Merge pull request #51 from jmarhee/jmarhee/provision-ssh-keys

Adds handling to create SSH key pair in same location as setup steps.
equinix · Jan 8, 2021 · 90766f1 · 90766f1
2 parents 0727906 + 546fd14
commit 90766f1
Show file tree

Hide file tree

Showing 13 changed files with 112 additions and 88 deletions.
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/BareMetal.tf b/BareMetal.tf
@@ -7,6 +7,32 @@ provider "metal" {
   auth_token = var.metal_auth_token
 }
 
+locals {
+  ssh_key_name = "metal-key"
+}
+
+resource "tls_private_key" "ssh_key_pair" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "metal_ssh_key" "ssh_pub_key" {
+  name       = random_id.cloud.b64_url
+  public_key = chomp(tls_private_key.ssh_key_pair.public_key_openssh)
+}
+
+resource "local_file" "cluster_private_key_pem" {
+  content         = chomp(tls_private_key.ssh_key_pair.private_key_pem)
+  filename        = pathexpand(format("%s", local.ssh_key_name))
+  file_permission = "0600"
+}
+
+resource "local_file" "cluster_public_key" {
+  content         = chomp(tls_private_key.ssh_key_pair.public_key_openssh)
+  filename        = pathexpand(format("%s.pub", local.ssh_key_name))
+  file_permission = "0600"
+}
+
 resource "metal_device" "controller" {
   hostname = "controller"
   tags     = ["openstack-${random_id.cloud.b64_url}"]
@@ -17,9 +43,9 @@ resource "metal_device" "controller" {
     host        = self.access_public_ipv4
     type        = "ssh"
     user        = "root"
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
-  user_data     = "#cloud-config\n\nssh_authorized_keys:\n  - \"${file(var.cloud_ssh_public_key_path)}\""
+  user_data     = "#cloud-config\n\nssh_authorized_keys:\n  - \"${local_file.cluster_public_key.content}\""
   facilities    = var.metal_facilities
   project_id    = metal_project.project.id
   billing_cycle = "hourly"
@@ -39,9 +65,9 @@ resource "metal_device" "dashboard" {
     host        = self.access_public_ipv4
     type        = "ssh"
     user        = "root"
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = file(local_file.cluster_private_key_pem)
   }
-  user_data = "#cloud-config\n\nssh_authorized_keys:\n  - \"${file(var.cloud_ssh_public_key_path)}\""
+  user_data = "#cloud-config\n\nssh_authorized_keys:\n  - \"${local_file.cluster_public_key.content}\""
 
   facilities    = var.metal_facilities
   project_id    = metal_project.project.id
@@ -60,9 +86,9 @@ resource "metal_device" "compute-x86" {
     host        = self.access_public_ipv4
     type        = "ssh"
     user        = "root"
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = file(local_file.cluster_private_key_pem)
   }
-  user_data     = "#cloud-config\n\nssh_authorized_keys:\n  - \"${file(var.cloud_ssh_public_key_path)}\""
+  user_data     = "#cloud-config\n\nssh_authorized_keys:\n  - \"${local_file.cluster_public_key.content}\""
   facilities    = var.metal_facilities
   project_id    = metal_project.project.id
   billing_cycle = "hourly"
@@ -80,9 +106,9 @@ resource "metal_device" "compute-arm" {
     host        = self.access_public_ipv4
     type        = "ssh"
     user        = "root"
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = file(local_file.cluster_private_key_pem)
   }
-  user_data     = "#cloud-config\n\nssh_authorized_keys:\n  - \"${file(var.cloud_ssh_public_key_path)}\""
+  user_data     = "#cloud-config\n\nssh_authorized_keys:\n  - \"${local_file.cluster_public_key.content}\""
   facilities    = var.metal_facilities
   project_id    = metal_project.project.id
   billing_cycle = "hourly"

diff --git a/DistributeKeys.tf b/DistributeKeys.tf
@@ -5,16 +5,16 @@
 resource "null_resource" "controller-distribute-keys" {
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
-    source      = var.cloud_ssh_key_path
+    source      = local_file.cluster_private_key_pem.filename
     destination = "openstack_rsa"
   }
 
   provisioner "file" {
-    source      = var.cloud_ssh_public_key_path
+    source      = local_file.cluster_public_key.filename
     destination = "openstack_rsa.pub"
   }
 }
@@ -24,16 +24,16 @@ resource "null_resource" "controller-distribute-keys" {
 resource "null_resource" "dashboard-distribute-keys" {
   connection {
     host        = metal_device.dashboard.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
-    source      = var.cloud_ssh_key_path
+    source      = local_file.cluster_private_key_pem.filename
     destination = "openstack_rsa"
   }
 
   provisioner "file" {
-    source      = var.cloud_ssh_public_key_path
+    source      = local_file.cluster_public_key.filename
     destination = "openstack_rsa.pub"
   }
 }

diff --git a/Hostfile.tf b/Hostfile.tf
@@ -67,7 +67,7 @@ resource "null_resource" "controller-write-hostfile" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
@@ -87,7 +87,7 @@ resource "null_resource" "dashboard-write-hostfile" {
 
   connection {
     host        = metal_device.dashboard.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
@@ -109,7 +109,7 @@ resource "null_resource" "compute-x86-write-hostfile" {
 
   connection {
     host        = element(metal_device.compute-x86.*.access_public_ipv4, count.index)
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
@@ -131,7 +131,7 @@ resource "null_resource" "compute-arm-write-hostfile" {
 
   connection {
     host        = element(metal_device.compute-arm.*.access_public_ipv4, count.index)
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {

diff --git a/NovaConsole.tf b/NovaConsole.tf
diff --git a/OpenStackDefaults.tf b/OpenStackDefaults.tf
@@ -16,7 +16,7 @@ resource "null_resource" "openstack-image-CentOS-8-ARM" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
@@ -46,7 +46,7 @@ resource "null_resource" "openstack-image-CentOS-8-x86" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
@@ -76,7 +76,7 @@ resource "null_resource" "openstack-image-Fedora-ARM" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
@@ -106,7 +106,7 @@ resource "null_resource" "openstack-image-Cirros-x86" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
@@ -136,7 +136,7 @@ resource "null_resource" "openstack-image-Bionic-18_04-ARM" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
@@ -167,7 +167,7 @@ resource "null_resource" "openstack-image-Bionic-18_04-x86" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
@@ -197,7 +197,7 @@ resource "null_resource" "openstack-image-Trusty-14_04-ARM" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
@@ -227,7 +227,7 @@ resource "null_resource" "openstack-image-Xenial-16_04-ARM" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
@@ -257,7 +257,7 @@ resource "null_resource" "openstack-image-Cirros-ARM" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
@@ -286,7 +286,7 @@ resource "null_resource" "openstack-flavors" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {

diff --git a/OpenStackSampleWorkload.tf b/OpenStackSampleWorkload.tf
@@ -20,7 +20,7 @@ resource "null_resource" "openstack-sample-workload-common" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
@@ -65,7 +65,7 @@ resource "null_resource" "openstack-sample-workload-arm" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
@@ -103,7 +103,7 @@ resource "null_resource" "openstack-sample-workload-x86" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {

diff --git a/ProviderNetwork.tf b/ProviderNetwork.tf
@@ -53,7 +53,7 @@ resource "null_resource" "enable-br-public" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {
@@ -88,7 +88,7 @@ resource "null_resource" "controller-provider-networks" {
 
   connection {
     host        = metal_device.controller.access_public_ipv4
-    private_key = file(var.cloud_ssh_key_path)
+    private_key = local_file.cluster_private_key_pem.content
   }
 
   provisioner "file" {

diff --git a/README.md b/README.md
@@ -72,18 +72,14 @@ git clone URL_TO_REPO
 cd terraform-metal-openstack
 ```
 
-From that directory, generate an ssh keypair or copy an existing public/private keypair (metal-key and metal-key.pub).
-
-```bash
-ssh-keygen -N "" -t rsa -f ./metal-key
-```
-
 Download the Terraform providers required:
 
 ```bash
 terraform init
 ```
 
+An SSH keypair will be created and managed by this plan to access the hosts in your Metal account's project. 
+
 ## Cloud Sizing Defaults
 
 Several configurations files are available each building the cloud with a different mix of hardware architectures and capacity.