Select Git revision
scroll_x.html
Forked from
713 / Warden / Warden - archive
Source project has a limited visibility.
deploy.tf 6.51 KiB
provider "openstack" {
}
terraform {
required_providers {
openstack = {
source= "terraform-provider-openstack/openstack"
}
}
}
locals {
ord = ["a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"]
keyfile = "ssh-key.${var.domain}.txt"
master_fqdn = "${data.template_file.user_data_common[0].vars.host}.${var.domain}"
output = {
config = {
value = {
n = var.n,
domain = var.domain,
image_user = var.image_user,
master_hostname = var.master_hostname,
node_hostname = var.node_hostname,
type = var.type,
secrets = {
http_signature_secret = random_password.secrets[0].result,
kerberos_admin_password = random_password.secrets[1].result,
kerberos_master_password = random_password.secrets[2].result,
},
volumes = var.volumes,
}
}
hosts = {
value = {
for instance in openstack_compute_instance_v2.server:
data.template_file.user_data_common[index(openstack_compute_instance_v2.server[*].id, instance.id)].vars.host => length(instance.network) >= 1 ? instance.network[0].fixed_ip_v4 : null
}
}
public_hosts = {
value = {
(data.template_file.user_data_common[0].vars.host) = openstack_compute_floatingip_associate_v2.server-fip-1.floating_ip
}
}
}
}
data "openstack_images_image_v2" "image" {
name = var.image_name
owner = var.image_owner
visibility = var.image_visibility
most_recent = true
}
data "template_file" "user_data_common" {
count = var.n + 1
template = file("common/ctx.yaml")
vars = {
host = count.index == 0 ? var.master_hostname : "${var.node_hostname}${count.index}"
domain = var.domain
}
}
data "template_file" "user_data_deployment" {
template = file("deployments/${var.type}/ctx.yaml")
}
data "template_cloudinit_config" "ctx" {
count = var.n + 1
part {
content = data.template_file.user_data_common[count.index].rendered
}
part {
content = data.template_file.user_data_deployment.rendered
}
part {
content = <<EOT
#cloud-config
merge_type:
- name: list
settings: [append]
- name: dict
settings: [recurse_array]
%{ if count.index != 0 ~}
fs_setup:
%{ for i in range(0, var.volumes) ~}
- label: DATA${i + 1}
filesystem: ext4
device: /dev/sd${local.ord[i + 1]}
partition: none
%{ endfor ~}
mounts:
%{ for i in range(0, var.volumes) ~}
- [ LABEL=DATA${i + 1}, /data/${i + 1} ]
%{ endfor ~}
%{ endif ~}
users:
- default
- name: deployadm
gecos: Deploy Admin
shell: /bin/bash
ssh_authorized_keys:
- ${openstack_compute_keypair_v2.localkey.public_key}
sudo:
- ALL=(ALL) NOPASSWD:ALL
%{ if count.index == 0 ~}
bootcmd:
- cloud-init-per once puppet-start systemctl mask puppet
- cloud-init-per once puppet-start systemctl mask puppet-master
- cloud-init-per once manifests-dir mkdir -p /etc/puppet/code/environments/production/manifests
packages:
- ansible
- puppet-master
puppet:
conf:
agent:
http_read_timeout: 30
server: ${local.master_fqdn}
write_files:
- path: /home/deployadm/.ssh/id_rsa
permissions: '0600'
content: |
${indent(6, openstack_compute_keypair_v2.localkey.private_key)}
- path: /etc/puppet/autosign.conf
permissions: '0644'
content: |
${local.master_fqdn}
/^${var.node_hostname}\d+\.${var.domain}$$/
%{ else ~}
bootcmd:
- cloud-init-per once puppet-start systemctl mask puppet
packages:
- ansible
puppet:
conf:
agent:
server: ${local.master_fqdn}
%{ endif ~}
runcmd:
- chown -R deployadm:deployadm /home/deployadm
EOT
}
}
resource "openstack_compute_keypair_v2" "localkey" {
name = var.domain
}
resource "local_sensitive_file" "localkey" {
filename = local.keyfile
file_permission = "0600"
content = openstack_compute_keypair_v2.localkey.private_key
}
resource "local_sensitive_file" "output" {
filename = "config.json"
file_permission = "0600"
content = jsonencode(local.output)
}
resource "openstack_compute_instance_v2" "server" {
count = var.n + 1
name = format("%s.%s", data.template_file.user_data_common[count.index].vars.host, var.domain)
flavor_name = var.flavor
image_id = var.image_id == null ? data.openstack_images_image_v2.image.id : var.image_id
key_pair = var.ssh
metadata = {
instructions = count.index == 0 ? "hadoop" : null
}
security_groups = [
openstack_networking_secgroup_v2.all.name,
]
user_data = data.template_cloudinit_config.ctx[count.index].rendered
network {
name = var.local_network_id == null ? var.local_network : null
uuid = var.local_network_id
}
}
resource "openstack_compute_floatingip_associate_v2" "server-fip-1" {
floating_ip = var.floating_ip
instance_id = openstack_compute_instance_v2.server[0].id
provisioner "local-exec" {
command = <<EOF
echo Private IP: ${openstack_compute_instance_v2.server[0].network[0].fixed_ip_v4}
echo Remote IP: ${self.floating_ip}
EOF
}
}
resource "openstack_blockstorage_volume_v3" "volume" {
count = var.volumes * var.n
name = format("%s%s.%s", data.template_file.user_data_common[floor(count.index / var.volumes) + 1].vars.host, local.ord[count.index % var.volumes], var.domain)
size = var.volume_size
}
resource "openstack_compute_volume_attach_v2" "volume-attach" {
count = var.volumes * var.n
instance_id = openstack_compute_instance_v2.server[floor(count.index / var.volumes) + 1].id
volume_id = openstack_blockstorage_volume_v3.volume[count.index].id
}
resource "random_password" "secrets" {
count = 3
length = "36"
keepers = {
masterid = openstack_compute_instance_v2.server[0].id
}
}
resource "null_resource" "deployment" {
triggers = {
always_run = timestamp()
}
provisioner "local-exec" {
command = <<EOF
eval $(ssh-agent -s)
trap "kill $SSH_AGENT_PID" INT TERM
ssh-add ${local_sensitive_file.localkey.filename}
ip=${openstack_compute_floatingip_associate_v2.server-fip-1.floating_ip}
remote="ssh -o PreferredAuthentications=publickey deployadm@$ip"
while ! ping -c 1 -i 2 -q $ip; do sleep 5; done
ssh-keygen -R $ip
while ! $remote -o ConnectTimeout=15 -o StrictHostKeyChecking=no :; do sleep 15; done
if [ -z "$NO_DEPLOYMENT" ]; then
tar c .gitignore *.cfg *.md *.yml *.py *.tf .git/ common/ deployments/ image/ | $remote 'rm -rf terraform; mkdir terraform; cd terraform; tar x'
scp -o PreferredAuthentications=publickey -p ${local_sensitive_file.output.filename} deployadm@$ip:~/terraform/
$remote -o ForwardAgent=yes "cd terraform; SENSITIVE=$SENSITIVE ./orchestrate.py -c ${local_sensitive_file.output.filename}"
fi
kill $SSH_AGENT_PID
EOF
}
}
output "public_hosts" {
value = local.output.public_hosts.value
}