This commit is contained in:
decentral1se 2022-03-15 14:12:04 +01:00
commit 8bf2179f53
No known key found for this signature in database
GPG Key ID: 03789458B3D0C410
5 changed files with 110 additions and 0 deletions

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
.terraform
*tfstate*

24
.terraform.lock.hcl Normal file
View File

@ -0,0 +1,24 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hetznercloud/hcloud" {
version = "1.31.1"
constraints = "1.31.1"
hashes = [
"h1:Rg94ZvIoKP2IkMl+WflNsIgNOS1P29/Fwa39WZHPQvU=",
"zh:1ac55d8db278a85ee24a9269b0d85ee138242d9f8d9b9ba8b95dc4a02d659137",
"zh:4720d6d96f0603c988bd95c963aa014b0e1b07fdc0b2c76fe3cb521a7ba54f1a",
"zh:4c69e86d325de13247b887007b53f712ce53528d98c73f06ff0d757d1c6b52ac",
"zh:560517e62d6f14feda622268adc9cfc3045440367b58b73fdd954804b72ae4a3",
"zh:792e1b647dd583e42a5b65c104ffde7e8b77f173e08e62bf5ca6b4e901c10ff1",
"zh:8046990a2d7b5cb304a4d959196a5dc642b81fd158b1da50d1dd72039ba2093d",
"zh:885bb88cd934f68cbc2016c812b99a49fc3a358c19c82d14b9f3adde6d2497af",
"zh:9f8728f650a30afc5bba6c97d40decdb3fd846db35e68659a7967262427ffa6b",
"zh:a78b7369b6a077c8a82266515f1bbdfd1eaa98fc82fa3e34c1aa1bbadf4e5514",
"zh:aaf306f40b7c3f48732437f15366f4ce042e3885b914f19f4652ac9b600899b1",
"zh:af533eee1f85ce3126931f0c3c1fe455918f3525079e92e9d85ee391e42ff4fc",
"zh:b0ce67d5ee900127a14e616c1f7463b211204627742b4051c1b33f464b97679e",
"zh:b743cd1355ba7b37b60a66f79b0e779d8d6c8adc7bdec151d2b14994dec7b809",
"zh:cdb210a89af1bf1563f0c933acd14b86a6a01e6289231e317cf5704abf54c9e6",
]
}

42
README.md Normal file
View File

@ -0,0 +1,42 @@
# terraform-tester
Testing out a potential infra tooling switch. For infra circle hackers.
Terraform is really good for creating infrastructure, not configuring it.
However, it allows some hooks to run bash scripts and the like. It's wayyyy
easier to setup than Ansible.
## setup
Install Terraform:
```
sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install terraform
```
## test
```
$ terraform init
$ terraform apply
$ terraform destroy
```
## files / commands
- **init**: downloads dependencies, stores them in `.terraform` (downloads hetzner plugin)
- **apply**: generates a plan of what it will do, asks, then does it (creates the hetzner server)
- **destroy**: reads the `.tfstate` files & reverses the state (destroys the hetzner server)
- **newhetzner.tf**: the file that `terraform` reads to implement stuff
- **.terraform.lock.hcl**: state file that makes us all get the same results for `terraform init`
- **user_data.yml**: a `cloud-init` script which runs when the new hetzner VPS is created, provisioning commands!
## notes
- `*.tf` files are rough equivalent of ansible roles. once you run `terraform apply` it generates a state file. the next time someone runs `terraform apply`, the state file is read, `terraform plan` then automatically knows what servers are created, destroyed, etc. instead of having an inventory listing like we have for ansible, we have the actual `.tf` files & the state files (e.g. [this](https://git.autonomic.zone/autonomic-cooperative/terraform-tester/src/commit/f71daa1ea969bff2b08d846c361edae56e14fa75/newhetzner.tf#L16-L24))
- we can wire up minio as a "backend" (see [this](https://dickingwithdocker.com/2019/02/terraform-s3-remote-state-with-minio-and-docker/)) so that `terraform apply` will store the state files it generates there.
- unsure how to test but there is [this](https://www.hashicorp.com/blog/testing-hashicorp-terraform). i'd rather skip all the testing work, it somehow is not really worth it at our scale? i think tool usability is more important for us. can people using it understand what it is doing? then they'll probably be able to fix things.

29
newhetzner.tf Normal file
View File

@ -0,0 +1,29 @@
terraform {
required_providers {
hcloud = {
source = "hetznercloud/hcloud"
version = "1.31.1"
}
}
}
variable "hcloud_token" {}
provider "hcloud" {
token = var.hcloud_token
}
resource "hcloud_server" "web" {
name = "terraform-test"
image = "debian-10"
server_type = "cx11"
ssh_keys = [
"lukewm@riseup.net"
]
user_data = file("user_data.yml")
}
output "ipv4_addresses" {
value = hcloud_server.web.ipv4_address
description = "The ipv4 address of your new Hetzner Cloud VPS"
}

13
user_data.yml Normal file
View File

@ -0,0 +1,13 @@
#cloud-config
package_update: true
package_upgrade: true
packages:
- htop
- ctop
- ncdu
write_files:
- path: /etc/docker/daemon.json
content: |
{ "log-driver": "journald" }
runcmd:
- curl -fsSL https://get.docker.com | bash