nicolas
/
terraform-lab
mirror of https://github.com/nmasse-itix/terraform-lab.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

new lab

main
Nicolas Massé 3 years ago
parent
b50abd6886
commit
5d4f2bdede
6 changed files with 353 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 30
      aws-ec2-podman/README.md
  2. 3
      aws-ec2-podman/cloud-init/.gitignore
  3. 25
      aws-ec2-podman/cloud-init/generate-users.sh
  4. 26
      aws-ec2-podman/cloud-init/install-libvirt.sh
  5. 124
      aws-ec2-podman/cloud-init/user-data.yaml
  6. 145
      aws-ec2-podman/main.tf

30
aws-ec2-podman/README.md
View File

@ -0,0 +1,30 @@
# Podman Lab on AWS EC2
## Development on local machine
Pre-requisites: Libvirt on Fedora
```sh
cd cloud-init
./install-libvirt.sh
```
## Installation on AWS EC2
Pre-requisites:
- Terraform
- OpenSSL
- Bash
- mkpasswd
- gzip
```sh
cd cloud-init
./generate-users.sh
cd ..
terraform init
terraform apply
```
User accounts are in **cloud-init/users.csv**.

3
aws-ec2-podman/cloud-init/.gitignore
View File

@ -0,0 +1,3 @@
users.csv
users.yaml
user-data.yaml.gz

25
aws-ec2-podman/cloud-init/generate-users.sh
View File

@ -0,0 +1,25 @@
#!/bin/bash
set -Eeuo pipefail
echo -n > users.yaml
echo "username,password" > users.csv
read -p 'MASTER KEY: ' -s MASTER_KEY
for i in $(seq 1 80); do
user="$(printf 'user%02d' $i)"
password="$(echo -n "$MASTER_KEY:$user" | openssl dgst -sha256 -binary | openssl base64 | cut -c 1-8)"
echo "$user,$password" >> users.csv
hash="$(echo -n "$password" | mkpasswd -m sha512crypt -s)"
cat >> users.yaml <<EOF
- name: $user
gecos: Utilisateur $i
shell: /bin/bash
primary_group: lab
lock_passwd: false
passwd: $hash
EOF
done
cat user-data.yaml users.yaml | gzip -c > user-data.yaml.gz

26
aws-ec2-podman/cloud-init/install-libvirt.sh
View File

@ -0,0 +1,26 @@
#!/bin/bash
set -Eeuo pipefail
virsh destroy lab-podman || true
virsh undefine lab-podman || true
rm -rf /var/lib/libvirt/images/lab-podman
mkdir -p /var/lib/libvirt/images/base-images /var/lib/libvirt/images/lab-podman
if [ ! -f /var/lib/libvirt/images/base-images/Fedora-Cloud-Base-36-1.5.x86_64.qcow2 ]; then
curl -Lo /var/lib/libvirt/images/base-images/Fedora-Cloud-Base-36-1.5.x86_64.qcow2 https://download.fedoraproject.org/pub/fedora/linux/releases/36/Cloud/x86_64/images/Fedora-Cloud-Base-36-1.5.x86_64.qcow2
fi
# dnf install -y cloud-utils genisoimage
cloud-localds /var/lib/libvirt/images/lab-podman/cloud-init.iso user-data.yaml
virt-install --name lab-podman --autostart --noautoconsole --cpu host-passthrough \
--vcpus 2 --ram 4096 --os-variant fedora36 \
--disk path=/var/lib/libvirt/images/lab-podman/lab-podman.qcow2,backing_store=/var/lib/libvirt/images/base-images/Fedora-Cloud-Base-36-1.5.x86_64.qcow2,size=20 \
--network network=default \
--console pty,target.type=virtio --serial pty --import \
--disk path=/var/lib/libvirt/images/lab-podman/cloud-init.iso,readonly=on \
--sysinfo system.serial=ds=nocloud
virsh console lab-podman

124
aws-ec2-podman/cloud-init/user-data.yaml
View File

@ -0,0 +1,124 @@
#cloud-config
packages:
- zsh
- neofetch
- podman
- buildah
- skopeo
- jq
- curl
- vim-enhanced
- java-17-openjdk-headless
- maven-openjdk17
- git
runcmd:
# Disable SSH password authentication
- [ "sed", "-i.post-install", "-e", "s/PasswordAuthentication no/PasswordAuthentication yes/", "/etc/ssh/sshd_config" ]
- [ "systemctl", "restart", "sshd" ]
# Enable sudo without password
- [ "sed", "-i.post-install", "-e", "s/^%wheel\tALL=(ALL)\tALL/%wheel ALL=(ALL) NOPASSWD: ALL/", "/etc/sudoers" ]
write_files:
- path: /etc/neofetch/config.conf
content: |
print_info() {
info title
info underline
info "OS" distro
info "Host" model
info "Kernel" kernel
info "Uptime" uptime
info "Shell" shell
info "CPU" cpu
info "Memory" memory
info "CPU Usage" cpu_usage
info "Disk" disk
info "Local IP" local_ip
info "Public IP" public_ip
info cols
}
title_fqdn="off"
kernel_shorthand="on"
distro_shorthand="off"
os_arch="on"
uptime_shorthand="on"
memory_percent="on"
memory_unit="gib"
package_managers="on"
shell_path="off"
shell_version="on"
speed_type="bios_limit"
speed_shorthand="off"
cpu_brand="on"
cpu_speed="on"
cpu_cores="logical"
cpu_temp="off"
gpu_brand="on"
gpu_type="all"
refresh_rate="off"
gtk_shorthand="off"
gtk2="on"
gtk3="on"
public_ip_host="http://ident.me"
public_ip_timeout=2
de_version="on"
disk_show=('/')
disk_subtitle="mount"
disk_percent="on"
music_player="auto"
song_format="%artist% - %album% - %title%"
song_shorthand="off"
mpc_args=()
colors=(distro)
bold="on"
underline_enabled="on"
underline_char="-"
separator=":"
block_range=(0 15)
color_blocks="off"
block_width=3
block_height=1
col_offset="auto"
bar_char_elapsed="-"
bar_char_total="="
bar_border="on"
bar_length=15
bar_color_elapsed="distro"
bar_color_total="distro"
cpu_display="off"
memory_display="off"
battery_display="off"
disk_display="off"
image_backend="ascii"
image_source="auto"
ascii_distro="auto"
ascii_colors=(distro)
ascii_bold="on"
image_loop="off"
thumbnail_dir="${XDG_CACHE_HOME:-${HOME}/.cache}/thumbnails/neofetch"
crop_mode="normal"
crop_offset="center"
image_size="auto"
gap=3
yoffset=0
xoffset=0
background_color=
stdout="off"
- path: /etc/profile.d/neofetch.sh
content: |
#!/bin/bash
if [ -n "$PS1" ]; then
neofetch --config /etc/neofetch/config.conf
fi
permissions: '0755'
groups:
- lab
users:
- name: nicolas
gecos: Nicolas MASSE
shell: /bin/bash
primary_group: wheel
lock_passwd: false
# mkpasswd -m sha512crypt
passwd: CHANGEME
ssh_authorized_keys:
- ssh-ed25519 UPDATEME nmasse@redhat.com

145
aws-ec2-podman/main.tf
View File

@ -0,0 +1,145 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "4.34.0"
}
}
}
provider "aws" {
region = "eu-west-3"
}
provider "aws" {
region = "us-east-1"
alias = "aws-us"
}
data "aws_ami" "fedora" {
provider = aws.aws-us
most_recent = true
filter {
name = "name"
values = ["Fedora-Cloud-Base-36*x86_64-hvm-*-gp2-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["125523088429"] # Fedora
}
resource "aws_ami_copy" "lab_ami" {
name = "Fedora-Cloud-Base-36.x86_64-hvm-eu-west-3-gp2-0"
description = "A copy of Fedora-Cloud-Base-36-20221013.0.x86_64-hvm-us-east-1-gp2-0"
source_ami_id = data.aws_ami.fedora.id
source_ami_region = "us-east-1"
tags = {
Name = "lab-podman"
}
}
resource "aws_vpc" "lab_vpc" {
cidr_block = "172.16.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "lab-podman"
}
}
resource "aws_subnet" "lab_subnet" {
vpc_id = aws_vpc.lab_vpc.id
cidr_block = "172.16.10.0/24"
map_public_ip_on_launch = true
tags = {
Name = "lab-podman"
}
}
resource "aws_route_table" "lab_route" {
vpc_id = aws_vpc.lab_vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.lab_gw.id
}
tags = {
Name = "lab-podman"
}
}
resource "aws_route_table_association" "lab_rta" {
subnet_id = aws_subnet.lab_subnet.id
route_table_id = aws_route_table.lab_route.id
}
resource "aws_security_group" "lab_podman" {
vpc_id = aws_vpc.lab_vpc.id
ingress {
description = "Incoming SSH connection"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
description = "Outgoing connections"
from_port = 0
to_port = 0
protocol = -1
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "lab-podman"
}
}
resource "aws_internet_gateway" "lab_gw" {
vpc_id = aws_vpc.lab_vpc.id
tags = {
Name = "lab-podman"
}
}
resource "aws_key_pair" "admin" {
key_name = "lab-podman-nmasse@redhat.com"
public_key = file("~/.ssh/id_ed25519.pub")
tags = {
Name = "lab-podman"
}
}
resource "aws_instance" "lab_podman" {
ami = aws_ami_copy.lab_ami.id
instance_type = "m5a.xlarge"
key_name = aws_key_pair.admin.key_name
subnet_id = aws_subnet.lab_subnet.id
depends_on = [aws_internet_gateway.lab_gw]
vpc_security_group_ids = [aws_security_group.lab_podman.id]
user_data = filebase64("cloud-init/user-data.yaml.gz")
associate_public_ip_address = true
credit_specification {
cpu_credits = "unlimited"
}
tags = {
Name = "lab-podman"
}
}
output "public_ip" {
value = aws_instance.lab_podman.public_ip
}
Write Preview
Loading…
Cancel
Save