From 57322c49476ec04aa176fb9bd76670ddec3c7c5c Mon Sep 17 00:00:00 2001 From: Engin Diri Date: Wed, 11 Aug 2021 10:51:03 +0200 Subject: [PATCH] Update terraform scripts to latest version Signed-off-by: Engin Diri --- docs/bootstrap/.terraform.lock.hcl | 66 +++++++++++++++++++ docs/bootstrap/README.md | 9 ++- docs/bootstrap/cloud-config.tpl | 4 -- .../.terraform.lock.hcl | 66 +++++++++++++++++++ .../digitalocean-terraform/README.md | 14 +++- .../digitalocean-terraform/cloud-config.tpl | 3 - docs/bootstrap/digitalocean-terraform/main.tf | 57 +++++++++------- docs/bootstrap/main.tf | 41 +++++++----- 8 files changed, 212 insertions(+), 48 deletions(-) create mode 100644 docs/bootstrap/.terraform.lock.hcl create mode 100644 docs/bootstrap/digitalocean-terraform/.terraform.lock.hcl diff --git a/docs/bootstrap/.terraform.lock.hcl b/docs/bootstrap/.terraform.lock.hcl new file mode 100644 index 0000000..b1bdf66 --- /dev/null +++ b/docs/bootstrap/.terraform.lock.hcl @@ -0,0 +1,66 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/digitalocean/digitalocean" { + version = "2.11.0" + constraints = "2.11.0" + hashes = [ + "h1:/qAnTOSP5KeZkF7wqLai34SKAs7aefulcUA3I8R7rRg=", + "h1:PbXtjUfvxwmkycJ0Y9Dyn66Arrpk5L8/P381SXMx2O0=", + "h1:lXLX9tmuxV7azTHd0xB0FAVrxyfBtotIz5LEJp8YUk0=", + "zh:2191adc79bdfdb3b733e0619e4f391ae91c1631c5dafda42dab561d943651fa4", + "zh:21a4f67e42dcdc10fbd7f8579247594844d09a469a3a54862d565913e4d6121d", + "zh:557d98325fafcf2db91ea6d92f65373a48c4e995a1a7aeb57009661fee675250", + "zh:68c0238cafc37433627e288fcd2c7e14f4f0afdd50b4f265d8d1f1addab6f19f", + "zh:7e6d69720734455eb1c69880f049650276089b7fa09085e130d224abaeec887a", + "zh:95bd93a696ec050c1cb5e724498fd12b1d69760d01e97c869be3252025691434", + "zh:b1b075049e33aa08c032f41a497351c9894f16287a4449032d8b805bc6dcb596", + "zh:ba91aa853372c828f808c09dbab2a5bc9493a7cf93210d1487f9637b2cac8ca4", + "zh:bc43d27dfe014266697c2ac259f4311300391aa6aa7c5d23e382fe296df938d5", + "zh:d3a04d2c76bfc1f46a117b1af7870a97353319ee8f924a37fe77861519f59525", + "zh:d3da997c05a653df6cabb912c6c05ceb6bf77219b699f04daf44fd795c81c6ed", + "zh:edd0659021b6634acf0f581d1be1985a81fcd1182e3ccb43de6eac6c43be9ab4", + "zh:f588ace57b6c35d509ecaa7136e6a8049d227b0674104a1f958359b84862d8e3", + "zh:f894ed195a3b9ebbfa1ba7c5d71be06df3a96d783ff064d22dd693ace34d638e", + "zh:fb6b0d4b111fafdcb3bb9a7dbab88e2110a6ce6324de64ecf62933ee8b651ccf", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.1.0" + hashes = [ + "h1:BZMEPucF+pbu9gsPk0G0BHx7YP04+tKdq2MrRDF1EDM=", + "h1:EPIax4Ftp2SNdB9pUfoSjxoueDoLc/Ck3EUoeX0Dvsg=", + "h1:rKYu5ZUbXwrLG1w81k7H3nce/Ys6yAxXhWcbtk36HjY=", + "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc", + "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626", + "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff", + "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2", + "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992", + "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427", + "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc", + "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f", + "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b", + "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7", + "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a", + ] +} + +provider "registry.terraform.io/hashicorp/template" { + version = "2.2.0" + hashes = [ + "h1:0wlehNaxBX7GJQnPfQwTNvvAf38Jm0Nv7ssKGMaG6Og=", + "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=", + "h1:LN84cu+BZpVRvYlCzrbPfCRDaIelSyEx/W9Iwwgbnn4=", + "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386", + "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53", + "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603", + "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16", + "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776", + "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451", + "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae", + "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde", + "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d", + "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", + ] +} diff --git a/docs/bootstrap/README.md b/docs/bootstrap/README.md index dd47029..6bc56cd 100644 --- a/docs/bootstrap/README.md +++ b/docs/bootstrap/README.md @@ -5,11 +5,18 @@ 3) Clone this gist using the URL from the address bar 4) Run `terraform init` 5) Run `terraform apply -var="do_token=$(cat $HOME/digitalocean-access-token)"` -6) View the output for the login command and gateway URL i.e. +6) View the output for the gateway URL ``` gateway_url = http://178.128.39.201:8080/ +``` +7) View the output for sensitive data via `terraform output` command + +```bash +terraform output login_cmd login_cmd = faas-cli login -g http://178.128.39.201:8080/ -p rvIU49CEcFcHmqxj + +terraform output password password = rvIU49CEcFcHmqxj ``` diff --git a/docs/bootstrap/cloud-config.tpl b/docs/bootstrap/cloud-config.tpl index d605dd4..7ecd35b 100644 --- a/docs/bootstrap/cloud-config.tpl +++ b/docs/bootstrap/cloud-config.tpl @@ -1,8 +1,4 @@ #cloud-config -ssh_authorized_keys: -## Note: Replace with your own public key - - ${ssh_key} - package_update: true packages: diff --git a/docs/bootstrap/digitalocean-terraform/.terraform.lock.hcl b/docs/bootstrap/digitalocean-terraform/.terraform.lock.hcl new file mode 100644 index 0000000..b1bdf66 --- /dev/null +++ b/docs/bootstrap/digitalocean-terraform/.terraform.lock.hcl @@ -0,0 +1,66 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/digitalocean/digitalocean" { + version = "2.11.0" + constraints = "2.11.0" + hashes = [ + "h1:/qAnTOSP5KeZkF7wqLai34SKAs7aefulcUA3I8R7rRg=", + "h1:PbXtjUfvxwmkycJ0Y9Dyn66Arrpk5L8/P381SXMx2O0=", + "h1:lXLX9tmuxV7azTHd0xB0FAVrxyfBtotIz5LEJp8YUk0=", + "zh:2191adc79bdfdb3b733e0619e4f391ae91c1631c5dafda42dab561d943651fa4", + "zh:21a4f67e42dcdc10fbd7f8579247594844d09a469a3a54862d565913e4d6121d", + "zh:557d98325fafcf2db91ea6d92f65373a48c4e995a1a7aeb57009661fee675250", + "zh:68c0238cafc37433627e288fcd2c7e14f4f0afdd50b4f265d8d1f1addab6f19f", + "zh:7e6d69720734455eb1c69880f049650276089b7fa09085e130d224abaeec887a", + "zh:95bd93a696ec050c1cb5e724498fd12b1d69760d01e97c869be3252025691434", + "zh:b1b075049e33aa08c032f41a497351c9894f16287a4449032d8b805bc6dcb596", + "zh:ba91aa853372c828f808c09dbab2a5bc9493a7cf93210d1487f9637b2cac8ca4", + "zh:bc43d27dfe014266697c2ac259f4311300391aa6aa7c5d23e382fe296df938d5", + "zh:d3a04d2c76bfc1f46a117b1af7870a97353319ee8f924a37fe77861519f59525", + "zh:d3da997c05a653df6cabb912c6c05ceb6bf77219b699f04daf44fd795c81c6ed", + "zh:edd0659021b6634acf0f581d1be1985a81fcd1182e3ccb43de6eac6c43be9ab4", + "zh:f588ace57b6c35d509ecaa7136e6a8049d227b0674104a1f958359b84862d8e3", + "zh:f894ed195a3b9ebbfa1ba7c5d71be06df3a96d783ff064d22dd693ace34d638e", + "zh:fb6b0d4b111fafdcb3bb9a7dbab88e2110a6ce6324de64ecf62933ee8b651ccf", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.1.0" + hashes = [ + "h1:BZMEPucF+pbu9gsPk0G0BHx7YP04+tKdq2MrRDF1EDM=", + "h1:EPIax4Ftp2SNdB9pUfoSjxoueDoLc/Ck3EUoeX0Dvsg=", + "h1:rKYu5ZUbXwrLG1w81k7H3nce/Ys6yAxXhWcbtk36HjY=", + "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc", + "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626", + "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff", + "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2", + "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992", + "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427", + "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc", + "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f", + "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b", + "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7", + "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a", + ] +} + +provider "registry.terraform.io/hashicorp/template" { + version = "2.2.0" + hashes = [ + "h1:0wlehNaxBX7GJQnPfQwTNvvAf38Jm0Nv7ssKGMaG6Og=", + "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=", + "h1:LN84cu+BZpVRvYlCzrbPfCRDaIelSyEx/W9Iwwgbnn4=", + "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386", + "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53", + "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603", + "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16", + "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776", + "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451", + "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae", + "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde", + "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d", + "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", + ] +} diff --git a/docs/bootstrap/digitalocean-terraform/README.md b/docs/bootstrap/digitalocean-terraform/README.md index 089283e..3f4be12 100644 --- a/docs/bootstrap/digitalocean-terraform/README.md +++ b/docs/bootstrap/digitalocean-terraform/README.md @@ -27,10 +27,20 @@ ``` droplet_ip = 178.128.39.201 gateway_url = https://faasd.example.com/ -login_cmd = faas-cli login -g https://faasd.example.com/ -p rvIU49CEcFcHmqxj +``` + +8) View the output for sensitive data via `terraform output` command + +```bash +terraform output login_cmd +login_cmd = faas-cli login -g http://178.128.39.201:8080/ -p rvIU49CEcFcHmqxj + +terraform output password password = rvIU49CEcFcHmqxj ``` -8) Use your browser to access the OpenFaaS interface + + +9) Use your browser to access the OpenFaaS interface Note that the user-data may take a couple of minutes to come up since it will be pulling in various components and preparing the machine. Also take into consideration the DNS propagation time for the new DNS record. diff --git a/docs/bootstrap/digitalocean-terraform/cloud-config.tpl b/docs/bootstrap/digitalocean-terraform/cloud-config.tpl index 06c55d4..a0a3759 100644 --- a/docs/bootstrap/digitalocean-terraform/cloud-config.tpl +++ b/docs/bootstrap/digitalocean-terraform/cloud-config.tpl @@ -1,7 +1,4 @@ #cloud-config -ssh_authorized_keys: - - ${ssh_key} - groups: - caddy diff --git a/docs/bootstrap/digitalocean-terraform/main.tf b/docs/bootstrap/digitalocean-terraform/main.tf index e54efb5..0ab96f3 100644 --- a/docs/bootstrap/digitalocean-terraform/main.tf +++ b/docs/bootstrap/digitalocean-terraform/main.tf @@ -1,5 +1,11 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 1.0.4" + required_providers { + digitalocean = { + source = "digitalocean/digitalocean" + version = "2.11.0" + } + } } variable "do_token" { @@ -10,7 +16,7 @@ variable "do_domain" { } variable "do_subdomain" { description = "Your public subdomain" - default = "faasd" + default = "faasd" } variable "letsencrypt_email" { description = "Email used to order a certificate from Letsencrypt" @@ -32,41 +38,44 @@ provider "digitalocean" { token = var.do_token } -data "local_file" "ssh_key"{ - filename = pathexpand(var.ssh_key_file) -} - resource "random_password" "password" { - length = 16 - special = true + length = 16 + special = true override_special = "_-#" } data "template_file" "cloud_init" { - template = "${file("cloud-config.tpl")}" - vars = { - gw_password=random_password.password.result, - ssh_key=data.local_file.ssh_key.content, - faasd_domain_name="${var.do_subdomain}.${var.do_domain}" - letsencrypt_email=var.letsencrypt_email - } + template = file("cloud-config.tpl") + vars = { + gw_password = random_password.password.result, + faasd_domain_name = "${var.do_subdomain}.${var.do_domain}" + letsencrypt_email = var.letsencrypt_email + } +} + +resource "digitalocean_ssh_key" "faasd_ssh_key" { + name = "ssh-key" + public_key = file(var.ssh_key_file) } resource "digitalocean_droplet" "faasd" { - region = var.do_region - image = "ubuntu-18-04-x64" - name = "faasd" - size = "s-1vcpu-1gb" + region = var.do_region + image = "ubuntu-18-04-x64" + name = "faasd" + size = "s-1vcpu-1gb" user_data = data.template_file.cloud_init.rendered + ssh_keys = [ + digitalocean_ssh_key.faasd_ssh_key.id + ] } resource "digitalocean_record" "faasd" { domain = var.do_domain type = "A" - name = "faasd" + name = var.do_subdomain value = digitalocean_droplet.faasd.ipv4_address # Only creates record if do_create_record is true - count = var.do_create_record == true ? 1 : 0 + count = var.do_create_record == true ? 1 : 0 } output "droplet_ip" { @@ -78,9 +87,11 @@ output "gateway_url" { } output "password" { - value = random_password.password.result + value = random_password.password.result + sensitive = true } output "login_cmd" { - value = "faas-cli login -g https://${var.do_subdomain}.${var.do_domain}/ -p ${random_password.password.result}" + value = "faas-cli login -g https://${var.do_subdomain}.${var.do_domain}/ -p ${random_password.password.result}" + sensitive = true } diff --git a/docs/bootstrap/main.tf b/docs/bootstrap/main.tf index 79f3e20..125baaa 100644 --- a/docs/bootstrap/main.tf +++ b/docs/bootstrap/main.tf @@ -1,5 +1,11 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 1.0.4" + required_providers { + digitalocean = { + source = "digitalocean/digitalocean" + version = "2.11.0" + } + } } variable "do_token" {} @@ -10,25 +16,25 @@ variable "ssh_key_file" { } provider "digitalocean" { - token = var.do_token + token = var.do_token } resource "random_password" "password" { - length = 16 - special = true + length = 16 + special = true override_special = "_-#" } -data "local_file" "ssh_key"{ - filename = pathexpand(var.ssh_key_file) +data "template_file" "cloud_init" { + template = file("cloud-config.tpl") + vars = { + gw_password = random_password.password.result + } } -data "template_file" "cloud_init" { - template = "${file("cloud-config.tpl")}" - vars = { - gw_password=random_password.password.result, - ssh_key=data.local_file.ssh_key.content, - } +resource "digitalocean_ssh_key" "faasd_ssh_key" { + name = "ssh-key" + public_key = file(var.ssh_key_file) } resource "digitalocean_droplet" "faasd" { @@ -38,12 +44,16 @@ resource "digitalocean_droplet" "faasd" { name = "faasd" # Plans: https://developers.digitalocean.com/documentation/changelog/api-v2/new-size-slugs-for-droplet-plan-changes/ #size = "512mb" - size = "s-1vcpu-1gb" + size = "s-1vcpu-1gb" user_data = data.template_file.cloud_init.rendered + ssh_keys = [ + digitalocean_ssh_key.faasd_ssh_key.id + ] } output "password" { - value = random_password.password.result + value = random_password.password.result + sensitive = true } output "gateway_url" { @@ -51,6 +61,7 @@ output "gateway_url" { } output "login_cmd" { - value = "faas-cli login -g http://${digitalocean_droplet.faasd.ipv4_address}:8080/ -p ${random_password.password.result}" + value = "faas-cli login -g http://${digitalocean_droplet.faasd.ipv4_address}:8080/ -p ${random_password.password.result}" + sensitive = true }