From 8a305422589ae2e68fb8ae9238f605af2629cb43 Mon Sep 17 00:00:00 2001
From: insekticid <insekticid@exploit.cz>
Date: Sun, 27 May 2018 14:27:52 +0200
Subject: [PATCH] updated to Rancher 2.0.2, added floating ip

---
 .env.dist                                    |  5 ++-
 README.md                                    |  1 +
 hetzner/Dockerfile                           | 12 +----
 terraform/{main.tf => 01_main.tf}            | 25 ++++++-----
 terraform/02_hetzner_floating_ip.tf          | 47 ++++++++++++++++++++
 terraform/outputs.tf                         |  2 +-
 terraform/scripts/bootstrap.sh               | 17 +++++--
 terraform/scripts/rancher.sh                 |  6 ++-
 terraform/scripts/rancher_change_password.sh |  2 +-
 terraform/variables.tf                       | 12 ++++-
 10 files changed, 95 insertions(+), 34 deletions(-)
 rename terraform/{main.tf => 01_main.tf} (69%)
 create mode 100644 terraform/02_hetzner_floating_ip.tf

diff --git a/.env.dist b/.env.dist
index ab1683a..7905513 100644
--- a/.env.dist
+++ b/.env.dist
@@ -1,7 +1,10 @@
 #copy this file to .env file
 TF_VAR_hcloud_token=xxx
-TF_VAR_docker_version="17.03"
+TF_VAR_docker_version="17"
+TF_VAR_rancher_version="v2.0.2"
 TF_VAR_ssh_key_name="admin@example.com"
 TF_VAR_ssh_public_key="~/.ssh/id_ed25519.pub"
 TF_VAR_ssh_private_key="~/.ssh/id_ed25519"
 TF_VAR_rancher_password="admin"
+TF_VAR_rancher_cluster_name="playground"
+TF_VAR_acme_domain="example.com"
\ No newline at end of file
diff --git a/README.md b/README.md
index 511a071..76ba516 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@ How to setup?
 * cp .env.dist .env
 * edit .env variables and save
 * run: 
+  * docker-compose run --rm terraform init
   * docker-compose run --rm terraform plan
   * docker-compose run --rm terraform apply
   * docker-compose run --rm terraform destroy
diff --git a/hetzner/Dockerfile b/hetzner/Dockerfile
index e208ccd..0d3f9ab 100644
--- a/hetzner/Dockerfile
+++ b/hetzner/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.7
+FROM hashicorp/terraform:0.11.7
 
 RUN apk -Uuv add ca-certificates openssl groff less git bash wget make jq curl unzip sed
 
@@ -8,16 +8,6 @@ ENTRYPOINT ["/bin/terraform"]
 
 CMD ["--help"]
 
-ENV TERRAFORM_VERSION=0.11.6
-ENV TERRAFORM_FILENAME=terraform_${TERRAFORM_VERSION}_linux_amd64.zip
-ENV TERRAFORM_URL=https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/${TERRAFORM_FILENAME}
-ENV TERRAFORM_SHA256SUM=aed5c7388a3c54dc816986903d4dea32e182a002d746295e1016f6db741f472d
-
-RUN wget -q ${TERRAFORM_URL} \
-  && echo "${TERRAFORM_SHA256SUM}  ${TERRAFORM_FILENAME}" | sha256sum -c
-RUN unzip ${TERRAFORM_FILENAME} -d /bin
-RUN rm -f ${TERRAFORM_FILENAME}
-
 ENV HCLOUD_VERSION=1.1.0
 ENV HCLOUD_FILENAME=terraform-provider-hcloud_v${HCLOUD_VERSION}_linux_amd64.zip
 ENV HCLOUD_TERRAFORM_URL=https://github.com/hetznercloud/terraform-provider-hcloud/releases/download/v${HCLOUD_VERSION}/${HCLOUD_FILENAME}
diff --git a/terraform/main.tf b/terraform/01_main.tf
similarity index 69%
rename from terraform/main.tf
rename to terraform/01_main.tf
index 1ff4155..2fe1b3e 100644
--- a/terraform/main.tf
+++ b/terraform/01_main.tf
@@ -7,13 +7,13 @@ resource "hcloud_ssh_key" "admin" {
   public_key = "${file(var.ssh_public_key)}"
 }
 
-resource "hcloud_server" "rancher" {
+resource "hcloud_server" "k8s" {
   count       = "1"
-  name        = "rancher"
+  name        = "node-0"
   server_type = "cx11-ceph"
-  image       = "ubuntu-16.04"
+  image       = "ubuntu-18.04"
+  location    = "fsn1"
   ssh_keys    = ["${hcloud_ssh_key.admin.id}"]
-  keep_disk   = "true"
 
   connection {
     private_key = "${file(var.ssh_private_key)}"
@@ -34,7 +34,7 @@ resource "hcloud_server" "rancher" {
   }
 
   provisioner "remote-exec" {
-    inline = "RANCHER_VERSION=${var.rancher_version} bash /root/rancher.sh"
+    inline = "RANCHER_VERSION=${var.rancher_version} ACME_DOMAIN=${var.acme_domain} bash /root/rancher.sh"
   }
   
   provisioner "file" {
@@ -53,19 +53,20 @@ resource "hcloud_server" "rancher" {
 
   provisioner "remote-exec" {
     inline = [
-        "RANCHER_SERVER_ADDRESS=${hcloud_server.rancher.0.ipv4_address} RANCHER_PASSWORD=${var.rancher_password} bash /root/rancher_change_password.sh",
+        "RANCHER_SERVER_ADDRESS=${hcloud_server.k8s.0.ipv4_address} RANCHER_PASSWORD=${var.rancher_password} RANCHER_CLUSTER_NAME=${var.rancher_cluster_name} bash /root/rancher_change_password.sh",
     ]
   }
 }
 
-resource "hcloud_server" "rancher-etcd-control-worker" {
+resource "hcloud_server" "k8s-etcd-control-worker" {
   count       = "3"
-  name        = "${count.index == 0 ? "gitlab" : "node${count.index}"}"
-  server_type = "cx11"
-  image       = "ubuntu-16.04"
+  name        = "${count.index == 0 ? "gitlab" : "node-${count.index}"}"
+  server_type = "cx11-ceph"
+  image       = "ubuntu-18.04"
+  location    = "fsn1"
   ssh_keys    = ["${hcloud_ssh_key.admin.id}"]
   
-  depends_on = ["hcloud_server.rancher"]
+  depends_on = ["hcloud_server.k8s"]
 
   connection {
     private_key = "${file(var.ssh_private_key)}"
@@ -87,7 +88,7 @@ resource "hcloud_server" "rancher-etcd-control-worker" {
   
   provisioner "remote-exec" {
     inline = [
-        "RANCHER_SERVER_ADDRESS=${hcloud_server.rancher.0.ipv4_address} RANCHER_PASSWORD=${var.rancher_password} bash /root/rancher_agent_command.sh"
+        "RANCHER_SERVER_ADDRESS=${hcloud_server.k8s.0.ipv4_address} RANCHER_PASSWORD=${var.rancher_password} bash /root/rancher_agent_command.sh"
     ]
   }
     
diff --git a/terraform/02_hetzner_floating_ip.tf b/terraform/02_hetzner_floating_ip.tf
new file mode 100644
index 0000000..194ab3b
--- /dev/null
+++ b/terraform/02_hetzner_floating_ip.tf
@@ -0,0 +1,47 @@
+locals {
+  instance_id = "${hcloud_server.k8s.id}"
+  instance_ip = "${hcloud_server.k8s.ipv4_address}"
+}
+
+resource "hcloud_floating_ip" "master" {
+  type          = "ipv4"
+  home_location = "fsn1"
+  description   = "lb"
+  server_id     = "${local.instance_id}"
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+resource "null_resource" "add_ip" {
+  triggers = {
+      instance_id = "${local.instance_id}"
+  }
+    
+  connection {
+      user        = "root"
+      host        = "${local.instance_ip}"
+      type        = "ssh"
+      private_key = "${file(var.ssh_private_key)}"
+  }
+
+# add floating IP
+  provisioner "remote-exec" {
+    inline = [
+     "sudo echo 'iface eth0 inet static\n address ${hcloud_floating_ip.master.ip_address}/24\n' >> /etc/network/interfaces",
+     "sudo ifdown eth0 && sudo ifup eth0",
+    ]
+  }
+}
+
+resource "null_resource" "assign_server_ip" {
+  triggers = {
+      instance_id = "${local.instance_id}"
+  }
+  
+  provisioner "local-exec" {
+      command = <<CMD
+          curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer ${var.hcloud_token}" -d '{"server":"${local.instance_id}"}' https://api.hetzner.cloud/v1/floating_ips/${hcloud_floating_ip.master.id}/actions/assign
+      CMD
+  }
+}
\ No newline at end of file
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
index 88977cd..6edfd45 100644
--- a/terraform/outputs.tf
+++ b/terraform/outputs.tf
@@ -1,3 +1,3 @@
 output "rancher_ips" {
-  value = ["${hcloud_server.rancher.*.ipv4_address}"]
+  value = ["${hcloud_server.k8s.*.ipv4_address}"]
 }
diff --git a/terraform/scripts/bootstrap.sh b/terraform/scripts/bootstrap.sh
index a972b83..b79f203 100644
--- a/terraform/scripts/bootstrap.sh
+++ b/terraform/scripts/bootstrap.sh
@@ -8,25 +8,34 @@ Package: docker-ce
 Pin: version ${DOCKER_VERSION}.*
 Pin-Priority: 1000
 " > /etc/apt/preferences.d/docker-ce
-sleep 30
+sleep 50
 apt-get -qq update
 apt-get -qq install -y \
     apt-transport-https \
     ca-certificates \
     curl \
     jq \
-    software-properties-common
+    software-properties-common \
+    docker.io
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
 add-apt-repository \
    "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
    $(lsb_release -cs) \
    stable"
-apt-get -qq update && apt-get -qq install -y docker-ce
+#apt-get -qq update && apt-get -qq install -y docker.io
 
 cat > /etc/docker/daemon.json <<EOF
 {
-  "storage-driver":"overlay2" 
+  "storage-driver":"overlay2",
+  "dns": ["8.8.8.8", "1.1.1.1", "8.8.4.4"]
 }
 EOF
 
+cat >> /etc/apt/apt.conf.d/20auto-upgrades <<EOF
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "7";
+APT::Periodic::Unattended-Upgrade "1";
+EOF
+
 systemctl restart docker.service
\ No newline at end of file
diff --git a/terraform/scripts/rancher.sh b/terraform/scripts/rancher.sh
index e8317c1..482d2f3 100644
--- a/terraform/scripts/rancher.sh
+++ b/terraform/scripts/rancher.sh
@@ -1,5 +1,7 @@
 #!/bin/bash
 set -eu
-RANCHER_VERSION=${RANCHER_VERSION:-preview}
+RANCHER_VERSION=${RANCHER_VERSION:-v2.0.2}
+ACME_DOMAIN=${ACME_DOMAIN:-example.com}
 
-sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/server:${RANCHER_VERSION}
\ No newline at end of file
+sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:${RANCHER_VERSION}
+# --acme-domain ${ACME_DOMAIN}
\ No newline at end of file
diff --git a/terraform/scripts/rancher_change_password.sh b/terraform/scripts/rancher_change_password.sh
index 0d8b10c..bf24882 100644
--- a/terraform/scripts/rancher_change_password.sh
+++ b/terraform/scripts/rancher_change_password.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 RANCHER_PASSWORD=${RANCHER_PASSWORD:-admin}
 RANCHER_CLUSTER_NAME=${RANCHER_CLUSTER_NAME:-playground}
-RANCHER_KUBERNETES_VERSION=${RANCHER_KUBERNETES_VERSION:-v1.10.0-rancher1-1}
+RANCHER_KUBERNETES_VERSION=${RANCHER_KUBERNETES_VERSION:-v1.10.1-rancher2-1}
 
 #credits https://gist.github.com/superseb/29af10c2de2a5e75ef816292ef3ae426
 
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 081294a..cec46d5 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -15,7 +15,7 @@ variable "ssh_public_key" {
 }
 
 variable "docker_version" {
-  default = "17.03"
+  default = "17"
 }
 
 variable "rancher_password" {
@@ -23,5 +23,13 @@ variable "rancher_password" {
 }
 
 variable "rancher_version" {
-  default = "preview"
+  default = "v2.0.2"
+}
+
+variable "acme_domain" {
+  default = "example.com"
+}
+
+variable "rancher_cluster_name" {
+  default = "playground"
 }
\ No newline at end of file