From 54fd61c887f266f8e2e6b1419a86fc6681116069 Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Wed, 5 Jun 2019 16:38:53 -0300 Subject: Use Ansible instead of Bash for provisioning The deployment is not quite working, and I'm unable to test right now: DigitalOcean is returning 503 for my requests. As of this commit, I can run =ansible-playbook provider.yml= more than once and it will actually be idempotent. Notes: - SSH fingerprint are now taken from the public key file instead of manually supplying it in the terraform template using the =digitalocean_ssh_key= resource; - use Ansible instead of ad-hoc Bash scripts for provisioning the Droplets created by Terraform; - use the =filename.env.extension= to create the concrete files in CI; - use the =user_data= to add the know SSH key pair to the newly created Droplet; - add =rotate-ssh-keys.sh= utils; --- vps.tf | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'vps.tf') diff --git a/vps.tf b/vps.tf index 27bc8c8..34d186b 100644 --- a/vps.tf +++ b/vps.tf @@ -1,5 +1,4 @@ variable "do_token" {} -variable "ssh_fingerprint" {} variable "floating_ip" {} provider "digitalocean" { @@ -7,6 +6,11 @@ provider "digitalocean" { version = "~> 1.1" } +resource "digitalocean_ssh_key" "client" { + name = "terraform-vps-client" + public_key = "${file("${path.module}/secrets/ssh/vps-box-client.pub")}" +} + resource "digitalocean_droplet" "vps" { image = "ubuntu-18-04-x64" name = "sovereignty" @@ -16,23 +20,25 @@ resource "digitalocean_droplet" "vps" { ipv6 = true monitoring = true + user_data = "${file("${path.module}/user-data.sh")}" + ssh_keys = [ - "${var.ssh_fingerprint}", + "${digitalocean_ssh_key.client.fingerprint}", ] connection { user = "root" type = "ssh" - private_key = "${file("${path.module}/secrets/vps_box")}" + private_key = "${file("${path.module}/secrets/ssh/vps-box-client")}" timeout = "2m" } provisioner "remote-exec" { - script = "./deploy.sh" + inline = ["echo 'SSH is up! Noop remote-exec is done.'"] } } resource "digitalocean_floating_ip_assignment" "vps" { ip_address = "${var.floating_ip}" droplet_id = "${digitalocean_droplet.vps.id}" -} +} \ No newline at end of file -- cgit v1.2.3