diff --git a/CHANGES.md b/CHANGES.md index fda2560a..d73b03ac 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -8,7 +8,7 @@ Notable changes between releases. * Publish Matchbox images from internal infra to Quay (`quay.io/poseidon/matchbox`) * Update Go version from v1.13.4 to v1.14.9 * Update base image from `alpine:3.10` to `alpine:3.12` ([#784](https://github.com/poseidon/matchbox/pull/784)) -* Refresh docs and examples for Fedora CoreOS and Flatcar Linux ([#815](https://github.com/poseidon/matchbox/pull/815)) +* Refresh docs and examples for Fedora CoreOS and Flatcar Linux ([#815](https://github.com/poseidon/matchbox/pull/815), [#816](https://github.com/poseidon/matchbox/pull/816)) * Update Kubernetes manifest examples ([#791](https://github.com/poseidon/matchbox/pull/791)) * Include `contrib/k8s` in release tarballs ([#788](https://github.com/poseidon/matchbox/pull/788)) * Remove RPM spec file (Copr publishing stopped in v0.6) diff --git a/README.md b/README.md index 5862b468..4e5a4c1d 100644 --- a/README.md +++ b/README.md @@ -23,14 +23,14 @@ Matchbox can be installed from a binary or a container image. ## Tutorials -[Getting started](docs/getting-started.md) provisioning machines with Fedora CoreOS or Flatcar Linux. +Start provisioning machines with Fedora CoreOS or Flatcar Linux. +* [Terraform Usage](docs/getting-started.md) + * Fedora CoreOS (PXE install to disk) + * Flatcar Linux (PXE install to disk) * [Local QEMU/KVM](docs/getting-started-docker.md) * Fedora CoreOS (live PXE or PXE install to disk) * Flatcar Linux (live PXE or PXE install to disk) -* Clusters - * [etcd3](docs/getting-started-docker.md) - Install a 3-node etcd3 cluster - * [etcd3](https://github.com/poseidon/matchbox/tree/master/examples/terraform/etcd3-install) - Install a 3-node etcd3 cluster (terraform-based) ## Contrib diff --git a/docs/deployment.md b/docs/deployment.md index 0c9dc880..be2e58d9 100644 --- a/docs/deployment.md +++ b/docs/deployment.md @@ -8,10 +8,9 @@ This guide walks through deploying the `matchbox` service on a Linux host (as a Choose one of the supported installation options: -* [CoreOS Container Linux](#coreos-container-linux) * [Generic Linux (binary)](#generic-linux) -* [With docker](#docker) * [Kubernetes Service](#kubernetes) +* [With docker](#docker) ## Download @@ -118,7 +117,7 @@ Export `SAN` to set the Subject Alt Names which should be used in certificates. ```sh # DNS or IP Subject Alt Names where matchbox runs -$ export SAN=DNS.1:matchbox.example.com,IP.1:172.18.0.2 +$ export SAN=DNS.1:matchbox.example.com,IP.1:172.17.0.2 ``` Generate a `ca.crt`, `server.crt`, `server.key`, `client.crt`, and `client.key`. diff --git a/docs/getting-started.md b/docs/getting-started.md index f3aea7ab..78caf16c 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -1,6 +1,6 @@ # Getting started -In this tutorial, we'll use `matchbox` with Terraform to provision Container Linux machines. +In this tutorial, we'll use `matchbox` with Terraform to provision Fedora CoreOS or Flatcar Linux machines. We'll install the `matchbox` service, setup a PXE network boot environment, and use Terraform configs to declare infrastructure and apply resources on `matchbox`. @@ -8,7 +8,7 @@ We'll install the `matchbox` service, setup a PXE network boot environment, and Install `matchbox` on a host server or Kubernetes cluster. Generate TLS credentials and enable the gRPC API as directed. Save the `ca.crt`, `client.crt`, and `client.key` on your local machine (e.g. `~/.matchbox`). -* Installing on [Container Linux / other distros](deployment.md) +* Installing on a [Linux distro](deployment.md) * Installing on [Kubernetes](deployment.md#kubernetes) * Running with [docker](deployment.md#docker) @@ -30,115 +30,139 @@ $ openssl s_client -connect matchbox.example.com:8081 \ ## Terraform -Install [Terraform][terraform-dl] v0.11+ on your system. +Install [Terraform][https://www.terraform.io/downloads.html] v0.13+ on your system. ```sh $ terraform version -Terraform v0.11.13 +Terraform v0.13.3 ``` -Add the [terraform-provider-matchbox](https://github.com/poseidon/terraform-provider-matchbox) plugin binary for your system to `~/.terraform.d/plugins/`, noting the final name. +### Examples -```sh -wget https://github.com/poseidon/terraform-provider-matchbox/releases/download/v0.2.3/terraform-provider-matchbox-v0.2.3-linux-amd64.tar.gz -tar xzf terraform-provider-matchbox-v0.2.3-linux-amd64.tar.gz -mv terraform-provider-matchbox-v0.2.3-linux-amd64/terraform-provider-matchbox ~/.terraform.d/plugins/terraform-provider-matchbox_v0.2.3 -``` - -```sh -$ wget https://github.com/poseidon/terraform-provider-matchbox/releases/download/v0.2.3/terraform-provider-matchbox-v0.2.3-linux-amd64.tar.gz -$ tar xzf terraform-provider-matchbox-v0.2.3-linux-amd64.tar.gz -``` - -## First cluster - -Clone the matchbox source and take a look at the Terraform examples. +Clone the matchbox source. ```sh $ git clone https://github.com/poseidon/matchbox.git $ cd matchbox/examples/terraform ``` -Let's start with the `simple-install` example. With `simple-install`, any machines which PXE boot from matchbox will install Container Linux to `dev/sda`, reboot, and have your SSH key set. Its not much of a cluster, but we'll get to that later. +Select from the Terraform [examples](https://github.com/poseidon/matchbox/tree/master/examples/terraform). For example, + +* `fedora-coreos-install` - PXE boot, install Fedora CoreOS to disk, reboot, and machines come up with your SSH authorized key set +* `flatcar-install` - PXE boot, install Flatcar Linux to disk, reboot, and machines come up with your SSH authorized key set + +These aren't exactly full clusters, but they show declarations and network provisioning. ```sh -$ cd simple-install +$ cd fedora-coreos-install # or flatcar-install ``` -Configure the variables in `variables.tf` by creating a `terraform.tfvars` file. +!!! note + Fedora CoreOS images are only served via HTTPS, so your iPXE firmware must be compiled to support HTTPS downloads. -```hcl +Let's review the terraform config and learn a bit about Matchbox. + +### Provider + +Matchbox is configured as a provider platform for bare-metal resources. + +```tf +// Configure the matchbox provider +provider "matchbox" { + endpoint = var.matchbox_rpc_endpoint + client_cert = file("~/.matchbox/client.crt") + client_key = file("~/.matchbox/client.key") + ca = file("~/.matchbox/ca.crt") +} + +terraform { + required_providers { + ct = { + source = "poseidon/ct" + version = "0.6.1" + } + matchbox = { + source = "poseidon/matchbox" + version = "0.4.1" + } + } +} +``` + +### Profiles + +Machine profiles specify the kernel, initrd, kernel args, Ignition Config, and other configs (e.g. templated Container Linux Config, Cloud-config, generic) used to network boot and provision a bare-metal machine. The profile below would PXE boot machines using a Fedora CoreOS kernel and initrd (see [assets](api-http.md#assets) to learn about caching for speed), perform a disk install, reboot (first boot from disk), and use a [Fedora CoreOS Config](https://github.com/coreos/fcct/blob/master/docs/configuration-v1_1.md) to generate an Ignition config to provision. + +```tf +// Fedora CoreOS profile +resource "matchbox_profile" "fedora-coreos-install" { + name = "worker" + kernel = "https://builds.coreos.fedoraproject.org/prod/streams/${var.os_stream}/builds/${var.os_version}/x86_64/fedora-coreos-${var.os_version}-live-kernel-x86_64" + initrd = [ + "https://builds.coreos.fedoraproject.org/prod/streams/${var.os_stream}/builds/${var.os_version}/x86_64/fedora-coreos-${var.os_version}-live-initramfs.x86_64.img", + "https://builds.coreos.fedoraproject.org/prod/streams/${var.os_stream}/builds/${var.os_version}/x86_64/fedora-coreos-${var.os_version}-live-rootfs.x86_64.img" + ] + + args = [ + "rd.neednet=1", + "coreos.inst.install_dev=/dev/sda", + "coreos.inst.ignition_url=${var.matchbox_http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}", + "coreos.inst.image_url=https://builds.coreos.fedoraproject.org/prod/streams/${var.os_stream}/builds/${var.os_version}/x86_64/fedora-coreos-${var.os_version}-metal.x86_64.raw.xz", + "console=tty0", + "console=ttyS0", + ] + + raw_ignition = data.ct_config.worker-ignition.rendered +} + +data "ct_config" "worker-ignition" { + content = data.template_file.worker-config.rendered + strict = true +} + +data "template_file" "worker-config" { + template = file("fcc/fedora-coreos.yaml") + vars = { + ssh_authorized_key = var.ssh_authorized_key + } +} +``` + +### Groups + +Matcher groups match machines based on labels like MAC, UUID, etc. to different profiles and templates in machine-specific values. The group below does not have a `selector` block, so any machines which network boot from Matchbox will match this group and be provisioned using the `fedora-coreos-install` profile. Machines are matched to the most specific matching group. + +```tf +// Default matcher group for machines +resource "matchbox_group" "default" { + name = "default" + profile = matchbox_profile.fedora-coreos-install.name +} +``` + +### Variables + +Some Terraform [variables](https://www.terraform.io/docs/configuration/variables.html) are used in the examples. A quick way to set their value is by creating a `terraform.tfvars` file. + +``` +cp terraform.tfvars.example terraform.tfvars +``` + +```tf matchbox_http_endpoint = "http://matchbox.example.com:8080" matchbox_rpc_endpoint = "matchbox.example.com:8081" ssh_authorized_key = "YOUR_SSH_KEY" ``` -Terraform can now interact with the matchbox service and create resources. - -```sh -$ terraform plan -Plan: 4 to add, 0 to change, 0 to destroy. -``` - -Let's review the terraform config and learn a bit about matchbox. - -#### Provider - -Matchbox is configured as a provider platform for bare-metal resources. - -```hcl -// Configure the matchbox provider -provider "matchbox" { - endpoint = "${var.matchbox_rpc_endpoint}" - client_cert = "${file("~/.matchbox/client.crt")}" - client_key = "${file("~/.matchbox/client.key")}" - ca = "${file("~/.matchbox/ca.crt")}" -} -``` - -#### Profiles - -Machine profiles specify the kernel, initrd, kernel args, Container Linux Config, Cloud-config, or other configs used to network boot and provision a bare-metal machine. This profile will PXE boot machines using the current stable Container Linux kernel and initrd (see [assets](api-http.md#assets) to learn about caching for speed) and supply a Container Linux Config specifying that a disk install and reboot should be performed. Learn more about [Container Linux configs](https://coreos.com/os/docs/latest/configuration.html). - -```hcl -// Create a CoreOS-install profile -resource "matchbox_profile" "coreos-install" { - name = "coreos-install" - kernel = "https://stable.release.core-os.net/amd64-usr/current/coreos_production_pxe.vmlinuz" - initrd = [ - "https://stable.release.core-os.net/amd64-usr/current/coreos_production_pxe_image.cpio.gz" - ] - args = [ - "coreos.config.url=${var.matchbox_http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}", - "coreos.first_boot=yes", - "console=tty0", - "console=ttyS0", - ] - container_linux_config = "${file("./cl/coreos-install.yaml.tmpl")}" -} -``` - -#### Groups - -Matcher groups match machines based on labels like MAC, UUID, etc. to different profiles and templates in machine-specific values. This group does not have a `selector` block, so any machines which network boot from matchbox will match this group and be provisioned using the `coreos-install` profile. Machines are matched to the most specific matching group. - -```hcl -resource "matchbox_group" "default" { - name = "default" - profile = "${matchbox_profile.coreos-install.name}" - # no selector means all machines can be matched - metadata { - ignition_endpoint = "${var.matchbox_http_endpoint}/ignition" - ssh_authorized_key = "${var.ssh_authorized_key}" - } -} -``` - ### Apply -Apply the terraform configuration. +Initialize the Terraform workspace. Then plan and apply the resources. -```sh +``` +terraform init +``` + +``` $ terraform apply Apply complete! Resources: 4 added, 0 changed, 0 destroyed. ``` @@ -148,13 +172,12 @@ Matchbox serves configs to machines and respects query parameters, if you're int * iPXE default - [/ipxe](http://matchbox.example.com:8080/ipxe) * Ignition default - [/ignition](http://matchbox.example.com:8080/ignition) * Ignition post-install - [/ignition?os=installed](http://matchbox.example.com:8080/ignition?os=installed) -* GRUB default - [/grub](http://matchbox.example.com:8080/grub) ## Network -Matchbox can integrate with many on-premise network setups. It does not seek to be the DHCP server, TFTP server, or DNS server for the network. Instead, matchbox serves iPXE scripts and GRUB configs as the entrypoint for provisioning network booted machines. PXE clients are supported by chainloading iPXE firmware. +Matchbox can integrate with many on-premise network setups. It does not seek to be the DHCP server, TFTP server, or DNS server for the network. Instead, matchbox serves iPXE scripts as the entrypoint for provisioning network booted machines. PXE clients are supported by chainloading iPXE firmware. -In the simplest case, an iPXE-enabled network can chain to matchbox, +In the simplest case, an iPXE-enabled network can chain to Matchbox, ``` # /var/www/html/ipxe/default.ipxe @@ -179,20 +202,19 @@ $ ipmitool -H node1.example.com -U USER -P PASS chassis bootdev pxe $ ipmitool -H node1.example.com -U USER -P PASS power on ``` -Each machine should chainload iPXE, delegate to `matchbox`, receive its iPXE config (or other supported configs) and begin the provisioning process. The `simple-install` example assumes your machines are configured to boot from disk first and PXE only when requested, but you can write profiles for different cases. +Each machine should chainload iPXE, delegate to Matchbox, receive its iPXE config (or other supported configs) and begin the provisioning process. The examples assume machines are configured to boot from disk first and PXE only when requested, but you can write profiles for different cases. -Once the Container Linux install completes and the machine reboots you can SSH, +Once the install completes and the machine reboots, you can SSH. ```ssh $ ssh core@node1.example.com ``` -To re-provision the machine for another purpose, run `terraform apply` and PXE boot it again. +To re-provision the machine for another purpose, run `terraform apply` and PXE boot machines again. ## Going Further -Matchbox can be used to provision multi-node Container Linux clusters at one or many on-premise sites if deployed in an HA way. Machines can be matched individually by MAC address, UUID, region, or other labels you choose. Installs can be made much faster by caching images in the built-in HTTP [assets](api-http.md#assets) server. +Matchbox can be used to provision multi-node Fedora CoreOS or Flatcar Linux clusters at one or many on-premise sites if deployed in an HA way. Machines can be matched individually by MAC address, UUID, region, or other labels you choose. Installs can be made much faster by caching images in the built-in HTTP [assets](api-http.md#assets) server. -[Container Linux configs](https://coreos.com/os/docs/latest/configuration.html) can be used to partition disks and filesystems, write systemd units, write networkd configs or regular files, and create users. Container Linux nodes can be provisioned into a system that meets your needs. Checkout the examples which create a 3 node [etcd](../examples/terraform/etcd3-install) cluster or a 3 node [Kubernetes](../examples/terraform/bootkube-install) cluster. +[Ignition](https://github.com/coreos/ignition) can be used to partition disks and filesystems, write systemd units, write networkd configs or regular files, and create users. Nodes can be network provisioned into a complete cluster system that meets your needs. For example, see [Typhoon](https://typhoon.psdn.io/fedora-coreos/bare-metal/). -[terraform-dl]: https://www.terraform.io/downloads.html diff --git a/docs/index.md b/docs/index.md index 4014c4d0..31729454 100644 --- a/docs/index.md +++ b/docs/index.md @@ -17,14 +17,14 @@ Matchbox can be installed from a binary or a container image. ## Tutorials -[Getting started](getting-started.md) provisioning machines with Fedora CoreOS or Flatcar Linux. +Start provisioning machines with Fedora CoreOS or Flatcar Linux. +* [Terraform Usage](getting-started.md) + * Fedora CoreOS (live PXE or PXE install to disk) + * Flatcar Linux (live PXE or PXE install to disk) * [Local QEMU/KVM](getting-started-docker.md) * Fedora CoreOS (live PXE or PXE install to disk) * Flatcar Linux (live PXE or PXE install to disk) -* Clusters - * [etcd3](getting-started-docker.md) - Install a 3-node etcd3 cluster - * [etcd3](https://github.com/poseidon/matchbox/tree/master/examples/terraform/etcd3-install) - Install a 3-node etcd3 cluster (terraform-based) ## Related diff --git a/examples/README.md b/examples/README.md index b14171e7..fe7683a0 100644 --- a/examples/README.md +++ b/examples/README.md @@ -1,6 +1,6 @@ # Examples -Matchbox automates network booting and provisioning of clusters. These examples show how to use matchbox on-premise or locally with [QEMU/KVM](scripts/README.md#libvirt). +Matchbox automates network booting and provisioning of clusters. These examples show how to use Matchbox on-premise or locally with QEMU/KVM. ## Terraform Examples @@ -8,12 +8,12 @@ These examples use [Terraform](https://www.terraform.io/intro/) as a client to M | Name | Description | |-------------------------------|-------------------------------| -| [simple-install](terraform/simple-install/) | Install Container Linux with an SSH key | -| [etcd3-install](terraform/etcd3-install/) | Install a 3-node etcd3 cluster | +| [fedora-coreos-install](terraform/fedora-coreos-install) | Fedora CoreOS disk install | +| [flatcar-install](terraform/flatcar-install) | Flatcar Linux disk install | ### Customization -Look through the examples and Terraform modules and use them as a starting point. Learn more about [matchbox](../docs/matchbox.md) and [Container Linux configs](../docs/container-linux-config.md). +Look through the examples and Terraform modules and use them as a starting point. Learn more about [matchbox](../docs/matchbox.md). ## Manual Examples @@ -30,7 +30,7 @@ These examples mount raw Matchbox objects into a Matchbox server's `/var/lib/mat For Fedora CoreOS, add an SSH authorized key to Fedora CoreOS Config (`ignition/fedora-coreos.yaml`) and regenerate the Ignition Config. -``` +```yaml variant: fcos version: 1.1.0 passwd: @@ -44,10 +44,9 @@ passwd: podman run -i --rm quay.io/coreos/fcct:release --pretty --strict < fedora-coreos.yaml > fedora-coreos.ign ``` -For Flatcar Linux, add a Matchbox variable to a Group to set the SSH authorized key (or directly update the Container Linux Config). +For Flatcar Linux, add a Matchbox variable to a Group (`groups/flatcar-install/flatcar.json`) to set the SSH authorized key (or directly update the Container Linux Config). -``` -# groups/flatcar-install/flatcar.json +```json { "id": "stage-1", "name": "Flatcar Linux", @@ -60,4 +59,3 @@ For Flatcar Linux, add a Matchbox variable to a Group to set the SSH authorized } } ``` - diff --git a/examples/terraform/etcd3-install/README.md b/examples/terraform/etcd3-install/README.md deleted file mode 100644 index de41e048..00000000 --- a/examples/terraform/etcd3-install/README.md +++ /dev/null @@ -1,103 +0,0 @@ -# etcd3 - -The `etcd3-install` example shows how to use matchbox to network boot and provision 3-node etcd3 cluster on bare-metal in an automated way. - -## Requirements - -Follow the getting started [tutorial](../../../docs/getting-started.md) to learn about matchbox and set up an environment that meets the requirements: - -* Matchbox v0.6+ [installation](../../../docs/deployment.md) with gRPC API enabled -* Matchbox provider credentials `client.crt`, `client.key`, and `ca.crt` -* PXE [network boot](../../../docs/network-setup.md) environment -* Terraform v0.9+ and [terraform-provider-matchbox](https://github.com/poseidon/terraform-provider-matchbox) installed locally on your system -* 3 machines with known DNS names and MAC addresses - -If you prefer to provision QEMU/KVM VMs on your local Linux machine, set up the matchbox [development environment](../../../docs/getting-started-docker.md). - -```sh -sudo ./scripts/devnet create -``` - -## Usage - -Clone the [matchbox](https://github.com/poseidon/matchbox) project and take a look at the cluster examples. - -```sh -$ git clone https://github.com/poseidon/matchbox.git -$ cd matchbox/examples/terraform/etcd3-install -``` - -Copy the `terraform.tfvars.example` file to `terraform.tfvars`. Ensure `provider.tf` references your matchbox credentials. - -```hcl -matchbox_http_endpoint = "http://matchbox.example.com:8080" -matchbox_rpc_endpoint = "matchbox.example.com:8081" -ssh_authorized_key = "ADD ME" -``` - -Configs in `etcd3-install` configure the matchbox provider, define profiles (e.g. `cached-container-linux-install`, `etcd3`), and define 3 groups which match machines by MAC address to a profile. These resources declare that the machines should PXE boot, install Container Linux to disk, and provision themselves into peers in a 3-node etcd3 cluster. - -Note: The `cached-container-linux-install` profile will PXE boot and install Container Linux from matchbox [assets](https://github.com/poseidon/matchbox/blob/master/docs/api.md#assets). If you have not populated the assets cache, use the `container-linux-install` profile to use public images (slower). - -### Optional - -You may set certain optional variables to override defaults. - -```hcl -# install_disk = "/dev/sda" -# container_linux_oem = "" -``` - -## Apply - -Fetch the [profiles](../README.md#modules) Terraform [module](https://www.terraform.io/docs/modules/index.html) which let's you use common machine profiles maintained in the matchbox repo (like `etcd3`). - -```sh -$ terraform get -``` - -Plan and apply to create the resoures on Matchbox. - -```sh -$ terraform plan -Plan: 10 to add, 0 to change, 0 to destroy. -$ terraform apply -Apply complete! Resources: 10 added, 0 changed, 0 destroyed. -``` - -## Machines - -Power on each machine (with PXE boot device on next boot). Machines should network boot, install Container Linux to disk, reboot, and provision themselves as a 3-node etcd3 cluster. - -```sh -$ ipmitool -H node1.example.com -U USER -P PASS chassis bootdev pxe -$ ipmitool -H node1.example.com -U USER -P PASS power on -``` - -For local QEMU/KVM development, create the QEMU/KVM VMs. - -```sh -$ sudo ./scripts/libvirt create -$ sudo ./scripts/libvirt [start|reboot|shutdown|poweroff|destroy] -``` - -## Verify - -Verify each node is running etcd3 (i.e. etcd-member.service). - -```sh -$ ssh core@node1.example.com -$ systemctl status etcd-member -``` - -Verify that etcd3 peers are healthy and communicating. - -```sh -$ etcdctl cluster-health -$ etcdctl set /message hello -$ etcdctl get /message -``` - -## Going Further - -Learn more about [matchbox](../../../docs/matchbox.md) or explore the other [example](../) clusters. diff --git a/examples/terraform/etcd3-install/etcd3.tf b/examples/terraform/etcd3-install/etcd3.tf deleted file mode 100644 index dde13dac..00000000 --- a/examples/terraform/etcd3-install/etcd3.tf +++ /dev/null @@ -1,74 +0,0 @@ -// Create popular profiles (convenience module) -module "profiles" { - source = "../modules/profiles" - matchbox_http_endpoint = "${var.matchbox_http_endpoint}" - container_linux_version = "1967.3.0" - container_linux_channel = "stable" - install_disk = "${var.install_disk}" - container_linux_oem = "${var.container_linux_oem}" -} - -// Install Container Linux to disk before provisioning -resource "matchbox_group" "default" { - name = "default" - profile = "${module.profiles.cached-container-linux-install}" - - // No selector, matches all nodes - - metadata { - ssh_authorized_key = "${var.ssh_authorized_key}" - } -} - -// Create matcher groups for 3 machines - -resource "matchbox_group" "node1" { - name = "node1" - profile = "${module.profiles.etcd3}" - - selector { - mac = "52:54:00:a1:9c:ae" - os = "installed" - } - - metadata { - domain_name = "node1.example.com" - etcd_name = "node1" - etcd_initial_cluster = "node1=http://node1.example.com:2380,node2=http://node2.example.com:2380,node3=http://node3.example.com:2380" - ssh_authorized_key = "${var.ssh_authorized_key}" - } -} - -resource "matchbox_group" "node2" { - name = "node2" - profile = "${module.profiles.etcd3}" - - selector { - mac = "52:54:00:b2:2f:86" - os = "installed" - } - - metadata { - domain_name = "node2.example.com" - etcd_name = "node2" - etcd_initial_cluster = "node1=http://node1.example.com:2380,node2=http://node2.example.com:2380,node3=http://node3.example.com:2380" - ssh_authorized_key = "${var.ssh_authorized_key}" - } -} - -resource "matchbox_group" "node3" { - name = "node3" - profile = "${module.profiles.etcd3}" - - selector { - mac = "52:54:00:c3:61:77" - os = "installed" - } - - metadata { - domain_name = "node3.example.com" - etcd_name = "node3" - etcd_initial_cluster = "node1=http://node1.example.com:2380,node2=http://node2.example.com:2380,node3=http://node3.example.com:2380" - ssh_authorized_key = "${var.ssh_authorized_key}" - } -} diff --git a/examples/terraform/etcd3-install/provider.tf b/examples/terraform/etcd3-install/provider.tf deleted file mode 100644 index 01ab1d93..00000000 --- a/examples/terraform/etcd3-install/provider.tf +++ /dev/null @@ -1,7 +0,0 @@ -// Configure the matchbox provider -provider "matchbox" { - endpoint = "${var.matchbox_rpc_endpoint}" - client_cert = "${file("~/.matchbox/client.crt")}" - client_key = "${file("~/.matchbox/client.key")}" - ca = "${file("~/.matchbox/ca.crt")}" -} diff --git a/examples/terraform/etcd3-install/variables.tf b/examples/terraform/etcd3-install/variables.tf deleted file mode 100644 index 0e593773..00000000 --- a/examples/terraform/etcd3-install/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ -variable "matchbox_http_endpoint" { - type = "string" - description = "Matchbox HTTP read-only endpoint (e.g. http://matchbox.example.com:8080)" -} - -variable "matchbox_rpc_endpoint" { - type = "string" - description = "Matchbox gRPC API endpoint, without the protocol (e.g. matchbox.example.com:8081)" -} - -variable "ssh_authorized_key" { - type = "string" - description = "SSH public key to set as an authorized_key on machines" -} - -# optional - -variable "install_disk" { - type = "string" - default = "/dev/sda" - description = "Disk device to which the install profiles should install Container Linux (e.g. /dev/sda)" -} - -variable "container_linux_oem" { - type = "string" - default = "" - description = "Specify an OEM image id to use as base for the installation (e.g. ami, vmware_raw, xen) or leave blank for the default image" -} diff --git a/examples/terraform/fedora-coreos-install/fcc/fedora-coreos.yaml b/examples/terraform/fedora-coreos-install/fcc/fedora-coreos.yaml new file mode 100644 index 00000000..3bbfcc09 --- /dev/null +++ b/examples/terraform/fedora-coreos-install/fcc/fedora-coreos.yaml @@ -0,0 +1,7 @@ +variant: fcos +version: 1.1.0 +passwd: + users: + - name: core + ssh_authorized_keys: + - ${ssh_authorized_key} diff --git a/examples/terraform/fedora-coreos-install/groups.tf b/examples/terraform/fedora-coreos-install/groups.tf new file mode 100644 index 00000000..4f226987 --- /dev/null +++ b/examples/terraform/fedora-coreos-install/groups.tf @@ -0,0 +1,6 @@ +// Default matcher group for machines +resource "matchbox_group" "default" { + name = "default" + profile = matchbox_profile.fedora-coreos-install.name +} + diff --git a/examples/terraform/fedora-coreos-install/profiles.tf b/examples/terraform/fedora-coreos-install/profiles.tf new file mode 100644 index 00000000..31aa40d4 --- /dev/null +++ b/examples/terraform/fedora-coreos-install/profiles.tf @@ -0,0 +1,34 @@ +// Fedora CoreOS profile +resource "matchbox_profile" "fedora-coreos-install" { + name = "worker" + kernel = "https://builds.coreos.fedoraproject.org/prod/streams/${var.os_stream}/builds/${var.os_version}/x86_64/fedora-coreos-${var.os_version}-live-kernel-x86_64" + initrd = [ + "https://builds.coreos.fedoraproject.org/prod/streams/${var.os_stream}/builds/${var.os_version}/x86_64/fedora-coreos-${var.os_version}-live-initramfs.x86_64.img", + "https://builds.coreos.fedoraproject.org/prod/streams/${var.os_stream}/builds/${var.os_version}/x86_64/fedora-coreos-${var.os_version}-live-rootfs.x86_64.img" + ] + + args = [ + "rd.neednet=1", + "coreos.inst.install_dev=/dev/sda", + "coreos.inst.ignition_url=${var.matchbox_http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}", + "coreos.inst.image_url=https://builds.coreos.fedoraproject.org/prod/streams/${var.os_stream}/builds/${var.os_version}/x86_64/fedora-coreos-${var.os_version}-metal.x86_64.raw.xz", + "console=tty0", + "console=ttyS0", + ] + + raw_ignition = data.ct_config.worker-ignition.rendered +} + +data "ct_config" "worker-ignition" { + content = data.template_file.worker-config.rendered + strict = true +} + +data "template_file" "worker-config" { + template = file("fcc/fedora-coreos.yaml") + vars = { + ssh_authorized_key = var.ssh_authorized_key + } +} + + diff --git a/examples/terraform/fedora-coreos-install/provider.tf b/examples/terraform/fedora-coreos-install/provider.tf new file mode 100644 index 00000000..8d1878fb --- /dev/null +++ b/examples/terraform/fedora-coreos-install/provider.tf @@ -0,0 +1,20 @@ +// Configure the matchbox provider +provider "matchbox" { + endpoint = var.matchbox_rpc_endpoint + client_cert = file("~/.matchbox/client.crt") + client_key = file("~/.matchbox/client.key") + ca = file("~/.matchbox/ca.crt") +} + +terraform { + required_providers { + ct = { + source = "poseidon/ct" + version = "0.6.1" + } + matchbox = { + source = "poseidon/matchbox" + version = "0.4.1" + } + } +} diff --git a/examples/terraform/etcd3-install/terraform.tfvars.example b/examples/terraform/fedora-coreos-install/terraform.tfvars.example similarity index 50% rename from examples/terraform/etcd3-install/terraform.tfvars.example rename to examples/terraform/fedora-coreos-install/terraform.tfvars.example index 8ff0909b..dcd2f96a 100644 --- a/examples/terraform/etcd3-install/terraform.tfvars.example +++ b/examples/terraform/fedora-coreos-install/terraform.tfvars.example @@ -1,7 +1,4 @@ matchbox_http_endpoint = "http://matchbox.example.com:8080" matchbox_rpc_endpoint = "matchbox.example.com:8081" -# ssh_authorized_key = "ADD ME" - -# Optional (defaults) -# install_disk = "/dev/sda" -# container_linux_oem = "" +os_version = "32.20200923.3.0" +ssh_authorized_key = "YOUR_SSH_KEY" diff --git a/examples/terraform/fedora-coreos-install/variables.tf b/examples/terraform/fedora-coreos-install/variables.tf new file mode 100644 index 00000000..395cf344 --- /dev/null +++ b/examples/terraform/fedora-coreos-install/variables.tf @@ -0,0 +1,26 @@ +variable "matchbox_http_endpoint" { + type = string + description = "Matchbox HTTP read-only endpoint (e.g. http://matchbox.example.com:8080)" +} + +variable "matchbox_rpc_endpoint" { + type = string + description = "Matchbox gRPC API endpoint, without the protocol (e.g. matchbox.example.com:8081)" +} + +variable "os_stream" { + type = string + description = "Fedora CoreOS release stream (e.g. testing, stable)" + default = "stable" +} + +variable "os_version" { + type = string + description = "Fedora CoreOS version to PXE and install (e.g. 32.20200923.3.0)" +} + +variable "ssh_authorized_key" { + type = string + description = "SSH public key to set as an authorized_key on machines" +} + diff --git a/examples/terraform/simple-install/cl/coreos-install.yaml.tmpl b/examples/terraform/flatcar-install/clc/flatcar-install.yaml similarity index 78% rename from examples/terraform/simple-install/cl/coreos-install.yaml.tmpl rename to examples/terraform/flatcar-install/clc/flatcar-install.yaml index 78823d4c..5bb44ef7 100644 --- a/examples/terraform/simple-install/cl/coreos-install.yaml.tmpl +++ b/examples/terraform/flatcar-install/clc/flatcar-install.yaml @@ -21,7 +21,12 @@ storage: inline: | #!/bin/bash -ex curl --retry 10 "{{.ignition_endpoint}}?{{.request.raw_query}}&os=installed" -o ignition.json - coreos-install -d /dev/sda -C stable -V current -i ignition.json {{if index . "baseurl"}}-b {{.baseurl}}{{end}} + flatcar-install \ + -d /dev/sda \ + -C stable \ + -V current \ + {{- if index . "baseurl"}}-b {{.baseurl}} \{{end}} + -i ignition.json udevadm settle systemctl reboot passwd: diff --git a/examples/terraform/simple-install/cl/simple.yaml.tmpl b/examples/terraform/flatcar-install/clc/flatcar.yaml similarity index 100% rename from examples/terraform/simple-install/cl/simple.yaml.tmpl rename to examples/terraform/flatcar-install/clc/flatcar.yaml diff --git a/examples/terraform/simple-install/groups.tf b/examples/terraform/flatcar-install/groups.tf similarity index 66% rename from examples/terraform/simple-install/groups.tf rename to examples/terraform/flatcar-install/groups.tf index 1910e116..b4bb2300 100644 --- a/examples/terraform/simple-install/groups.tf +++ b/examples/terraform/flatcar-install/groups.tf @@ -1,25 +1,25 @@ // Default matcher group for machines resource "matchbox_group" "default" { name = "default" - profile = "${matchbox_profile.coreos-install.name}" + profile = matchbox_profile.flatcar-install.name # no selector means all machines can be matched metadata = { ignition_endpoint = "${var.matchbox_http_endpoint}/ignition" - ssh_authorized_key = "${var.ssh_authorized_key}" + ssh_authorized_key = var.ssh_authorized_key } } // Match machines which have CoreOS Container Linux installed resource "matchbox_group" "node1" { name = "node1" - profile = "${matchbox_profile.simple.name}" + profile = matchbox_profile.worker.name selector = { os = "installed" } metadata = { - ssh_authorized_key = "${var.ssh_authorized_key}" + ssh_authorized_key = var.ssh_authorized_key } } diff --git a/examples/terraform/flatcar-install/profiles.tf b/examples/terraform/flatcar-install/profiles.tf new file mode 100644 index 00000000..6c4451af --- /dev/null +++ b/examples/terraform/flatcar-install/profiles.tf @@ -0,0 +1,24 @@ +// Create a flatcar-install profile +resource "matchbox_profile" "flatcar-install" { + name = "flatcar-install" + kernel = "http://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_pxe.vmlinuz" + initrd = [ + "http://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_pxe_image.cpio.gz", + ] + + args = [ + "initrd=flatcar_production_pxe_image.cpio.gz", + "flatcar.config.url=${var.matchbox_http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}", + "flatcar.first_boot=yes", + "console=tty0", + "console=ttyS0", + ] + + container_linux_config = file("./clc/flatcar-install.yaml") +} + +// Profile to set an SSH authorized key on first boot from disk +resource "matchbox_profile" "worker" { + name = "worker" + container_linux_config = file("./clc/flatcar.yaml") +} diff --git a/examples/terraform/flatcar-install/provider.tf b/examples/terraform/flatcar-install/provider.tf new file mode 100644 index 00000000..ee7e9a33 --- /dev/null +++ b/examples/terraform/flatcar-install/provider.tf @@ -0,0 +1,16 @@ +// Configure the matchbox provider +provider "matchbox" { + endpoint = var.matchbox_rpc_endpoint + client_cert = file("~/.matchbox/client.crt") + client_key = file("~/.matchbox/client.key") + ca = file("~/.matchbox/ca.crt") +} + +terraform { + required_providers { + matchbox = { + source = "poseidon/matchbox" + version = "0.4.1" + } + } +} diff --git a/examples/terraform/simple-install/terraform.tfvars.example b/examples/terraform/flatcar-install/terraform.tfvars.example similarity index 71% rename from examples/terraform/simple-install/terraform.tfvars.example rename to examples/terraform/flatcar-install/terraform.tfvars.example index a5a38498..5833e62e 100644 --- a/examples/terraform/simple-install/terraform.tfvars.example +++ b/examples/terraform/flatcar-install/terraform.tfvars.example @@ -1,3 +1,3 @@ matchbox_http_endpoint = "http://matchbox.example.com:8080" matchbox_rpc_endpoint = "matchbox.example.com:8081" -ssh_authorized_key = "ssh-rsa you-contents" +ssh_authorized_key = "YOUR_SSH_KEY" diff --git a/examples/terraform/simple-install/variables.tf b/examples/terraform/flatcar-install/variables.tf similarity index 83% rename from examples/terraform/simple-install/variables.tf rename to examples/terraform/flatcar-install/variables.tf index 6fbf17be..61d3c685 100644 --- a/examples/terraform/simple-install/variables.tf +++ b/examples/terraform/flatcar-install/variables.tf @@ -1,14 +1,14 @@ variable "matchbox_http_endpoint" { - type = "string" + type = string description = "Matchbox HTTP read-only endpoint (e.g. http://matchbox.example.com:8080)" } variable "matchbox_rpc_endpoint" { - type = "string" + type = string description = "Matchbox gRPC API endpoint, without the protocol (e.g. matchbox.example.com:8081)" } variable "ssh_authorized_key" { - type = "string" + type = string description = "SSH public key to set as an authorized_key on machines" } diff --git a/examples/terraform/modules/README.md b/examples/terraform/modules/README.md deleted file mode 100644 index 69f54bf2..00000000 --- a/examples/terraform/modules/README.md +++ /dev/null @@ -1,33 +0,0 @@ -# Terraform Modules - -Matchbox provides Terraform [modules](https://www.terraform.io/docs/modules/usage.html) you can re-use directly within your own Terraform configs. Modules are updated regularly so it is **recommended** that you pin the module version (e.g. `ref=sha`) to keep your configs deterministic. - -```hcl -module "profiles" { - source = "git::https://github.com/poseidon/matchbox.git//examples/terraform/modules/profiles?ref=08f4e9908b167fba608e60169ec6a803df9db37f" - matchbox_http_endpoint = "${var.matchbox_http_endpoint}" - container_linux_version = "${var.container_linux_version}" - container_linux_channel = "${var.container_linux_channel}" -} -``` - -Download referenced Terraform modules. - -```sh -$ terraform get # does not check for updates -$ terraform get --update # checks for updates -``` - -Available modules: - -| Module | Includes | Description | -|----------|-----------|-------------| -| profiles | * | Creates machine profiles you can reference in matcher groups | -| | container-linux-install | Install Container Linux to disk from core-os.net | -| | cached-container-linux-install | Install Container Linux to disk from matchbox assets cache | -| | etcd3 | Provision an etcd3 peer node | -| | etcd3-gateway | Provision an etcd3 gateway node | - -## Customization - -You are encouraged to look through the examples and modules. Implement your own profiles or package them as modules to meet your needs. We've just provided a starting point. Learn more about [matchbox](../../docs/matchbox.md) and [Container Linux configs](../../docs/container-linux-config.md). diff --git a/examples/terraform/modules/profiles/cl/container-linux-install.yaml.tmpl b/examples/terraform/modules/profiles/cl/container-linux-install.yaml.tmpl deleted file mode 100644 index 2c543b93..00000000 --- a/examples/terraform/modules/profiles/cl/container-linux-install.yaml.tmpl +++ /dev/null @@ -1,38 +0,0 @@ ---- -systemd: - units: - - name: installer.service - enable: true - contents: | - [Unit] - Requires=network-online.target - After=network-online.target - [Service] - Type=simple - ExecStart=/opt/installer - [Install] - WantedBy=multi-user.target -storage: - files: - - path: /opt/installer - filesystem: root - mode: 0500 - contents: - inline: | - #!/bin/bash -ex - curl --retry 10 "${ignition_endpoint}?{{.request.raw_query}}&os=installed" -o ignition.json - coreos-install \ - -d ${install_disk} \ - -C ${container_linux_channel} \ - -V ${container_linux_version} \ - -o "${container_linux_oem}" \ - ${baseurl_flag} \ - -i ignition.json - udevadm settle - systemctl reboot -passwd: - users: - - name: core - ssh_authorized_keys: - - {{.ssh_authorized_key}} - diff --git a/examples/terraform/modules/profiles/cl/etcd3-gateway.yaml.tmpl b/examples/terraform/modules/profiles/cl/etcd3-gateway.yaml.tmpl deleted file mode 100644 index 5d8ccbea..00000000 --- a/examples/terraform/modules/profiles/cl/etcd3-gateway.yaml.tmpl +++ /dev/null @@ -1,25 +0,0 @@ ---- -systemd: - units: - - name: etcd-member.service - enable: true - dropins: - - name: 40-etcd-cluster.conf - contents: | - [Service] - Environment="ETCD_IMAGE_TAG=v3.2.0" - ExecStart= - ExecStart=/usr/lib/coreos/etcd-wrapper gateway start \ - --listen-addr=127.0.0.1:2379 \ - --endpoints={{.etcd_endpoints}} - - name: locksmithd.service - dropins: - - name: 40-etcd-lock.conf - contents: | - [Service] - Environment="REBOOT_STRATEGY=etcd-lock" -passwd: - users: - - name: core - ssh_authorized_keys: - - {{.ssh_authorized_key}} diff --git a/examples/terraform/modules/profiles/cl/etcd3.yaml.tmpl b/examples/terraform/modules/profiles/cl/etcd3.yaml.tmpl deleted file mode 100644 index 3f234357..00000000 --- a/examples/terraform/modules/profiles/cl/etcd3.yaml.tmpl +++ /dev/null @@ -1,28 +0,0 @@ ---- -systemd: - units: - - name: etcd-member.service - enable: true - dropins: - - name: 40-etcd-cluster.conf - contents: | - [Service] - Environment="ETCD_IMAGE_TAG=v3.2.0" - Environment="ETCD_NAME={{.etcd_name}}" - Environment="ETCD_ADVERTISE_CLIENT_URLS=http://{{.domain_name}}:2379" - Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS=http://{{.domain_name}}:2380" - Environment="ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379" - Environment="ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380" - Environment="ETCD_INITIAL_CLUSTER={{.etcd_initial_cluster}}" - Environment="ETCD_STRICT_RECONFIG_CHECK=true" - - name: locksmithd.service - dropins: - - name: 40-etcd-lock.conf - contents: | - [Service] - Environment="REBOOT_STRATEGY=etcd-lock" -passwd: - users: - - name: core - ssh_authorized_keys: - - {{.ssh_authorized_key}} diff --git a/examples/terraform/modules/profiles/outputs.tf b/examples/terraform/modules/profiles/outputs.tf deleted file mode 100644 index 86762986..00000000 --- a/examples/terraform/modules/profiles/outputs.tf +++ /dev/null @@ -1,15 +0,0 @@ -output "container-linux-install" { - value = "${matchbox_profile.container-linux-install.name}" -} - -output "cached-container-linux-install" { - value = "${matchbox_profile.cached-container-linux-install.name}" -} - -output "etcd3" { - value = "${matchbox_profile.etcd3.name}" -} - -output "etcd3-gateway" { - value = "${matchbox_profile.etcd3-gateway.name}" -} diff --git a/examples/terraform/modules/profiles/profiles.tf b/examples/terraform/modules/profiles/profiles.tf deleted file mode 100644 index 2fca252e..00000000 --- a/examples/terraform/modules/profiles/profiles.tf +++ /dev/null @@ -1,82 +0,0 @@ -// Container Linux Install profile (from release.core-os.net) -resource "matchbox_profile" "container-linux-install" { - name = "container-linux-install" - kernel = "http://${var.container_linux_channel}.release.core-os.net/amd64-usr/${var.container_linux_version}/coreos_production_pxe.vmlinuz" - - initrd = [ - "http://${var.container_linux_channel}.release.core-os.net/amd64-usr/${var.container_linux_version}/coreos_production_pxe_image.cpio.gz", - ] - - args = [ - "initrd=coreos_production_pxe_image.cpio.gz", - "coreos.config.url=${var.matchbox_http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}", - "coreos.first_boot=yes", - "console=tty0", - "console=ttyS0", - ] - - container_linux_config = "${data.template_file.container-linux-install-config.rendered}" -} - -data "template_file" "container-linux-install-config" { - template = "${file("${path.module}/cl/container-linux-install.yaml.tmpl")}" - - vars { - container_linux_channel = "${var.container_linux_channel}" - container_linux_version = "${var.container_linux_version}" - ignition_endpoint = "${format("%s/ignition", var.matchbox_http_endpoint)}" - install_disk = "${var.install_disk}" - container_linux_oem = "${var.container_linux_oem}" - - # only cached-container-linux profile adds -b baseurl - baseurl_flag = "" - } -} - -// Container Linux Install profile (from matchbox /assets cache) -// Note: Admin must have downloaded container_linux_version into matchbox assets. -resource "matchbox_profile" "cached-container-linux-install" { - name = "cached-container-linux-install" - kernel = "/assets/coreos/${var.container_linux_version}/coreos_production_pxe.vmlinuz" - - initrd = [ - "/assets/coreos/${var.container_linux_version}/coreos_production_pxe_image.cpio.gz", - ] - - args = [ - "initrd=coreos_production_pxe_image.cpio.gz", - "coreos.config.url=${var.matchbox_http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}", - "coreos.first_boot=yes", - "console=tty0", - "console=ttyS0", - ] - - container_linux_config = "${data.template_file.cached-container-linux-install-config.rendered}" -} - -data "template_file" "cached-container-linux-install-config" { - template = "${file("${path.module}/cl/container-linux-install.yaml.tmpl")}" - - vars { - container_linux_channel = "${var.container_linux_channel}" - container_linux_version = "${var.container_linux_version}" - ignition_endpoint = "${format("%s/ignition", var.matchbox_http_endpoint)}" - install_disk = "${var.install_disk}" - container_linux_oem = "${var.container_linux_oem}" - - # profile uses -b baseurl to install from matchbox cache - baseurl_flag = "-b ${var.matchbox_http_endpoint}/assets/coreos" - } -} - -// etcd3 profile -resource "matchbox_profile" "etcd3" { - name = "etcd3" - container_linux_config = "${file("${path.module}/cl/etcd3.yaml.tmpl")}" -} - -// etcd3 Gateway profile -resource "matchbox_profile" "etcd3-gateway" { - name = "etcd3-gateway" - container_linux_config = "${file("${path.module}/cl/etcd3-gateway.yaml.tmpl")}" -} diff --git a/examples/terraform/modules/profiles/variables.tf b/examples/terraform/modules/profiles/variables.tf deleted file mode 100644 index 9d7fbadf..00000000 --- a/examples/terraform/modules/profiles/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ -variable "matchbox_http_endpoint" { - type = "string" - description = "Matchbox HTTP read-only endpoint (e.g. http://matchbox.example.com:8080)" -} - -variable "container_linux_version" { - type = "string" - description = "Container Linux version of the kernel/initrd to PXE or the image to install" -} - -variable "container_linux_channel" { - type = "string" - description = "Container Linux channel corresponding to the container_linux_version" -} - -# optional - -variable "install_disk" { - type = "string" - default = "/dev/sda" - description = "Disk device to which the install profiles should install Container Linux (e.g. /dev/sda)" -} - -variable "container_linux_oem" { - type = "string" - default = "" - description = "Specify an OEM image id to use as base for the installation (e.g. ami, vmware_raw, xen) or leave blank for the default image" -} diff --git a/examples/terraform/simple-install/profiles.tf b/examples/terraform/simple-install/profiles.tf deleted file mode 100644 index 1427c927..00000000 --- a/examples/terraform/simple-install/profiles.tf +++ /dev/null @@ -1,25 +0,0 @@ -// Create a CoreOS-install profile -resource "matchbox_profile" "coreos-install" { - name = "coreos-install" - kernel = "http://stable.release.core-os.net/amd64-usr/current/coreos_production_pxe.vmlinuz" - - initrd = [ - "http://stable.release.core-os.net/amd64-usr/current/coreos_production_pxe_image.cpio.gz", - ] - - args = [ - "initrd=coreos_production_pxe_image.cpio.gz", - "coreos.config.url=${var.matchbox_http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}", - "coreos.first_boot=yes", - "console=tty0", - "console=ttyS0", - ] - - container_linux_config = "${file("./cl/coreos-install.yaml.tmpl")}" -} - -// Create a simple profile which just sets an SSH authorized_key -resource "matchbox_profile" "simple" { - name = "simple" - container_linux_config = "${file("./cl/simple.yaml.tmpl")}" -} diff --git a/examples/terraform/simple-install/provider.tf b/examples/terraform/simple-install/provider.tf deleted file mode 100644 index 01ab1d93..00000000 --- a/examples/terraform/simple-install/provider.tf +++ /dev/null @@ -1,7 +0,0 @@ -// Configure the matchbox provider -provider "matchbox" { - endpoint = "${var.matchbox_rpc_endpoint}" - client_cert = "${file("~/.matchbox/client.crt")}" - client_key = "${file("~/.matchbox/client.key")}" - ca = "${file("~/.matchbox/ca.crt")}" -}