Handling volumes

ae23e0cb · Goik Martin · e17316f4 · ae23e0cb · ae23e0cb · ae23e0cb
Commit ae23e0cb authored 10 months ago by Goik Martin
--- a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/Readme.md
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/Readme.md
+# Adding a volume
+
+
+
--- a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/bin/.gitignore
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/bin/.gitignore
+*
+!.gitignore
\ No newline at end of file
--- a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/gen/.gitignore
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/gen/.gitignore
+*
+!.gitignore
\ No newline at end of file
--- a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/main.tf
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/main.tf
+terraform {
+  required_providers {
+    hcloud = {
+      source = "hetznercloud/hcloud"
+    }
+  }
+  required_version = ">= 0.13"
+}
+
+provider "hcloud" {
+  token = var.hcloud_token
+}
+resource "tls_private_key" "host" {
+  algorithm   = "ED25519"
+}
+
+resource "hcloud_ssh_key" "loginUser" {
+  name       = "goik@hdm-stuttgart.de"
+  public_key = file("~/.ssh/id_ed25519.pub")
+}
+
+resource "hcloud_server" "helloServer" {
+  name         = "hello"
+  image        =  "debian-12"
+  server_type  =  "cx11"
+  user_data    = templatefile("tpl/userData.yml", {
+    host_ed25519_private = indent(4, tls_private_key.host.private_key_openssh) # yaml format parsing quirk, sigh!
+    host_ed25519_public  = tls_private_key.host.public_key_openssh
+    devopsSshPublicKey  = hcloud_ssh_key.loginUser.public_key
+  })
+  ssh_keys     = [hcloud_ssh_key.loginUser.id]
+  firewall_ids = [hcloud_firewall.sshFw.id]
+}
+
+resource "hcloud_volume" "volume01" {
+  name      = "volume1"
+  size      = 10
+  server_id = hcloud_server.helloServer.id
+  automount = true
+  format    = "xfs"
+}
+
+resource "local_file" "known_hosts" {
+  content         = "${hcloud_server.helloServer.ipv4_address} ${tls_private_key.host.public_key_openssh}"
+  filename        = "gen/known_hosts"
+  file_permission = "644"
+}
+
+resource "local_file" "ssh_script" {
+  content = templatefile("tpl/ssh.sh", {
+    ip = hcloud_server.helloServer.ipv4_address
+  })
+  filename        = "bin/ssh"
+  file_permission = "700"
+  depends_on      = [local_file.known_hosts]
+}
--- a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/network.tf
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/network.tf
+resource "hcloud_firewall" "sshFw" {
+  name = "www-firewall"
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "22"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+}
--- a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/outputs.tf
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/outputs.tf
+output "hello_ip_addr" {
+  value       = hcloud_server.helloServer.ipv4_address
+  description = "The server's IPv4 address"
+}
+
+output "volume_id" {
+  value       = hcloud_volume.volume01.id
+  description = "The volume's id"
+}
--- a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/secrets.auto.tfvars.template
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/secrets.auto.tfvars.template
+hcloud_token="your_api_token_goes_here"
--- a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/tpl/ssh.sh
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/tpl/ssh.sh
+#!/usr/bin/env bash
+
+GEN_DIR=$(dirname "$0")/../gen
+
+ssh -o UserKnownHostsFile="$GEN_DIR/known_hosts" devops@${ip} "$@"
--- a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/tpl/userData.yml
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/tpl/userData.yml
+#cloud-config
+
+ssh_keys:
+  ed25519_private: |
+    ${host_ed25519_private}
+  ed25519_public: ${host_ed25519_public}
+users:
+  - name: devops
+    groups: sudo
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    shell: /bin/bash
+    ssh_authorized_keys:
+      - ${devopsSshPublicKey}
+
+package_update: true
+package_upgrade: true
+package_reboot_if_required: true
+
+packages:
+  - fail2ban
+  - python3-systemd # See https://superuser.com/questions/1830245/i-cant-get-fail2ban-working-on-debian-12#answer-1830273
+  - vim # Enhanced vi command
+  - mlocate
+runcmd:
+  # Workaround https://github.com/hetznercloud/terraform-provider-hcloud/issues/473#issuecomment-971535629-permalink
+  - udevadm trigger -c add -s block -p ID_VENDOR=HC --verbose -p ID_MODEL=Volume
+  # Fail2ban activation (spanning multiple line syntax)
+  - >
+    printf "[sshd]\nenabled = true\nbackend = systemd\nbanaction = iptables-multiport" > 
+    /etc/fail2ban/jail.d/defaults-debian.conf
+  - systemctl enable fail2ban
+  - systemctl start fail2ban
+  # ssh daemon defaults
+  - sed -ie '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
+  - sed -ie '/^#PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
+  - sed -ie '/^#AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh/authorized_keys/' /etc/ssh/sshd_config
+  - sed -i '$a AllowUsers devops' /etc/ssh/sshd_config
+  - systemctl restart ssh
+  # Generation mlocate index
+  - updatedb
--- a/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/variables.tf
+++ b/Doc/Sdi/CloudProvider/Terra/080SimpleVolume/variables.tf
+variable "hcloud_token" {  # See secret.auto.tfvars
+  nullable = false
+  sensitive = true
+}
\ No newline at end of file
--- a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/Readme.md
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/Readme.md
+# Adding a volume and supplying a mount point name
+
+
+
--- a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/bin/.gitignore
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/bin/.gitignore
+*
+!.gitignore
\ No newline at end of file
--- a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/gen/.gitignore
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/gen/.gitignore
+*
+!.gitignore
\ No newline at end of file
--- a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/main.tf
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/main.tf
+terraform {
+  required_providers {
+    hcloud = {
+      source = "hetznercloud/hcloud"
+    }
+  }
+  required_version = ">= 0.13"
+}
+
+provider "hcloud" {
+  token = var.hcloud_token
+}
+resource "tls_private_key" "host" {
+  algorithm   = "ED25519"
+}
+
+resource "hcloud_ssh_key" "loginUser" {
+  name       = "goik@hdm-stuttgart.de"
+  public_key = file("~/.ssh/id_ed25519.pub")
+}
+
+resource "hcloud_volume" "volume01" {
+  name      = "volume1"
+  location  = "nbg1"
+  size      = 10
+  format    = "xfs"
+}
+
+resource "hcloud_server" "helloServer" {
+  name         = "hello"
+  location     = "nbg1"
+  image        =  "debian-12"
+  server_type  =  "cx11"
+  user_data    = templatefile("tpl/userData.yml", {
+    host_ed25519_private = indent(4, tls_private_key.host.private_key_openssh) # yaml format parsing quirk, sigh!
+    host_ed25519_public  = tls_private_key.host.public_key_openssh
+    devopsSshPublicKey  = hcloud_ssh_key.loginUser.public_key
+    volume01Id          = hcloud_volume.volume01.id
+  })
+  ssh_keys     = [hcloud_ssh_key.loginUser.id]
+  firewall_ids = [hcloud_firewall.sshFw.id]
+}
+
+resource "hcloud_volume_attachment" "main" {
+  volume_id = hcloud_volume.volume01.id
+  server_id = hcloud_server.helloServer.id
+
+
+
+}
+
+
+resource "local_file" "known_hosts" {
+  content         = "${hcloud_server.helloServer.ipv4_address} ${tls_private_key.host.public_key_openssh}"
+  filename        = "gen/known_hosts"
+  file_permission = "644"
+}
+
+resource "local_file" "ssh_script" {
+  content = templatefile("tpl/ssh.sh", {
+    ip = hcloud_server.helloServer.ipv4_address
+  })
+  filename        = "bin/ssh"
+  file_permission = "700"
+  depends_on      = [local_file.known_hosts]
+}
--- a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/network.tf
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/network.tf
+resource "hcloud_firewall" "sshFw" {
+  name = "www-firewall"
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "22"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+}
--- a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/outputs.tf
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/outputs.tf
+output "hello_ip_addr" {
+  value       = hcloud_server.helloServer.ipv4_address
+  description = "The server's IPv4 address"
+}
+
+output "volume_id" {
+  value       = hcloud_volume.volume01.id
+  description = "The volume's id"
+}
--- a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/secrets.auto.tfvars.template
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/secrets.auto.tfvars.template
+hcloud_token="your_api_token_goes_here"
--- a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/tpl/ssh.sh
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/tpl/ssh.sh
+#!/usr/bin/env bash
+
+GEN_DIR=$(dirname "$0")/../gen
+
+ssh -o UserKnownHostsFile="$GEN_DIR/known_hosts" devops@${ip} "$@"
--- a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/tpl/userData.yml
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/tpl/userData.yml
+#cloud-config
+
+ssh_keys:
+  ed25519_private: |
+    ${host_ed25519_private}
+  ed25519_public: ${host_ed25519_public}
+users:
+  - name: devops
+    groups: sudo
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    shell: /bin/bash
+    ssh_authorized_keys:
+      - ${devopsSshPublicKey}
+
+package_update: true
+package_upgrade: true
+package_reboot_if_required: true
+
+packages:
+  - fail2ban
+  - python3-systemd # See https://superuser.com/questions/1830245/i-cant-get-fail2ban-working-on-debian-12#answer-1830273
+  - vim # Enhanced vi command
+  - mlocate
+runcmd:
+  # Fail2ban activation
+  - >
+    printf "[sshd]\nenabled = true\nbackend = systemd\nbanaction = iptables-multiport" > 
+    /etc/fail2ban/jail.d/defaults-debian.conf
+  - systemctl enable fail2ban
+  - systemctl start fail2ban
+  # ssh daemon defaults
+  - sed -ie '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
+  - sed -ie '/^#PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
+  - sed -ie '/^#AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh/authorized_keys/' /etc/ssh/sshd_config
+  - sed -i '$a AllowUsers devops' /etc/ssh/sshd_config
+  - systemctl restart ssh
+  # Generation mlocate index
+  - updatedb
+  # Re-mounting volume to desired mount point
+  - mkdir /volume01
+  - echo `/bin/ls /dev/disk/by-id/*${volume01Id}` /volume01 xfs discard,nofail,defaults 0 0 >> /etc/fstab
+#  - sed -ie '/\/mnt\/HC_Volume_'${volume01Id}'/s/\/mnt\/HC_Volume_'${volume01Id}'/\/volume01/' /etc/fstab
+  - systemctl daemon-reload
+  - mount -a
--- a/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/variables.tf
+++ b/Doc/Sdi/CloudProvider/Terra/090VolumeMountPointName/variables.tf
+variable "hcloud_token" {  # See secret.auto.tfvars
+  nullable = false
+  sensitive = true
+}
\ No newline at end of file