2HoursProject/terraform-lxd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial

Browse Source
This commit is contained in:
cpu
2024-01-27 17:18:18 +01:00
parent 3736e05a82
commit c9d6341a55
6 changed files with 313 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
.terraform.lock.hcl generated Normal file
View File

@@ -0,0 +1,23 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/terraform-lxd/lxd" {
version = "1.10.4"
constraints = "1.10.4"
hashes = [
"h1:bXGKFYEGvMUcFXzqbeuBuowMWANGchExHYHfmRynLGM=",
"zh:05cecd3928cf51c4f4bb081f5a5a9081c545f0c69087541e82ad92b57633e145",
"zh:18f9e5221adcc46a51917387959c64020142ec071880cd9ec43657cab24bb4ec",
"zh:486a5afb0f3fa33c6192ecdcbc08d5a2a936d30be3e5c6fa0725b12a1278cd37",
"zh:63bbf325f12ca9402483bd52b01fb455ff5e51b8f761cda136f8f48ae8226195",
"zh:6b3bdda7b857a6e0c0cc6ee78b018df6a72ddb738ee8831b19c3640b57e169c4",
"zh:795154f7632675ee881296034755955d4e891141086f0d3ce57cfdc103c2b800",
"zh:8218468736d15f0d0c2f7c41c9cdaefe9ac8388d676f2284118ae4818dd1504f",
"zh:89760aa6034befb723ee569dd807645b6fdee1fa105e40eab38fe72c5e8ea9ec",
"zh:91c3c20467e88143d2a5ce7bca8d9bb0774026215dbf634dff031abd0f55e59f",
"zh:9332081c150e0f2ea7f3a4f7a522a0bc7ba1edb7e94eb2d2c7e328610752e7e3",
"zh:947eb2094a036075f99964d720d5f611bc48d37c26c3db1d789488ae12a05056",
"zh:9ef747640207e23923b576182165eb819266ac769bd479add23a06833811aa3b",
"zh:f0c6d452e6ebb44433861936794697bbdfc7b4364b65e36363b8c80a1f79c9a2",
]
}

84
README.md
View File

@@ -1,2 +1,86 @@
# terraform-lxd # terraform-lxd
Terraform with LXD: Creates a LXD Container, ZFS Pool, Userdata, etc.
## Provider
Using the [terraform-provider-lxd](https://registry.terraform.io/providers/terraform-lxd/lxd/latest/docs) to provision a LXD container.
## Pre-Requisites
You will require a host with LXD and you will also require to initialize the host and setup remote connections:
```bash
sudo snap install lxd
lxd init --minimal
lxc config set core.https_address IP_ADDRESS:8443
lxc config set core.trust_password A-SECURE-LXD-PASSWORD
sudo ufw allow in on lan to IP_ADDRESS port 8443 proto tcp
sudo ufw allow in on wg0 to IP_ADDRESS port 8443 proto tcp
```
## Setup the client machine e.g. a notebook
```bash
sudo snap install lxd
lxc remote add zot IP_ADDRESS
lxc remote switch zot
lxc remote list
lxc list # shows instances running on the server zot
lxc shell ubuntu # login as root to the container ubuntu
lxc exec ubuntu -- uname -a # run a command inside the container ubuntu
```
## Terraform
Populate your `lxd_host`, `lxd_password` and other variables in `terraform.tfvars` to fit your environment.
Then provision a lxd instance and a zfs storage pool with terraform:
```bash
terraform init
terraform plan
terraform apply
Outputs:
ip = "10.0.10.134"
```
Execute the interactive shell inside the instance
`lxc shell ubuntu`
Check if the configuration finished
`cloud-init status --wait`
Check the validation status
`cloud-init schema --system --annotate`
See the config
`cloud-init query userdata`
Delete the container ubuntu using terraform
`terraform destroy --target lxd_instance.ubuntu`
## SSH Config
Then we should be able to ssh as an ldap user e.g. john:
```bash
$ ssh john@ubuntu.lxd
Warning: Permanently added 'x.x.x.x' (x) to the list of known hosts.
Warning: Permanently added '10.0.10.134' (ED25519) to the list of known hosts.
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.4.0-122-generic x86_64)
john@ubuntu:~$
```
Or as ubuntu using a private key. The public key is set in the variable `ssh_pub_key` in file `terraform.tfvars`
```bash
$ ssh -i .ssh/id_ed25519 ubuntu@ubuntu.lxd
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.4.0-122-generic x86_64)
ubuntu@ubuntu:~$
```
## If groups have changed in the LDAP cache must be invalidated. Flush nscd groups cache
`sudo nscd --invalidate=group`

149
main.tf Normal file
View File

@@ -0,0 +1,149 @@
resource "lxd_storage_pool" "virt" {
name = "virt-pool"
driver = "zfs"
config = {
source = "/var/snap/lxd/common/lxd/disks/virt-pool.img"
"zfs.pool_name" = "virt-pool"
size = "50GB"
}
}
resource "lxd_volume" "volume" {
name = "virt-volume"
pool = lxd_storage_pool.virt.name
config = {
size = "10GB"
}
}
resource "lxd_network" "lxdbr1" {
name = "lxdbr1"
type = "bridge"
config = {
"ipv4.address" = "10.0.10.1/24"
"ipv4.nat" = "true"
"ipv6.address" = "none"
}
}
resource "lxd_profile" "virt" {
name = "virt"
description = "virt LXD profile"
config = {
"limits.cpu" = 2
"limits.memory" = "3GB"
}
device {
name = "eth0"
type = "nic"
properties = {
name = "eth0"
network = "lxdbr1"
}
}
device {
type = "disk"
name = "root"
properties = {
pool = lxd_storage_pool.virt.name
path = "/"
size = "5GiB"
}
}
}
locals {
# 'lxc.idmap' and 'lxc.cgroup2.devices.allow'
# couse errors
lxc-raw = <<EOF
lxc.idmap =
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 44
lxc.idmap = g 44 44 1
lxc.idmap = g 45 100045 65
lxc.idmap = g 110 109 1
lxc.idmap = g 111 100111 65425
lxc.cgroup2.devices.allow = c 226:0 rwm
lxc.cgroup2.devices.allow = c 226:128 rwm
lxc.mount.entry = /dev/dri/card0 dev/dri/card0 none bind,optional,create=file
lxc.mount.entry = /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file
EOF
cloud-init-config = <<EOF
#cloud-config
disable_root: True
ssh_pwauth: True
users:
- default
package_upgrade: true
apt:
debconf_selections:
set01: ldap-auth-config ldap-auth-config/bindpw password ${var.ldap_rootbindpw}
set02: ldap-auth-config ldap-auth-config/rootbindpw password ${var.ldap_rootbindpw}
set03: ldap-auth-config ldap-auth-config/ldapns/ldap-server string ${var.ldap_url}
set04: ldap-auth-config ldap-auth-config/dblogin boolean false
set05: ldap-auth-config ldap-auth-config/override boolean true
set06: ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3
set07: ldap-auth-config ldap-auth-config/rootbinddn string ${var.ldap_rootbinddn}
set08: ldap-auth-config ldap-auth-config/pam_password select crypt
set09: ldap-auth-config ldap-auth-config/ldapns/base-dn string ${var.ldap_searchbase}
set10: ldap-auth-config ldap-auth-config/move-to-debconf boolean true
set11: ldap-auth-config ldap-auth-config/dbrootlogin boolean true
packages:
- libnss-ldap
- libpam-ldap
- ldap-utils
- nscd
timezone: Europe/Bratislava
runcmd:
- sed -i '/^passwd:/ s/$/ ldap/' /etc/nsswitch.conf
- sed -i '/^group:/ s/$/ ldap/' /etc/nsswitch.conf
- sed -i 's/use_authtok//' /etc/pam.d/common-password
- echo "session optional pam_mkhomedir.so skel=/etc/skel umask=077" >>/etc/pam.d/common-session
EOF
}
resource "lxd_cached_image" "jammy" {
source_remote = "ubuntu"
source_image = "22.04"
}
resource "lxd_instance" "ubuntu" {
name = "ubuntu"
image = lxd_cached_image.jammy.fingerprint
profiles = ["virt"]
ephemeral = false
config = {
"boot.autostart" = true
"user.user-data" = local.cloud-init-config
# "raw.lxc" = local.lxc-raw
}
limits = {
cpu = 2
}
device {
name = "virt-volume"
type = "disk"
properties = {
path = "/mnt/data"
source = lxd_volume.volume.name
pool = lxd_storage_pool.virt.name
}
}
device {
name = "shareddisk"
type = "disk"
properties = {
path = "/mnt/raid5"
source = "/mnt/raid5"
}
}
}

3
outputs.tf Normal file
View File

@@ -0,0 +1,3 @@
output "ubuntu_ip" {
value = lxd_instance.ubuntu.ipv4_address
}

24
provider.tf Normal file
View File

@@ -0,0 +1,24 @@
terraform {
required_providers {
lxd = {
source = "terraform-lxd/lxd"
version = "1.10.4"
}
}
}
provider "lxd" {
generate_client_certificates = true
accept_remote_certificate = true
lxd_remote {
name = "my-lxd-host"
scheme = "https"
address = var.lxd_host
port = var.lxd_port
password = var.lxd_password
default = true
}
}

30
variables.tf Normal file
View File

@@ -0,0 +1,30 @@
variable "lxd_host" {
type = string
}
variable "lxd_port" {
type = string
default = "8443"
}
variable "lxd_password" {
type = string
}
variable "ldap_rootbinddn" {
type = string
}
variable "ldap_rootbindpw" {
type = string
}
variable "ldap_url" {
type = string
}
variable "ldap_searchbase" {
type = string
}