-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathswarm.tf
108 lines (100 loc) · 4.45 KB
/
swarm.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
resource "null_resource" "discovery_url_template" {
count = "${var.generate_discovery_url}"
provisioner "local-exec" {
command = "curl -s 'https://discovery.etcd.io/new?size=${var.cluster_size}' > templates/discovery_url"
}
}
resource "null_resource" "generate_ssl" {
count = "${var.generate_ssl}"
provisioner "local-exec" {
command = "bash files/ssl/generate-ssl.sh"
}
}
resource "template_file" "discovery_url" {
template = "templates/discovery_url"
depends_on = [
"null_resource.discovery_url_template"
]
}
resource "template_file" "cloud_init" {
template = "${file("templates/cloud-init")}"
vars {
cluster_token = "${var.cluster_name}"
discovery_url = "${template_file.discovery_url.rendered}"
swarm_version = "${var.swarm_version}"
}
}
resource "template_file" "10_docker_service" {
template = "${file("templates/10-docker-service.conf")}"
}
resource "openstack_networking_floatingip_v2" "coreos" {
count = "${var.cluster_size}"
pool = "${var.floatingip_pool}"
}
resource "openstack_compute_keypair_v2" "coreos" {
name = "swarm-${var.cluster_name}"
public_key = "${file(var.public_key_path)}"
}
resource "openstack_compute_instance_v2" "coreos" {
name = "swarm-${var.cluster_name}-${count.index}"
count = "${var.cluster_size}"
image_name = "${var.image_name}"
flavor_name = "${var.flavor}"
key_pair = "${openstack_compute_keypair_v2.coreos.name}"
network {
name = "${var.network_name}"
}
security_groups = [
"${openstack_compute_secgroup_v2.swarm_base.name}"
]
floating_ip = "${element(openstack_networking_floatingip_v2.coreos.*.address, count.index)}"
user_data = "${template_file.cloud_init.rendered}"
provisioner "file" {
source = "files"
destination = "/tmp/files"
connection {
user = "core"
}
}
provisioner "remote-exec" {
inline = [
# Create TLS certs
"mkdir -p /home/core/.docker",
"cp /tmp/files/ssl/ca.pem /home/core/.docker/",
"cp /tmp/files/ssl/cert.pem /home/core/.docker/",
"cp /tmp/files/ssl/key.pem /home/core/.docker/",
"echo 'subjectAltName = @alt_names' >> /tmp/files/ssl/openssl.cnf",
"echo '[alt_names]' >> /tmp/files/ssl/openssl.cnf",
"echo 'IP.1 = ${self.network.0.fixed_ip_v4}' >> /tmp/files/ssl/openssl.cnf",
"echo 'IP.2 = ${element(openstack_networking_floatingip_v2.coreos.*.address, count.index)}' >> /tmp/files/ssl/openssl.cnf",
"echo 'DNS.1 = ${var.fqdn}' >> /tmp/files/ssl/openssl.cnf",
"echo 'DNS.2 = ${element(openstack_networking_floatingip_v2.coreos.*.address, count.index)}.xip.io' >> /tmp/files/ssl/openssl.cnf",
"openssl req -new -key /tmp/files/ssl/key.pem -out /tmp/files/ssl/cert.csr -subj '/CN=docker-client' -config /tmp/files/ssl/openssl.cnf",
"openssl x509 -req -in /tmp/files/ssl/cert.csr -CA /tmp/files/ssl/ca.pem -CAkey /tmp/files/ssl/ca-key.pem \\",
"-CAcreateserial -out /tmp/files/ssl/cert.pem -days 365 -extensions v3_req -extfile /tmp/files/ssl/openssl.cnf",
"sudo mkdir -p /etc/docker/ssl",
"sudo cp /tmp/files/ssl/ca.pem /etc/docker/ssl/",
"sudo cp /tmp/files/ssl/cert.pem /etc/docker/ssl/",
"sudo cp /tmp/files/ssl/key.pem /etc/docker/ssl/",
# Apply localized settings to services
"sudo mkdir -p /etc/systemd/system/{docker,swarm-agent,swarm-manager}.service.d",
"cat <<'EOF' > /tmp/10-docker-service.conf\n${template_file.10_docker_service.rendered}\nEOF",
"sudo mv /tmp/10-docker-service.conf /etc/systemd/system/docker.service.d/",
"sudo systemctl daemon-reload",
"sudo systemctl restart docker.service",
"sudo systemctl start swarm-agent.service",
"sudo systemctl start swarm-manager.service",
"sudo systemctl enable swarm-agent.service",
"sudo systemctl enable swarm-manager.service",
]
connection {
user = "core"
}
}
depends_on = [
"template_file.cloud_init"
]
}
output "swarm_cluster" {
value = "\nEnvironment Variables for accessing Docker Swarm via floating IP of first host:\nexport DOCKER_HOST=tcp://${openstack_networking_floatingip_v2.coreos.0.address}:2375\nexport DOCKER_TLS_VERIFY=1\nexport DOCKER_CERT_PATH=${path.module}/files/ssl"
}