Merge branch 'master' into modules

agents.tf

@@ -7,6 +7,7 @@ module "agents" {
   ssh_keys               = [hcloud_ssh_key.k3s.id]
   public_key             = var.public_key
   private_key            = var.private_key
+  additional_public_keys = var.additional_public_keys
   firewall_ids           = [hcloud_firewall.k3s.id]
   placement_group_id     = hcloud_placement_group.k3s.id
   location               = var.location
@@ -55,12 +56,14 @@ resource "null_resource" "agents" {
     inline = local.install_k3s_agent
   }
 
-  # Upon reboot verify that k3s agent starts correctly
+  # Start the k3s agent and wait for it to have started
   provisioner "remote-exec" {
     inline = [
+      "systemctl start k3s-agent",
       <<-EOT
       timeout 120 bash <<EOF
         until systemctl status k3s-agent > /dev/null; do
+          systemctl start k3s-agent
           echo "Waiting for the k3s agent to start..."
           sleep 2
         done

locals.tf

@@ -17,7 +17,6 @@ locals {
   csi_version   = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag
   kured_version = data.github_release.kured.release_tag
 
-
   common_commands_install_k3s = [
     "set -ex",
     # prepare the k3s config directory
@@ -28,5 +27,5 @@ locals {
 
   install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=server sh -"])
 
-  install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_EXEC=agent sh -"])
+  install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=agent sh -"])
 }

master.tf

@@ -6,6 +6,7 @@ module "first_control_plane" {
   ssh_keys               = [hcloud_ssh_key.k3s.id]
   public_key             = var.public_key
   private_key            = var.private_key
+  additional_public_keys = var.additional_public_keys
   firewall_ids           = [hcloud_firewall.k3s.id]
   placement_group_id     = hcloud_placement_group.k3s.id
   location               = var.location
@@ -69,6 +70,7 @@ resource "null_resource" "first_control_plane" {
       <<-EOT
       timeout 120 bash <<EOF
         until systemctl status k3s > /dev/null; do
+          systemctl start k3s
           echo "Waiting for the k3s server to start..."
           sleep 2
         done

modules/host/locals.tf

@@ -31,6 +31,34 @@ locals {
     "umount /mnt"
   ]
 
+  ignition_config = jsonencode({
+    ignition = {
+      version = "3.0.0"
+    }
+    passwd = {
+      users = [{
+        name              = "root"
+        sshAuthorizedKeys = concat([local.ssh_public_key], var.additional_public_keys)
+      }]
+    }
+    storage = {
+      files = [
+        {
+          path      = "/etc/sysconfig/network/ifcfg-eth1"
+          mode      = 420
+          overwrite = true
+          contents  = { "source" = "data:,BOOTPROTO%3D%27dhcp%27%0ASTARTMODE%3D%27auto%27" }
+        },
+        {
+          path      = "/etc/ssh/sshd_config.d/kube-hetzner.conf"
+          mode      = 420
+          overwrite = true
+          contents  = { "source" = "data:,PasswordAuthentication%20no%0AX11Forwarding%20no%0AMaxAuthTries%202%0AAllowTcpForwarding%20no%0AAllowAgentForwarding%20no%0AAuthorizedKeysFile%20.ssh%2Fauthorized_keys" }
+        }
+      ]
+    }
+  })
+
   combustion_script = <<EOF
 #!/bin/bash
 # combustion: network

modules/host/main.tf

@@ -25,10 +25,7 @@ resource "hcloud_server" "server" {
   }
 
   provisioner "file" {
-    content = templatefile("${path.module}/templates/config.ign.tpl", {
+    content     = local.ignition_config
-      name           = self.name
-      ssh_public_key = local.ssh_public_key
-    })
     destination = "/root/config.ign"
   }
 
@@ -54,7 +51,7 @@ resource "hcloud_server" "server" {
       until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${self.ipv4_address} true 2> /dev/null
       do
         echo "Waiting for MicroOS to reboot and become available..."
-        sleep 2
+        sleep 3
       done
     EOT
   }

modules/host/templates/config.ign.tpl

@@ -1,31 +0,0 @@
-{
-  "ignition": {
-    "version": "3.0.0"
-  },
-  "passwd": {
-    "users": [
-      {
-        "name": "root",
-        "sshAuthorizedKeys": [
-          "${ssh_public_key}"
-        ]
-      }
-    ]
-  },
-  "storage": {
-    "files": [
-      {
-        "path": "/etc/sysconfig/network/ifcfg-eth1",
-        "mode": 420,
-        "overwrite": true,
-        "contents": { "source": "data:,BOOTPROTO%3D%27dhcp%27%0ASTARTMODE%3D%27auto%27" }
-      },
-      {
-        "path": "/etc/ssh/sshd_config.d/kube-hetzner.conf",
-        "mode": 420,
-        "overwrite": true,
-        "contents": { "source": "data:,PasswordAuthentication%20no%0AX11Forwarding%20no%0AMaxAuthTries%202%0AAllowTcpForwarding%20no%0AAllowAgentForwarding%20no%0AAuthorizedKeysFile%20.ssh%2Fauthorized_keys" }
-      }
-    ]
-  }
-}

modules/host/variables.tf

@@ -19,6 +19,12 @@ variable "private_key" {
   type        = string
 }
 
+variable "additional_public_keys" {
+  description = "Additional SSH public Keys. Use them to grant other team members root access to your cluster nodes"
+  type        = list(string)
+  default     = []
+}
+
 variable "ssh_keys" {
   description = "List of SSH key IDs"
   type        = list(string)

servers.tf

@@ -7,6 +7,7 @@ module "control_planes" {
   ssh_keys               = [hcloud_ssh_key.k3s.id]
   public_key             = var.public_key
   private_key            = var.private_key
+  additional_public_keys = var.additional_public_keys
   firewall_ids           = [hcloud_firewall.k3s.id]
   placement_group_id     = hcloud_placement_group.k3s.id
   location               = var.location
@@ -61,13 +62,14 @@ resource "null_resource" "control_planes" {
     inline = local.install_k3s_server
   }
 
-  # Upon reboot verify that the k3s server starts correctly
+  # Start the k3s server and wait for it to have started correctly
   provisioner "remote-exec" {
     inline = [
       "systemctl start k3s",
       <<-EOT
       timeout 120 bash <<EOF
         until systemctl status k3s > /dev/null; do
+          systemctl start k3s
           echo "Waiting for the k3s server to start..."
           sleep 2
         done

templates/config.ign.tpl

@@ -1,31 +0,0 @@
-{
-  "ignition": {
-    "version": "3.0.0"
-  },
-  "passwd": {
-    "users": [
-      {
-        "name": "root",
-        "sshAuthorizedKeys": [
-          "${ssh_public_key}"
-        ]
-      }
-    ]
-  },
-  "storage": {
-    "files": [
-      {
-        "path": "/etc/sysconfig/network/ifcfg-eth1",
-        "mode": 420,
-        "overwrite": true,
-        "contents": { "source": "data:,BOOTPROTO%3D%27dhcp%27%0ASTARTMODE%3D%27auto%27" }
-      },
-      {
-        "path": "/etc/ssh/sshd_config.d/kube-hetzner.conf",
-        "mode": 420,
-        "overwrite": true,
-        "contents": { "source": "data:,PasswordAuthentication%20no%0AX11Forwarding%20no%0AMaxAuthTries%202%0AAllowTcpForwarding%20no%0AAllowAgentForwarding%20no%0AAuthorizedKeysFile%20.ssh%2Fauthorized_keys" }
-      }
-    ]
-  }
-}

variables.tf

@@ -14,6 +14,12 @@ variable "private_key" {
   type        = string
 }
 
+variable "additional_public_keys" {
+  description = "Additional SSH public Keys. Use them to grant other team members root access to your cluster nodes"
+  type        = list(string)
+  default     = []
+}
+
 variable "location" {
   description = "Default server location"
   type        = string