-
Notifications
You must be signed in to change notification settings - Fork 4
/
main.tf
140 lines (113 loc) · 3.86 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
/*
* Configuration for Docker Machine (ddcloud, public IPv4 address)
* ---------------------------------------------------------------
*/
# Docker Machine variables
variable "dm_client_ip" { }
variable "dm_machine_name" { }
variable "dm_ssh_user" { }
variable "dm_ssh_port" { }
variable "dm_ssh_public_key_file" { }
# Additional variables
variable "region" { }
variable "networkdomain" { }
variable "datacenter" { }
variable "vlan" { }
variable "ssh_bootstrap_password" { }
# CloudControl
provider "ddcloud" {
region = "${var.region}"
# Username and password come from MCP_USERNAME and MCP_PASSWORD environment variables
}
# Look up network and VLAN.
data "ddcloud_networkdomain" "docker_machine" {
name = "${var.networkdomain}"
datacenter = "${var.datacenter}"
}
data "ddcloud_vlan" "docker_machine" {
name = "${var.vlan}"
networkdomain = "${data.ddcloud_networkdomain.docker_machine.id}"
}
# Server
resource "ddcloud_server" "docker_machine" {
name = "${var.dm_machine_name}"
description = "${var.dm_machine_name} (created by Docker Machine)."
admin_password = "${var.ssh_bootstrap_password}"
auto_start = true
memory_gb = 8
networkdomain = "${data.ddcloud_networkdomain.docker_machine.id}"
primary_adapter_vlan = "${data.ddcloud_vlan.docker_machine.id}"
dns_primary = "8.8.8.8"
dns_secondary = "8.8.4.4"
os_image_name = "Ubuntu 14.04 2 CPU"
disk {
scsi_unit_id = 0
size_gb = 10
}
tag {
name = "role"
value = "tf-test"
}
}
# Public IPv4 address and firewall rules
resource "ddcloud_nat" "docker_machine" {
networkdomain = "${data.ddcloud_networkdomain.docker_machine.id}"
private_ipv4 = "${ddcloud_server.docker_machine.primary_adapter_ipv4}"
}
resource "ddcloud_firewall_rule" "docker_machine_ssh4_in" {
name = "${replace(var.dm_machine_name, "-", ".")}.ssh4.inbound"
placement = "first"
action = "accept"
enabled = true
ip_version = "ipv4"
protocol = "tcp"
source_address = "${var.dm_client_ip}"
destination_address = "${ddcloud_nat.docker_machine.public_ipv4}"
destination_port = "22"
networkdomain = "${data.ddcloud_networkdomain.docker_machine.id}"
}
resource "ddcloud_firewall_rule" "docker_machine_docker_in" {
name = "${replace(var.dm_machine_name, "-", ".")}.docker.inbound"
placement = "first"
action = "accept"
enabled = true
ip_version = "ipv4"
protocol = "tcp"
source_address = "${var.dm_client_ip}"
destination_address = "${ddcloud_nat.docker_machine.public_ipv4}"
destination_port = "2376"
networkdomain = "${data.ddcloud_networkdomain.docker_machine.id}"
depends_on = [ "ddcloud_firewall_rule.docker_machine_ssh4_in" ]
}
# Server SSH bootstrap
#
# Install the SSH key expected by Docker Machine
resource "null_resource" "docker_machine_ssh" {
# Install our SSH public key.
provisioner "remote-exec" {
inline = [
"mkdir -p ~/.ssh",
"chmod 700 ~/.ssh",
"echo '${file(var.dm_ssh_public_key_file)}' > ~/.ssh/authorized_keys",
"chmod 600 ~/.ssh/authorized_keys",
"passwd -d root"
]
connection {
type = "ssh"
user = "root"
password = "${var.ssh_bootstrap_password}"
host = "${ddcloud_nat.docker_machine.public_ipv4}"
}
}
depends_on = [ "ddcloud_firewall_rule.docker_machine_ssh4_in" ]
}
# Outputs for Docker Machine
output "dm_machine_ip" {
value = "${ddcloud_nat.docker_machine.public_ipv4}"
}
output "dm_ssh_user" {
value = "${var.dm_ssh_user}"
}
output "dm_ssh_port" {
value = "${var.dm_ssh_port}"
}