-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Initial Commit - Setting up proxmox vm deployments
- Loading branch information
1 parent
d52e07b
commit 5edad75
Showing
12 changed files
with
407 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,34 +1,34 @@ | ||
# Local .terraform directories | ||
**/.terraform/* | ||
|
||
# .tfstate files | ||
*.tfstate | ||
*.tfstate.* | ||
|
||
# Crash log files | ||
crash.log | ||
crash.*.log | ||
|
||
# Exclude all .tfvars files, which are likely to contain sensitive data, such as | ||
# password, private keys, and other secrets. These should not be part of version | ||
# control as they are data points which are potentially sensitive and subject | ||
# to change depending on the environment. | ||
*.tfvars | ||
*.tfvars.json | ||
|
||
# Ignore override files as they are usually used to override resources locally and so | ||
# are not checked in | ||
override.tf | ||
override.tf.json | ||
*_override.tf | ||
*_override.tf.json | ||
|
||
# Include override files you do wish to add to version control using negated pattern | ||
# !example_override.tf | ||
|
||
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan | ||
# example: *tfplan* | ||
|
||
# Ignore CLI configuration files | ||
.terraformrc | ||
terraform.rc | ||
# Local .terraform directories | ||
**/.terraform/* | ||
|
||
# .tfstate files | ||
*.tfstate | ||
*.tfstate.* | ||
|
||
# Crash log files | ||
crash.log | ||
crash.*.log | ||
|
||
# Exclude all .tfvars files, which are likely to contain sensitive data, such as | ||
# password, private keys, and other secrets. These should not be part of version | ||
# control as they are data points which are potentially sensitive and subject | ||
# to change depending on the environment. | ||
*.tfvars | ||
*.tfvars.json | ||
|
||
# Ignore override files as they are usually used to override resources locally and so | ||
# are not checked in | ||
override.tf | ||
override.tf.json | ||
*_override.tf | ||
*_override.tf.json | ||
|
||
# Include override files you do wish to add to version control using negated pattern | ||
# !example_override.tf | ||
|
||
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan | ||
# example: *tfplan* | ||
|
||
# Ignore CLI configuration files | ||
.terraformrc | ||
terraform.rc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
include: | ||
- template: Terraform/Base.gitlab-ci.yml | ||
- template: Jobs/SAST-IaC.gitlab-ci.yml | ||
|
||
# Default output file for Terraform plan | ||
variables: | ||
DOCKER_DRIVER: overlay2 | ||
DOCKER_HOST: tcp://docker:2376 | ||
DOCKER_TLS_CERTDIR: "/certs" | ||
DOCKER_TLS_VERIFY: 1 | ||
DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client" | ||
GITLAB_USERNAME: gitlab-ci-token | ||
GITLAB_PASSWORD: $CI_JOB_TOKEN | ||
CONTAINER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG | ||
AWS_DEFAULT_REGION: ap-southeast-1 | ||
GITLAB_TOKEN: $CI_JOB_TOKEN | ||
|
||
cache: | ||
key: "$CI_COMMIT_REF_SLUG" | ||
paths: | ||
- .terraform | ||
|
||
stages: | ||
- validate | ||
- test | ||
|
||
################################## | ||
#### ------------------------ #### | ||
#### TERRAFORM JOBS #### | ||
#### (Linting) #### | ||
#### ------------------------ #### | ||
################################## | ||
|
||
## VALIDATE | ||
fmt: | ||
extends: .terraform:fmt | ||
image: registry.gitlab.com/gitlab-org/terraform-images/releases/1.5:v1.5.0 | ||
only: | ||
changes: | ||
- ".gitlab-ci.yml" | ||
- "*.tf" | ||
- "**/*.tf" | ||
except: | ||
refs: | ||
- main | ||
- tags | ||
needs: [] | ||
|
||
validate: | ||
extends: .terraform:validate | ||
image: registry.gitlab.com/gitlab-org/terraform-images/releases/1.5:v1.5.0 | ||
only: | ||
changes: | ||
- ".gitlab-ci.yml" | ||
- "*.tf" | ||
- "**/*.tf" | ||
except: | ||
refs: | ||
- main | ||
- tags | ||
needs: [] | ||
|
||
tfsec: | ||
image: | ||
name: wesleydeanflexion/tfsec | ||
entrypoint: | ||
- '/usr/bin/env' | ||
- 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/go/bin' | ||
stage: test | ||
only: | ||
changes: | ||
- ".gitlab-ci.yml" | ||
- "*.tf" | ||
- "**/*.tf" | ||
before_script: | ||
- tfsec -v | ||
script: tfsec --config-file .tfsec.yml . -f json | tee gl-sast-report.json | ||
artifacts: | ||
reports: | ||
sast: gl-sast-report.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
exclude: (^examples/|archive/) | ||
repos: | ||
- repo: https://github.com/antonbabenko/pre-commit-terraform | ||
rev: v1.83.5 | ||
hooks: | ||
- id: terraform_fmt | ||
- id: terraform_docs | ||
- id: terraform_validate | ||
- id: terraform_tflint | ||
- id: terraform_tfsec |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# Code generated by dev-tools. DO NOT EDIT. | ||
{ | ||
"branches": [ | ||
"main" | ||
], | ||
"plugins": [ | ||
"@semantic-release/commit-analyzer", | ||
"@semantic-release/release-notes-generator", | ||
"@semantic-release/gitlab" | ||
] | ||
} |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
plugin "terraform" { | ||
enabled = true | ||
preset = "recommended" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
--- | ||
exclude: [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
# ![Terraform](https://img.shields.io/badge/terraform-%235835CC.svg?style=for-the-badge&logo=terraform&logoColor=white) <br/> terraform-proxmox-vm-cluster | ||
|
||
[![Terraform Version](https://img.shields.io/badge/Terraform%20Version-%3E=1.5-623CE4.svg)](https://github.com/hashicorp/terraform) | ||
|
||
Terraform module built to integrate with PROXMOX On-Prem Hypervisor and deploy VMs with Cloud-Init based on an existing VM or Template. The cluster of vms are typically used to run kubernetes on-prem with kubespray. | ||
|
||
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --> | ||
## Requirements | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 | | ||
| <a name="requirement_proxmox"></a> [proxmox](#requirement\_proxmox) | ~>2.9 | | ||
| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.5 | | ||
|
||
## Providers | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="provider_proxmox"></a> [proxmox](#provider\_proxmox) | 2.9.14 | | ||
| <a name="provider_random"></a> [random](#provider\_random) | 3.5.1 | | ||
|
||
## Modules | ||
|
||
No modules. | ||
|
||
## Resources | ||
|
||
| Name | Type | | ||
|------|------| | ||
| [proxmox_vm_qemu.vm](https://registry.terraform.io/providers/Telmate/proxmox/latest/docs/resources/vm_qemu) | resource | | ||
| [random_integer.vm-id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) | resource | | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_proxmox_defaults"></a> [proxmox\_defaults](#input\_proxmox\_defaults) | Default Proxmox Configurations for Simplicity of Deployment | <pre>object({<br> cores = number<br> sockets = number<br> memory = number<br> hotplug = string<br> proxmox_clone = string<br> disk_configuration = list(object({<br> type = string<br> storage = string<br> size = string<br> }))<br> network_configuration = list(object({<br> model = string<br> bridge = string<br> }))<br> os = string<br> target_node = string<br> })</pre> | <pre>{<br> "cores": 1,<br> "disk_configuration": [<br> {<br> "size": "50G",<br> "storage": "local-btrfs",<br> "type": "virtio"<br> }<br> ],<br> "hotplug": "network,disk,cpu,memory",<br> "memory": 2048,<br> "network_configuration": [<br> {<br> "bridge": "vmbr0",<br> "model": "virtio"<br> }<br> ],<br> "os": "debian",<br> "proxmox_clone": "debian-12-infra-compute-template",<br> "sockets": 1,<br> "target_node": "compute-1"<br>}</pre> | no | | ||
| <a name="input_proxmox_ssh"></a> [proxmox\_ssh](#input\_proxmox\_ssh) | SSH Keys to provision on the VM | `string` | `""` | no | | ||
| <a name="input_proxmox_vms"></a> [proxmox\_vms](#input\_proxmox\_vms) | Proxmox VMs to be provisioned | <pre>list(object({<br> name = string<br> id = number<br> ipconfig = string<br> target_node = optional(string)<br> clone_override = optional(bool)<br> full_clone = optional(bool)<br> os = optional(string)<br> cores = optional(number)<br> sockets = optional(number)<br> memory = optional(number)<br> hotplug = optional(string)<br> scsihw = optional(string)<br> sshkeys = optional(string)<br> network_configuration = list(object({<br> model = string<br> bridge = string<br> }))<br> disk_configuration = list(object({<br> type = string<br> storage = string<br> size = string<br> }))<br> }))</pre> | `[]` | no | | ||
|
||
## Outputs | ||
|
||
No outputs. | ||
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
resource "proxmox_vm_qemu" "vm" { | ||
for_each = { | ||
for vm in var.proxmox_vms : vm.name => vm | ||
} | ||
|
||
# Node name has to be the same name as within the cluster | ||
# this might not include the FQDN | ||
target_node = coalesce(each.value.target_node, var.proxmox_defaults.target_node) | ||
|
||
# The template name to clone this vm from | ||
clone = coalesce(each.value.clone_override, var.proxmox_defaults.proxmox_clone) | ||
full_clone = coalesce(each.value.full_clone, true) | ||
|
||
vmid = coalesce(each.value.id, random_integer.vm-id.result) | ||
|
||
name = each.value.name | ||
|
||
## With preprovision, you can provision a VM directly from the resource block. | ||
## This provisioning method is therefore ran ** before** provision blocks. | ||
## When using preprovision, there are three os_type options: ubuntu, centos or cloud-init. | ||
os_type = "cloud-init" | ||
ciuser = coalesce(each.value.os, var.proxmox_defaults.os) | ||
|
||
## Resource Configuration | ||
cores = coalesce(each.value.cores, var.proxmox_defaults.cores) | ||
sockets = coalesce(each.value.sockets, var.proxmox_defaults.sockets) | ||
memory = coalesce(each.value.memory, var.proxmox_defaults.memory) | ||
hotplug = coalesce(each.value.hotplug, var.proxmox_defaults.hotplug) | ||
|
||
|
||
boot = "c" | ||
|
||
sshkeys = coalesce(each.value.sshkeys, var.proxmox_ssh) | ||
|
||
scsihw = coalesce(each.value.scsihw, "virtio-scsi-single") | ||
|
||
# Setup the disk | ||
dynamic "disk" { | ||
for_each = coalesce(each.value.disk_configuration, var.proxmox_defaults.disk_configuration) | ||
content { | ||
size = each.value.size | ||
type = each.value.type | ||
storage = each.value.storage | ||
} | ||
} | ||
|
||
dynamic "network" { | ||
for_each = coalesce(each.value.network_configuration, var.proxmox_defaults.network_configuration) | ||
content { | ||
model = each.value.model | ||
bridge = each.value.bridge | ||
} | ||
} | ||
|
||
# Setup the ip address using cloud-init. | ||
# Keep in mind to use the CIDR notation for the ip. | ||
ipconfig0 = each.value.ipconfig | ||
} | ||
|
||
resource "random_integer" "vm-id" { | ||
min = 90000 | ||
max = 100000 | ||
} |
Oops, something went wrong.