constellation/terraform/libvirt/main.tf

terraform {
  required_providers {
    libvirt = {
      source  = "dmacvicar/libvirt"
      version = "0.6.14"
    }
    docker = {
      source  = "kreuzwerker/docker"
      version = "2.17.0"
    }
  }
}

provider "libvirt" {
  uri = "qemu:///session"
}

provider "docker" {
  host = "unix:///var/run/docker.sock"

  registry_auth {
    address     = "ghcr.io"
    config_file = pathexpand("~/.docker/config.json")
  }
}

resource "docker_image" "qemu-metadata" {
  name         = "ghcr.io/edgelesssys/constellation/qemu-metadata-api:v1.3.2-0.20220714151638-d295be31"
  keep_locally = true
}

resource "docker_container" "qemu-metadata" {
  name         = "qemu-metadata"
  image        = docker_image.qemu-metadata.latest
  network_mode = "host"
  rm           = true
  mounts {
    source = "/var/run/libvirt/libvirt-sock"
    target = "/var/run/libvirt/libvirt-sock"
    type   = "bind"
  }
  mounts {
    source = var.metadata_api_log_dir
    target = "/pcrs"
    type   = "bind"
  }
}

module "control_plane" {
  source          = "./modules/instance_group"
  role            = "control-plane"
  amount          = var.control_plane_count
  vcpus           = var.vcpus
  memory          = var.memory
  state_disk_size = var.state_disk_size
  ip_range_start  = var.ip_range_start
  cidr            = "10.42.1.0/24"
  network_id      = libvirt_network.constellation.id
  pool            = libvirt_pool.cluster.name
  boot_volume_id  = libvirt_volume.constellation_coreos_image.id
  machine         = var.machine
}

module "worker" {
  source          = "./modules/instance_group"
  role            = "worker"
  amount          = var.worker_count
  vcpus           = var.vcpus
  memory          = var.memory
  state_disk_size = var.state_disk_size
  ip_range_start  = var.ip_range_start
  cidr            = "10.42.2.0/24"
  network_id      = libvirt_network.constellation.id
  pool            = libvirt_pool.cluster.name
  boot_volume_id  = libvirt_volume.constellation_coreos_image.id
  machine         = var.machine
}

resource "libvirt_pool" "cluster" {
  name = "constellation"
  type = "dir"
  path = "/var/lib/libvirt/images"
}

resource "libvirt_volume" "constellation_coreos_image" {
  name   = "constellation-coreos-image"
  pool   = libvirt_pool.cluster.name
  source = var.constellation_coreos_image
  format = var.image_format
}

resource "libvirt_network" "constellation" {
  name      = "constellation"
  mode      = "nat"
  addresses = ["10.42.0.0/16"]
  dhcp {
    enabled = true
  }
  dns {
    enabled = true
  }
}
terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`terraform {`
			`required_providers {`
			`libvirt = {`
			`source = "dmacvicar/libvirt"`
			`version = "0.6.14"`
			`}`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`docker = {`
Only upload kubeadm certs if key is rotated Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: 3u13r <lc@edgeless.systems> 2022-07-08 04:59:59 -04:00			`source = "kreuzwerker/docker"`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`version = "2.17.0"`
			`}`
terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`}`
			`}`

			`provider "libvirt" {`
			`uri = "qemu:///session"`
			`}`

AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`provider "docker" {`
			`host = "unix:///var/run/docker.sock"`

			`registry_auth {`
			`address = "ghcr.io"`
			`config_file = pathexpand("~/.docker/config.json")`
			`}`
			`}`

			`resource "docker_image" "qemu-metadata" {`
Use go pseudo versions for container images Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-07-14 11:34:33 -04:00			`name = "ghcr.io/edgelesssys/constellation/qemu-metadata-api:v1.3.2-0.20220714151638-d295be31"`
Only upload kubeadm certs if key is rotated Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: 3u13r <lc@edgeless.systems> 2022-07-08 04:59:59 -04:00			`keep_locally = true`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`}`

			`resource "docker_container" "qemu-metadata" {`
Only upload kubeadm certs if key is rotated Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: 3u13r <lc@edgeless.systems> 2022-07-08 04:59:59 -04:00			`name = "qemu-metadata"`
			`image = docker_image.qemu-metadata.latest`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`network_mode = "host"`
Only upload kubeadm certs if key is rotated Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: 3u13r <lc@edgeless.systems> 2022-07-08 04:59:59 -04:00			`rm = true`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`mounts {`
			`source = "/var/run/libvirt/libvirt-sock"`
			`target = "/var/run/libvirt/libvirt-sock"`
Only upload kubeadm certs if key is rotated Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: 3u13r <lc@edgeless.systems> 2022-07-08 04:59:59 -04:00			`type = "bind"`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`}`
AB#1915 Local PCR calculation (#243) * Add QEMU cloud-logging * Add QEMU metadata endpoints to collect logs during cluster boot * Send PCRs to QEMU metadata if boot fails on Azure or GCP Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-07-04 06:59:43 -04:00			`mounts {`
			`source = var.metadata_api_log_dir`
			`target = "/pcrs"`
Only upload kubeadm certs if key is rotated Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: 3u13r <lc@edgeless.systems> 2022-07-08 04:59:59 -04:00			`type = "bind"`
AB#1915 Local PCR calculation (#243) * Add QEMU cloud-logging * Add QEMU metadata endpoints to collect logs during cluster boot * Send PCRs to QEMU metadata if boot fails on Azure or GCP Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-07-04 06:59:43 -04:00			`}`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`}`

terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`module "control_plane" {`
			`source = "./modules/instance_group"`
			`role = "control-plane"`
			`amount = var.control_plane_count`
			`vcpus = var.vcpus`
			`memory = var.memory`
			`state_disk_size = var.state_disk_size`
			`ip_range_start = var.ip_range_start`
			`cidr = "10.42.1.0/24"`
			`network_id = libvirt_network.constellation.id`
			`pool = libvirt_pool.cluster.name`
			`boot_volume_id = libvirt_volume.constellation_coreos_image.id`
Add machine variable to terraform module (#179) * add variable machine to enable/disable secure boot * add role description 2022-05-30 04:29:34 -04:00			`machine = var.machine`
terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`}`

			`module "worker" {`
			`source = "./modules/instance_group"`
			`role = "worker"`
			`amount = var.worker_count`
			`vcpus = var.vcpus`
			`memory = var.memory`
			`state_disk_size = var.state_disk_size`
			`ip_range_start = var.ip_range_start`
			`cidr = "10.42.2.0/24"`
			`network_id = libvirt_network.constellation.id`
			`pool = libvirt_pool.cluster.name`
			`boot_volume_id = libvirt_volume.constellation_coreos_image.id`
Add machine variable to terraform module (#179) * add variable machine to enable/disable secure boot * add role description 2022-05-30 04:29:34 -04:00			`machine = var.machine`
terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`}`

			`resource "libvirt_pool" "cluster" {`
			`name = "constellation"`
			`type = "dir"`
			`path = "/var/lib/libvirt/images"`
			`}`

			`resource "libvirt_volume" "constellation_coreos_image" {`
			`name = "constellation-coreos-image"`
			`pool = libvirt_pool.cluster.name`
AB#1915 Local PCR calculation (#243) * Add QEMU cloud-logging * Add QEMU metadata endpoints to collect logs during cluster boot * Send PCRs to QEMU metadata if boot fails on Azure or GCP Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-07-04 06:59:43 -04:00			`source = var.constellation_coreos_image`
			`format = var.image_format`
terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`}`

			`resource "libvirt_network" "constellation" {`
			`name = "constellation"`
			`mode = "nat"`
			`addresses = ["10.42.0.0/16"]`
			`dhcp {`
			`enabled = true`
			`}`
			`dns {`
			`enabled = true`
			`}`
			`}`