constellation/cli/internal/terraform/terraform/qemu/main.tf

terraform {
  required_providers {
    libvirt = {
      source  = "dmacvicar/libvirt"
      version = "0.6.14"
    }
    docker = {
      source  = "kreuzwerker/docker"
      version = "2.17.0"
    }
  }
}

provider "libvirt" {
  uri = var.libvirt_uri
}

provider "docker" {
  host = "unix:///var/run/docker.sock"

  registry_auth {
    address     = "ghcr.io"
    config_file = pathexpand("~/.docker/config.json")
  }
}

resource "docker_image" "qemu_metadata" {
  name         = var.metadata_api_image
  keep_locally = true
}

resource "docker_container" "qemu_metadata" {
  name         = "${var.name}-qemu-metadata"
  image        = docker_image.qemu_metadata.latest
  network_mode = "host"
  rm           = true
  command = [
    "--network",
    "${var.name}-network",
    "--libvirt-uri",
    "${var.metadata_libvirt_uri}",
  ]
  mounts {
    source = abspath(var.libvirt_socket_path)
    target = "/var/run/libvirt/libvirt-sock"
    type   = "bind"
  }
}

module "control_plane" {
  source          = "./modules/instance_group"
  role            = "control-plane"
  amount          = var.control_plane_count
  vcpus           = var.vcpus
  memory          = var.memory
  state_disk_size = var.state_disk_size
  cidr            = "10.42.1.0/24"
  network_id      = libvirt_network.constellation.id
  pool            = libvirt_pool.cluster.name
  boot_volume_id  = libvirt_volume.constellation_coreos_image.id
  machine         = var.machine
  name            = var.name
}

module "worker" {
  source          = "./modules/instance_group"
  role            = "worker"
  amount          = var.worker_count
  vcpus           = var.vcpus
  memory          = var.memory
  state_disk_size = var.state_disk_size
  cidr            = "10.42.2.0/24"
  network_id      = libvirt_network.constellation.id
  pool            = libvirt_pool.cluster.name
  boot_volume_id  = libvirt_volume.constellation_coreos_image.id
  machine         = var.machine
  name            = var.name
}

resource "libvirt_pool" "cluster" {
  name = "${var.name}-storage-pool"
  type = "dir"
  path = "/var/lib/libvirt/images"
}

resource "libvirt_volume" "constellation_coreos_image" {
  name   = "${var.name}-node-image"
  pool   = libvirt_pool.cluster.name
  source = var.constellation_coreos_image
  format = var.image_format
}

resource "libvirt_network" "constellation" {
  name      = "${var.name}-network"
  mode      = "nat"
  addresses = ["10.42.0.0/16"]
  dhcp {
    enabled = true
  }
  dns {
    enabled = true
  }
}
terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`terraform {`
			`required_providers {`
			`libvirt = {`
			`source = "dmacvicar/libvirt"`
			`version = "0.6.14"`
			`}`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`docker = {`
Only upload kubeadm certs if key is rotated Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: 3u13r <lc@edgeless.systems> 2022-07-08 04:59:59 -04:00			`source = "kreuzwerker/docker"`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`version = "2.17.0"`
			`}`
terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`}`
			`}`

			`provider "libvirt" {`
AB#2439 Containerized libvirt (#191) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-10-05 03:11:30 -04:00			`uri = var.libvirt_uri`
terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`}`

AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`provider "docker" {`
			`host = "unix:///var/run/docker.sock"`

			`registry_auth {`
			`address = "ghcr.io"`
			`config_file = pathexpand("~/.docker/config.json")`
			`}`
			`}`

AB#2439 Containerized libvirt (#191) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-10-05 03:11:30 -04:00			`resource "docker_image" "qemu_metadata" {`
Remove exposure of qemu ip_range_start value 2022-09-27 04:47:45 -04:00			`name = var.metadata_api_image`
Only upload kubeadm certs if key is rotated Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: 3u13r <lc@edgeless.systems> 2022-07-08 04:59:59 -04:00			`keep_locally = true`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`}`

AB#2439 Containerized libvirt (#191) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-10-05 03:11:30 -04:00			`resource "docker_container" "qemu_metadata" {`
Use terraform in CLI to create QEMU cluster (#172) * Use terraform in CLI to create QEMU cluster * Dont allow qemu creation on os/arch other than linux/amd64 * Allow usage of --name flag for QEMU resources Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-09-26 09:52:31 -04:00			`name = "${var.name}-qemu-metadata"`
AB#2439 Containerized libvirt (#191) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-10-05 03:11:30 -04:00			`image = docker_image.qemu_metadata.latest`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`network_mode = "host"`
Only upload kubeadm certs if key is rotated Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: 3u13r <lc@edgeless.systems> 2022-07-08 04:59:59 -04:00			`rm = true`
Remove exposure of qemu ip_range_start value 2022-09-27 04:47:45 -04:00			`command = [`
Use terraform in CLI to create QEMU cluster (#172) * Use terraform in CLI to create QEMU cluster * Dont allow qemu creation on os/arch other than linux/amd64 * Allow usage of --name flag for QEMU resources Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-09-26 09:52:31 -04:00			`"--network",`
			`"${var.name}-network",`
AB#2439 Containerized libvirt (#191) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-10-05 03:11:30 -04:00			`"--libvirt-uri",`
			`"${var.metadata_libvirt_uri}",`
Use terraform in CLI to create QEMU cluster (#172) * Use terraform in CLI to create QEMU cluster * Dont allow qemu creation on os/arch other than linux/amd64 * Allow usage of --name flag for QEMU resources Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-09-26 09:52:31 -04:00			`]`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`mounts {`
AB#2439 Containerized libvirt (#191) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-10-05 03:11:30 -04:00			`source = abspath(var.libvirt_socket_path)`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`target = "/var/run/libvirt/libvirt-sock"`
Only upload kubeadm certs if key is rotated Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: 3u13r <lc@edgeless.systems> 2022-07-08 04:59:59 -04:00			`type = "bind"`
AB#2114 Add QEMU metadata API (#237) * Add QEMU metadata API * API server is started automatically when using terraform to deploy a QEMU cluster * Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-30 05:14:26 -04:00			`}`
			`}`

terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`module "control_plane" {`
			`source = "./modules/instance_group"`
			`role = "control-plane"`
			`amount = var.control_plane_count`
			`vcpus = var.vcpus`
			`memory = var.memory`
			`state_disk_size = var.state_disk_size`
			`cidr = "10.42.1.0/24"`
			`network_id = libvirt_network.constellation.id`
			`pool = libvirt_pool.cluster.name`
			`boot_volume_id = libvirt_volume.constellation_coreos_image.id`
Add machine variable to terraform module (#179) * add variable machine to enable/disable secure boot * add role description 2022-05-30 04:29:34 -04:00			`machine = var.machine`
Use terraform in CLI to create QEMU cluster (#172) * Use terraform in CLI to create QEMU cluster * Dont allow qemu creation on os/arch other than linux/amd64 * Allow usage of --name flag for QEMU resources Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-09-26 09:52:31 -04:00			`name = var.name`
terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`}`

			`module "worker" {`
			`source = "./modules/instance_group"`
			`role = "worker"`
			`amount = var.worker_count`
			`vcpus = var.vcpus`
			`memory = var.memory`
			`state_disk_size = var.state_disk_size`
			`cidr = "10.42.2.0/24"`
			`network_id = libvirt_network.constellation.id`
			`pool = libvirt_pool.cluster.name`
			`boot_volume_id = libvirt_volume.constellation_coreos_image.id`
Add machine variable to terraform module (#179) * add variable machine to enable/disable secure boot * add role description 2022-05-30 04:29:34 -04:00			`machine = var.machine`
Use terraform in CLI to create QEMU cluster (#172) * Use terraform in CLI to create QEMU cluster * Dont allow qemu creation on os/arch other than linux/amd64 * Allow usage of --name flag for QEMU resources Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-09-26 09:52:31 -04:00			`name = var.name`
terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`}`

			`resource "libvirt_pool" "cluster" {`
Use terraform in CLI to create QEMU cluster (#172) * Use terraform in CLI to create QEMU cluster * Dont allow qemu creation on os/arch other than linux/amd64 * Allow usage of --name flag for QEMU resources Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-09-26 09:52:31 -04:00			`name = "${var.name}-storage-pool"`
terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`type = "dir"`
			`path = "/var/lib/libvirt/images"`
			`}`

			`resource "libvirt_volume" "constellation_coreos_image" {`
Use terraform in CLI to create QEMU cluster (#172) * Use terraform in CLI to create QEMU cluster * Dont allow qemu creation on os/arch other than linux/amd64 * Allow usage of --name flag for QEMU resources Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-09-26 09:52:31 -04:00			`name = "${var.name}-node-image"`
terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`pool = libvirt_pool.cluster.name`
AB#1915 Local PCR calculation (#243) * Add QEMU cloud-logging * Add QEMU metadata endpoints to collect logs during cluster boot * Send PCRs to QEMU metadata if boot fails on Azure or GCP Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-07-04 06:59:43 -04:00			`source = var.constellation_coreos_image`
			`format = var.image_format`
terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`}`

			`resource "libvirt_network" "constellation" {`
Use terraform in CLI to create QEMU cluster (#172) * Use terraform in CLI to create QEMU cluster * Dont allow qemu creation on os/arch other than linux/amd64 * Allow usage of --name flag for QEMU resources Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-09-26 09:52:31 -04:00			`name = "${var.name}-network"`
terraform template libvirt Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-05-22 09:39:30 -04:00			`mode = "nat"`
			`addresses = ["10.42.0.0/16"]`
			`dhcp {`
			`enabled = true`
			`}`
			`dns {`
			`enabled = true`
			`}`
			`}`