From 406ba988bfcf9d8526a646fb38cd17ef41ef07d8 Mon Sep 17 00:00:00 2001 From: phaer Date: Sat, 19 Feb 2022 15:07:39 +0100 Subject: [PATCH 1/2] use jsonencode, not template for config.ign --- agents.tf | 5 +---- locals.tf | 29 +++++++++++++++++++++++++++++ master.tf | 5 +---- servers.tf | 5 +---- templates/config.ign.tpl | 31 ------------------------------- 5 files changed, 32 insertions(+), 43 deletions(-) delete mode 100644 templates/config.ign.tpl diff --git a/agents.tf b/agents.tf index 39562e6..7e9724e 100644 --- a/agents.tf +++ b/agents.tf @@ -24,10 +24,7 @@ resource "hcloud_server" "agents" { } provisioner "file" { - content = templatefile("${path.module}/templates/config.ign.tpl", { - name = self.name - ssh_public_key = local.ssh_public_key - }) + content = local.ignition_config destination = "/root/config.ign" } diff --git a/locals.tf b/locals.tf index 6c5a399..675935d 100644 --- a/locals.tf +++ b/locals.tf @@ -38,6 +38,34 @@ locals { "umount /mnt" ] + ignition_config = jsonencode({ + ignition = { + version = "3.0.0" + } + passwd = { + users = [{ + name = "root" + sshAuthorizedKeys = [local.ssh_public_key] + }] + } + storage = { + files = [ + { + path = "/etc/sysconfig/network/ifcfg-eth1" + mode = 420 + overwrite = true + contents = { "source" = "data:,BOOTPROTO%3D%27dhcp%27%0ASTARTMODE%3D%27auto%27" } + }, + { + path = "/etc/ssh/sshd_config.d/kube-hetzner.conf" + mode = 420 + overwrite = true + contents = { "source" = "data:,PasswordAuthentication%20no%0AX11Forwarding%20no%0AMaxAuthTries%202%0AAllowTcpForwarding%20no%0AAllowAgentForwarding%20no%0AAuthorizedKeysFile%20.ssh%2Fauthorized_keys" } + } + ] + } + }) + combustion_script = < Date: Sat, 19 Feb 2022 15:12:04 +0100 Subject: [PATCH 2/2] allow additional ssh public keys --- locals.tf | 2 +- variables.tf | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index 675935d..ce74971 100644 --- a/locals.tf +++ b/locals.tf @@ -45,7 +45,7 @@ locals { passwd = { users = [{ name = "root" - sshAuthorizedKeys = [local.ssh_public_key] + sshAuthorizedKeys = concat([local.ssh_public_key], var.additional_public_keys) }] } storage = { diff --git a/variables.tf b/variables.tf index e23c2bc..9346e5d 100644 --- a/variables.tf +++ b/variables.tf @@ -14,6 +14,12 @@ variable "private_key" { type = string } +variable "additional_public_keys" { + description = "Additional SSH public Keys. Use them to grant other team members root access to your cluster nodes" + type = list(string) + default = [] +} + variable "location" { description = "Default server location" type = string