110 lines
4.4 KiB
HCL
Executable File
110 lines
4.4 KiB
HCL
Executable File
resource "null_resource" "discovery_url_template" {
|
|
count = "${var.generate_discovery_url}"
|
|
provisioner "local-exec" {
|
|
command = "curl -s 'https://discovery.etcd.io/new?size=${var.cluster_size}' > templates/discovery_url"
|
|
}
|
|
}
|
|
|
|
resource "null_resource" "generate_ssl" {
|
|
count = "${var.generate_ssl}"
|
|
provisioner "local-exec" {
|
|
command = "bash files/ssl/generate-ssl.sh"
|
|
}
|
|
}
|
|
|
|
resource "template_file" "discovery_url" {
|
|
template = "templates/discovery_url"
|
|
depends_on = [
|
|
"null_resource.discovery_url_template"
|
|
]
|
|
}
|
|
|
|
resource "template_file" "cloud_init" {
|
|
template = "templates/cloud-init"
|
|
vars {
|
|
cluster_token = "${var.cluster_name}"
|
|
discovery_url = "${template_file.discovery_url.rendered}"
|
|
swarm_version = "${var.swarm_version}"
|
|
}
|
|
}
|
|
|
|
resource "template_file" "10_docker_service" {
|
|
template = "templates/10-docker-service.conf"
|
|
vars {
|
|
net_device = "${ var.net_device }"
|
|
}
|
|
}
|
|
|
|
resource "openstack_networking_floatingip_v2" "coreos" {
|
|
count = "${var.cluster_size}"
|
|
pool = "${var.floatingip_pool}"
|
|
}
|
|
|
|
resource "openstack_compute_keypair_v2" "coreos" {
|
|
name = "swarm-${var.cluster_name}"
|
|
public_key = "${file(var.public_key_path)}"
|
|
}
|
|
|
|
resource "openstack_compute_instance_v2" "coreos" {
|
|
name = "swarm-${var.cluster_name}-${count.index}"
|
|
count = "${var.cluster_size}"
|
|
image_name = "${var.image_name}"
|
|
flavor_name = "${var.flavor}"
|
|
key_pair = "${openstack_compute_keypair_v2.coreos.name}"
|
|
network {
|
|
name = "${var.network_name}"
|
|
}
|
|
security_groups = [
|
|
"${openstack_compute_secgroup_v2.swarm_base.name}"
|
|
]
|
|
floating_ip = "${element(openstack_networking_floatingip_v2.coreos.*.address, count.index)}"
|
|
user_data = "${template_file.cloud_init.rendered}"
|
|
provisioner "file" {
|
|
source = "files"
|
|
destination = "/tmp/files"
|
|
connection {
|
|
user = "core"
|
|
}
|
|
}
|
|
provisioner "remote-exec" {
|
|
inline = [
|
|
# Create TLS certs
|
|
"mkdir -p /home/core/.docker",
|
|
"cp /tmp/files/ssl/ca.pem /home/core/.docker/",
|
|
"cp /tmp/files/ssl/cert.pem /home/core/.docker/",
|
|
"cp /tmp/files/ssl/key.pem /home/core/.docker/",
|
|
"echo 'subjectAltName = @alt_names' >> /tmp/files/ssl/openssl.cnf",
|
|
"echo '[alt_names]' >> /tmp/files/ssl/openssl.cnf",
|
|
"echo 'IP.1 = ${self.network.0.fixed_ip_v4}' >> /tmp/files/ssl/openssl.cnf",
|
|
"echo 'IP.2 = ${element(openstack_networking_floatingip_v2.coreos.*.address, count.index)}' >> /tmp/files/ssl/openssl.cnf",
|
|
"echo 'DNS.1 = ${var.fqdn}' >> /tmp/files/ssl/openssl.cnf",
|
|
"echo 'DNS.2 = ${element(openstack_networking_floatingip_v2.coreos.*.address, count.index)}.xip.io' >> /tmp/files/ssl/openssl.cnf",
|
|
"openssl req -new -key /tmp/files/ssl/key.pem -out /tmp/files/ssl/cert.csr -subj '/CN=docker-client' -config /tmp/files/ssl/openssl.cnf",
|
|
"openssl x509 -req -in /tmp/files/ssl/cert.csr -CA /tmp/files/ssl/ca.pem -CAkey /tmp/files/ssl/ca-key.pem \\",
|
|
"-CAcreateserial -out /tmp/files/ssl/cert.pem -days 365 -extensions v3_req -extfile /tmp/files/ssl/openssl.cnf",
|
|
"sudo mkdir -p /etc/docker/ssl",
|
|
"sudo cp /tmp/files/ssl/ca.pem /etc/docker/ssl/",
|
|
"sudo cp /tmp/files/ssl/cert.pem /etc/docker/ssl/",
|
|
"sudo cp /tmp/files/ssl/key.pem /etc/docker/ssl/",
|
|
# Apply localized settings to services
|
|
"sudo mkdir -p /etc/systemd/system/{docker,swarm-agent,swarm-manager}.service.d",
|
|
"cat <<'EOF' > /tmp/10-docker-service.conf\n${template_file.10_docker_service.rendered}\nEOF",
|
|
"sudo mv /tmp/10-docker-service.conf /etc/systemd/system/docker.service.d/",
|
|
"sudo systemctl daemon-reload",
|
|
"sudo systemctl restart docker.service",
|
|
"sudo systemctl start swarm-agent.service",
|
|
"sudo systemctl start swarm-manager.service",
|
|
]
|
|
connection {
|
|
user = "core"
|
|
}
|
|
}
|
|
depends_on = [
|
|
"template_file.cloud_init"
|
|
]
|
|
}
|
|
|
|
output "swarm_cluster" {
|
|
value = "\nEnvironment Variables for accessing Docker Swarm via floating IP of first host:\nexport DOCKER_HOST=tcp://${openstack_networking_floatingip_v2.coreos.0.address}:2375\nexport DOCKER_TLS_VERIFY=1\nexport DOCKER_CERT_PATH=${path.module}/files/ssl"
|
|
}
|