refactor: move to flatcar linux

2023-01-22 11:30:49 +01:00 · 2023-01-22 11:30:49 +01:00 · 141d6690a2
commit 141d6690a2
parent 7697d2be65
7 changed files with 129 additions and 15 deletions
--- a/infrastructure/configs/core-user.yaml.tmpl
+++ b/infrastructure/configs/core-user.yaml.tmpl
@ -0,0 +1,7 @@
+variant: flatcar
+version: 1.0.0
+
+passwd:
+  users:
+    - name: core
+      ssh_authorized_keys: ${ssh_keys}
--- a/infrastructure/configs/k3s-flatcar.yaml
+++ b/infrastructure/configs/k3s-flatcar.yaml
@ -0,0 +1,37 @@
+variant: flatcar
+version: 1.0.0
+
+systemd:
+  units:
+    - name: k3s-install.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Run K3s script
+        Wants = network-online.target
+        After = network.target network-online.target        
+        ConditionPathExists=/opt/k3s-install.sh
+        ConditionPathExists=!/opt/bin/k3s
+        [Service]
+        Type=forking
+        TimeoutStartSec=180
+        RemainAfterExit=yes
+        KillMode=process
+        Environment="K3S_URL=https://172.23.2.10:6443"
+        Environment="K3S_TOKEN=${k3s_token}"
+        Environment="INSTALL_K3S_EXEC='agent' '--node-ip' '${node_ip}' '--kubelet-arg' '--cloud-provider=external'"
+        ExecStart=/usr/bin/sh -c "/opt/k3s-install.sh"
+        [Install]
+        WantedBy=multi-user.target
+
+storage:
+  files:
+    - path: /etc/hostname
+      mode: 0644
+      contents:
+        inline: ${host}
+    - path: /opt/k3s-install.sh
+      mode: 0777
+      contents:
+        remote:
+          url: https://get.k3s.io
--- a/infrastructure/k8s_flatcar_machines.tf
+++ b/infrastructure/k8s_flatcar_machines.tf
@ -70,17 +70,55 @@ resource "hcloud_server" "machine" {
        "node_ip"    = "${each.value.private_ip}"
      }
    )
-    destination = "/tmp/k3os-config.yaml"
+    destination = "/root/ignition.json"
  }

  provisioner "remote-exec" {
    inline = [
      "set -ex",
-      "apt-get install -y grub-pc",
-      "cat /tmp/k3os-config.yaml",
-      "curl -fsSL --retry-delay 1 --retry 60 --retry-connrefused --retry-max-time 60 --connect-timeout 20 https://raw.githubusercontent.com/rancher/k3os/master/install.sh | bash -s -- --config /tmp/k3os-config.yaml /dev/sda https://github.com/rancher/k3os/releases/download/v0.21.5-k3s2r1/k3os-amd64.iso",
-      "reboot"
+      "apt-get install -y gawk",
+      "curl -fsSLO --retry-delay 1 --retry 60 --retry-connrefused --retry-max-time 60 --connect-timeout 20 https://raw.githubusercontent.com/flatcar/init/flatcar-master/bin/flatcar-install",
+      "chmod +x flatcar-install",
+      "./flatcar-install -s -i /root/ignition.json -C ${var.release_channel}",
+      "shutdown -r +1",
    ]
    on_failure = continue
  }
+
+  provisioner "remote-exec" {
+    connection {
+      host        = self.ipv4_address
+      private_key = tls_private_key.provisioning.private_key_pem
+      timeout     = "3m"
+      user        = "core"
+    }
+
+    inline = [
+      "sudo hostnamectl set-hostname ${self.name}",
+    ]
+  }
+}
+
+data "ct_config" "machine-ignitions" {
+  for_each = var.k3os_workers
+  strict   = true
+  content = templatefile(
+    "${path.module}/configs/k3s-flatcar.yaml",
+    {
+      "host"       = "${each.key}"
+      "k3s_token"  = "${var.k3s_token}"
+      "datacenter" = "hel1-dc2"
+      "node_ip"    = "${each.value.private_ip}"
+    }
+  )
+  snippets = [
+    data.template_file.core_user.rendered
+  ]
+}
+
+data "template_file" "core_user" {
+  template = file("${path.module}/configs/core-user.yaml.tmpl")
+  vars = {
+    ssh_keys = jsonencode(concat(var.ssh_keys, [tls_private_key.provisioning.public_key_openssh]))
+  }
 }
--- a/infrastructure/main.tf
+++ b/infrastructure/main.tf
@ -1,12 +1,3 @@
-terraform {
-  required_providers {
-    hcloud = {
-      source  = "hetznercloud/hcloud"
-      version = "1.35.1"
-    }
-  }
-}
-
 provider "hcloud" {
  token = var.hcloud_token
 }
--- a/infrastructure/vars.tf
+++ b/infrastructure/vars.tf
@ -31,3 +31,20 @@ variable "ci_workers" {
    private_ip  = string
  }))
 }
+
+variable "ssh_keys" {
+  type        = list(string)
+  default     = []
+  description = "Additional SSH public keys for user 'core'."
+}
+
+variable "release_channel" {
+  type        = string
+  description = "Release channel"
+  default     = "stable"
+
+  validation {
+    condition     = contains(["lts", "stable", "beta", "alpha"], var.release_channel)
+    error_message = "release_channel must be lts, stable, beta, or alpha."
+  }
+}
--- a/infrastructure/versions.tf
+++ b/infrastructure/versions.tf
@ -0,0 +1,22 @@
+
+terraform {
+  required_version = ">= 0.14"
+  required_providers {
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = "1.36.2"
+    }
+    ct = {
+      source  = "poseidon/ct"
+      version = "0.11.0"
+    }
+    template = {
+      source  = "hashicorp/template"
+      version = "~> 2.2.0"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = "~> 3.2.1"
+    }
+  }
+}
--- a/infrastructure/vms.auto.tfvars
+++ b/infrastructure/vms.auto.tfvars
@ -35,3 +35,5 @@ ci_workers = {
    private_ip  = "172.23.2.31"
  }
 }
+
+ssh_keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKfHZaI0F5GjAcrM8hjWqwMfULDkAZ2TOIBTQtRocg1F id_ed25519"]