mirror of
https://github.com/puppetmaster/typhoon.git
synced 2025-01-28 02:58:30 +01:00
d276fffcda
* Terraform v0.11.4 introduced changes to remote-exec that mean Typhoon bare-metal clusters require multiple runs of terraform apply to ssh and bootstrap. * Bare-metal installs PXE boot a live instance to install to disk and then reboot from disk as controllers/workers. Terraform remote-exec has no way to "know" to wait until the reboot has occurred to kickoff Kubernetes bootstrap. Previously Typhoon created a "debug" user during this install phase to allow an admin to SSH, but remote-exec would hang, trying to connect as user "core". Terraform v0.11.4 changes this behavior so remote-exec fails and a user must re-run terraform apply until succeeding. * A new way to "trick" remote-exec into waiting for the reboot into the disk install is to run SSH on a non-standard port during the disk install. This retains the ability for an admin to SSH during install (most distros don't have this) and fixes the issue so only a single run of terraform apply is needed. * https://github.com/hashicorp/terraform/pull/17359#issuecomment-376415464
48 lines
1.3 KiB
Cheetah
48 lines
1.3 KiB
Cheetah
---
|
|
systemd:
|
|
units:
|
|
- name: installer.service
|
|
enable: true
|
|
contents: |
|
|
[Unit]
|
|
Requires=network-online.target
|
|
After=network-online.target
|
|
[Service]
|
|
Type=simple
|
|
ExecStart=/opt/installer
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
# Avoid using the standard SSH port so terraform apply cannot SSH until
|
|
# post-install. But admins may SSH to debug disk install problems.
|
|
# After install, sshd will use port 22 and users/terraform can connect.
|
|
- name: sshd.socket
|
|
dropins:
|
|
- name: 10-sshd-port.conf
|
|
contents: |
|
|
[Socket]
|
|
ListenStream=
|
|
ListenStream=2222
|
|
storage:
|
|
files:
|
|
- path: /opt/installer
|
|
filesystem: root
|
|
mode: 0500
|
|
contents:
|
|
inline: |
|
|
#!/bin/bash -ex
|
|
curl --retry 10 "${ignition_endpoint}?{{.request.raw_query}}&os=installed" -o ignition.json
|
|
coreos-install \
|
|
-d ${install_disk} \
|
|
-C ${container_linux_channel} \
|
|
-V ${container_linux_version} \
|
|
-o "${container_linux_oem}" \
|
|
${baseurl_flag} \
|
|
-i ignition.json
|
|
udevadm settle
|
|
systemctl reboot
|
|
passwd:
|
|
users:
|
|
- name: core
|
|
ssh_authorized_keys:
|
|
- "${ssh_authorized_key}"
|