Merge branch 'master' into modules

2022-02-20 11:30:07 +01:00
parent 0090c1a6f1 e39dc064e2
commit 0f9d277293
10 changed files with 79 additions and 98 deletions
--- a/modules/host/locals.tf
+++ b/modules/host/locals.tf
@@ -31,6 +31,34 @@ locals {
    "umount /mnt"
  ]

+  ignition_config = jsonencode({
+    ignition = {
+      version = "3.0.0"
+    }
+    passwd = {
+      users = [{
+        name              = "root"
+        sshAuthorizedKeys = concat([local.ssh_public_key], var.additional_public_keys)
+      }]
+    }
+    storage = {
+      files = [
+        {
+          path      = "/etc/sysconfig/network/ifcfg-eth1"
+          mode      = 420
+          overwrite = true
+          contents  = { "source" = "data:,BOOTPROTO%3D%27dhcp%27%0ASTARTMODE%3D%27auto%27" }
+        },
+        {
+          path      = "/etc/ssh/sshd_config.d/kube-hetzner.conf"
+          mode      = 420
+          overwrite = true
+          contents  = { "source" = "data:,PasswordAuthentication%20no%0AX11Forwarding%20no%0AMaxAuthTries%202%0AAllowTcpForwarding%20no%0AAllowAgentForwarding%20no%0AAuthorizedKeysFile%20.ssh%2Fauthorized_keys" }
+        }
+      ]
+    }
+  })
+
  combustion_script = <<EOF
 #!/bin/bash
 # combustion: network
--- a/modules/host/main.tf
+++ b/modules/host/main.tf
@@ -25,10 +25,7 @@ resource "hcloud_server" "server" {
  }

  provisioner "file" {
-    content = templatefile("${path.module}/templates/config.ign.tpl", {
-      name           = self.name
-      ssh_public_key = local.ssh_public_key
-    })
+    content     = local.ignition_config
    destination = "/root/config.ign"
  }

@@ -54,7 +51,7 @@ resource "hcloud_server" "server" {
      until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${self.ipv4_address} true 2> /dev/null
      do
        echo "Waiting for MicroOS to reboot and become available..."
-        sleep 2
+        sleep 3
      done
    EOT
  }
--- a/modules/host/templates/config.ign.tpl
+++ b/modules/host/templates/config.ign.tpl
@@ -1,31 +0,0 @@
-{
-  "ignition": {
-    "version": "3.0.0"
-  },
-  "passwd": {
-    "users": [
-      {
-        "name": "root",
-        "sshAuthorizedKeys": [
-          "${ssh_public_key}"
-        ]
-      }
-    ]
-  },
-  "storage": {
-    "files": [
-      {
-        "path": "/etc/sysconfig/network/ifcfg-eth1",
-        "mode": 420,
-        "overwrite": true,
-        "contents": { "source": "data:,BOOTPROTO%3D%27dhcp%27%0ASTARTMODE%3D%27auto%27" }
-      },
-      {
-        "path": "/etc/ssh/sshd_config.d/kube-hetzner.conf",
-        "mode": 420,
-        "overwrite": true,
-        "contents": { "source": "data:,PasswordAuthentication%20no%0AX11Forwarding%20no%0AMaxAuthTries%202%0AAllowTcpForwarding%20no%0AAllowAgentForwarding%20no%0AAuthorizedKeysFile%20.ssh%2Fauthorized_keys" }
-      }
-    ]
-  }
-}
--- a/modules/host/variables.tf
+++ b/modules/host/variables.tf
@@ -19,6 +19,12 @@ variable "private_key" {
  type        = string
 }

+variable "additional_public_keys" {
+  description = "Additional SSH public Keys. Use them to grant other team members root access to your cluster nodes"
+  type        = list(string)
+  default     = []
+}
+
 variable "ssh_keys" {
  description = "List of SSH key IDs"
  type        = list(string)