commit
8bf2179f53
@ -0,0 +1,2 @@ |
||||
.terraform |
||||
*tfstate* |
@ -0,0 +1,24 @@ |
||||
# This file is maintained automatically by "terraform init". |
||||
# Manual edits may be lost in future updates. |
||||
|
||||
provider "registry.terraform.io/hetznercloud/hcloud" { |
||||
version = "1.31.1" |
||||
constraints = "1.31.1" |
||||
hashes = [ |
||||
"h1:Rg94ZvIoKP2IkMl+WflNsIgNOS1P29/Fwa39WZHPQvU=", |
||||
"zh:1ac55d8db278a85ee24a9269b0d85ee138242d9f8d9b9ba8b95dc4a02d659137", |
||||
"zh:4720d6d96f0603c988bd95c963aa014b0e1b07fdc0b2c76fe3cb521a7ba54f1a", |
||||
"zh:4c69e86d325de13247b887007b53f712ce53528d98c73f06ff0d757d1c6b52ac", |
||||
"zh:560517e62d6f14feda622268adc9cfc3045440367b58b73fdd954804b72ae4a3", |
||||
"zh:792e1b647dd583e42a5b65c104ffde7e8b77f173e08e62bf5ca6b4e901c10ff1", |
||||
"zh:8046990a2d7b5cb304a4d959196a5dc642b81fd158b1da50d1dd72039ba2093d", |
||||
"zh:885bb88cd934f68cbc2016c812b99a49fc3a358c19c82d14b9f3adde6d2497af", |
||||
"zh:9f8728f650a30afc5bba6c97d40decdb3fd846db35e68659a7967262427ffa6b", |
||||
"zh:a78b7369b6a077c8a82266515f1bbdfd1eaa98fc82fa3e34c1aa1bbadf4e5514", |
||||
"zh:aaf306f40b7c3f48732437f15366f4ce042e3885b914f19f4652ac9b600899b1", |
||||
"zh:af533eee1f85ce3126931f0c3c1fe455918f3525079e92e9d85ee391e42ff4fc", |
||||
"zh:b0ce67d5ee900127a14e616c1f7463b211204627742b4051c1b33f464b97679e", |
||||
"zh:b743cd1355ba7b37b60a66f79b0e779d8d6c8adc7bdec151d2b14994dec7b809", |
||||
"zh:cdb210a89af1bf1563f0c933acd14b86a6a01e6289231e317cf5704abf54c9e6", |
||||
] |
||||
} |
@ -0,0 +1,42 @@ |
||||
# terraform-tester |
||||
|
||||
Testing out a potential infra tooling switch. For infra circle hackers. |
||||
Terraform is really good for creating infrastructure, not configuring it. |
||||
However, it allows some hooks to run bash scripts and the like. It's wayyyy |
||||
easier to setup than Ansible. |
||||
|
||||
## setup |
||||
|
||||
Install Terraform: |
||||
|
||||
``` |
||||
sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl |
||||
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - |
||||
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" |
||||
sudo apt-get update && sudo apt-get install terraform |
||||
``` |
||||
|
||||
## test |
||||
|
||||
``` |
||||
$ terraform init |
||||
$ terraform apply |
||||
$ terraform destroy |
||||
``` |
||||
|
||||
## files / commands |
||||
|
||||
- **init**: downloads dependencies, stores them in `.terraform` (downloads hetzner plugin) |
||||
- **apply**: generates a plan of what it will do, asks, then does it (creates the hetzner server) |
||||
- **destroy**: reads the `.tfstate` files & reverses the state (destroys the hetzner server) |
||||
- **newhetzner.tf**: the file that `terraform` reads to implement stuff |
||||
- **.terraform.lock.hcl**: state file that makes us all get the same results for `terraform init` |
||||
- **user_data.yml**: a `cloud-init` script which runs when the new hetzner VPS is created, provisioning commands! |
||||
|
||||
## notes |
||||
|
||||
- `*.tf` files are rough equivalent of ansible roles. once you run `terraform apply` it generates a state file. the next time someone runs `terraform apply`, the state file is read, `terraform plan` then automatically knows what servers are created, destroyed, etc. instead of having an inventory listing like we have for ansible, we have the actual `.tf` files & the state files (e.g. [this](https://git.autonomic.zone/autonomic-cooperative/terraform-tester/src/commit/f71daa1ea969bff2b08d846c361edae56e14fa75/newhetzner.tf#L16-L24)) |
||||
|
||||
- we can wire up minio as a "backend" (see [this](https://dickingwithdocker.com/2019/02/terraform-s3-remote-state-with-minio-and-docker/)) so that `terraform apply` will store the state files it generates there. |
||||
|
||||
- unsure how to test but there is [this](https://www.hashicorp.com/blog/testing-hashicorp-terraform). i'd rather skip all the testing work, it somehow is not really worth it at our scale? i think tool usability is more important for us. can people using it understand what it is doing? then they'll probably be able to fix things. |
@ -0,0 +1,29 @@ |
||||
terraform { |
||||
required_providers { |
||||
hcloud = { |
||||
source = "hetznercloud/hcloud" |
||||
version = "1.31.1" |
||||
} |
||||
} |
||||
} |
||||
|
||||
variable "hcloud_token" {} |
||||
|
||||
provider "hcloud" { |
||||
token = var.hcloud_token |
||||
} |
||||
|
||||
resource "hcloud_server" "web" { |
||||
name = "terraform-test" |
||||
image = "debian-10" |
||||
server_type = "cx11" |
||||
ssh_keys = [ |
||||
"lukewm@riseup.net" |
||||
] |
||||
user_data = file("user_data.yml") |
||||
} |
||||
|
||||
output "ipv4_addresses" { |
||||
value = hcloud_server.web.ipv4_address |
||||
description = "The ipv4 address of your new Hetzner Cloud VPS" |
||||
} |
@ -0,0 +1,13 @@ |
||||
#cloud-config |
||||
package_update: true |
||||
package_upgrade: true |
||||
packages: |
||||
- htop |
||||
- ctop |
||||
- ncdu |
||||
write_files: |
||||
- path: /etc/docker/daemon.json |
||||
content: | |
||||
{ "log-driver": "journald" } |
||||
runcmd: |
||||
- curl -fsSL https://get.docker.com | bash |
Loading…
Reference in new issue