diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 25f6526..8131f46 100755 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -20,6 +20,23 @@ provider "registry.terraform.io/equinix/metal" { ] } +provider "registry.terraform.io/hashicorp/local" { + version = "2.0.0" + hashes = [ + "h1:pO1ANXtOCRfecKsY9Hn4UsXoPBLv6LFiDIEiS1MZ09E=", + "zh:34ce8b79493ace8333d094752b579ccc907fa9392a2c1d6933a6c95d0786d3f1", + "zh:5c5a19c4f614a4ffb68bae0b0563f3860115cf7539b8adc21108324cfdc10092", + "zh:67ddb1ca2cd3e1a8f948302597ceb967f19d2eeb2d125303493667388fe6330e", + "zh:68e6b16f3a8e180fcba1a99754118deb2d82331b51f6cca39f04518339bfdfa6", + "zh:8393a12eb11598b2799d51c9b0a922a3d9fadda5a626b94a1b4914086d53120e", + "zh:90daea4b2010a86f2aca1e3a9590e0b3ddcab229c2bd3685fae76a832e9e836f", + "zh:99308edc734a0ac9149b44f8e316ca879b2670a1cae387a8ae754c180b57cdb4", + "zh:c76594db07a9d1a73372a073888b672df64adb455d483c2426cc220eda7e092e", + "zh:dc09c1fb36c6a706bdac96cce338952888c8423978426a09f5df93031aa88b84", + "zh:deda88134e9780319e8de91b3745520be48ead6ec38cb662694d09185c3dac70", + ] +} + provider "registry.terraform.io/hashicorp/null" { version = "3.0.0" hashes = [ @@ -70,3 +87,20 @@ provider "registry.terraform.io/hashicorp/template" { "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", ] } + +provider "registry.terraform.io/hashicorp/tls" { + version = "3.0.0" + hashes = [ + "h1:AcQGOAD5xa4KE9gYw5g7R6UU8a77Yn/afPvch4N86lQ=", + "zh:05eac573a1fe53227bcc6b01daf6ddf0b73456f97f56f316f1b3114a4771e175", + "zh:09390dad764c76f0fd59cae4dad296e3e39487e06de3a4bc0df73916c6bb2f17", + "zh:142d0bc4722ab088b7ca124b0eb44206b9d100f51035c162d50ef552e09813d0", + "zh:2c391743dd20f43329c0d0d49dec7827970d788115593c0e32a57050c0a85337", + "zh:525b12fc87369c0e6d347afe6c77668aebf56cfa078bb0f1f01cc2ee01ac7016", + "zh:5583d81b7a05c6d49a4c445e1ee62e82facb07bb9204998a836b7b522a51db8d", + "zh:925e3acc70e18ed1cd296d337fc3e0ca43ac6f5bf2e660f24de750c7754f91aa", + "zh:a291457d25b207fd28fb4fad9209ebb591e25cfc507ca1cb0fb8b2e255be1969", + "zh:bbf9e2718752aebfbd7c6b8e196eb2e52730b66befed2ea1954f9ff1c199295e", + "zh:f4b333c467ae02c1a238ac57465fe66405f6e2a6cfeb4eded9bc321c5652a1bf", + ] +} diff --git a/BareMetal.tf b/BareMetal.tf index e94b9cf..be4af64 100644 --- a/BareMetal.tf +++ b/BareMetal.tf @@ -7,6 +7,32 @@ provider "metal" { auth_token = var.metal_auth_token } +locals { + ssh_key_name = "metal-key" +} + +resource "tls_private_key" "ssh_key_pair" { + algorithm = "RSA" + rsa_bits = 4096 +} + +resource "metal_ssh_key" "ssh_pub_key" { + name = random_id.cloud.b64_url + public_key = chomp(tls_private_key.ssh_key_pair.public_key_openssh) +} + +resource "local_file" "cluster_private_key_pem" { + content = chomp(tls_private_key.ssh_key_pair.private_key_pem) + filename = pathexpand(format("%s", local.ssh_key_name)) + file_permission = "0600" +} + +resource "local_file" "cluster_public_key" { + content = chomp(tls_private_key.ssh_key_pair.public_key_openssh) + filename = pathexpand(format("%s.pub", local.ssh_key_name)) + file_permission = "0600" +} + resource "metal_device" "controller" { hostname = "controller" tags = ["openstack-${random_id.cloud.b64_url}"] @@ -17,9 +43,9 @@ resource "metal_device" "controller" { host = self.access_public_ipv4 type = "ssh" user = "root" - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } - user_data = "#cloud-config\n\nssh_authorized_keys:\n - \"${file(var.cloud_ssh_public_key_path)}\"" + user_data = "#cloud-config\n\nssh_authorized_keys:\n - \"${local_file.cluster_public_key.content}\"" facilities = var.metal_facilities project_id = metal_project.project.id billing_cycle = "hourly" @@ -39,9 +65,9 @@ resource "metal_device" "dashboard" { host = self.access_public_ipv4 type = "ssh" user = "root" - private_key = file(var.cloud_ssh_key_path) + private_key = file(local_file.cluster_private_key_pem) } - user_data = "#cloud-config\n\nssh_authorized_keys:\n - \"${file(var.cloud_ssh_public_key_path)}\"" + user_data = "#cloud-config\n\nssh_authorized_keys:\n - \"${local_file.cluster_public_key.content}\"" facilities = var.metal_facilities project_id = metal_project.project.id @@ -60,9 +86,9 @@ resource "metal_device" "compute-x86" { host = self.access_public_ipv4 type = "ssh" user = "root" - private_key = file(var.cloud_ssh_key_path) + private_key = file(local_file.cluster_private_key_pem) } - user_data = "#cloud-config\n\nssh_authorized_keys:\n - \"${file(var.cloud_ssh_public_key_path)}\"" + user_data = "#cloud-config\n\nssh_authorized_keys:\n - \"${local_file.cluster_public_key.content}\"" facilities = var.metal_facilities project_id = metal_project.project.id billing_cycle = "hourly" @@ -80,9 +106,9 @@ resource "metal_device" "compute-arm" { host = self.access_public_ipv4 type = "ssh" user = "root" - private_key = file(var.cloud_ssh_key_path) + private_key = file(local_file.cluster_private_key_pem) } - user_data = "#cloud-config\n\nssh_authorized_keys:\n - \"${file(var.cloud_ssh_public_key_path)}\"" + user_data = "#cloud-config\n\nssh_authorized_keys:\n - \"${local_file.cluster_public_key.content}\"" facilities = var.metal_facilities project_id = metal_project.project.id billing_cycle = "hourly" diff --git a/DistributeKeys.tf b/DistributeKeys.tf index 63ab13d..ad8dd30 100644 --- a/DistributeKeys.tf +++ b/DistributeKeys.tf @@ -5,16 +5,16 @@ resource "null_resource" "controller-distribute-keys" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { - source = var.cloud_ssh_key_path + source = local_file.cluster_private_key_pem.filename destination = "openstack_rsa" } provisioner "file" { - source = var.cloud_ssh_public_key_path + source = local_file.cluster_public_key.filename destination = "openstack_rsa.pub" } } @@ -24,16 +24,16 @@ resource "null_resource" "controller-distribute-keys" { resource "null_resource" "dashboard-distribute-keys" { connection { host = metal_device.dashboard.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { - source = var.cloud_ssh_key_path + source = local_file.cluster_private_key_pem.filename destination = "openstack_rsa" } provisioner "file" { - source = var.cloud_ssh_public_key_path + source = local_file.cluster_public_key.filename destination = "openstack_rsa.pub" } } diff --git a/Hostfile.tf b/Hostfile.tf index 8239fb6..6ec455d 100644 --- a/Hostfile.tf +++ b/Hostfile.tf @@ -67,7 +67,7 @@ resource "null_resource" "controller-write-hostfile" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -87,7 +87,7 @@ resource "null_resource" "dashboard-write-hostfile" { connection { host = metal_device.dashboard.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -109,7 +109,7 @@ resource "null_resource" "compute-x86-write-hostfile" { connection { host = element(metal_device.compute-x86.*.access_public_ipv4, count.index) - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -131,7 +131,7 @@ resource "null_resource" "compute-arm-write-hostfile" { connection { host = element(metal_device.compute-arm.*.access_public_ipv4, count.index) - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { diff --git a/NovaConsole.tf b/NovaConsole.tf deleted file mode 100644 index 3fc1bbf..0000000 --- a/NovaConsole.tf +++ /dev/null @@ -1,22 +0,0 @@ -# -# serial console required for ARM systems -# - -resource "null_resource" "novaconsole" { - depends_on = [null_resource.controller-nova] - - connection { - host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) - } - - provisioner "remote-exec" { - inline = [ - "apt-get install -y git", - "git clone http://github.com/larsks/novaconsole.git", - "cd novaconsole", - "python setup.py install", - ] - } -} - diff --git a/OpenStackDefaults.tf b/OpenStackDefaults.tf index 70927f0..3996538 100644 --- a/OpenStackDefaults.tf +++ b/OpenStackDefaults.tf @@ -16,7 +16,7 @@ resource "null_resource" "openstack-image-CentOS-8-ARM" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -46,7 +46,7 @@ resource "null_resource" "openstack-image-CentOS-8-x86" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -76,7 +76,7 @@ resource "null_resource" "openstack-image-Fedora-ARM" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -106,7 +106,7 @@ resource "null_resource" "openstack-image-Cirros-x86" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -136,7 +136,7 @@ resource "null_resource" "openstack-image-Bionic-18_04-ARM" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -167,7 +167,7 @@ resource "null_resource" "openstack-image-Bionic-18_04-x86" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -197,7 +197,7 @@ resource "null_resource" "openstack-image-Trusty-14_04-ARM" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -227,7 +227,7 @@ resource "null_resource" "openstack-image-Xenial-16_04-ARM" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -257,7 +257,7 @@ resource "null_resource" "openstack-image-Cirros-ARM" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -286,7 +286,7 @@ resource "null_resource" "openstack-flavors" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { diff --git a/OpenStackSampleWorkload.tf b/OpenStackSampleWorkload.tf index 5e7e8ac..1906b14 100644 --- a/OpenStackSampleWorkload.tf +++ b/OpenStackSampleWorkload.tf @@ -20,7 +20,7 @@ resource "null_resource" "openstack-sample-workload-common" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -65,7 +65,7 @@ resource "null_resource" "openstack-sample-workload-arm" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -103,7 +103,7 @@ resource "null_resource" "openstack-sample-workload-x86" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { diff --git a/ProviderNetwork.tf b/ProviderNetwork.tf index 42e1888..c34c8da 100644 --- a/ProviderNetwork.tf +++ b/ProviderNetwork.tf @@ -53,7 +53,7 @@ resource "null_resource" "enable-br-public" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -88,7 +88,7 @@ resource "null_resource" "controller-provider-networks" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { diff --git a/README.md b/README.md index afc5fb3..e9edd7b 100644 --- a/README.md +++ b/README.md @@ -72,18 +72,14 @@ git clone URL_TO_REPO cd terraform-metal-openstack ``` -From that directory, generate an ssh keypair or copy an existing public/private keypair (metal-key and metal-key.pub). - -```bash -ssh-keygen -N "" -t rsa -f ./metal-key -``` - Download the Terraform providers required: ```bash terraform init ``` +An SSH keypair will be created and managed by this plan to access the hosts in your Metal account's project. + ## Cloud Sizing Defaults Several configurations files are available each building the cloud with a different mix of hardware architectures and capacity. diff --git a/RemoveLocalhostHostfile.tf b/RemoveLocalhostHostfile.tf index 6b50856..a88a00c 100644 --- a/RemoveLocalhostHostfile.tf +++ b/RemoveLocalhostHostfile.tf @@ -5,7 +5,7 @@ resource "null_resource" "controller-removelocalhost-hostfile" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -23,7 +23,7 @@ resource "null_resource" "controller-removelocalhost-hostfile" { resource "null_resource" "dashboard-removelocalhost-hostfile" { connection { host = metal_device.dashboard.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "remote-exec" { @@ -38,7 +38,7 @@ resource "null_resource" "compute-x86-removelocalhost-hostfile" { connection { host = element(metal_device.compute-x86.*.access_public_ipv4, count.index) - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "remote-exec" { @@ -53,7 +53,7 @@ resource "null_resource" "compute-arm-removelocalhost-hostfile" { connection { host = element(metal_device.compute-arm.*.access_public_ipv4, count.index) - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "remote-exec" { diff --git a/main.tf b/main.tf index 4e9356c..62ce5be 100644 --- a/main.tf +++ b/main.tf @@ -24,7 +24,7 @@ resource "null_resource" "controller-keystone" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -59,7 +59,7 @@ resource "null_resource" "controller-glance" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -87,7 +87,7 @@ resource "null_resource" "controller-nova" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -116,7 +116,7 @@ resource "null_resource" "controller-neutron" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -136,7 +136,7 @@ resource "null_resource" "dashboard-install" { connection { host = metal_device.dashboard.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -162,7 +162,7 @@ resource "null_resource" "dashboard-config" { connection { host = metal_device.dashboard.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -194,7 +194,7 @@ resource "null_resource" "compute-x86-common" { connection { host = element(metal_device.compute-x86.*.access_public_ipv4, count.index) - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -232,7 +232,7 @@ resource "null_resource" "compute-x86-openstack" { connection { host = element(metal_device.compute-x86.*.access_public_ipv4, count.index) - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -260,7 +260,7 @@ resource "null_resource" "compute-arm-common" { connection { host = element(metal_device.compute-arm.*.access_public_ipv4, count.index) - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -282,7 +282,7 @@ resource "null_resource" "compute-arm-openstack" { connection { host = element(metal_device.compute-arm.*.access_public_ipv4, count.index) - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "file" { @@ -315,7 +315,7 @@ resource "null_resource" "controller-register-compute-hosts" { connection { host = metal_device.controller.access_public_ipv4 - private_key = file(var.cloud_ssh_key_path) + private_key = local_file.cluster_private_key_pem.content } provisioner "remote-exec" { diff --git a/outputs.tf b/outputs.tf index f613ffe..bebe212 100644 --- a/outputs.tf +++ b/outputs.tf @@ -56,12 +56,12 @@ output "Horizon_dashboard_via_IP6" { output "Controller_SSH" { description = "SSH command to access OpenStack controller instance over IPv4" - value = "ssh root@${metal_device.controller.access_public_ipv4} -i ${var.cloud_ssh_key_path}" + value = "ssh root@${metal_device.controller.access_public_ipv4} -i ${local_file.cluster_private_key_pem.filename}" } output "Controller_SSH6" { description = "SSH command to access OpenStack controller instance over IPv6" - value = "ssh root@${metal_device.controller.access_public_ipv6} -i ${var.cloud_ssh_key_path}" + value = "ssh root@${metal_device.controller.access_public_ipv6} -i ${local_file.cluster_private_key_pem.filename}" } output "Controller_Provider_Private_IPv4" { diff --git a/variables.tf b/variables.tf index a1c07b3..b285473 100644 --- a/variables.tf +++ b/variables.tf @@ -38,16 +38,6 @@ variable "openstack_compute-arm_count" { default = 0 } -variable "cloud_ssh_public_key_path" { - description = "Path to your public SSH key path" - default = "./metal-key.pub" -} - -variable "cloud_ssh_key_path" { - description = "Path to your private SSH key for the project" - default = "./metal-key" -} - variable "create_dns" { description = "If set to true, DNSSimple will be setup" default = false