diff options
| author | EuAndreh <eu@euandre.org> | 2019-06-05 16:38:53 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2019-06-05 16:42:06 -0300 |
| commit | 54fd61c887f266f8e2e6b1419a86fc6681116069 (patch) | |
| tree | 74a9923d75be46dad6c967acd271cdb5d80fca45 /vps.tf | |
| parent | Use =nix build= instead of =nix-build= (diff) | |
| download | server-54fd61c887f266f8e2e6b1419a86fc6681116069.tar.gz server-54fd61c887f266f8e2e6b1419a86fc6681116069.tar.xz | |
Use Ansible instead of Bash for provisioning
The deployment is not quite working, and I'm unable to test right now:
DigitalOcean is returning 503 for my requests.
As of this commit, I can run =ansible-playbook provider.yml= more than once and
it will actually be idempotent.
Notes:
- SSH fingerprint are now taken from the public key file instead of manually
supplying it in the terraform template using the =digitalocean_ssh_key=
resource;
- use Ansible instead of ad-hoc Bash scripts for provisioning the Droplets
created by Terraform;
- use the =filename.env.extension= to create the concrete files in CI;
- use the =user_data= to add the know SSH key pair to the newly created Droplet;
- add =rotate-ssh-keys.sh= utils;
Diffstat (limited to 'vps.tf')
| -rw-r--r-- | vps.tf | 16 |
1 files changed, 11 insertions, 5 deletions
@@ -1,5 +1,4 @@ variable "do_token" {} -variable "ssh_fingerprint" {} variable "floating_ip" {} provider "digitalocean" { @@ -7,6 +6,11 @@ provider "digitalocean" { version = "~> 1.1" } +resource "digitalocean_ssh_key" "client" { + name = "terraform-vps-client" + public_key = "${file("${path.module}/secrets/ssh/vps-box-client.pub")}" +} + resource "digitalocean_droplet" "vps" { image = "ubuntu-18-04-x64" name = "sovereignty" @@ -16,23 +20,25 @@ resource "digitalocean_droplet" "vps" { ipv6 = true monitoring = true + user_data = "${file("${path.module}/user-data.sh")}" + ssh_keys = [ - "${var.ssh_fingerprint}", + "${digitalocean_ssh_key.client.fingerprint}", ] connection { user = "root" type = "ssh" - private_key = "${file("${path.module}/secrets/vps_box")}" + private_key = "${file("${path.module}/secrets/ssh/vps-box-client")}" timeout = "2m" } provisioner "remote-exec" { - script = "./deploy.sh" + inline = ["echo 'SSH is up! Noop remote-exec is done.'"] } } resource "digitalocean_floating_ip_assignment" "vps" { ip_address = "${var.floating_ip}" droplet_id = "${digitalocean_droplet.vps.id}" -} +}
\ No newline at end of file |