feat: revert to raw terraform

alxbl · Mar 17, 2024 · 5464927 · 5464927
1 parent 6510660
commit 5464927
Show file tree

Hide file tree

Showing 15 changed files with 90 additions and 89 deletions.
diff --git a/.gitignore b/.gitignore
@@ -29,7 +29,9 @@ pxe/
 node_modules
 cdktf.out
 cdktf.log
-*terraform.*.tfstate*
+**/*.tfstate
+**/*.backup
+**/*.hcl
 .gen
 .terraform
 tsconfig.tsbuildinfo

diff --git a/build/bootstrap/docker-compose.yml b/build/bootstrap/docker-compose.yml
@@ -12,8 +12,11 @@ services:
       - 8081:8081
     command: ['-address=0.0.0.0:8080', '-rpc-address=0.0.0.0:8081', '-log-level=trace', '-assets-path=/var/lib/matchbox/assets']
     volumes:
-      - ./matchbox:/var/lib/matchbox:Z
-      - ../../pki/:/etc/matchbox:Z
+      - ./matchbox:/var/lib/matchbox
+      - ./../../pki/server.key:/etc/matchbox/server.key:Z
+      - ./../../pki/server.crt:/etc/matchbox/server.crt:Z
+      - ./../../pki/ca.crt:/etc/matchbox/ca.crt:Z
+      - ./../../pki/client.crt:/etc/matchbox/client.crt:Z
 
   # docker run --name dnsmasq --cap-add=NET_ADMIN -v $PWD/contrib/dnsmasq/docker0.conf:/etc/dnsmasq.conf:Z quay.io/poseidon/dnsmasq -d
   proxydhcp:

diff --git a/infra/cdktf/README.md b/infra/cdktf/README.md
@@ -0,0 +1,6 @@
+# Unused
+
+I have decided not to use CDKTF for the time being since it's pretty cumbersome 
+working with modules and does not grant much and doesn't grant much benefit yet.
+
+I will probably consider using it once my infra needs justify it.
diff --git a/infra/cdktf.json → infra/cdktf/cdktf.json b/infra/cdktf.json → infra/cdktf/cdktf.json
@@ -10,7 +10,7 @@
   "terraformModules": [
     {
       "name": "typhoon",
-      "source": "./terraform/typhoon/bare-metal/fedora-coreos/kubernetes"
+      "source": "./../../../github.com/alxbl/typhoon/bare-metal/fedora-coreos/kubernetes"
     }
   ],
   "context": {}

diff --git a/infra/jest.config.js → infra/cdktf/jest.config.js b/infra/jest.config.js → infra/cdktf/jest.config.js
diff --git a/infra/cdktf/main.ts b/infra/cdktf/main.ts
@@ -0,0 +1,53 @@
+// import { Construct } from "constructs";
+// import { App, TerraformStack } from "cdktf";
+// import { readFileSync } from 'node:fs';
+
+// import * as nodes from './nodes.json';
+
+// import { MatchboxProvider } from "./.gen/providers/matchbox/provider";
+// import { Typhoon } from "./.gen/modules/typhoon";
+
+// let PKI_ROOT = process.env.EASYRSA_PKI || '../pki';
+// console.log(process.env.PWD);
+
+// function readPemCert(path: string): string {
+//   let f = readFileSync(path).toString();
+//   return f;
+// }
+
+// function getLanAddress(): string
+// {
+//   // HACK: Because Ubiquiti is set to use `.lan` as a domain, it will
+//   //       resolve `$HOST.lan` as the device's IP. This should remove the need
+//   //       for a self-hosted DNS and tinkering with the network DNS
+//   let hostname = readFileSync("/etc/hostname").toString().replace('\n', '');
+//   return `${hostname}.lan`;
+// }
+
+// class LabStack extends TerraformStack {
+//   constructor(scope: Construct, id: string) {
+//     super(scope, id);
+
+//     new MatchboxProvider(this, "matchbox", {
+//       ca: readPemCert(PKI_ROOT + '/ca.crt'),
+//       clientCert: readPemCert(PKI_ROOT + '/client.crt'),
+//       clientKey: readPemCert(PKI_ROOT + "/client.key"),
+//       endpoint: '127.0.0.1:8081' // bootstrap is local.
+//     });
+
+//     new Typhoon(this, "typhoon-module", <any>{ // FIXME: strong typing?
+//       clusterName: "h0me",
+//       k8SDomainName: "lab.segfault.me", // FIXME: How will this work?
+//       cachedInstall: true,
+//       matchboxHttpEndpoint: `http://${getLanAddress()}:8080`,
+//       osVersion: "39.20240112.3.0",
+//       osStream: "stable",  
+//       arch: "x86_64", // controllers  
+//       ...nodes
+//     });
+//   }
+// }
+
+// const app = new App();
+// new LabStack(app, "segv-lab");
+// app.synth();
diff --git a/infra/cdktf/nodes.json b/infra/cdktf/nodes.json
@@ -0,0 +1,10 @@
+{
+    "sshAuthorizedKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+M9LUT9LQWQFTxz7SR2jXhxyZs6rS5CLN2aFS6HMB5",
+
+    "controllers": [
+        {"name": "tachyon", "mac": "ac:16:2d:a7:ae:90", "domain": "tachyon.lan"}
+    ],
+
+    "workers": [
+    ]
+}
diff --git a/infra/package-lock.json → infra/cdktf/package-lock.json b/infra/package-lock.json → infra/cdktf/package-lock.json
diff --git a/infra/package.json → infra/cdktf/package.json b/infra/package.json → infra/cdktf/package.json
diff --git a/infra/setup.js → infra/cdktf/setup.js b/infra/setup.js → infra/cdktf/setup.js
diff --git a/infra/tsconfig.json → infra/cdktf/tsconfig.json b/infra/tsconfig.json → infra/cdktf/tsconfig.json
diff --git a/infra/main.ts b/infra/main.ts
diff --git a/infra/terraform/typhoon b/infra/terraform/typhoon
diff --git a/scripts/bin/az b/scripts/bin/az
diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh
@@ -5,7 +5,6 @@ set -e
 
 DNS_SERVICES=(dnsmasq@qemu0 systemd-resolved)
 
-# FIXME: Pull the docker and firewall rules so that they clean up regardless of script success.
 # TODO: Check requirements.
 # echo "Checking requirements"
 # required=(git iptables docker docker-compose jq)
@@ -17,20 +16,6 @@ SCRIPT_DIR=${0:a:h}
 REPO_ROOT=$(cd "$SCRIPT_DIR/.." && pwd)
 source "$REPO_ROOT/.env"
 
-echo "[*] Restoring git submodules"
-git submodule update --init --recursive
-
-
-if [[ ! -v BOOTSTRAP_QUICK ]]; then
-  pushd "$REPO_ROOT/infra" >/dev/null
-  echo "[*] Installing CDKTF dependencies"
-  npm install
-
-  echo "[*] Compiling CDKTF providers"
-  npm run get
-  popd >/dev/null
-fi
-
 # SETUP
 #############################################################################################
 if [[ ! -v BOOTSTRAP_NOSECRETS ]]; then
@@ -69,6 +54,11 @@ sudo iptables -A UDP -m udp -p udp --dport 4011 -j ACCEPT
 sudo iptables -A TCP -m tcp -p tcp --dport 8080 -j ACCEPT
 
 #############################################################################################
+if [[ ! -v BOOTSTRAP_QUICK ]]; then
+  echo "[*] Generating bootstrapping PKI..."
+  "$REPO_ROOT/scripts/bootstrap-pki" >/dev/null
+fi
+
 echo "[*] Starting matchbox and DHCP PXE server"
 docker-compose -f "$REPO_ROOT/build/bootstrap/docker-compose.yml" up -d
 
@@ -80,21 +70,17 @@ docker-compose -f "$REPO_ROOT/build/bootstrap/docker-compose.yml" up -d
 # Actual bootstap happens in this function.
 function do_bootstrap {
 
-  echo "[*] Generating bootstrapping PKI..."
-
-  if [[ ! -v BOOTSTRAP_QUICK ]]; then
-    if "$REPO_ROOT/scripts/bootstrap-pki"; then :; else return 1; fi
-  fi
-
   #############################################################################################
   # echo "Creating symlinks for RPI4 nodes"
   # TODO
 
   #############################################################################################
   echo "[*] Bootstrapping cluster..."
-  pushd "$REPO_ROOT/infra" >/dev/null
-
-  if EASYRSA_PKI="$REPO_ROOT/pki" npm run apply; then :; else return 1; fi
+  pushd "$REPO_ROOT/infra/terraform/invoke-typhoon" >/dev/null
+
+  if terraform init; then :; else return 1; fi
+  if terraform apply; then :; else return 1; fi
+
   popd >/dev/null
 }
 
@@ -130,9 +116,9 @@ if [[ ! -v BOOTSTRAP_NOSECRETS ]]; then
 fi
 
 #############################################################################################
-if [[ $fail ]]; then
+if [[ $fail -ne 0 ]]; then
   echo "[!] ERROR: Bootstrapping failed. check output for details."
   exit 1
 else
   echo "[+] Done!"
-fi
+fi