Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-12-15 08:05:19 -05:00
Code Issues Projects Releases Packages Wiki Activity

terraform: Terraform module for AWS (#2503)

Browse source
This commit is contained in:
Adrian Stobbe 2023-11-08 19:10:01 +01:00 committed by GitHub
parent 0bac72261d
commit cea6204b37
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
94 changed files with 912 additions and 87 deletions
Download patch file Download diff file Expand all files Collapse all files

87
terraform/infrastructure/qemu/.terraform.lock.hcl generated Normal file
View file

@ -0,0 +1,87 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/dmacvicar/libvirt" {
version = "0.7.1"
constraints = "0.7.1"
hashes = [
"h1:1yEJVPVFkRkbRY63+sFRAWau/eJ0xlecHWLCV8spkWU=",
"h1:AJn6IML1iiq9oIUdDQTDApMvsfSKfMncF4RoKnhpNaY=",
"h1:G114r+ESpxpMCnBxFXZZ3+HktoNK4WXAJ5M3GRwvgBQ=",
"h1:ZG+KVAKVm++wfWnGdc8QIFn1LHRycUnmYibMg4REQyk=",
"h1:rDm9KgxNWuhdTCJpfepeTzCB/b24bKrOMN57637RZtU=",
"zh:1c59f2ab68da6326637ee8b03433e84af76b3e3562f251a7f2aa239a7b262a8d",
"zh:236e24ecf036e99d9d1e2081a39dc9cb4b8993850a37141a1449f20750f883d6",
"zh:4519c22b1f00c1d37d60ac6c2cb7ad5ab9dbcd44a80b4f61e68aacb54eae017d",
"zh:54de4e3c979c32af1dc71ec2846912f669a28bdb0990e8a3c1fb8fea4ede7b61",
"zh:6270a757bcf4e1f9efe47726cf0caefba30a25e59d151103cf03d1656325783c",
"zh:68b8586d5b29c0a1cb7c608a309b38db911449c072d60eee9e40e01881f1c23a",
"zh:724ba2290fea704714378e9363541420c36091e790c7f39150cde8987d4e0754",
"zh:7b6860c92376cdad98273aab4bea62546622e08f50733e4b2e58a7a859d3b49d",
"zh:986a0a4f8d9511c64bcac8010337deb43110b4c2f91969b2491fd9edc290b60e",
"zh:aff0f6f24d69cd97a44cd6059edaf355769fbb8a7643a6db4d52c9a94f98e194",
"zh:c46ca3f8384d06c13a7ed3d4b83c65b4f8dccbf9d5f624843b68d176add5c5c2",
"zh:ef310534e7d38153aca4ce31655b52a6e6c4d76f32e49732c96b62e9de1ee843",
"zh:f1566b094f4267ef2674889d874962dd41e0cba55251645e16d003c77ca8a19c",
"zh:f2e019df7b537069828c5537c481e5b7f41d2404eef6fe5c86702c20900b303d",
]
}
provider "registry.terraform.io/hashicorp/random" {
version = "3.5.1"
constraints = "3.5.1"
hashes = [
"h1:3hjTP5tQBspPcFAJlfafnWrNrKnr7J4Cp0qB9jbqf30=",
"h1:6FVyQ/aG6tawPam6B+oFjgdidKd83uG9n7dOSQ66HBA=",
"h1:IL9mSatmwov+e0+++YX2V6uel+dV6bn+fC/cnGDK3Ck=",
"h1:VSnd9ZIPyfKHOObuQCaKfnjIHRtR7qTw19Rz8tJxm+k=",
"h1:sZ7MTSD4FLekNN2wSNFGpM+5slfvpm5A/NLVZiB7CO0=",
"zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64",
"zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d",
"zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831",
"zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3",
"zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b",
"zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2",
"zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865",
"zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03",
"zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602",
"zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014",
]
}
provider "registry.terraform.io/kreuzwerker/docker" {
version = "3.0.2"
constraints = "3.0.2"
hashes = [
"h1:7JHMaq5/GEJg1g+7fc4p+/JDTAlA/gm7CQQlNTOATBc=",
"h1:AiY0E7SIA398B4VZwZ7S9CCcZoFLmAF2v5yQCBN0TAU=",
"h1:DcRxJArfX6EiATluWeCBW7HoD6usz9fMoTK2U3dmyPk=",
"h1:PyVpi9KjpKXU2IlpP6paeoSeCRz59ALOilkF9bo+Xe4=",
"h1:RK5HMr5FODIH9IxQGMClB6PS0q2QII9OP/WisO8K9CU=",
"h1:Wb5kwP+4FYEpM+oORAsa7UJNtpSi9N6CJxxC45vlIv8=",
"h1:XjdpVL61KtTsuPE8swok3GY8A+Bu3TZs8T2DOEpyiXo=",
"h1:YZJY8ZVZr30bgLEmsprLE8XWBisw4zzq8G4dEIYUvHM=",
"h1:Z1RxP35qnQ3F7W7YIehNBJVgbiKy5h8PKPeQwSB30R4=",
"h1:cT2ccWOtlfKYBUE60/v2/4Q6Stk1KYTNnhxSck+VPlU=",
"h1:f5QLFbvmpIkMnBnGfTXY8RtXOojo82xcE9L2xQDFC04=",
"h1:os8pBi4rbtFJJtzNWlcGhOVsz5V9UPJvo+L0wNQFYE8=",
"h1:tMiDR/3WQYAwE4Z7Xr1iqJN23z2GNr1ARis9yutVgjw=",
"h1:ytKK8fxS0qwNLZUgdm7KBRoyUnDBhWAIsqIaJ/AxFZA=",
"zh:15b0a2b2b563d8d40f62f83057d91acb02cd0096f207488d8b4298a59203d64f",
"zh:23d919de139f7cd5ebfd2ff1b94e6d9913f0977fcfc2ca02e1573be53e269f95",
"zh:38081b3fe317c7e9555b2aaad325ad3fa516a886d2dfa8605ae6a809c1072138",
"zh:4a9c5065b178082f79ad8160243369c185214d874ff5048556d48d3edd03c4da",
"zh:5438ef6afe057945f28bce43d76c4401254073de01a774760169ac1058830ac2",
"zh:60b7fadc287166e5c9873dfe53a7976d98244979e0ab66428ea0dea1ebf33e06",
"zh:61c5ec1cb94e4c4a4fb1e4a24576d5f39a955f09afb17dab982de62b70a9bdd1",
"zh:a38fe9016ace5f911ab00c88e64b156ebbbbfb72a51a44da3c13d442cd214710",
"zh:c2c4d2b1fd9ebb291c57f524b3bf9d0994ff3e815c0cd9c9bcb87166dc687005",
"zh:d567bb8ce483ab2cf0602e07eae57027a1a53994aba470fa76095912a505533d",
"zh:e83bf05ab6a19dd8c43547ce9a8a511f8c331a124d11ac64687c764ab9d5a792",
"zh:e90c934b5cd65516fbcc454c89a150bfa726e7cf1fe749790c7480bbeb19d387",
"zh:f05f167d2eaf913045d8e7b88c13757e3cf595dd5cd333057fdafc7c4b7fed62",
"zh:fcc9c1cea5ce85e8bcb593862e699a881bd36dffd29e2e367f82d15368659c3d",
]
}

127
terraform/infrastructure/qemu/main.tf Normal file
View file

@ -0,0 +1,127 @@
terraform {
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
version = "0.7.1"
}
docker = {
source = "kreuzwerker/docker"
version = "3.0.2"
}
}
}
provider "libvirt" {
uri = var.libvirt_uri
}
provider "docker" {
host = "unix:///var/run/docker.sock"
}
locals {
cidr_vpc_subnet_nodes = "10.42.0.0/22"
cidr_vpc_subnet_control_planes = "10.42.1.0/24"
cidr_vpc_subnet_worker = "10.42.2.0/24"
}
resource "random_password" "initSecret" {
length = 32
special = true
override_special = "_%@"
}
resource "docker_image" "qemu_metadata" {
name = var.metadata_api_image
keep_locally = true
}
resource "docker_container" "qemu_metadata" {
name = "${var.name}-qemu-metadata"
image = docker_image.qemu_metadata.image_id
network_mode = "host"
rm = true
command = [
"--network",
"${var.name}-network",
"--libvirt-uri",
"${var.metadata_libvirt_uri}",
"--initsecrethash",
"${random_password.initSecret.bcrypt_hash}",
]
mounts {
source = abspath(var.libvirt_socket_path)
target = "/var/run/libvirt/libvirt-sock"
type = "bind"
}
}
module "node_group" {
source = "./modules/instance_group"
base_name = var.name
for_each = var.node_groups
node_group_name = each.key
role = each.value.role
amount = each.value.initial_count
state_disk_size = each.value.disk_size
vcpus = each.value.vcpus
memory = each.value.memory
machine = var.machine
cidr = each.value.role == "control-plane" ? local.cidr_vpc_subnet_control_planes : local.cidr_vpc_subnet_worker
network_id = libvirt_network.constellation.id
pool = libvirt_pool.cluster.name
boot_mode = var.constellation_boot_mode
boot_volume_id = libvirt_volume.constellation_os_image.id
kernel_volume_id = local.kernel_volume_id
initrd_volume_id = local.initrd_volume_id
kernel_cmdline = each.value.role == "control-plane" ? local.kernel_cmdline : var.constellation_cmdline
firmware = var.firmware
nvram = var.nvram
}
resource "libvirt_pool" "cluster" {
name = "${var.name}-storage-pool"
type = "dir"
path = "/var/lib/libvirt/images"
}
resource "libvirt_volume" "constellation_os_image" {
name = "${var.name}-node-image"
pool = libvirt_pool.cluster.name
source = var.constellation_os_image
format = var.image_format
}
resource "libvirt_volume" "constellation_kernel" {
name = "${var.name}-kernel"
pool = libvirt_pool.cluster.name
source = var.constellation_kernel
format = "raw"
count = var.constellation_boot_mode == "direct-linux-boot" ? 1 : 0
}
resource "libvirt_volume" "constellation_initrd" {
name = "${var.name}-initrd"
pool = libvirt_pool.cluster.name
source = var.constellation_initrd
format = "raw"
count = var.constellation_boot_mode == "direct-linux-boot" ? 1 : 0
}
resource "libvirt_network" "constellation" {
name = "${var.name}-network"
mode = "nat"
addresses = ["10.42.0.0/16"]
dhcp {
enabled = true
}
dns {
enabled = true
}
}
locals {
kernel_volume_id = var.constellation_boot_mode == "direct-linux-boot" ? libvirt_volume.constellation_kernel[0].id : null
initrd_volume_id = var.constellation_boot_mode == "direct-linux-boot" ? libvirt_volume.constellation_initrd[0].id : null
kernel_cmdline = var.constellation_boot_mode == "direct-linux-boot" ? var.constellation_cmdline : null
}

45
terraform/infrastructure/qemu/modules/instance_group/domain.xsl Normal file
View file

@ -0,0 +1,45 @@
<xsl:stylesheet version="2.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output omit-xml-declaration="yes" indent="yes"/>
<xsl:template match="node()|@*">
<xsl:copy>
<xsl:apply-templates select="node()|@*"/>
</xsl:copy>
</xsl:template>
<xsl:template match="os">
<os>
<xsl:apply-templates select="@*|node()"/>
</os>
</xsl:template>
<xsl:template match="/domain/os/loader">
<xsl:copy>
<!--<xsl:apply-templates select="node()|@*"/>-->
<xsl:attribute name="secure">
<xsl:value-of select="'no'"/>
</xsl:attribute>
<xsl:attribute name="readonly">
<xsl:value-of select="'yes'"/>
</xsl:attribute>
<xsl:attribute name="type">
<xsl:value-of select="'pflash'"/>
</xsl:attribute>
<xsl:value-of select="."/>
</xsl:copy>
</xsl:template>
<xsl:template match="/domain/features">
<xsl:copy>
<xsl:apply-templates select="node()|@*"/>
<xsl:element name ="smm" />
</xsl:copy>
</xsl:template>
<xsl:template match="/domain/devices/tpm/backend">
<xsl:copy>
<xsl:apply-templates select="node()|@*"/>
<xsl:element name ="active_pcr_banks">
<xsl:element name="sha1"></xsl:element>
<xsl:element name="sha256"></xsl:element>
<xsl:element name="sha384"></xsl:element>
<xsl:element name="sha512"></xsl:element>
</xsl:element>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

99
terraform/infrastructure/qemu/modules/instance_group/main.tf Normal file
View file

@ -0,0 +1,99 @@
terraform {
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
version = "0.7.1"
}
random = {
source = "hashicorp/random"
version = "3.5.1"
}
}
}
resource "libvirt_domain" "instance_group" {
count = var.amount
name = "${var.base_name}-${var.role}-${local.group_uid}-${count.index}"
memory = var.memory
vcpu = var.vcpus
machine = var.machine
firmware = local.firmware
dynamic "cpu" {
for_each = var.boot_mode == "direct-linux-boot" ? [1] : []
content {
mode = "host-passthrough"
}
}
dynamic "nvram" {
for_each = var.boot_mode == "uefi" ? [1] : []
content {
file = "/var/lib/libvirt/qemu/nvram/${var.role}-${count.index}_VARS.fd"
template = var.nvram
}
}
xml {
xslt = file("${path.module}/${local.xslt_filename}")
}
kernel = local.kernel
initrd = local.initrd
cmdline = local.cmdline
tpm {
backend_type = "emulator"
backend_version = "2.0"
}
disk {
volume_id = element(libvirt_volume.boot_volume.*.id, count.index)
}
disk {
volume_id = element(libvirt_volume.state_volume.*.id, count.index)
}
network_interface {
network_id = var.network_id
hostname = "${var.role}-${count.index}"
addresses = [cidrhost(var.cidr, local.ip_range_start + count.index)]
wait_for_lease = true
}
console {
type = "pty"
target_port = "0"
}
}
resource "libvirt_volume" "boot_volume" {
count = var.amount
name = "constellation-${var.role}-${local.group_uid}-${count.index}-boot"
pool = var.pool
base_volume_id = var.boot_volume_id
lifecycle {
ignore_changes = [
name, # required. Allow legacy scale sets to keep their old names
]
}
}
resource "libvirt_volume" "state_volume" {
count = var.amount
name = "constellation-${var.role}-${local.group_uid}-${count.index}-state"
pool = var.pool
size = local.state_disk_size_byte
format = "qcow2"
lifecycle {
ignore_changes = [
name, # required. Allow legacy scale sets to keep their old names
]
}
}
resource "random_id" "uid" {
byte_length = 4
}
locals {
group_uid = random_id.uid.hex
state_disk_size_byte = 1073741824 * var.state_disk_size
ip_range_start = 100
kernel = var.boot_mode == "direct-linux-boot" ? var.kernel_volume_id : null
initrd = var.boot_mode == "direct-linux-boot" ? var.initrd_volume_id : null
cmdline = var.boot_mode == "direct-linux-boot" ? [{ "_" = var.kernel_cmdline }] : null
firmware = var.boot_mode == "uefi" ? var.firmware : null
xslt_filename = var.boot_mode == "direct-linux-boot" ? "tdx_domain.xsl" : "domain.xsl"
}

3
terraform/infrastructure/qemu/modules/instance_group/outputs.tf Normal file
View file

@ -0,0 +1,3 @@
output "instance_ips" {
value = flatten(libvirt_domain.instance_group[*].network_interface[*].addresses[*])
}

92
terraform/infrastructure/qemu/modules/instance_group/tdx_domain.xsl Normal file
View file

@ -0,0 +1,92 @@
<xsl:stylesheet version="2.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
<xsl:output omit-xml-declaration="yes" indent="yes"/>
<xsl:template match="node()|@*">
<xsl:copy>
<xsl:apply-templates select="node()|@*"/>
</xsl:copy>
</xsl:template>
<xsl:template match="/domain">
<xsl:copy>
<xsl:apply-templates select="node()|@*"/>
<xsl:element name ="clock">
<xsl:attribute name="offset">
<xsl:value-of select="'utc'"/>
</xsl:attribute>
<xsl:element name ="timer">
<xsl:attribute name="name">
<xsl:value-of select="'hpet'"/>
</xsl:attribute>
<xsl:attribute name="present">
<xsl:value-of select="'no'"/>
</xsl:attribute>
</xsl:element>
</xsl:element>
<xsl:element name ="on_poweroff"><xsl:text>destroy</xsl:text></xsl:element>
<xsl:element name ="on_reboot"><xsl:text>restart</xsl:text></xsl:element>
<xsl:element name ="on_crash"><xsl:text>destroy</xsl:text></xsl:element>
<xsl:element name ="pm">
<xsl:element name ="suspend-to-mem">
<xsl:attribute name="enable">
<xsl:value-of select="'no'"/>
</xsl:attribute>
</xsl:element>
<xsl:element name ="suspend-to-disk">
<xsl:attribute name="enable">
<xsl:value-of select="'no'"/>
</xsl:attribute>
</xsl:element>
</xsl:element>
<xsl:element name ="allowReboot">
<xsl:attribute name="value">
<xsl:value-of select="'no'"/>
</xsl:attribute>
</xsl:element>
<xsl:element name ="launchSecurity">
<xsl:attribute name="type">
<xsl:value-of select="'tdx'"/>
</xsl:attribute>
<xsl:element name ="policy"><xsl:text>0x10000001</xsl:text></xsl:element>
<xsl:element name ="Quote-Generation-Service"><xsl:text>vsock:2:4050</xsl:text></xsl:element>
</xsl:element>
<xsl:element name ="qemu:commandline" >
<xsl:element name ="qemu:arg">
<xsl:attribute name="value">
<xsl:value-of select="'-cpu'"/>
</xsl:attribute>
</xsl:element>
<xsl:element name ="qemu:arg">
<xsl:attribute name="value">
<xsl:value-of select="'host,-kvm-steal-time'"/>
</xsl:attribute>
</xsl:element>
</xsl:element>
</xsl:copy>
</xsl:template>
<xsl:template match="os">
<os>
<xsl:apply-templates select="@*|node()"/>
</os>
</xsl:template>
<xsl:template match="/domain/os/loader">
<loader>
<xsl:apply-templates select="node()"/>
</loader>
</xsl:template>
<xsl:template match="/domain/features">
<features>
<acpi/>
<apic/>
<ioapic driver="qemu"/>
</features>
</xsl:template>
<xsl:template match="/domain/vcpu">
<vcpu placement="static"><xsl:apply-templates select="@*|node()"/></vcpu>
</xsl:template>
<xsl:template match="/domain/devices/console">
<console type="pty">
<target type="virtio" port="1" />
</console>
</xsl:template>
<xsl:template match="/domain/devices/graphics"></xsl:template>
<xsl:template match="/domain/devices/rng"></xsl:template>
</xsl:stylesheet>

95
terraform/infrastructure/qemu/modules/instance_group/variables.tf Normal file
View file

@ -0,0 +1,95 @@
variable "amount" {
type = number
description = "amount of nodes"
}
variable "vcpus" {
type = number
description = "amount of vcpus per instance"
}
variable "memory" {
type = number
description = "amount of memory per instance (MiB)"
}
variable "state_disk_size" {
type = number
description = "size of state disk (GiB)"
}
variable "cidr" {
type = string
description = "subnet to use for dhcp"
}
variable "network_id" {
type = string
description = "id of the network to use"
}
variable "pool" {
type = string
description = "name of the storage pool to use"
}
variable "boot_mode" {
type = string
description = "boot mode. Can be 'uefi' or 'direct-linux-boot'"
validation {
condition = can(regex("^(uefi|direct-linux-boot)$", var.boot_mode))
error_message = "boot_mode must be 'uefi' or 'direct-linux-boot'"
}
}
variable "boot_volume_id" {
type = string
description = "id of the constellation boot disk"
}
variable "kernel_volume_id" {
type = string
description = "id of the constellation kernel volume"
default = ""
}
variable "initrd_volume_id" {
type = string
description = "id of the constellation initrd volume"
default = ""
}
variable "kernel_cmdline" {
type = string
description = "kernel cmdline"
default = ""
}
variable "role" {
type = string
description = "role of the node in the constellation. either 'control-plane' or 'worker'"
}
variable "machine" {
type = string
description = "machine type. use 'q35' for secure boot and 'pc' for non secure boot. See 'qemu-system-x86_64 -machine help'"
}
variable "firmware" {
type = string
description = "path to UEFI firmware file. Ignored for direct-linux-boot."
}
variable "nvram" {
type = string
description = "path to UEFI NVRAM template file. Used for secure boot."
}
variable "base_name" {
type = string
description = "name prefix of the cluster VMs"
}
variable "node_group_name" {
type = string
description = "name of the node group"
}

52
terraform/infrastructure/qemu/outputs.tf Normal file
View file

@ -0,0 +1,52 @@
output "out_of_cluster_endpoint" {
value = module.node_group["control_plane_default"].instance_ips[0]
}
output "in_cluster_endpoint" {
value = module.node_group["control_plane_default"].instance_ips[0]
}
output "api_server_cert_sans" {
value = sort(concat([module.node_group["control_plane_default"].instance_ips[0]], var.custom_endpoint == "" ? [] : [var.custom_endpoint]))
}
output "uid" {
value = "qemu" // placeholder
}
output "initSecret" {
value = random_password.initSecret.result
sensitive = true
}
output "validate_constellation_kernel" {
value = null
precondition {
condition = var.constellation_boot_mode != "direct-linux-boot" || length(var.constellation_kernel) > 0
error_message = "constellation_kernel must be set if constellation_boot_mode is 'direct-linux-boot'"
}
}
output "validate_constellation_initrd" {
value = null
precondition {
condition = var.constellation_boot_mode != "direct-linux-boot" || length(var.constellation_initrd) > 0
error_message = "constellation_initrd must be set if constellation_boot_mode is 'direct-linux-boot'"
}
}
output "validate_constellation_cmdline" {
value = null
precondition {
condition = var.constellation_boot_mode != "direct-linux-boot" || length(var.constellation_cmdline) > 0
error_message = "constellation_cmdline must be set if constellation_boot_mode is 'direct-linux-boot'"
}
}
output "name" {
value = "${var.name}-qemu" // placeholder, as per "uid" output
}
output "ip_cidr_nodes" {
value = local.cidr_vpc_subnet_nodes
}

104
terraform/infrastructure/qemu/variables.tf Normal file
View file

@ -0,0 +1,104 @@
variable "node_groups" {
type = map(object({
role = string
initial_count = number // number of instances in the node group
disk_size = number // size of state disk (GiB)
vcpus = number
memory = number // amount of memory per instance (MiB)
}))
validation {
condition = can([for group in var.node_groups : group.role == "control-plane" || group.role == "worker"])
error_message = "The role has to be 'control-plane' or 'worker'."
}
description = "A map of node group names to node group configurations."
}
variable "machine" {
type = string
default = "q35"
description = "machine type. use 'q35' for secure boot and 'pc' for non secure boot. See 'qemu-system-x86_64 -machine help'"
}
variable "libvirt_uri" {
type = string
description = "libvirt socket uri"
}
variable "constellation_boot_mode" {
type = string
description = "constellation boot mode. Can be 'uefi' or 'direct-linux-boot'"
validation {
condition = anytrue([
var.constellation_boot_mode == "uefi",
var.constellation_boot_mode == "direct-linux-boot",
])
error_message = "constellation_boot_mode must be 'uefi' or 'direct-linux-boot'"
}
}
variable "constellation_os_image" {
type = string
description = "constellation OS file path"
}
variable "constellation_kernel" {
type = string
description = "constellation Kernel file path"
default = ""
}
variable "constellation_initrd" {
type = string
description = "constellation initrd file path"
default = ""
}
variable "constellation_cmdline" {
type = string
description = "constellation kernel cmdline"
default = ""
}
variable "image_format" {
type = string
default = "qcow2"
description = "image format"
}
variable "firmware" {
type = string
default = "/usr/share/OVMF/OVMF_CODE.secboot.fd"
description = "path to UEFI firmware file. Use \"OVMF_CODE_4M.ms.fd\" on Ubuntu and \"OVMF_CODE.fd\" or \"OVMF_CODE.secboot.fd\" on Fedora."
}
variable "nvram" {
type = string
description = "path to UEFI NVRAM template file. Used for secure boot."
}
variable "metadata_api_image" {
type = string
description = "container image of the QEMU metadata api server"
}
variable "metadata_libvirt_uri" {
type = string
description = "libvirt uri for the metadata api server"
}
variable "libvirt_socket_path" {
type = string
description = "path to libvirt socket in case of unix socket"
}
variable "name" {
type = string
default = "constellation"
description = "name prefix of the cluster VMs"
}
variable "custom_endpoint" {
type = string
default = ""
description = "Custom endpoint to use for the Kubernetes apiserver. If not set, the default endpoint will be used."
}