init

11 months ago · 8bf2179f53
commit 8bf2179f53
5 changed files with 110 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+.terraform
+*tfstate*
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hetznercloud/hcloud" {
+  version     = "1.31.1"
+  constraints = "1.31.1"
+  hashes = [
+    "h1:Rg94ZvIoKP2IkMl+WflNsIgNOS1P29/Fwa39WZHPQvU=",
+    "zh:1ac55d8db278a85ee24a9269b0d85ee138242d9f8d9b9ba8b95dc4a02d659137",
+    "zh:4720d6d96f0603c988bd95c963aa014b0e1b07fdc0b2c76fe3cb521a7ba54f1a",
+    "zh:4c69e86d325de13247b887007b53f712ce53528d98c73f06ff0d757d1c6b52ac",
+    "zh:560517e62d6f14feda622268adc9cfc3045440367b58b73fdd954804b72ae4a3",
+    "zh:792e1b647dd583e42a5b65c104ffde7e8b77f173e08e62bf5ca6b4e901c10ff1",
+    "zh:8046990a2d7b5cb304a4d959196a5dc642b81fd158b1da50d1dd72039ba2093d",
+    "zh:885bb88cd934f68cbc2016c812b99a49fc3a358c19c82d14b9f3adde6d2497af",
+    "zh:9f8728f650a30afc5bba6c97d40decdb3fd846db35e68659a7967262427ffa6b",
+    "zh:a78b7369b6a077c8a82266515f1bbdfd1eaa98fc82fa3e34c1aa1bbadf4e5514",
+    "zh:aaf306f40b7c3f48732437f15366f4ce042e3885b914f19f4652ac9b600899b1",
+    "zh:af533eee1f85ce3126931f0c3c1fe455918f3525079e92e9d85ee391e42ff4fc",
+    "zh:b0ce67d5ee900127a14e616c1f7463b211204627742b4051c1b33f464b97679e",
+    "zh:b743cd1355ba7b37b60a66f79b0e779d8d6c8adc7bdec151d2b14994dec7b809",
+    "zh:cdb210a89af1bf1563f0c933acd14b86a6a01e6289231e317cf5704abf54c9e6",
+  ]
+}
--- a/README.md
+++ b/README.md
@ -0,0 +1,42 @@
+# terraform-tester
+
+Testing out a potential infra tooling switch. For infra circle hackers.
+Terraform is really good for creating infrastructure, not configuring it.
+However, it allows some hooks to run bash scripts and the like. It's wayyyy
+easier to setup than Ansible.
+
+## setup
+
+Install Terraform:
+
+```
+sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl
+curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
+sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
+sudo apt-get update && sudo apt-get install terraform
+```
+
+## test
+
+```
+$ terraform init
+$ terraform apply
+$ terraform destroy
+```
+
+## files / commands
+
+- **init**: downloads dependencies, stores them in `.terraform` (downloads hetzner plugin)
+- **apply**: generates a plan of what it will do, asks, then does it (creates the hetzner server)
+- **destroy**: reads the `.tfstate` files & reverses the state (destroys the hetzner server)
+- **newhetzner.tf**: the file that `terraform` reads to implement stuff
+- **.terraform.lock.hcl**: state file that makes us all get the same results for `terraform init`
+- **user_data.yml**: a `cloud-init` script which runs when the new hetzner VPS is created, provisioning commands!
+
+## notes
+
+- `*.tf` files are rough equivalent of ansible roles. once you run `terraform apply` it generates a state file. the next time someone runs `terraform apply`, the state file is read, `terraform plan` then automatically knows what servers are created, destroyed, etc. instead of having an inventory listing like we have for ansible, we have the actual `.tf` files & the state files (e.g. [this](https://git.autonomic.zone/autonomic-cooperative/terraform-tester/src/commit/f71daa1ea969bff2b08d846c361edae56e14fa75/newhetzner.tf#L16-L24))
+
+- we can wire up minio as a "backend" (see [this](https://dickingwithdocker.com/2019/02/terraform-s3-remote-state-with-minio-and-docker/)) so that `terraform apply` will store the state files it generates there.
+
+- unsure how to test but there is [this](https://www.hashicorp.com/blog/testing-hashicorp-terraform). i'd rather skip all the testing work, it somehow is not really worth it at our scale? i think tool usability is more important for us. can people using it understand what it is doing? then they'll probably be able to fix things.
--- a/newhetzner.tf
+++ b/newhetzner.tf
@ -0,0 +1,29 @@
+terraform {
+  required_providers {
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = "1.31.1"
+    }
+  }
+}
+
+variable "hcloud_token" {}
+
+provider "hcloud" {
+  token = var.hcloud_token
+}
+
+resource "hcloud_server" "web" {
+  name        = "terraform-test"
+  image       = "debian-10"
+  server_type = "cx11"
+  ssh_keys = [
+    "lukewm@riseup.net"
+  ]
+  user_data = file("user_data.yml")
+}
+
+output "ipv4_addresses" {
+  value       = hcloud_server.web.ipv4_address
+  description = "The ipv4 address of your new Hetzner Cloud VPS"
+}
--- a/user_data.yml
+++ b/user_data.yml
@ -0,0 +1,13 @@
+#cloud-config
+package_update: true
+package_upgrade: true
+packages:
+  - htop
+  - ctop
+  - ncdu
+write_files:
+  - path: /etc/docker/daemon.json
+    content: |
+      { "log-driver": "journald" }
+runcmd:
+  - curl -fsSL https://get.docker.com | bash