feat: Initial Commit - Setting up proxmox vm deployments

AaronForce1 · Nov 2, 2023 · 5edad75 · 5edad75
1 parent d52e07b
commit 5edad75
Show file tree

Hide file tree

Showing 12 changed files with 407 additions and 34 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,34 +1,34 @@
-# Local .terraform directories
-**/.terraform/*
-
-# .tfstate files
-*.tfstate
-*.tfstate.*
-
-# Crash log files
-crash.log
-crash.*.log
-
-# Exclude all .tfvars files, which are likely to contain sensitive data, such as
-# password, private keys, and other secrets. These should not be part of version 
-# control as they are data points which are potentially sensitive and subject 
-# to change depending on the environment.
-*.tfvars
-*.tfvars.json
-
-# Ignore override files as they are usually used to override resources locally and so
-# are not checked in
-override.tf
-override.tf.json
-*_override.tf
-*_override.tf.json
-
-# Include override files you do wish to add to version control using negated pattern
-# !example_override.tf
-
-# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
-# example: *tfplan*
-
-# Ignore CLI configuration files
-.terraformrc
-terraform.rc
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -0,0 +1,80 @@
+include:
+  - template: Terraform/Base.gitlab-ci.yml  
+  - template: Jobs/SAST-IaC.gitlab-ci.yml   
+
+# Default output file for Terraform plan
+variables:
+  DOCKER_DRIVER: overlay2
+  DOCKER_HOST: tcp://docker:2376
+  DOCKER_TLS_CERTDIR: "/certs"
+  DOCKER_TLS_VERIFY: 1
+  DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
+  GITLAB_USERNAME: gitlab-ci-token
+  GITLAB_PASSWORD: $CI_JOB_TOKEN
+  CONTAINER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
+  AWS_DEFAULT_REGION: ap-southeast-1
+  GITLAB_TOKEN: $CI_JOB_TOKEN
+
+cache:
+  key: "$CI_COMMIT_REF_SLUG"
+  paths:
+    - .terraform
+
+stages:
+  - validate
+  - test
+
+##################################
+#### ------------------------ ####
+####      TERRAFORM JOBS      ####
+####         (Linting)        ####
+#### ------------------------ ####
+##################################
+
+## VALIDATE
+fmt:
+  extends: .terraform:fmt
+  image: registry.gitlab.com/gitlab-org/terraform-images/releases/1.5:v1.5.0
+  only:
+    changes:
+      - ".gitlab-ci.yml"
+      - "*.tf"
+      - "**/*.tf"
+  except:
+    refs: 
+    - main
+    - tags
+  needs: []
+
+validate:
+  extends: .terraform:validate
+  image: registry.gitlab.com/gitlab-org/terraform-images/releases/1.5:v1.5.0
+  only:
+    changes:
+      - ".gitlab-ci.yml"
+      - "*.tf"
+      - "**/*.tf"
+  except:
+    refs: 
+    - main
+    - tags
+  needs: []
+
+tfsec:
+  image: 
+    name: wesleydeanflexion/tfsec
+    entrypoint:
+      - '/usr/bin/env'
+      - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/go/bin'
+  stage: test
+  only:
+    changes:
+      - ".gitlab-ci.yml"
+      - "*.tf"
+      - "**/*.tf"
+  before_script:
+    - tfsec -v
+  script: tfsec --config-file .tfsec.yml . -f json | tee gl-sast-report.json
+  artifacts:
+    reports:
+      sast: gl-sast-report.json
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,10 @@
+exclude: (^examples/|archive/)
+repos:
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.83.5
+  hooks:
+    - id: terraform_fmt
+    - id: terraform_docs
+    - id: terraform_validate
+    - id: terraform_tflint
+    - id: terraform_tfsec
diff --git a/.releaserc b/.releaserc
@@ -0,0 +1,11 @@
+# Code generated by dev-tools. DO NOT EDIT.
+{
+  "branches": [
+    "main"
+  ],
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    "@semantic-release/gitlab"
+  ]
+}
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/.tflint.hcl b/.tflint.hcl
@@ -0,0 +1,4 @@
+plugin "terraform" {
+  enabled = true
+  preset  = "recommended"
+}
diff --git a/.tfsec.yml b/.tfsec.yml
@@ -0,0 +1,2 @@
+---
+exclude: []
diff --git a/LICENSE b/LICENSE
@@ -631,8 +631,13 @@ to attach them to the start of each source file to most effectively
 state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
 
+<<<<<<< HEAD
     <one line to give the program's name and a brief idea of what it does.>
     Copyright (C) <year>  <name of author>
+=======
+    {one line to give the program's name and a brief idea of what it does.}
+    Copyright (C) {year}  {name of author}
+>>>>>>> 3243722 (feat: Initial Commit - Setting up proxmox vm deployments)
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -645,14 +650,22 @@ the "copyright" line and a pointer to where the full notice is found.
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
+<<<<<<< HEAD
     along with this program.  If not, see <https://www.gnu.org/licenses/>.
+=======
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+>>>>>>> 3243722 (feat: Initial Commit - Setting up proxmox vm deployments)
 
 Also add information on how to contact you by electronic and paper mail.
 
   If the program does terminal interaction, make it output a short
 notice like this when it starts in an interactive mode:
 
+<<<<<<< HEAD
     <program>  Copyright (C) <year>  <name of author>
+=======
+    {project}  Copyright (C) {year}  {fullname}
+>>>>>>> 3243722 (feat: Initial Commit - Setting up proxmox vm deployments)
     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it
     under certain conditions; type `show c' for details.
@@ -664,11 +677,19 @@ might be different; for a GUI interface, you would use an "about box".
   You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU GPL, see
+<<<<<<< HEAD
 <https://www.gnu.org/licenses/>.
+=======
+<http://www.gnu.org/licenses/>.
+>>>>>>> 3243722 (feat: Initial Commit - Setting up proxmox vm deployments)
 
   The GNU General Public License does not permit incorporating your program
 into proprietary programs.  If your program is a subroutine library, you
 may consider it more useful to permit linking proprietary applications with
 the library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.  But first, please read
+<<<<<<< HEAD
 <https://www.gnu.org/licenses/why-not-lgpl.html>.
+=======
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.
+>>>>>>> 3243722 (feat: Initial Commit - Setting up proxmox vm deployments)
diff --git a/README.md b/README.md
@@ -0,0 +1,45 @@
+# ![Terraform](https://img.shields.io/badge/terraform-%235835CC.svg?style=for-the-badge&logo=terraform&logoColor=white) <br/> terraform-proxmox-vm-cluster
+
+[![Terraform Version](https://img.shields.io/badge/Terraform%20Version-%3E=1.5-623CE4.svg)](https://github.com/hashicorp/terraform)
+
+Terraform module built to integrate with PROXMOX On-Prem Hypervisor and deploy VMs with Cloud-Init based on an existing VM or Template. The cluster of vms are typically used to run kubernetes on-prem with kubespray.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
+| <a name="requirement_proxmox"></a> [proxmox](#requirement\_proxmox) | ~>2.9 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.5 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_proxmox"></a> [proxmox](#provider\_proxmox) | 2.9.14 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.5.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [proxmox_vm_qemu.vm](https://registry.terraform.io/providers/Telmate/proxmox/latest/docs/resources/vm_qemu) | resource |
+| [random_integer.vm-id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_proxmox_defaults"></a> [proxmox\_defaults](#input\_proxmox\_defaults) | Default Proxmox Configurations for Simplicity of Deployment | <pre>object({<br>    cores         = number<br>    sockets       = number<br>    memory        = number<br>    hotplug       = string<br>    proxmox_clone = string<br>    disk_configuration = list(object({<br>      type    = string<br>      storage = string<br>      size    = string<br>    }))<br>    network_configuration = list(object({<br>      model  = string<br>      bridge = string<br>    }))<br>    os          = string<br>    target_node = string<br>  })</pre> | <pre>{<br>  "cores": 1,<br>  "disk_configuration": [<br>    {<br>      "size": "50G",<br>      "storage": "local-btrfs",<br>      "type": "virtio"<br>    }<br>  ],<br>  "hotplug": "network,disk,cpu,memory",<br>  "memory": 2048,<br>  "network_configuration": [<br>    {<br>      "bridge": "vmbr0",<br>      "model": "virtio"<br>    }<br>  ],<br>  "os": "debian",<br>  "proxmox_clone": "debian-12-infra-compute-template",<br>  "sockets": 1,<br>  "target_node": "compute-1"<br>}</pre> | no |
+| <a name="input_proxmox_ssh"></a> [proxmox\_ssh](#input\_proxmox\_ssh) | SSH Keys to provision on the VM | `string` | `""` | no |
+| <a name="input_proxmox_vms"></a> [proxmox\_vms](#input\_proxmox\_vms) | Proxmox VMs to be provisioned | <pre>list(object({<br>    name           = string<br>    id             = number<br>    ipconfig       = string<br>    target_node    = optional(string)<br>    clone_override = optional(bool)<br>    full_clone     = optional(bool)<br>    os             = optional(string)<br>    cores          = optional(number)<br>    sockets        = optional(number)<br>    memory         = optional(number)<br>    hotplug        = optional(string)<br>    scsihw         = optional(string)<br>    sshkeys        = optional(string)<br>    network_configuration = list(object({<br>      model  = string<br>      bridge = string<br>    }))<br>    disk_configuration = list(object({<br>      type    = string<br>      storage = string<br>      size    = string<br>    }))<br>  }))</pre> | `[]` | no |
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/proxmox-vm.tf b/proxmox-vm.tf
@@ -0,0 +1,63 @@
+resource "proxmox_vm_qemu" "vm" {
+  for_each = {
+    for vm in var.proxmox_vms : vm.name => vm
+  }
+
+  # Node name has to be the same name as within the cluster
+  # this might not include the FQDN
+  target_node = coalesce(each.value.target_node, var.proxmox_defaults.target_node)
+
+  # The template name to clone this vm from
+  clone      = coalesce(each.value.clone_override, var.proxmox_defaults.proxmox_clone)
+  full_clone = coalesce(each.value.full_clone, true)
+
+  vmid = coalesce(each.value.id, random_integer.vm-id.result)
+
+  name = each.value.name
+
+  ## With preprovision, you can provision a VM directly from the resource block. 
+  ## This provisioning method is therefore ran ** before** provision blocks.
+  ## When using preprovision, there are three os_type options: ubuntu, centos or cloud-init.
+  os_type = "cloud-init"
+  ciuser  = coalesce(each.value.os, var.proxmox_defaults.os)
+
+  ## Resource Configuration
+  cores   = coalesce(each.value.cores, var.proxmox_defaults.cores)
+  sockets = coalesce(each.value.sockets, var.proxmox_defaults.sockets)
+  memory  = coalesce(each.value.memory, var.proxmox_defaults.memory)
+  hotplug = coalesce(each.value.hotplug, var.proxmox_defaults.hotplug)
+
+
+  boot = "c"
+
+  sshkeys = coalesce(each.value.sshkeys, var.proxmox_ssh)
+
+  scsihw = coalesce(each.value.scsihw, "virtio-scsi-single")
+
+  # Setup the disk
+  dynamic "disk" {
+    for_each = coalesce(each.value.disk_configuration, var.proxmox_defaults.disk_configuration)
+    content {
+      size    = each.value.size
+      type    = each.value.type
+      storage = each.value.storage
+    }
+  }
+
+  dynamic "network" {
+    for_each = coalesce(each.value.network_configuration, var.proxmox_defaults.network_configuration)
+    content {
+      model  = each.value.model
+      bridge = each.value.bridge
+    }
+  }
+
+  # Setup the ip address using cloud-init.
+  # Keep in mind to use the CIDR notation for the ip.
+  ipconfig0 = each.value.ipconfig
+}
+
+resource "random_integer" "vm-id" {
+  min = 90000
+  max = 100000
+}