Merge pull request #4 from utilitywarehouse/terraform

Add terraform module to the application repostory

Author: george-angel

README.md

@@ -27,23 +27,9 @@ docker will create it as directory:
 > exist on the Docker host, -v will create the endpoint for you. It is always
 > created as a directory.
 
-```
-[Unit]
-Description=ssh-key-agent
-After=docker.service
-Requires=docker.service
-[Service]
-Restart=on-failure
-ExecStartPre=-/bin/mkdir -p /home/user/.ssh/
-ExecStartPre=-/usr/bin/touch /home/user/.ssh/authorized_keys
-ExecStart=/bin/sh -c 'docker run --name=%p_$(uuidgen) --rm \
- -v /home/user/.ssh/authorized_keys:/authorized_keys \
- -e SKA_KEY_URI=https://[app/bucket]/authmap \
- -e [email protected],[email protected] \
- -e SKA_AKF_LOC=/authorized_keys \
- -e SKA_INTERVAL=60 \
- quay.io/utilitywarehouse/ssh-key-agent'
-ExecStop=/bin/sh -c 'docker stop -t 3 "$(docker ps -q --filter=name=%p_)"'
-[Install]
-WantedBy=multi-user.target
-```
+example Systemd service: [./terraform/resources/ssh-key-agent.service](./terraform/resources/ssh-key-agent.service)
+
+### terraform module
+
+Repository includes a terraform module, for use instructions have a look at
+[./terraform/README.md](./terraform/README.md)

terraform/README.md

@@ -0,0 +1,25 @@
+This terraform module returns an ignition systemd unit for running
+ssh-key-agent as a service on Kinvolk's Flatcar Linux.
+
+## Input Variables
+The input variables are documented in their description and it's best to refer
+to [variables.tf](variables.tf).
+
+## Outputs
+- `id` - the id of the ignition systemd unit file
+- `template_rendered` - the systemd unit template, rendered with the provided variables
+
+## Usage
+```hcl
+module "ssh_key_agent" {
+  source = "github.com/utilitywarehouse/tf_ssh_key_agent"
+
+  groups  = [
+    "[email protected]",
+    "[email protected]"
+  ]
+
+  ssh_key_agent_version = "1.0.4"
+  uri                   = "https://s3-eu-west-1.amazonaws.com/example-keys-cache/authmap"
+}
+```

terraform/main.tf

@@ -0,0 +1,15 @@
+data "template_file" "ssh-key-agent" {
+  template = "${file("${path.module}/resources/ssh-key-agent.service")}"
+
+  vars = {
+    uri     = var.uri
+    groups  = "${join(",", var.groups)}"
+    version = var.ssh_key_agent_version
+  }
+}
+
+data "ignition_systemd_unit" "ssh-key-agent" {
+  name    = "ssh-key-agent.service"
+  enabled = var.enabled
+  content = data.template_file.ssh-key-agent.rendered
+}

terraform/outputs.tf

@@ -0,0 +1,7 @@
+output "id" {
+  value = data.ignition_systemd_unit.ssh-key-agent.id
+}
+
+output "template_rendered" {
+  value = data.template_file.ssh-key-agent.rendered
+}

terraform/resources/ssh-key-agent.service

@@ -0,0 +1,21 @@
+[Unit]
+Description=ssh-key-agent
+After=docker.service
+Requires=docker.service
+[Service]
+Restart=on-failure
+ExecStartPre=-/usr/bin/mkdir -p /home/core/.ssh
+ExecStartPre=-/usr/bin/touch /home/core/.ssh/authorized_keys
+ExecStartPre=-/usr/bin/chown -R "core":"core" /home/core/.ssh
+ExecStartPre=-/usr/bin/chmod 700 /home/core/.ssh
+ExecStartPre=-/usr/bin/chmod 644 /home/core/.ssh/authorized_keys
+ExecStart=/bin/sh -c 'docker run --name=%p_$(uuidgen) --rm \
+ -v /home/core/.ssh/authorized_keys:/authorized_keys \
+ -e SKA_KEY_URI=${uri} \
+ -e SKA_GROUPS=${groups} \
+ -e SKA_AKF_LOC=/authorized_keys \
+ -e SKA_INTERVAL=60 \
+ quay.io/utilitywarehouse/ssh-key-agent:${version}'
+ExecStop=/bin/sh -c 'docker stop -t 3 "$(docker ps -q --filter=name=%p_)"'
+[Install]
+WantedBy=multi-user.target

terraform/variables.tf

@@ -0,0 +1,20 @@
+variable "uri" {
+  type        = string
+  description = "The S3 URI of the authmap file"
+}
+
+variable "groups" {
+  type        = list
+  description = "A list of allowed google groups"
+}
+
+variable "ssh_key_agent_version" {
+  type        = string
+  description = "The ssh-key-agent version"
+}
+
+variable "enabled" {
+  type        = string
+  default     = true
+  description = "Whether or not the service shall be enabled"
+}

terraform/versions.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_providers {
+    ignition = {
+      source = "terraform-providers/ignition"
+    }
+    template = {
+      source = "hashicorp/template"
+    }
+  }
+  required_version = ">= 0.13"
+}