Skip to content
Snippets Groups Projects
Select Git revision
  • 205b984ccfe1b979d4ebed511297a11d1f28d5ed
  • master default protected
  • devel
  • hruska-feature-clients-api
  • malostik-#5066-deduplicate-idea-ids
  • warden-postgresql-port
  • hruska-feature-#6799-filter-keys
  • hruska-feature-5066-duplicateIdeaID
  • warden-client-3.0-beta3
  • warden-server-3.0-beta3
  • warden-client-2.2-final
  • warden-server-2.2-final
  • warden-client-3.0-beta2
  • warden-server-3.0-beta2
  • warden-client-2.2
  • warden-server-2.2-patch3
  • warden-client-3.0-beta1
  • warden-server-3.0-beta1
  • warden-server-2.2-patch1
  • warden-client-3.0-beta0
  • warden-server-3.0-beta0
  • warden-server-2.2
  • warden-server-2.1-patch1
  • warden-client-2.1
  • warden-server-2.1
  • warden-server-2.1-beta6
  • warden-server-2.1-beta5
  • warden-server-2.1-beta4
28 results

scroll_x.html

Blame
  • Forked from 713 / Warden / Warden - archive
    Source project has a limited visibility.
    deploy.tf 6.51 KiB
    provider "openstack" {
    }
    
    terraform {
    	required_providers {
    		openstack = {
    			source= "terraform-provider-openstack/openstack"
    		}
    	}
    }
    
    locals {
    	ord = ["a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"]
    	keyfile = "ssh-key.${var.domain}.txt"
    	master_fqdn = "${data.template_file.user_data_common[0].vars.host}.${var.domain}"
    	output = {
    		config = {
    			value = {
    				n = var.n,
    				domain = var.domain,
    				image_user = var.image_user,
    				master_hostname = var.master_hostname,
    				node_hostname = var.node_hostname,
    				type = var.type,
    				secrets = {
    					http_signature_secret = random_password.secrets[0].result,
    					kerberos_admin_password = random_password.secrets[1].result,
    					kerberos_master_password = random_password.secrets[2].result,
    				},
    				volumes = var.volumes,
    			}
    		}
    		hosts = {
    			value = {
    				for instance in openstack_compute_instance_v2.server:
    					data.template_file.user_data_common[index(openstack_compute_instance_v2.server[*].id, instance.id)].vars.host => length(instance.network) >= 1 ? instance.network[0].fixed_ip_v4 : null
    			}
    		}
    		public_hosts = {
    			value = {
    				(data.template_file.user_data_common[0].vars.host) = openstack_compute_floatingip_associate_v2.server-fip-1.floating_ip
    			}
    		}
    	}
    }
    
    data "openstack_images_image_v2" "image" {
    	name = var.image_name
    	owner = var.image_owner
    	visibility = var.image_visibility
    	most_recent = true
    }
    
    data "template_file" "user_data_common" {
    	count = var.n + 1
    	template = file("common/ctx.yaml")
    	vars = {
    		host = count.index == 0 ? var.master_hostname : "${var.node_hostname}${count.index}"
    		domain = var.domain
    	}
    }
    
    data "template_file" "user_data_deployment" {
    	template = file("deployments/${var.type}/ctx.yaml")
    }
    
    data "template_cloudinit_config" "ctx" {
    	count = var.n + 1
    	part {
    		content = data.template_file.user_data_common[count.index].rendered
    	}
    	part {
    		content = data.template_file.user_data_deployment.rendered
    	}
    	part {
    		content = <<EOT
    #cloud-config
    
    merge_type:
      - name: list
        settings: [append]
      - name: dict
        settings: [recurse_array]
    %{ if count.index != 0 ~}
    
    fs_setup:
    %{ for i in range(0, var.volumes) ~}
      - label: DATA${i + 1}
        filesystem: ext4
        device: /dev/sd${local.ord[i + 1]}
        partition: none
    %{ endfor ~}
    
    mounts:
    %{ for i in range(0, var.volumes) ~}
      - [ LABEL=DATA${i + 1}, /data/${i + 1} ]
    %{ endfor ~}
    %{ endif ~}
    
    users:
      - default
      - name: deployadm
        gecos: Deploy Admin
        shell: /bin/bash
        ssh_authorized_keys:
          - ${openstack_compute_keypair_v2.localkey.public_key}
        sudo:
          - ALL=(ALL) NOPASSWD:ALL
    %{ if count.index == 0 ~}
    
    bootcmd:
      - cloud-init-per once puppet-start systemctl mask puppet
      - cloud-init-per once puppet-start systemctl mask puppet-master
      - cloud-init-per once manifests-dir mkdir -p /etc/puppet/code/environments/production/manifests
    
    packages:
      - ansible
      - puppet-master
    
    puppet:
      conf:
        agent:
          http_read_timeout: 30
          server: ${local.master_fqdn}
    
    write_files:
      - path: /home/deployadm/.ssh/id_rsa
        permissions: '0600'
        content: |
          ${indent(6, openstack_compute_keypair_v2.localkey.private_key)}
      - path: /etc/puppet/autosign.conf
        permissions: '0644'
        content: |
          ${local.master_fqdn}
          /^${var.node_hostname}\d+\.${var.domain}$$/
    %{ else ~}
    
    bootcmd:
      - cloud-init-per once puppet-start systemctl mask puppet
    
    packages:
      - ansible
    
    puppet:
      conf:
        agent:
          server: ${local.master_fqdn}
    %{ endif ~}
    
    runcmd:
      - chown -R deployadm:deployadm /home/deployadm
    EOT
    	}
    }
    
    resource "openstack_compute_keypair_v2" "localkey" {
    	name = var.domain
    }
    
    resource "local_sensitive_file" "localkey" {
    	filename = local.keyfile
    	file_permission = "0600"
    	content = openstack_compute_keypair_v2.localkey.private_key
    }
    
    resource "local_sensitive_file" "output" {
    	filename = "config.json"
    	file_permission = "0600"
    	content = jsonencode(local.output)
    }
    
    resource "openstack_compute_instance_v2" "server" {
    	count = var.n + 1
    	name = format("%s.%s", data.template_file.user_data_common[count.index].vars.host, var.domain)
    	flavor_name = var.flavor
    	image_id = var.image_id == null ? data.openstack_images_image_v2.image.id : var.image_id
    	key_pair = var.ssh
    	metadata = {
    		instructions = count.index == 0 ? "hadoop" : null
    	}
    	security_groups = [
    		openstack_networking_secgroup_v2.all.name,
    	]
    	user_data = data.template_cloudinit_config.ctx[count.index].rendered
    	network {
    		name = var.local_network_id == null ? var.local_network : null
    		uuid = var.local_network_id
    	}
    }
    
    resource "openstack_compute_floatingip_associate_v2" "server-fip-1" {
    	floating_ip = var.floating_ip
    	instance_id = openstack_compute_instance_v2.server[0].id
    	provisioner "local-exec" {
    		command = <<EOF
    echo Private IP: ${openstack_compute_instance_v2.server[0].network[0].fixed_ip_v4}
    echo Remote  IP: ${self.floating_ip}
    EOF
    	}
    }
    
    resource "openstack_blockstorage_volume_v3" "volume" {
    	count = var.volumes * var.n
    	name  = format("%s%s.%s", data.template_file.user_data_common[floor(count.index / var.volumes) + 1].vars.host, local.ord[count.index % var.volumes], var.domain)
    	size  = var.volume_size
    }
    
    resource "openstack_compute_volume_attach_v2" "volume-attach" {
    	count = var.volumes * var.n
    	instance_id = openstack_compute_instance_v2.server[floor(count.index / var.volumes) + 1].id
    	volume_id   = openstack_blockstorage_volume_v3.volume[count.index].id
    }
    
    resource "random_password" "secrets" {
    	count = 3
    	length = "36"
    	keepers = {
    		masterid = openstack_compute_instance_v2.server[0].id
    	}
    }
    
    resource "null_resource" "deployment" {
    	triggers = {
    		always_run = timestamp()
    	}
    	provisioner "local-exec" {
    		command = <<EOF
    eval $(ssh-agent -s)
    trap "kill $SSH_AGENT_PID" INT TERM
    ssh-add ${local_sensitive_file.localkey.filename}
    
    ip=${openstack_compute_floatingip_associate_v2.server-fip-1.floating_ip}
    remote="ssh -o PreferredAuthentications=publickey deployadm@$ip"
    while ! ping -c 1 -i 2 -q $ip; do sleep 5; done
    ssh-keygen -R $ip
    while ! $remote -o ConnectTimeout=15 -o StrictHostKeyChecking=no :; do sleep 15; done
    if [ -z "$NO_DEPLOYMENT" ]; then
    	tar c .gitignore *.cfg *.md *.yml *.py *.tf .git/ common/ deployments/ image/ | $remote 'rm -rf terraform; mkdir terraform; cd terraform; tar x'
    	scp -o PreferredAuthentications=publickey -p ${local_sensitive_file.output.filename} deployadm@$ip:~/terraform/
    	$remote -o ForwardAgent=yes "cd terraform; SENSITIVE=$SENSITIVE ./orchestrate.py -c ${local_sensitive_file.output.filename}"
    fi
    
    kill $SSH_AGENT_PID
    EOF
    	}
    }
    
    output "public_hosts" {
    	value = local.output.public_hosts.value
    }