2.1 KiB
terraform-lxd
Terraform with LXD: Creates a LXD Container, ZFS Pool, Userdata, etc.
Provider
Using the terraform-provider-lxd to provision a LXD container.
Pre-Requisites
You will require a host with LXD and you will also require to initialize the host and setup remote connections:
sudo snap install lxd
lxd init --minimal
lxc config set core.https_address LXD_HOST_IP_ADDRESS:8443
lxc config set core.trust_password A-SECURE-LXD-PASSWORD
sudo ufw allow in on lan to LXD_HOST_IP_ADDRESS port 8443 proto tcp
sudo ufw allow in on wg0 to LXD_HOST_IP_ADDRESS port 8443 proto tcp
Setup the client machine e.g. a notebook
sudo snap install lxd
lxc remote add zot LXD_HOST_IP_ADDRESS
lxc remote switch zot # make the zot the default
lxc remote list
lxc list # shows instances running on the remote zot
lxc shell ubuntu # login as root to the container ubuntu
lxc exec ubuntu -- uname -a # run a command inside the container ubuntu
Terraform
Populate your lxd_host, lxd_password and other variables in terraform.tfvars to fit your environment.
Then provision a lxd instance and a zfs storage pool with terraform:
terraform init
terraform plan
terraform apply -auto-approve
Outputs:
ip = "10.0.10.134"
Execute the interactive shell inside the instance
lxc shell ubuntu
Check if the configuration finished
cloud-init status --wait
Check the validation status
cloud-init schema --system --annotate
See the config
cloud-init query userdata
Delete the container ubuntu using terraform
terraform destroy --target lxd_instance.ubuntu -auto-approve
SSH Config
Then we should be able to ssh as an ldap user e.g. john:
$ ssh john@ubuntu.lxd
Warning: Permanently added 'x.x.x.x' (x) to the list of known hosts.
Warning: Permanently added '10.0.10.134' (ED25519) to the list of known hosts.
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.4.0-122-generic x86_64)
john@ubuntu:~$
If groups have changed in the LDAP the cache must be invalidated. Flush nscd groups cache
sudo nscd --invalidate=group