From f3aec294a3c5bfac2784d85023b67b68908a1de9 Mon Sep 17 00:00:00 2001 From: Alberto Date: Wed, 31 Jan 2018 16:33:59 +0100 Subject: [PATCH] contrib/govcloud: set pdns api key at runtime (#2869) --- Documentation/dev/govcloud/README.md | 3 ++- contrib/govcloud/resources/powerdns.service | 1 + contrib/govcloud/services.tf | 1 + contrib/govcloud/vars.tf | 20 ++++++++++++-------- tests/rspec/lib/govcloud_vpc.rb | 7 +++++-- 5 files changed, 21 insertions(+), 11 deletions(-) diff --git a/Documentation/dev/govcloud/README.md b/Documentation/dev/govcloud/README.md index 40eb039ef4..cbc6643ae8 100644 --- a/Documentation/dev/govcloud/README.md +++ b/Documentation/dev/govcloud/README.md @@ -54,7 +54,8 @@ tectonic_govcloud_external_vpc_id tectonic_govcloud_external_master_subnet_ids tectonic_govcloud_external_worker_subnet_ids tectonic_govcloud_dns_server_ip - +tectonic_govcloud_dns_server_api_url +tectonic_govcloud_dns_server_api_key ``` ## Deploy the cluster diff --git a/contrib/govcloud/resources/powerdns.service b/contrib/govcloud/resources/powerdns.service index 12bbc91285..28a922a79a 100644 --- a/contrib/govcloud/resources/powerdns.service +++ b/contrib/govcloud/resources/powerdns.service @@ -9,6 +9,7 @@ ${mysql_image} ExecStartPre=/usr/bin/docker run --net=host \ --name pdns-master -d \ +-e PDNS_API_KEY=${pdns_api_key} \ -e PDNS_RECURSOR=10.0.0.2 \ -e PDNS_SOA=10.0.0.2 \ -e PDNS_ALLOW_AXFR_IPS=127.0.0.1 \ diff --git a/contrib/govcloud/services.tf b/contrib/govcloud/services.tf index 17d8e5d18e..183b846718 100644 --- a/contrib/govcloud/services.tf +++ b/contrib/govcloud/services.tf @@ -62,6 +62,7 @@ data "template_file" "powerdns_service" { vars { dns_zone = "${var.base_domain}" + pdns_api_key = "${var.pdns_api_key}" mysql_password = "${var.mysql_password}" powerdns_image = "${var.container_images["powerdns"]}" mysql_image = "${var.container_images["mysql"]}" diff --git a/contrib/govcloud/vars.tf b/contrib/govcloud/vars.tf index a6a601c8a9..78c86aee24 100644 --- a/contrib/govcloud/vars.tf +++ b/contrib/govcloud/vars.tf @@ -2,37 +2,37 @@ # should be fed through env var or variable file # https://www.terraform.io/docs/configuration/variables.html -variable vpc_name { +variable "vpc_name" { description = "The name of the VPC to identify created resources." default = "bastion" } -variable instance_type { +variable "instance_type" { description = "The type of the ec2 machine." default = "t2.micro" } -variable base_domain { +variable "base_domain" { default = "tectonic-ci.de" description = "The base domain for this cluster's FQDN" } -variable vpc_aws_region { +variable "vpc_aws_region" { description = "The target AWS region for the cluster" default = "us-gov-west-1" } -variable vpc_cidr { +variable "vpc_cidr" { default = "10.0.0.0/16" description = "The CIDR range used for your entire VPC" } -variable subnet_count { +variable "subnet_count" { default = 4 description = "Number of private subnets to pre-create" } -variable local_network_cidr { +variable "local_network_cidr" { default = "10.7.0.0/16" description = "IP range in the network your laptop is on (dosn't actually matter unless your instances need to connect to the local network your laptop is on)" } @@ -54,12 +54,16 @@ variable "mysql_password" { description = "Used as PowerDNS backend." } +variable "pdns_api_key" { + description = "Used by clients to communicate with the PowerDNS API." +} + variable "container_images" { description = "Container images to use" type = "map" default = { - powerdns = "quay.io/coreos/pdns:4.0-1" + powerdns = "quay.io/coreos/pdns:20678f8bffc316579367d885ca4fcb229b1dbc1d" mysql = "quay.io/coreos/mysql:5.7.21" openvpn = "quay.io/coreos/openvpn:2.4" nginx = "quay.io/coreos/nginx:1.13.7-alpine" diff --git a/tests/rspec/lib/govcloud_vpc.rb b/tests/rspec/lib/govcloud_vpc.rb index a28b5930f3..c62e9f3094 100644 --- a/tests/rspec/lib/govcloud_vpc.rb +++ b/tests/rspec/lib/govcloud_vpc.rb @@ -20,6 +20,8 @@ def initialize(name) `tr -cd '[:alnum:]' < /dev/urandom | head -c 32 ; echo`.chomp @mysql_password = `tr -cd '[:alnum:]' < /dev/urandom | head -c 32 ; echo`.chomp + @pdns_api_key = + `tr -cd '[:alnum:]' < /dev/urandom | head -c 10; echo`.chomp end def env_variables @@ -29,7 +31,8 @@ def env_variables 'TF_VAR_base_domain' => 'tectonic-ci.de', 'TF_VAR_nginx_username' => 'openvpn', 'TF_VAR_nginx_password' => @ovpn_password, - 'TF_VAR_mysql_password' => @mysql_password + 'TF_VAR_mysql_password' => @mysql_password, + 'TF_VAR_pdns_api_key' => @pdns_api_key } end @@ -40,7 +43,7 @@ def export_tfvars 'TF_VAR_tectonic_govcloud_external_worker_subnet_ids' => @worker_subnet_ids, 'TF_VAR_tectonic_govcloud_dns_server_ip' => @vpc_dns, 'TF_VAR_tectonic_govcloud_dns_server_api_url' => @dns_api_url, - 'TF_VAR_tectonic_govcloud_dns_server_api_key' => 'tectonicgov' + 'TF_VAR_tectonic_govcloud_dns_server_api_key' => @pdns_api_key } vars.each do |key, value| ENV[key] = value