diff --git a/.gitignore b/.gitignore index 8a190b0..b654794 100644 --- a/.gitignore +++ b/.gitignore @@ -35,4 +35,6 @@ vault-credentials.json # SSH keys id_rsa -id_rsa.pub \ No newline at end of file +id_rsa.pub + +backend.hcl \ No newline at end of file diff --git a/README.md b/README.md index 2323f1c..71f39d8 100644 --- a/README.md +++ b/README.md @@ -107,8 +107,11 @@ cd cluster # Create SSH key to access droplets ssh-keygen -q -t rsa -N '' -f ./id_rsa +# Create a space to hold your terraform state remotely +./create-backend.sh + # Init terraform -terraform init +terraform init -backend-config=./backend.hcl # Deploy droplets terraform apply diff --git a/cluster/create-backend.sh b/cluster/create-backend.sh new file mode 100644 index 0000000..487cf29 --- /dev/null +++ b/cluster/create-backend.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +echo "" +echo "Open https://cloud.digitalocean.com/spaces" +echo "Click on 'Create a Space'" +echo -n "Configure this space in the same region you want to deploy to and " +echo -n "write down the name you used. You will need it in the next step" +echo "" +echo "" + +# https://..digitaloceanspaces.com +read -p 'Endpoint URL: ' ENDPOINT_URL +echo + +IFS='//' +read -ra ADDR <<< "$ENDPOINT_URL" +BUCKET_URL="${ADDR[2]}" + +# https://www.tutorialkart.com/bash-shell-scripting/bash-split-string/ +IFS='.' +read -ra ADDR <<< "$BUCKET_URL" +BUCKET_NAME="${ADDR[0]}" +REGION="${ADDR[1]}" +IFS=' ' + +echo "Bucket Name: ${BUCKET_NAME}" +echo "Bucket Region: ${REGION}" + +echo "" +echo "Next you'll need to generate some credentials. Head to this URL:" +echo "" +echo "https://cloud.digitalocean.com/settings/api/tokens" +echo "" +echo "Under 'Spaces access keys' click 'Generate New Key'" +echo "" + + +read -sp "Access Key: " ACCESS_KEY +echo "" +read -sp "Secret Key: " SECRET_KEY +echo "" + + +echo "skip_credentials_validation = true" >> ./backend.hcl +echo "skip_metadata_api_check = true" >> ./backend.hcl +echo "" >> ./backend.hcl +echo "bucket = \"${BUCKET_NAME}\"" >> ./backend.hcl +echo "region = \"${REGION}\"" >> ./backend.hcl +echo "skip_region_validation = true" >> ./backend.hcl +echo "endpoint = \"https://$REGION.digitaloceanspaces.com\"" >> ./backend.hcl +echo "" >> ./backend.hcl +echo "access_key = \"$ACCESS_KEY\"" >> ./backend.hcl +echo "secret_key = \"$SECRET_KEY\"" >> ./backend.hcl + diff --git a/cluster/main.tf b/cluster/main.tf index 7474395..f221bd0 100644 --- a/cluster/main.tf +++ b/cluster/main.tf @@ -5,6 +5,9 @@ terraform { version = "~> 2.0" } } + backend "s3" { + key = "production/terraform.tfstate" + } } diff --git a/cluster/setup-tunnels.sh b/cluster/setup-tunnels.sh index 2eba64d..f152fd7 100755 --- a/cluster/setup-tunnels.sh +++ b/cluster/setup-tunnels.sh @@ -23,4 +23,4 @@ echo "Nomad can be accessed at http://localhost:4646" # Traefik tunnel ssh -4 -f -N -g -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -i ./id_rsa -L 8081:$INGRESS_IP:8081 root@$INGRESS_IP -echo "Traefik can be accessed at http://localhost:0881 (When it is enabled)" \ No newline at end of file +echo "Traefik can be accessed at http://localhost:8081 (When it is enabled)" \ No newline at end of file