updated to Rancher 2.0.2, added floating ip

.env.dist

@@ -1,7 +1,10 @@
 #copy this file to .env file
 TF_VAR_hcloud_token=xxx
-TF_VAR_docker_version="17.03"
+TF_VAR_docker_version="17"
+TF_VAR_rancher_version="v2.0.2"
 TF_VAR_ssh_key_name="[email protected]"
 TF_VAR_ssh_public_key="~/.ssh/id_ed25519.pub"
 TF_VAR_ssh_private_key="~/.ssh/id_ed25519"
 TF_VAR_rancher_password="admin"
+TF_VAR_rancher_cluster_name="playground"
+TF_VAR_acme_domain="example.com"

README.md

@@ -10,6 +10,7 @@ How to setup?
 * cp .env.dist .env
 * edit .env variables and save
 * run: 
+  * docker-compose run --rm terraform init
   * docker-compose run --rm terraform plan
   * docker-compose run --rm terraform apply
   * docker-compose run --rm terraform destroy

hetzner/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.7
+FROM hashicorp/terraform:0.11.7
 
 RUN apk -Uuv add ca-certificates openssl groff less git bash wget make jq curl unzip sed
 
@@ -8,16 +8,6 @@ ENTRYPOINT ["/bin/terraform"]
 
 CMD ["--help"]
 
-ENV TERRAFORM_VERSION=0.11.6
-ENV TERRAFORM_FILENAME=terraform_${TERRAFORM_VERSION}_linux_amd64.zip
-ENV TERRAFORM_URL=https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/${TERRAFORM_FILENAME}
-ENV TERRAFORM_SHA256SUM=aed5c7388a3c54dc816986903d4dea32e182a002d746295e1016f6db741f472d
-
-RUN wget -q ${TERRAFORM_URL} \
-  && echo "${TERRAFORM_SHA256SUM}  ${TERRAFORM_FILENAME}" | sha256sum -c
-RUN unzip ${TERRAFORM_FILENAME} -d /bin
-RUN rm -f ${TERRAFORM_FILENAME}
-
 ENV HCLOUD_VERSION=1.1.0
 ENV HCLOUD_FILENAME=terraform-provider-hcloud_v${HCLOUD_VERSION}_linux_amd64.zip
 ENV HCLOUD_TERRAFORM_URL=https://github.com/hetznercloud/terraform-provider-hcloud/releases/download/v${HCLOUD_VERSION}/${HCLOUD_FILENAME}

terraform/main.tf → terraform/01_main.tf

@@ -7,13 +7,13 @@ resource "hcloud_ssh_key" "admin" {
   public_key = "${file(var.ssh_public_key)}"
 }
 
-resource "hcloud_server" "rancher" {
+resource "hcloud_server" "k8s" {
   count       = "1"
-  name        = "rancher"
+  name        = "node-0"
   server_type = "cx11-ceph"
-  image       = "ubuntu-16.04"
+  image       = "ubuntu-18.04"
+  location    = "fsn1"
   ssh_keys    = ["${hcloud_ssh_key.admin.id}"]
-  keep_disk   = "true"
 
   connection {
     private_key = "${file(var.ssh_private_key)}"
@@ -34,7 +34,7 @@ resource "hcloud_server" "rancher" {
   }
 
   provisioner "remote-exec" {
-    inline = "RANCHER_VERSION=${var.rancher_version} bash /root/rancher.sh"
+    inline = "RANCHER_VERSION=${var.rancher_version} ACME_DOMAIN=${var.acme_domain} bash /root/rancher.sh"
   }
 
   provisioner "file" {
@@ -53,19 +53,20 @@ resource "hcloud_server" "rancher" {
 
   provisioner "remote-exec" {
     inline = [
-        "RANCHER_SERVER_ADDRESS=${hcloud_server.rancher.0.ipv4_address} RANCHER_PASSWORD=${var.rancher_password} bash /root/rancher_change_password.sh",
+        "RANCHER_SERVER_ADDRESS=${hcloud_server.k8s.0.ipv4_address} RANCHER_PASSWORD=${var.rancher_password} RANCHER_CLUSTER_NAME=${var.rancher_cluster_name} bash /root/rancher_change_password.sh",
     ]
   }
 }
 
-resource "hcloud_server" "rancher-etcd-control-worker" {
+resource "hcloud_server" "k8s-etcd-control-worker" {
   count       = "3"
-  name        = "${count.index == 0 ? "gitlab" : "node${count.index}"}"
-  server_type = "cx11"
-  image       = "ubuntu-16.04"
+  name        = "${count.index == 0 ? "gitlab" : "node-${count.index}"}"
+  server_type = "cx11-ceph"
+  image       = "ubuntu-18.04"
+  location    = "fsn1"
   ssh_keys    = ["${hcloud_ssh_key.admin.id}"]
 
-  depends_on = ["hcloud_server.rancher"]
+  depends_on = ["hcloud_server.k8s"]
 
   connection {
     private_key = "${file(var.ssh_private_key)}"
@@ -87,7 +88,7 @@ resource "hcloud_server" "rancher-etcd-control-worker" {
 
   provisioner "remote-exec" {
     inline = [
-        "RANCHER_SERVER_ADDRESS=${hcloud_server.rancher.0.ipv4_address} RANCHER_PASSWORD=${var.rancher_password} bash /root/rancher_agent_command.sh"
+        "RANCHER_SERVER_ADDRESS=${hcloud_server.k8s.0.ipv4_address} RANCHER_PASSWORD=${var.rancher_password} bash /root/rancher_agent_command.sh"
     ]
   }
 

terraform/02_hetzner_floating_ip.tf

@@ -0,0 +1,47 @@
+locals {
+  instance_id = "${hcloud_server.k8s.id}"
+  instance_ip = "${hcloud_server.k8s.ipv4_address}"
+}
+
+resource "hcloud_floating_ip" "master" {
+  type          = "ipv4"
+  home_location = "fsn1"
+  description   = "lb"
+  server_id     = "${local.instance_id}"
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+resource "null_resource" "add_ip" {
+  triggers = {
+      instance_id = "${local.instance_id}"
+  }
+
+  connection {
+      user        = "root"
+      host        = "${local.instance_ip}"
+      type        = "ssh"
+      private_key = "${file(var.ssh_private_key)}"
+  }
+
+# add floating IP
+  provisioner "remote-exec" {
+    inline = [
+     "sudo echo 'iface eth0 inet static\n address ${hcloud_floating_ip.master.ip_address}/24\n' >> /etc/network/interfaces",
+     "sudo ifdown eth0 && sudo ifup eth0",
+    ]
+  }
+}
+
+resource "null_resource" "assign_server_ip" {
+  triggers = {
+      instance_id = "${local.instance_id}"
+  }
+
+  provisioner "local-exec" {
+      command = <<CMD
+          curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer ${var.hcloud_token}" -d '{"server":"${local.instance_id}"}' https://api.hetzner.cloud/v1/floating_ips/${hcloud_floating_ip.master.id}/actions/assign
+      CMD
+  }
+}

terraform/outputs.tf

@@ -1,3 +1,3 @@
 output "rancher_ips" {
-  value = ["${hcloud_server.rancher.*.ipv4_address}"]
+  value = ["${hcloud_server.k8s.*.ipv4_address}"]
 }

terraform/scripts/bootstrap.sh

@@ -8,25 +8,34 @@ Package: docker-ce
 Pin: version ${DOCKER_VERSION}.*
 Pin-Priority: 1000
 " > /etc/apt/preferences.d/docker-ce
-sleep 30
+sleep 50
 apt-get -qq update
 apt-get -qq install -y \
     apt-transport-https \
     ca-certificates \
     curl \
     jq \
-    software-properties-common
+    software-properties-common \
+    docker.io
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
 add-apt-repository \
    "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
    $(lsb_release -cs) \
    stable"
-apt-get -qq update && apt-get -qq install -y docker-ce
+#apt-get -qq update && apt-get -qq install -y docker.io
 
 cat > /etc/docker/daemon.json <<EOF
 {
-  "storage-driver":"overlay2" 
+  "storage-driver":"overlay2",
+  "dns": ["8.8.8.8", "1.1.1.1", "8.8.4.4"]
 }
 EOF
 
+cat >> /etc/apt/apt.conf.d/20auto-upgrades <<EOF
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "7";
+APT::Periodic::Unattended-Upgrade "1";
+EOF
+
 systemctl restart docker.service

terraform/scripts/rancher.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 set -eu
-RANCHER_VERSION=${RANCHER_VERSION:-preview}
+RANCHER_VERSION=${RANCHER_VERSION:-v2.0.2}
+ACME_DOMAIN=${ACME_DOMAIN:-example.com}
 
-sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/server:${RANCHER_VERSION}
+sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:${RANCHER_VERSION}
+# --acme-domain ${ACME_DOMAIN}

terraform/scripts/rancher_change_password.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 RANCHER_PASSWORD=${RANCHER_PASSWORD:-admin}
 RANCHER_CLUSTER_NAME=${RANCHER_CLUSTER_NAME:-playground}
-RANCHER_KUBERNETES_VERSION=${RANCHER_KUBERNETES_VERSION:-v1.10.0-rancher1-1}
+RANCHER_KUBERNETES_VERSION=${RANCHER_KUBERNETES_VERSION:-v1.10.1-rancher2-1}
 
 #credits https://gist.github.com/superseb/29af10c2de2a5e75ef816292ef3ae426
 

terraform/variables.tf

@@ -15,13 +15,21 @@ variable "ssh_public_key" {
 }
 
 variable "docker_version" {
-  default = "17.03"
+  default = "17"
 }
 
 variable "rancher_password" {
   default = "admin"
 }
 
 variable "rancher_version" {
-  default = "preview"
+  default = "v2.0.2"
+}
+
+variable "acme_domain" {
+  default = "example.com"
+}
+
+variable "rancher_cluster_name" {
+  default = "playground"
 }