b77460ec34
* contrib/terraform/exoscale: Rework SSH public keys Exoscale has a few limitations with `exoscale_ssh_keypair` resources. Creating several clusters with these scripts may lead to an error like: ``` Error: API error ParamError 431 (InvalidParameterValueException 4350): The key pair "lj-sc-ssh-key" already has this fingerprint ``` This patch reworks handling of SSH public keys. Specifically, we rely on the more cloud-agnostic way of configuring SSH public keys via `cloud-init`. * contrib/terraform/exoscale: terraform fmt * contrib/terraform/exoscale: Add terraform validate * contrib/terraform/exoscale: Inline public SSH keys The Terraform scripts need to install some SSH key, so that Kubespray (i.e., the "Ansible part") can take over. Initially, we pointed the Terraform scripts to `~/.ssh/id_rsa.pub`. This proved to be suboptimal: Operators sharing responbility for a cluster risk unnecessarily replacing resources. Therefore, it has been determined that it's best to inline the public SSH keys. The chosen variable `ssh_public_keys` provides some uniformity with `contrib/azurerm`. * Fix Terraform Exoscale test * Fix Terraform 0.14 test
43 lines
1.6 KiB
Cheetah
43 lines
1.6 KiB
Cheetah
#cloud-config
|
|
%{ if ceph_partition_size > 0 || node_local_partition_size > 0}
|
|
bootcmd:
|
|
- [ cloud-init-per, once, move-second-header, sgdisk, --move-second-header, /dev/vda ]
|
|
%{ if node_local_partition_size > 0 }
|
|
# Create partition for node local storage
|
|
- [ cloud-init-per, once, create-node-local-part, parted, --script, /dev/vda, 'mkpart extended ext4 ${root_partition_size}GB %{ if ceph_partition_size == 0 }-1%{ else }${root_partition_size + node_local_partition_size}GB%{ endif }' ]
|
|
- [ cloud-init-per, once, create-fs-node-local-part, mkfs.ext4, /dev/vda2 ]
|
|
%{ endif }
|
|
%{ if ceph_partition_size > 0 }
|
|
# Create partition for rook to use for ceph
|
|
- [ cloud-init-per, once, create-ceph-part, parted, --script, /dev/vda, 'mkpart extended ${root_partition_size + node_local_partition_size}GB -1' ]
|
|
%{ endif }
|
|
%{ endif }
|
|
|
|
ssh_authorized_keys:
|
|
%{ for ssh_public_key in ssh_public_keys ~}
|
|
- ${ssh_public_key}
|
|
%{ endfor ~}
|
|
|
|
write_files:
|
|
- path: /etc/netplan/eth1.yaml
|
|
content: |
|
|
network:
|
|
version: 2
|
|
ethernets:
|
|
eth1:
|
|
dhcp4: true
|
|
runcmd:
|
|
- netplan apply
|
|
- /sbin/sysctl net.ipv4.conf.all.forwarding=1
|
|
%{ if node_type == "worker" }
|
|
# TODO: When a VM is seen as healthy and is added to the EIP loadbalancer
|
|
# pool it no longer can send traffic back to itself via the EIP IP
|
|
# address.
|
|
# Remove this if it ever gets solved.
|
|
- iptables -t nat -A PREROUTING -d ${eip_ip_address} -j DNAT --to 127.0.0.1
|
|
%{ endif }
|
|
%{ if node_local_partition_size > 0 }
|
|
- mkdir -p /mnt/disks/node-local-storage
|
|
- chown nobody:nogroup /mnt/disks/node-local-storage
|
|
- mount /dev/vda2 /mnt/disks/node-local-storage
|
|
%{ endif }
|