hashipi

Raspberry Pi Test Cluster for HashiCorp Vault, Nomad and Consul
git clone https://git.in0rdr.ch/hashipi.git
Log | Files | Refs | Pull requests |Archive | README

hashi-pi.pkr.hcl (5577B)


      1 variable "authorized_keys" {
      2   type    = string
      3   default = ""
      4 }
      5 
      6 variable "flash_device_path" {
      7   type    = string
      8   default = "/dev/sda"
      9 }
     10 
     11 variable "hostname" {
     12   type    = string
     13   default = "HashiPi0"
     14 }
     15 
     16 variable "img_name" {
     17   type    = string
     18   default = "raspi.img"
     19 }
     20 
     21 variable "img_size" {
     22   type    = string
     23   default = "4G"
     24 }
     25 
     26 variable "img_url" {
     27   type    = string
     28   default = "https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2024-03-15/2024-03-15-raspios-bookworm-arm64-lite.img.xz"
     29 }
     30 
     31 variable "nomad_tls_ca" {
     32   type    = string
     33   default = "./tls/nomad/nomad-agent-ca.pem"
     34 }
     35 variable "nomad_tls_ca_p12" {
     36   type    = string
     37   default = "./tls/nomad/nomad-agent-ca.p12"
     38 }
     39 
     40 variable "nomad_tls_certs" {
     41   type    = string
     42   default = "./tls/nomad/certs/"
     43 }
     44 
     45 variable "nomad_encrypt" {
     46   type      = string
     47   default   = ""
     48   sensitive = true
     49 }
     50 
     51 variable "nomad_client" {
     52   type    = string
     53   default = "true"
     54 }
     55 
     56 variable "nomad_jenkins_gid" {
     57   type    = string
     58   default = "1312"
     59 }
     60 
     61 variable "nomad_jenkins_uid" {
     62   type    = string
     63   default = "1312"
     64 }
     65 
     66 variable "nomad_nfs_mount" {
     67   type    = string
     68   default = ""
     69 }
     70 
     71 variable "nomad_nfs_server" {
     72   type    = string
     73   default = ""
     74 }
     75 
     76 variable "nomad_nfs_target" {
     77   type    = string
     78   default = ""
     79 }
     80 
     81 variable "nomad_podman_driver_version" {
     82   type    = string
     83   default = "0.5.2"
     84 }
     85 
     86 variable "nomad_server" {
     87   type    = string
     88   default = "true"
     89 }
     90 
     91 variable "nomad_version" {
     92   type    = string
     93   default = "1.8.2"
     94 }
     95 
     96 variable "username" {
     97   type    = string
     98   default = "in0rdr"
     99 }
    100 
    101 variable "vault_addr" {
    102   type    = string
    103   default = "https://vault.in0rdr.ch"
    104 }
    105 
    106 variable "vault_tls_ca_cert" {
    107   type    = string
    108   default = "./tls/vault/ca/vault_ca.pem"
    109 }
    110 
    111 variable "vault_tls_ca_key" {
    112   type    = string
    113   default = "./tls/vault/ca/vault_ca.key"
    114 }
    115 
    116 variable "vault_tls_subj_alt_name" {
    117   type    = string
    118   default = "IP:127.0.0.1"
    119 }
    120 
    121 variable "vault_transit_server" {
    122   type    = string
    123   default = ""
    124 }
    125 
    126 variable "vault_transit_token" {
    127   type      = string
    128   default   = ""
    129   sensitive = true
    130 }
    131 
    132 variable "bao_version" {
    133   type    = string
    134   default = "2.0.0-beta20240618"
    135 }
    136 
    137 source "arm" "hashipi" {
    138   file_checksum_type    = "sha256"
    139   file_checksum_url     = "${var.img_url}.sha256"
    140   file_target_extension = "xz"
    141   file_unarchive_cmd    = ["xz", "-d", "$ARCHIVE_PATH"]
    142   file_urls             = ["${var.img_url}"]
    143   image_build_method    = "resize"
    144   image_chroot_env      = ["PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"]
    145   image_partitions {
    146     filesystem   = "vfat"
    147     mountpoint   = "/boot"
    148     name         = "boot"
    149     size         = "256M"
    150     start_sector = "8192"
    151     type         = "c"
    152   }
    153   image_partitions {
    154     filesystem   = "ext4"
    155     mountpoint   = "/"
    156     name         = "root"
    157     size         = "0"
    158     start_sector = "532480"
    159     type         = "83"
    160   }
    161   image_path                   = "${var.img_name}"
    162   image_size                   = "${var.img_size}"
    163   image_type                   = "dos"
    164   qemu_binary_destination_path = "/usr/bin/qemu-aarch64-static"
    165   qemu_binary_source_path      = "/usr/bin/qemu-aarch64-static"
    166 }
    167 
    168 build {
    169   sources = ["source.arm.hashipi"]
    170 
    171   provisioner "file" {
    172     destination = "/tmp/resizerootfs"
    173     source      = "arm-builder/scripts/resizerootfs/resizerootfs"
    174   }
    175 
    176   provisioner "file" {
    177     destination = "/tmp/resizerootfs.service"
    178     source      = "arm-builder/scripts/resizerootfs/resizerootfs.service"
    179   }
    180 
    181   provisioner "shell" {
    182     script = "bootstrap.sh"
    183     environment_vars = [
    184       "HOSTNAME=${var.hostname}",
    185       "USERNAME=${var.username}",
    186       "AUTHORIZED_KEYS=${var.authorized_keys}",
    187       "NOMAD_VERSION=${var.nomad_version}",
    188       "BAO_VERSION=${var.bao_version}"
    189     ]
    190   }
    191 
    192   provisioner "shell" {
    193     inline = ["mkdir /tmp/tls"]
    194   }
    195 
    196   provisioner "file" {
    197     destination = "/tmp/tls/nomad-agent-ca.pem"
    198     source      = "${var.nomad_tls_ca}"
    199   }
    200   provisioner "file" {
    201     destination = "/tmp/tls/nomad-agent-ca.p12"
    202     source      = "${var.nomad_tls_ca_p12}"
    203   }
    204 
    205   provisioner "file" {
    206     destination = "/tmp/tls/"
    207     source      = "${var.nomad_tls_certs}"
    208   }
    209 
    210   provisioner "shell" {
    211     script        = "nomad.sh"
    212     remote_folder = "/home/${var.username}"
    213     environment_vars = [
    214       "USERNAME=${var.username}",
    215       "NFS_SERVER=${var.nomad_nfs_server}",
    216       "NFS_MOUNT=${var.nomad_nfs_mount}",
    217       "NFS_MOUNT_TARGET=${var.nomad_nfs_target}",
    218       "NOMAD_ENCRYPT=${var.nomad_encrypt}",
    219       "NOMAD_SERVER=${var.nomad_server}",
    220       "NOMAD_CLIENT=${var.nomad_client}",
    221       "NOMAD_PODMAN_DRIVER_VERSION=${var.nomad_podman_driver_version}",
    222       "NOMAD_JENKINS_UID=${var.nomad_jenkins_uid}",
    223       "NOMAD_JENKINS_GID=${var.nomad_jenkins_gid}",
    224       "VAULT_ADDR=${var.vault_addr}"
    225     ]
    226   }
    227 
    228   provisioner "file" {
    229     destination = "/tmp/vault_ca.pem"
    230     source      = "${var.vault_tls_ca_cert}"
    231   }
    232 
    233   provisioner "file" {
    234     destination = "/tmp/vault_ca.key"
    235     source      = "${var.vault_tls_ca_key}"
    236   }
    237 
    238   provisioner "shell" {
    239     script        = "openbao.sh"
    240     remote_folder = "/home/${var.username}"
    241     environment_vars = [
    242       "USERNAME=${var.username}",
    243       "HOSTNAME=${var.hostname}",
    244       "NOMAD_SERVER=${var.nomad_server}",
    245       "VAULT_TLS_CA_CERT=/tmp/vault_ca.pem",
    246       "VAULT_TLS_CA_KEY=/tmp/vault_ca.key",
    247       "VAULT_TLS_SUBJ_ALT_NAME=${var.vault_tls_subj_alt_name}",
    248       "VAULT_TRANSIT_SERVER=${var.vault_transit_server}",
    249       "VAULT_TRANSIT_TOKEN=${var.vault_transit_token}"
    250     ]
    251   }
    252 }