Skip to content
Terraform module to create a Digital Ocean Droplet backed with Salt in a masterless arrangement.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
data
tools
.gitignore
LICENSE
README.md
main.tf
outputs.tf
variables.tf

README.md

Terraform + Digital Ocean + Salt (Masterless)

Terraform module to create a Digital Ocean Droplet using the Terraform Salt Masterless Provisioner, including a tool salt-push which provides an easy way to push a new saltstack without needing to do a full system tear-down.

Usage

This module allows you to establish a Droplet on Digital Ocean with SaltStack in masterless mode easily as shown in the example below:-

variable "do_token" {}    # set via environment value `TF_VAR_do_token`

provider "digitalocean" {
  token = "${var.do_token}"
}

module "terraform-digitalocean-salt-masterless" {
  source  = "verbnetworks/salt-masterless/digitalocean"

  # required variables
  # ===
  hostname = "node08"
  digitalocean_region = "sgp1"
  salt_local_state_tree = "/local/path/to/node08/states"
  salt_local_pillar_roots = "/local/path/to/node08/pillars"

  # optional variables
  # ===
  # digitalocean_volume0 = "<mount-point>:<mount-device>:<volume-id>:<mount-fstype>"
  # 
  # Example:-
  # digitalocean_volume0 = "/mnt:/dev/disk/by-id/scsi-0DO_Volume_example01:0010c05e-20ad-10e0-9007-00000c113408:ext4"
}

# optional outputs
output "hostname" { value = "${module.terraform-digitalocean-salt-masterless.hostname}" }
output "region" { value = "${module.terraform-digitalocean-salt-masterless.region}" }
output "ipv4_address" { value = "${module.terraform-digitalocean-salt-masterless.ipv4_address}" }
output "volume0" { value = "${module.terraform-digitalocean-salt-masterless.volume0}" }
output "salt_local_minion_config_file" { value = "${module.terraform-digitalocean-salt-masterless.salt_local_minion_config_file}" }
output "salt_local_state_tree" { value = "${module.terraform-digitalocean-salt-masterless.salt_local_state_tree}" }
output "salt_local_pillar_roots" { value = "${module.terraform-digitalocean-salt-masterless.salt_local_pillar_roots}" }
output "salt_remote_state_tree" { value = "${module.terraform-digitalocean-salt-masterless.salt_remote_state_tree}" }
output "salt_remote_pillar_roots" { value = "${module.terraform-digitalocean-salt-masterless.salt_remote_pillar_roots}" }

Note on the digitalocean_volume0 attribute

It is optionally possible to mount a pre-existing volume to your Droplet by providing the mount details in the following format <mount-point>:<mount-device>:<volume-id>:<mount-fstype>

Obtaining the <volume-id> value is not straight-forward through the Digital Ocean web admin user interface and requires that you call their API to obtain it. You can consider using the digitalocean-api-query cli tool with the "volumes" argument to discover this value.

$ digitalocean-api-query volumes | jq .volumes
[
  {
    "id": "0010c05e-20ad-10e0-9007-00000c113408",
    "name": "example01",
    "created_at": "2018-03-07T02:12:46Z",
...

The salt-push tool

An additional salt-push tool is provided to easily push new salt-states and salt-pillars and invoke a remote salt-call. The salt-push tool achieves this by inspecting the (local) tfstate file for information about the remote system address, local and remote paths - this allows you to very easily push and update the remote saltstack with a one-line command.

$ ./tools/salt-push /path/to/terraform.tfstate

salt-push
===
local_minion_config_file: /dev/null
local_states_path: /path/to/salt/states
local_pillars_path: /path/to/salt/pillars
remote_states_path: /srv/salt
remote_pillars_path: /srv/pillar
remote_address: x.x.x.x
connect to x.x.x.x on tcp:22 - Okay!
temp setting remote salt-config ownership to allow remote salt-config changes...
rsyncd remote_states_path - Okay!
rsyncd remote_pillars_path - Okay!
setting remote salt-config ownership back to root...
invoking salt-call over ssh...

...

Summary for local
------------
Succeeded: 4
Failed:    0
------------
Total states run:     4
Total run time:  70.244 ms

History

This module was originally published via https://github.com/ndejong/terraform-digitalocean-salt-masterless and was subsequently moved which required it to be removed and re-added to the Terraform Module repository.


Input Variables - Required

hostname

The hostname applied to this strelaysrv-node droplet.

digitalocean_region

The DigitalOcean region-slug to start this strelaysrv-node within (nyc1, sgp1, lon1, nyc3, ams3, fra1, tor1, sfo2, blr1)

salt_local_state_tree

Local path to the SaltStack state-tree to apply to the remote system

salt_local_pillar_roots

Local path to the SaltStack pillar-roots to apply to the remote system

Input Variables - Optional

disable_root_login

Disable the root login after droplet has completed deployment - NB: the root bootstrap-sshkey remains in CLEARTEXT in the Terraform statefile, setting this parameter to '1' removes the bootstrap ssh-publickey from the remote system and sets PermitRootLogin to 'no' in the ssh-config after the bootstrap process is complete.

  • default = 1

disable_saltminion_service

The salt-minion service is by default installed and started as a service which in a salt-headless arrangement is not required, this option by default disables that service.

  • default = 1

salt_local_minion_config_file

Local salt minion config to be pushed to the remote system

  • default = ""

salt_remote_state_tree

Remote system remote_state_tree path

  • default = "/srv/salt"

salt_remote_pillar_roots

Remote system remote_pillar_roots path

  • default = "/srv/pillar"

salt_custom_state

Salt custom_state definition

  • default = ""

salt_log_level

Salt logging level

  • default = "warning"

digitalocean_image

The digitalocean image to use as the base for this digitalocean-droplet

  • default = "ubuntu-18-04-x64"

digitalocean_size

The size to use for this digitalocean-droplet. default = "s-1vcpu-1gb"

digitalocean_backups

Enable/disable backup functionality on this digitalocean-droplet.

  • default = false

digitalocean_monitoring

Enable/disable monitoring functionality on this digitalocean-droplet.

  • default = true

digitalocean_ipv6

Enable/disable getting a public IPv6 on this digitalocean-droplet.

  • default = false

digitalocean_private_networking

Enable/disable private-networking functionality on this digitalocean-droplet.

  • default = false

digitalocean_tags

List of tags to apply to this Droplet, the tags MUST already exist!

  • default = []

digitalocean_volume0

Volume0 to attach to this digitalocean-droplet in the format <mount-point>:<mount-device>:<volume-id>:<mount-fstype> - review README for information on discovering the value.

  • default = ""

Outputs

hostname

The hostname applied to this digitalocean-droplet.

region

The digitalocean region-slug this digitalocean-droplet is running in.

ipv4_address

The public IPv4 address of this digitalocean-droplet.

ipv4_address_private

The private IPv4 address of this digitalocean-droplet.

ipv6_address

The public IPv6 address of this digitalocean-droplet.

ipv6_address_private

The private IPv6 address of this digitalocean-droplet.

volume0

The volume attach to this digitalocean-droplet in the format <mount-point>:<mount-device>:<volume-id>:<mount-fstype>

salt_local_minion_config_file

The local SaltStack minion config file sent to the remote host

salt_local_state_tree

The local SaltStack state-tree path sent to the remote host

salt_local_pillar_roots

The local SaltStack pillar-root path sent to the remote host

salt_remote_state_tree

The remote-system path to the SaltStack state-tree path

salt_remote_pillar_roots

The remote-system path to the SaltStack pillar-roots path


Authors

Module managed by Verb Networks

License

Apache 2 Licensed. See LICENSE for full details.

You can’t perform that action at this time.