ci: fixing libvirt connection

.drone.yml

@@ -6,6 +6,8 @@ name: Terraform root module
 environment:
   TF_IN_AUTOMATION: "1"
   GIT_SSH_COMMAND: "ssh -o StrictHostKeyChecking=no -i $${PWD}/id_rsa"
+  TF_VAR_lawndale_libvirt_uri_transport: ssh
+  TF_VAR_lawndale_libvirt_uri_userhostport: "192.168.253.254:10022"
 
 trigger:
   ref:
@@ -18,6 +20,7 @@ steps:
   commands:
     - echo "$${CI_SSH_KEY}" | base64 -d > id_rsa
     - chmod 600 id_rsa
+    - echo 'lawndale_libvirt_uri_extra = {"sshauth"="privkey","keyfile"="'$${PWD}'/id_rsa"}' >> ci.tfvars
     - terraform init
   environment:
     CI_SSH_KEY:
@@ -32,7 +35,7 @@ steps:
   commands:
     - mkdir -p ~/.ssh
     - cp -a id_rsa ~/.ssh/id_rsa
-    - terraform plan -out .tfplan
+    - terraform plan -var-file ci.tfvars -out .tfplan
   environment:
     AWS_ACCESS_KEY_ID:
       from_secret: terraform-aws-key-id
@@ -55,7 +58,7 @@ steps:
   commands:
     - mkdir -p ~/.ssh
     - cp -a id_rsa ~/.ssh/id_rsa
-    - terraform apply .tfplan
+    - terraform apply -var-file ci.tfvars .tfplan
   environment:
     AWS_ACCESS_KEY_ID:
       from_secret: terraform-aws-key-id
@@ -70,6 +73,6 @@ steps:
 
 ---
 kind: signature
-hmac: 698805937fd548b8265f65322cb6e9cd83689faeba99d3387ffb255701d53f5e
+hmac: ef5513e0943a9a8af92b43c9f29b638680fd92da235e6763a59ea821b22e4c7a
 
 ...

ci.tf

@@ -38,6 +38,7 @@ resource "kubernetes_cluster_role" "ci_cd" {
       "persistentvolumeclaims",
       "pods",
       "namespaces",
+      "nodes",
       "secrets",
       "serviceaccounts",
       "services",
@@ -48,8 +49,10 @@ resource "kubernetes_cluster_role" "ci_cd" {
   rule {
     api_groups = ["apps"]
     resources = [
+      "daemonsets",
       "deployments",
       "replicasets", # needed for 'helm upgrade --wait'
+      "statefulsets",
     ]
     verbs = ["create", "delete", "get", "list", "patch", "update", "watch"]
   }

locals.tf

@@ -38,4 +38,13 @@ EehXHhbRmbtSZ7c4DrGeR2J0SZTyBQJfZczSGRvEiKyGNnyZlLVYKTTnV9b+aN3q
 Xw+ilWL3boYsSiqVN6SIUA==
 -----END CERTIFICATE-----
 EOM
+
+
+  lawndale_libvirt_uri_extra = join("&", [for k, v in var.lawndale_libvirt_uri_extra : format("%s=%s", urlencode(k), urlencode(v))])
+  lawndale_libvirt_uri = var.lawndale_libvirt_uri != null ? var.lawndale_libvirt_uri : format("qemu+%s://%s%s?%s",
+    var.lawndale_libvirt_uri_transport,
+    var.lawndale_libvirt_uri_userhostport,
+    var.lawndale_libvirt_uri_path,
+    local.lawndale_libvirt_uri_extra
+  )
 }

providers.tf

@@ -53,7 +53,7 @@ provider "aws" {
 
 provider "libvirt" {
   # no-pty ssh-rsa AAAAB3.....
-  uri = "qemu+ssh://lawndale-hyper.sch.bme.hu:10022/system?sshauth=privkey"
+  uri = local.lawndale_libvirt_uri
 }
 
 provider "dns" {

variables.tf

@@ -32,3 +32,33 @@ variable "lawndale_dns_key_algorithm" {
   description = "DNSSEC key to use sigining the NSUPDATE queries for Lawndale"
   default     = "hmac-sha256"
 }
+
+variable "lawndale_libvirt_uri" {
+  type        = string
+  description = "Libvirt URI to use accessing Lawndale hypervisor"
+  default     = null
+  nullable    = true
+}
+
+variable "lawndale_libvirt_uri_transport" {
+  type        = string
+  description = "Transport protocol (could be ssh or tls) to dial Lawndale hypervisor"
+}
+
+variable "lawndale_libvirt_uri_userhostport" {
+  type        = string
+  description = "Libvirt URI username, hostname or ip address, and port to reach lawndale hypervisor, in the format of `[username@]<hostname>[:port]`"
+  default     = "lawndale-hyper"
+}
+
+variable "lawndale_libvirt_uri_path" {
+  type        = string
+  description = "Libvirt URI path sent to the libvirt daemon"
+  default     = "/system"
+}
+
+variable "lawndale_libvirt_uri_extra" {
+  type        = map(any)
+  description = "Libvirt URI extra parameters [https://libvirt.org/uri.html#transport-configuration](See Libvirt transport configuration)"
+  default     = {}
+}