diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..16b8d51
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,97 @@
+---
+kind: pipeline
+type: kubernetes
+name: Terraform root module
+
+environment:
+ TF_IN_AUTOMATION: "1"
+ GIT_SSH_COMMAND: "ssh -o StrictHostKeyChecking=no -i $${PWD}/id_rsa"
+ TF_VAR_lawndale_dns_host: "nat.lawndale"
+ TF_VAR_lawndale_libvirt_uri_transport: ssh
+ TF_VAR_lawndale_libvirt_uri_userhostport: "192.168.253.254:10022"
+
+trigger:
+ ref:
+ - refs/heads/main
+ - refs/pull/*/head
+
+steps:
+- name: terraform init
+ image: hashicorp/terraform:1.1.8
+ commands:
+ - echo "$${CI_SSH_KEY}" | base64 -d > id_rsa
+ - chmod 600 id_rsa
+ - echo 'lawndale_libvirt_uri_extra = {"sshauth"="privkey","keyfile"="'$${PWD}'/id_rsa","no_verify"="1"}' >> ci.tfvars
+ - terraform init
+ environment:
+ CI_SSH_KEY:
+ from_secret: ci-ssh-key
+ AWS_ACCESS_KEY_ID:
+ from_secret: terraform-aws-key-id
+ AWS_SECRET_ACCESS_KEY:
+ from_secret: terraform-aws-secret-access-key
+
+- name: terraform plan
+ image: hashicorp/terraform:1.1.8
+ commands:
+ - terraform plan -var-file ci.tfvars -out .tfplan
+ environment:
+ AWS_ACCESS_KEY_ID:
+ from_secret: terraform-aws-key-id
+ AWS_SECRET_ACCESS_KEY:
+ from_secret: terraform-aws-secret-access-key
+ KUBE_TOKEN:
+ from_secret: lawndale-k8s-ci-token
+ TF_VAR_lawndale_dns_key_secret:
+ from_secret: lawndale-dns-key-secret
+ TF_VAR_lawndale_dns_key_algorithm:
+ from_secret: lawndale-dns-key-algorithm
+
+- name: terraform apply
+ when:
+ branch:
+ - main
+ event:
+ - push
+ image: hashicorp/terraform:1.1.8
+ commands:
+ - terraform apply -var-file ci.tfvars .tfplan
+ environment:
+ AWS_ACCESS_KEY_ID:
+ from_secret: terraform-aws-key-id
+ AWS_SECRET_ACCESS_KEY:
+ from_secret: terraform-aws-secret-access-key
+ KUBE_TOKEN:
+ from_secret: lawndale-k8s-ci-token
+ TF_VAR_lawndale_dns_key_secret:
+ from_secret: lawndale-dns-key-secret
+ TF_VAR_lawndale_dns_key_algorithm:
+ from_secret: lawndale-dns-key-algorithm
+
+---
+kind: pipeline
+type: kubernetes
+name: Check docs and format
+
+environment:
+ TF_IN_AUTOMATION: "1"
+
+trigger:
+ ref:
+ - refs/pull/*/head
+
+steps:
+- name: format and generate docs
+ image: hashicorp/terraform:1.1.8
+ commands:
+ - apk add bash wget
+ - wget -q https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-linux-amd64.tar.gz -O - | tar -xz terraform-docs -C /usr/local/bin
+ - terraform fmt
+ - terraform-docs .
+ - git diff --exit-code
+
+---
+kind: signature
+hmac: c79a45ff158cd06564765a09933921a2fd9856f6c2063716d45225fc1c45c100
+
+...
diff --git a/README.md b/README.md
index f8710ea..085feb6 100644
--- a/README.md
+++ b/README.md
@@ -93,29 +93,27 @@ The following resources are used by this module:
The following input variables are required:
-### [lawndale\_dns\_key\_secret](#input\_lawndale\_dns\_key\_secret)
-
-Description: DNSSEC key to use sigining the NSUPDATE queries for Lawndale
-
-Type: `string`
-
-### [lawndale\_dns\_port](#input\_lawndale\_dns\_port)
-
-Description: Port where the lawndale internal DNS server listens on
-
-Type: `number`
-
-## Optional Inputs
-
-The following input variables are optional (have default values):
-
### [lawndale\_dns\_host](#input\_lawndale\_dns\_host)
Description: Address to reach lawndale internal DNS server
Type: `string`
-Default: `"lawndale-hyper"`
+### [lawndale\_dns\_key\_secret](#input\_lawndale\_dns\_key\_secret)
+
+Description: DNSSEC key to use sigining the NSUPDATE queries for Lawndale
+
+Type: `string`
+
+### [lawndale\_libvirt\_uri\_transport](#input\_lawndale\_libvirt\_uri\_transport)
+
+Description: Transport protocol (could be ssh or tls) to dial Lawndale hypervisor
+
+Type: `string`
+
+## Optional Inputs
+
+The following input variables are optional (have default values):
### [lawndale\_dns\_key\_algorithm](#input\_lawndale\_dns\_key\_algorithm)
@@ -125,6 +123,14 @@ Type: `string`
Default: `"hmac-sha256"`
+### [lawndale\_dns\_port](#input\_lawndale\_dns\_port)
+
+Description: Port where the lawndale internal DNS server listens on
+
+Type: `number`
+
+Default: `53`
+
### [lawndale\_dns\_transport](#input\_lawndale\_dns\_transport)
Description: Port where the lawndale internal DNS server listens on
@@ -133,6 +139,38 @@ Type: `string`
Default: `"udp"`
+### [lawndale\_libvirt\_uri](#input\_lawndale\_libvirt\_uri)
+
+Description: Libvirt URI to use accessing Lawndale hypervisor
+
+Type: `string`
+
+Default: `null`
+
+### [lawndale\_libvirt\_uri\_extra](#input\_lawndale\_libvirt\_uri\_extra)
+
+Description: Libvirt URI extra parameters [https://libvirt.org/uri.html#transport-configuration](See Libvirt transport configuration)
+
+Type: `map(any)`
+
+Default: `{}`
+
+### [lawndale\_libvirt\_uri\_path](#input\_lawndale\_libvirt\_uri\_path)
+
+Description: Libvirt URI path sent to the libvirt daemon
+
+Type: `string`
+
+Default: `"/system"`
+
+### [lawndale\_libvirt\_uri\_userhostport](#input\_lawndale\_libvirt\_uri\_userhostport)
+
+Description: Libvirt URI username, hostname or ip address, and port to reach lawndale hypervisor, in the format of `[username@][:port]`
+
+Type: `string`
+
+Default: `"lawndale-hyper"`
+
## Outputs
No outputs.
diff --git a/ci.tf b/ci.tf
index a70da15..144ebc0 100644
--- a/ci.tf
+++ b/ci.tf
@@ -38,35 +38,23 @@ resource "kubernetes_cluster_role" "ci_cd" {
"persistentvolumeclaims",
"pods",
"namespaces",
+ "nodes",
"secrets",
+ "serviceaccounts",
"services",
]
- verbs = [
- "create",
- "delete",
- "get",
- "list",
- "patch",
- "update",
- "watch",
- ]
+ verbs = ["create", "delete", "get", "list", "patch", "update", "watch"]
}
rule {
api_groups = ["apps"]
resources = [
+ "daemonsets",
"deployments",
"replicasets", # needed for 'helm upgrade --wait'
+ "statefulsets",
]
- verbs = [
- "create",
- "delete",
- "get",
- "list",
- "patch",
- "update",
- "watch",
- ]
+ verbs = ["create", "delete", "get", "list", "patch", "update", "watch"]
}
rule {
@@ -74,45 +62,42 @@ resource "kubernetes_cluster_role" "ci_cd" {
resources = [
"horizontalpodautoscalers"
]
- verbs = [
- "create",
- "delete",
- "get",
- "list",
- "patch",
- "update",
- "watch",
- ]
+ verbs = ["create", "delete", "get", "list", "patch", "update", "watch"]
}
rule {
api_groups = ["networking.k8s.io"]
resources = [
"ingresses",
- ]
- verbs = [
- "create",
- "delete",
- "get",
- "list",
- "patch",
- "update",
- "watch",
- ]
- }
- rule {
- api_groups = ["networking.k8s.io"]
- resources = [
"networkpolicies"
]
- verbs = [
- "create",
- "delete",
- "get",
- "list",
- "patch",
- "update",
- "watch",
+ verbs = ["create", "delete", "get", "list", "patch", "update", "watch"]
+ }
+
+ rule {
+ api_groups = ["apiextensions.k8s.io"]
+ resources = [
+ "customresourcedefinitions"
]
+ verbs = ["create", "delete", "get", "list", "patch", "update", "watch"]
+ }
+
+ rule {
+ api_groups = ["rbac.authorization.k8s.io"]
+ resources = [
+ "clusterrolebindings",
+ "clusterroles",
+ "rolebindings",
+ "roles",
+ ]
+ verbs = ["create", "delete", "get", "list", "patch", "update", "watch"]
+ }
+
+ rule {
+ api_groups = ["policy"]
+ resources = [
+ "podsecuritypolicies",
+ ]
+ verbs = ["create", "delete", "get", "list", "patch", "update", "watch"]
}
}
diff --git a/locals.tf b/locals.tf
index 010f0eb..f7be528 100644
--- a/locals.tf
+++ b/locals.tf
@@ -38,4 +38,13 @@ EehXHhbRmbtSZ7c4DrGeR2J0SZTyBQJfZczSGRvEiKyGNnyZlLVYKTTnV9b+aN3q
Xw+ilWL3boYsSiqVN6SIUA==
-----END CERTIFICATE-----
EOM
+
+
+ lawndale_libvirt_uri_extra = join("&", [for k, v in var.lawndale_libvirt_uri_extra : format("%s=%s", urlencode(k), urlencode(v))])
+ lawndale_libvirt_uri = var.lawndale_libvirt_uri != null ? var.lawndale_libvirt_uri : format("qemu+%s://%s%s?%s",
+ var.lawndale_libvirt_uri_transport,
+ var.lawndale_libvirt_uri_userhostport,
+ var.lawndale_libvirt_uri_path,
+ local.lawndale_libvirt_uri_extra
+ )
}
\ No newline at end of file
diff --git a/providers.tf b/providers.tf
index e490f65..4023b18 100644
--- a/providers.tf
+++ b/providers.tf
@@ -53,7 +53,7 @@ provider "aws" {
provider "libvirt" {
# no-pty ssh-rsa AAAAB3.....
- uri = "qemu+ssh://lawndale-hyper.sch.bme.hu:10022/system?sshauth=privkey"
+ uri = local.lawndale_libvirt_uri
}
provider "dns" {
diff --git a/variables.tf b/variables.tf
index 5db4a65..b74fc34 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,7 +1,6 @@
variable "lawndale_dns_host" {
type = string
description = "Address to reach lawndale internal DNS server"
- default = "lawndale-hyper"
}
variable "lawndale_dns_port" {
@@ -32,3 +31,33 @@ variable "lawndale_dns_key_algorithm" {
description = "DNSSEC key to use sigining the NSUPDATE queries for Lawndale"
default = "hmac-sha256"
}
+
+variable "lawndale_libvirt_uri" {
+ type = string
+ description = "Libvirt URI to use accessing Lawndale hypervisor"
+ default = null
+ nullable = true
+}
+
+variable "lawndale_libvirt_uri_transport" {
+ type = string
+ description = "Transport protocol (could be ssh or tls) to dial Lawndale hypervisor"
+}
+
+variable "lawndale_libvirt_uri_userhostport" {
+ type = string
+ description = "Libvirt URI username, hostname or ip address, and port to reach lawndale hypervisor, in the format of `[username@][:port]`"
+ default = "lawndale-hyper"
+}
+
+variable "lawndale_libvirt_uri_path" {
+ type = string
+ description = "Libvirt URI path sent to the libvirt daemon"
+ default = "/system"
+}
+
+variable "lawndale_libvirt_uri_extra" {
+ type = map(any)
+ description = "Libvirt URI extra parameters [https://libvirt.org/uri.html#transport-configuration](See Libvirt transport configuration)"
+ default = {}
+}