Merge pull request #27 from phaer/optional-private-key

make private key optional to support SSH agent usage
This commit is contained in:
Karim Naufal 2022-01-25 21:21:29 +01:00 committed by GitHub
commit 5a46127533
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 37 additions and 21 deletions

View File

@ -61,7 +61,9 @@ _The Hetzner cli `hcloud` is also useful to have, mainly for debugging without h
### 💡 [Do not skip] Creating the terraform.tfvars file
1. Create a project in your [Hetzner Cloud Console](https://console.hetzner.cloud/), and go to **Security > API Tokens** of that project to grab the API key. Take note of the key! ✅
2. Generate an ssh key pair for your cluster, unless you already have one that you'd like to use (ed25519 is the ideal type). Take note of the respective paths of your private and public keys! ✅
2. Either...
...generate an ssh key pair for your cluster, unless you already have one that you'd like to use (ed25519 is the ideal type). Take note of the respective paths of your private and public keys! ✅
...or make sure you have got an SSH agent running and your key is loaded (`ssh-add -L` to verify) and set `private_key = null`
3. Copy `terraform.tfvars.example` to `terraform.tfvars`, and replace the values from steps 1 and 2. ✅
4. (Optional) There are other variables in `terraform.tfvars` that could be customized, like Hetzner region, and the node counts and sizes.

View File

@ -27,9 +27,10 @@ resource "hcloud_server" "agents" {
destination = "/tmp/config.yaml"
connection {
user = "root"
private_key = file(var.private_key)
host = self.ipv4_address
user = "root"
private_key = local.ssh_private_key
agent_identity = local.ssh_identity
host = self.ipv4_address
}
}
@ -38,9 +39,10 @@ resource "hcloud_server" "agents" {
inline = local.k3os_install_commands
connection {
user = "root"
private_key = file(var.private_key)
host = self.ipv4_address
user = "root"
private_key = local.ssh_private_key
agent_identity = local.ssh_identity
host = self.ipv4_address
}
}

View File

@ -1,7 +1,15 @@
locals {
first_control_plane_network_ip = cidrhost(hcloud_network.k3s.ip_range, 2)
ssh_public_key = trimspace(file(var.public_key))
hcloud_image_name = "ubuntu-20.04"
ssh_public_key = trimspace(file(var.public_key))
# ssh_private_key is either the contents of var.private_key or null to use a ssh agent.
ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key))
# ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use.
# For terraforms provisioner.connection.agent_identity, we need the public key as a string.
ssh_identity = var.private_key == null ? local.ssh_public_key : null
# ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file
# if an ssh agent is used.
ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
k3os_install_commands = [
"apt install -y grub-efi grub-pc-bin mtools xorriso",

View File

@ -23,9 +23,10 @@ resource "hcloud_server" "first_control_plane" {
destination = "/tmp/config.yaml"
connection {
user = "root"
private_key = file(var.private_key)
host = self.ipv4_address
user = "root"
private_key = local.ssh_private_key
agent_identity = local.ssh_identity
host = self.ipv4_address
}
}
@ -34,16 +35,17 @@ resource "hcloud_server" "first_control_plane" {
inline = local.k3os_install_commands
connection {
user = "root"
private_key = file(var.private_key)
host = self.ipv4_address
user = "root"
private_key = local.ssh_private_key
agent_identity = local.ssh_identity
host = self.ipv4_address
}
}
# Wait for k3os to be ready and fetch kubeconfig.yaml
provisioner "local-exec" {
command = <<-EOT
sleep 60 && ping ${self.ipv4_address} | grep --line-buffered "bytes from" | head -1 && sleep 100 && scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${var.private_key} rancher@${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml
sleep 60 && ping ${self.ipv4_address} | grep --line-buffered "bytes from" | head -1 && sleep 100 && scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${local.ssh_identity_file} rancher@${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml
sed -i -e 's/127.0.0.1/${self.ipv4_address}/g' ${path.module}/kubeconfig.yaml
EOT
}

View File

@ -26,9 +26,10 @@ resource "hcloud_server" "control_planes" {
destination = "/tmp/config.yaml"
connection {
user = "root"
private_key = file(var.private_key)
host = self.ipv4_address
user = "root"
private_key = local.ssh_private_key
agent_identity = local.ssh_identity
host = self.ipv4_address
}
}
@ -37,9 +38,10 @@ resource "hcloud_server" "control_planes" {
inline = local.k3os_install_commands
connection {
user = "root"
private_key = file(var.private_key)
host = self.ipv4_address
user = "root"
private_key = local.ssh_private_key
agent_identity = local.ssh_identity
host = self.ipv4_address
}
}