/configuration.tf

@@ -19,8 +19,8 @@ data "template_file" "configuration" {
     asg_provider      = "${var.eco_asg_provider}"
     snapshot_provider = "${var.eco_snapshot_provider}"
 
-    unhealthy_member_ttl          = "${var.eco_unhealthy_member_ttl}"
-    advertise_address             = "${var.eco_advertise_address}"
+    unhealthy_member_ttl = "${var.eco_unhealthy_member_ttl}"
+    advertise_address    = "${var.eco_advertise_address}"
 
     cert_file           = "${var.eco_cert_file}"
     key_file            = "${var.eco_key_file}"

terraform/modules/configuration/variables.tf

@@ -58,4 +58,4 @@ variable "eco_snapshot_bucket" {
 
 variable "eco_backend_quota" {
   description = "Defines the maximum amount of data that etcd can store, in bytes, before going into maintenance mode"
-}
+}

terraform/modules/ignition/ignition.tf

@@ -19,7 +19,7 @@ data "ignition_config" "main" {
     "${data.ignition_file.eco-crt.id}",
     "${data.ignition_file.eco-key.id}",
     "${data.ignition_file.eco-health.id}",
-    "${data.ignition_file.e.id}"
+    "${data.ignition_file.e.id}",
   ]
 
   systemd = [
@@ -32,10 +32,15 @@ data "ignition_config" "main" {
   ]
 
   users = ["${data.ignition_user.core.id}"]
+
+  append {
+    source       = "${lookup(var.ignition_extra_config, "source", local.blank_ignition_config)}"
+    verification = "${lookup(var.ignition_extra_config, "verification", "")}"
+  }
 }
 
 data "ignition_user" "core" {
-  name = "core"
+  name                = "core"
   ssh_authorized_keys = "${var.instance_ssh_keys}"
 }
 
@@ -142,3 +147,5 @@ data "ignition_file" "eco-health" {
     content = "${file("${path.module}/resources/eco-health.sh")}"
   }
 }
+
+data "ignition_config" "blank" {}

terraform/modules/ignition/variables.tf

@@ -12,9 +12,13 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+locals {
+  blank_ignition_config = "data:text/plain;charset=utf-8;base64,${base64encode(data.ignition_config.blank.rendered)}"
+}
+
 variable "instance_ssh_keys" {
   description = "List of SSH public keys that are allowed to login into nodes"
-  type = "list"
+  type        = "list"
 }
 
 variable "eco_image" {
@@ -36,3 +40,8 @@ variable "eco_ca" {
 variable "eco_configuration" {
   description = "Defines the configuration for ECO"
 }
+
+variable "ignition_extra_config" {
+  description = "Extra ignition configuration that will get appended to the default ECO config"
+  default     = {}
+}

terraform/modules/tls/tls.tf

@@ -44,8 +44,8 @@ resource "tls_self_signed_cert" "ca" {
 locals {
   ca = {
     "cert" = "${length(var.ca["key"]) == 0 ? join("", tls_self_signed_cert.ca.*.cert_pem) : var.ca["cert"]}"
-    "key" = "${length(var.ca["key"]) == 0 ? join("", tls_private_key.ca.*.private_key_pem) : var.ca["key"]}"
-    "alg" = "${length(var.ca["key"]) == 0 ? join("", tls_private_key.ca.*.algorithm) : var.ca["alg"]}"
+    "key"  = "${length(var.ca["key"]) == 0 ? join("", tls_private_key.ca.*.private_key_pem) : var.ca["key"]}"
+    "alg"  = "${length(var.ca["key"]) == 0 ? join("", tls_private_key.ca.*.algorithm) : var.ca["alg"]}"
   }
 }
 

terraform/platforms/aws/README.md

@@ -124,6 +124,38 @@ module "eco" {
   eco_snapshot_ttl           = "24h"
 
   eco_backend_quota = "${2 * 1024 * 1024 * 1024}"
+
+  ignition_extra_config = {
+    source = "${local.ignition_extra_config}"
+  }
+}
+
+// If you want to add extra ignition config, use like this
+data "ignition_config" "extra" {
+  users = [
+    "${data.ignition_user.batman.id}",
+  ]
+
+  groups = [
+    "${data.ignition_group.superheroes.id}",
+  ]
+}
+
+data "ignition_group" "superheroes" {
+  name = "superheroes"
+}
+
+data "ignition_user" "batman" {
+    name = "batman"
+    home_dir = "/home/batman/"
+    shell = "/bin/bash"
+}
+
+// Alternatively, instead of using data-uri, you can host this on a web URl and pass that instead.
+// See https://www.terraform.io/docs/providers/ignition/d/config.html#append
+// for more details
+locals {
+  ignition_extra_config = "data:text/plain;charset=utf-8;base64,${base64encode(data.ignition_config.extra.rendered)}"
 }
 ```
 

terraform/platforms/aws/asg.tf

@@ -73,8 +73,8 @@ resource "aws_launch_configuration" "main" {
   associate_public_ip_address = "${var.associate_public_ips}"
 
   root_block_device {
-    volume_type   = "gp2"
-    volume_size   = "${var.instance_disk_size}"
+    volume_type = "gp2"
+    volume_size = "${var.instance_disk_size}"
   }
 
   lifecycle {
@@ -88,10 +88,10 @@ resource "aws_security_group" "instances" {
   vpc_id = "${var.vpc_id}"
 
   ingress {
-    from_port       = 2378
-    to_port         = 2378
-    protocol        = "tcp"
-    self            = true
+    from_port = 2378
+    to_port   = 2378
+    protocol  = "tcp"
+    self      = true
   }
 
   ingress {

terraform/platforms/aws/aws.tf

@@ -78,4 +78,4 @@ locals {
   unhealthy_member_ttl = "3m"
   snapshot_bucket      = "${aws_s3_bucket.backups.bucket}"
   advertise_address    = "${var.route53_enabled == "true" ? join("", aws_route53_record.elb.*.name) : aws_elb.clients.dns_name}"
-}
+}

terraform/platforms/aws/route53.tf

@@ -16,4 +16,4 @@ resource "aws_route53_record" "elb" {
     zone_id                = "${aws_elb.clients.zone_id}"
     evaluate_target_health = true
   }
-}
+}

terraform/platforms/aws/variables.tf

@@ -43,7 +43,7 @@ variable "vpc_id" {
 
 variable "route53_enabled" {
   description = "Defines whether a Route53 record should be created for client connections"
-  default = "false"
+  default     = "false"
 }
 
 variable "route53_zone_id" {
@@ -65,3 +65,8 @@ variable "metrics_security_group_ids" {
   type        = "list"
   default     = []
 }
+
+variable "ignition_extra_config" {
+  description = "Extra ignition configuration that will get appended to the default ECO config"
+  default     = {}
+}