| page_title | subcategory | description |
|---|---|---|
cloudinit-drive Resource - terraform-provider-cloudinit-drive |
~> ** Windows & cloudbase-init ** The cloudbase-init provisioning system supports OpenStack and NoCloud format configuration disks. The network configuration for NoCloud must be version 1.
resource "cloudinit_drive" "vm-104-cloudinit" {
drive_name = "vm-101-cloud-init.iso"
drive_path = "file://./"
drive_type = "nocloud"
iso_maker = "mkisofs"
custom_files {
meta_data = "configs/meta_data.json"
network_data = "configs/network.yaml"
user_data = "configs/user_data.yaml"
vendor_data = "configs/vendor_data"
scripts_per_boot = ["scripts/make_static_routes.sh"]
}
network_v1 {}
}resource "cloudinit-drive" "vm-test-cloudinit-drive" {
drive_type = "configdrive2"
drive_name = "vm-101-cloud-init.iso"
drive_path = "file://./"
iso_maker = "genisoimage"
hostname = "testhost.fqdn"
device_aliases = {
my_alias = "/dev/sdb"
swap_disk = "/dev/sdc"
}
fs_setup {
label = "fs1"
filesystem = "ext4"
device = "my_alias.1"
cmd = "mkfs -t %(filesystem)s -L %(label)s %(device)s"
}
# fs_setup {
# label = "fs2"
# filesystem = "ext4"
# device = "my_alias.2"
# }
mounts = [
[ "/dev/ephemeral0", "/mnt", "auto", "defaults,noexec" ],
[ "sdc", "/opt/data" ],
[ "xvdh", "/opt/data", "auto", "defaults,nofail", "0", "0" ]
]
ca_certs {
filename = [
"/home/terraform/cid/root-ca.pem"
]
}
custom_files {
# user_data = "delvrun.sh"
# network_data = "/custom/file/path"
# scripts_per_boot = ["cid/file1", "cid/nofile"]
scripts_per_boot = ["cid/file1"]
}
write_files {
encoding = "gz+b64"
local_file = "/home/terraform/hello.sh"
path = "/tmp/aaa/bbb"
}
network_v2 {
ethernets {
match {
macaddress = "00:11:22:33:44:55"
}
alias = "id0"
wakeonlan = true
dhcp4 = false
addresses = ["192.168.14.2/24", "2001:1::1/64"]
gateway4 = "192.168.14.1"
gateway6 = "2001:1::2"
nameservers {
search = ["foo.local", "bar.local"]
addresses = ["8.8.8.8"]
}
routes {
to = "192.0.2.0/24"
via = "11.0.0.1"
metric = 3
}
}
ethernets {
alias = "lom"
match {
driver = "ixgbe"
}
set_name = "lom1"
dhcp6 = true
}
ethernets {
alias = "switchports"
match {
name = "enp2*"
}
mtu = 1280
}
bonds {
alias = "bond0"
interfaces = ["id0", "lom"]
}
bridges {
alias = "br0"
interfaces = ["wlp1s0", "switchports"]
dhcp4 = true
}
vlans {
alias = "en-intra"
id = 1
link = "id0"
dhcp4 = true
}
}
}
output "cid-drive-size" {
value = cloudinit-drive.vm-test-cloudinit-drive.size
}drive_name(String) Name of the cloud-init drive.drive_path(String) The path where the cloud-init drive will be saved.drive_type(String) [ configdrive2 | nocloud | opennebula ] Specifies the cloud-init configuration format (Proxmox VE use the nocloud format for Linux, and configdrive2 for Windows).iso_maker(String) [ genisoimage | mkisofs | hdiutil | oscdimg | xorriso | none ] Specifies the utility to generate the ISO file.
-
allow_public_ssh_keys(Boolean) If true, will import the public SSH keys from the datasource's metadata to the user's .ssh/authorized_keys file. Default: true. Info. -
ca_certs(Block, Optional) Add CA certificates to /etc/ca-certificates.conf and updates the ssl cert cache using update-ca-certificates. Info (see below for nested schema) -
chpasswd(Block, Optional) Set user passwords. Info (see below for nested schema) -
custom_files(Block, Optional) Overriding settings by existing files. (see below for nested schema) -
device_aliases(Map of String) Path to disk to be aliased by this name. Info -
disable_root(Boolean) Disable root login. Default: true. Info -
disable_root_opts(String) Disable root login options. If disable_root_opts is specified and contains the string $USER, it will be replaced with the username of the default user. Default: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user "$USER" rather than the user "$DISABLE_USER".';echo;sleep 10;exit 142" Info. -
disk_setup(Attributes Map) Disk partitioning. Info (see below for nested schema) -
final_message(String) This module configures the final message that cloud-init writes. The message is specified as a jinja template with the following variables set Info:version: cloud-init versiontimestamp: time at cloud-init finishdatasource: cloud-init data sourceuptime: system uptime
-
fqdn(String) Fully qualified domain name of the instance. Preferred over hostname if both are provided. In absence of hostname and fqdn in cloud-config, the local-hostname value will be used from datasource metadata. Info -
fs_setup(Block List) File system configuration . Info (see below for nested schema) -
groups(Map of List of String) Groups to add to the system can be specified as a string list.
Each item in the list should either contain a string of a single group to create, or a dictionary with the group name as the key and string of a single user as a member of that group or a list of users who should be members of the group. Info -
growpart(Block, Optional) Grow partitions. Info (see below for nested schema) -
hostname(String) Instance hostname. If fqdn is set, the hostname extracted from fqdn overrides hostname.Default: 'localhost'. Info -
instance_id(String) Instance ID. If the field is empty, a UID will be generated. -
keyboard(Block, Optional) Set keyboard layout. Info (see below for nested schema) -
locale(String) The locale to set as the system's locale. Info -
locale_configfile(String) The file in which to write the locale configuration (defaults to the distro's default location). Info -
manage_etc_hosts(String) Update the hosts file ("true", "false", "localhost").
If set to true, cloud-init will generate the hosts file using the template located in /etc/cloud/templates/hosts.tmpl. In the /etc/cloud/templates/hosts.tmpl template, the strings $hostname and $fqdn will be replaced with the hostname and fqdn respectively.If manage_etc_hosts is set to localhost, then cloud-init will not rewrite the hosts file entirely, but rather will ensure that a entry for the fqdn with a distribution dependent ip is present (i.e. ping will ping 127.0.0.1 or 127.0.1.1 or other ip).
Note: If manage_etc_hosts is set true, the contents of the hosts file will be updated every boot. To make any changes to the hosts file persistent they must be made in /etc/cloud/templates/hosts.tmpl
Info -
manage_resolv_conf(Boolean) Whether to manage the resolv.conf file. resolv_conf block will be ignored unless this is set to true. Default: false. Info -
mount_default_fields(List of String) Default mount configuration for any mount entry with less than 6 options provided. When specified, 6 items are required and represent /etc/fstab entries. Default: defaults,nofail,x-systemd.requires=cloud-init.service,_netdev. Info -
mounts(List of List of String) List of lists. Each inner list entry is a list of /etc/fstab mount declarations of the format:[ fs_spec, fs_file, fs_vfstype, fs_mntops, fs-freq, fs_passno ]. A mount declaration with less than 6 items will get remaining values from mount_default_fields. A mount declaration with onlyfs_spec and no fs_file mountpoint will be skipped. Info -
network_v1(Block, Optional) Networking Config Version 1. Info (see below for nested schema) -
network_v2(Block, Optional) Networking Config Version 2. Info (see below for nested schema) -
package_reboot_if_required(Boolean) Set true to reboot the system if required by presence of /var/run/reboot-required. Default: false. Info -
package_update(Boolean) Set true to update packages. Default: false. Info -
package_upgrade(Boolean) Set true to upgrade packages. Default: false. Info -
packages(List of String) A list of packages to install. Package version selection is not supported! Info -
password(String, Sensitive) Set the default user's password. Ignored if chpasswd list is used.Security Notice: The password will be stored unencrypted in your Terraform state file. Use of this attribute for production deployments is not recommended! Info
-
power_state(Block, Optional) Change power state. Info (see below for nested schema) -
prefer_fqdn_over_hostname(Boolean) By default, it is distro-dependent whether cloud-init uses the short hostname or fully qualified domain name when both local-hostname` and ``fqdn are both present in instance metadata. When set true, use fully qualified domain name if present as hostname instead of short hostname. When set false, use hostname config value if present, otherwise fallback to fqdn. Info -
preserve_hostname(Boolean) If true, the hostname will not be changed. Default: false. Info -
random_seed(Block, Optional) Provide random seed data. Info (see below for nested schema) -
resolv_conf(Block, Optional) resolv.conf fileInfo (see below for nested schema) -
runcmd(List of String) Run arbitrary commands at a rc.local like time-frame with output to the console. Each item can be either a list or a string. The item type affects how it is executed: * If the item is a string, it will be interpreted by sh.* If the item is a list, the items will be executed as if passed to execve(3) (with the first arg as the command). Info -
ssh_authorized_keys(Set of String) The SSH public keys to add .ssh/authorized_keys in the default user's home directory. Info -
ssh_deletekeys(Boolean) Remove host SSH keys. This prevents re-use of a private host key from an image with default host SSH keys. Default: true. Info -
ssh_genkeytypes(List of String) The SSH key types to generate. Default: ["rsa", "dsa", "ecdsa", "ed25519"]. Info -
ssh_keys(Map of String) A dictionary entries for the public and private host keys of each desired key type. Entries in the ssh_keys config dict should have keys in the format _private, _public, and, optionally, _certificate, e.g. rsa_private: , rsa_public: , and rsa_certificate: . Not all key types have to be specified, ones left unspecified will not be used. If this config option is used, then separate keys will not be automatically generated. In order to specify multiline private host keys and certificates, use multiline syntax. -
ssh_publish_hostkeys(Block, Optional) (see below for nested schema) -
ssh_pwauth(Boolean) Sets whether or not to accept password authentication. true will enable password auth. false will disable. Default is to leave the value unchanged. In order for this config to be applied, SSH may need to be restarted. On systemd systems, this restart will only happen if the SSH service has already been started. On non-systemd systems, a restart will be attempted regardless of the service state. -
ssh_quiet_keygen(Boolean) If true, will suppress the output of key generation to the console. -
swap(Block, Optional) Swap files can be configured by setting the path to the swap file to create with filename, the size of the swap file with size maximum size of the swap file if using an size: auto with maxsize. By default no swap file is created. Info (see below for nested schema) -
timezone(String) The timezone to use as represented in /usr/share/zoneinfo. Info -
users(Block List) Users to add to the system.
Info (see below for nested schema) -
wireguard(Block, Optional) Wireguard tunnel. Info (see below for nested schema) -
write_files(Block List) Write arbitrary files. Info (see below for nested schema)
checksum(String) SHA256 checksum of the generated ISO image.id(String) Unique identifier for this resource: hexadecimal representation of the SHA1 checksum of the resource.size(String) Cloud-init disk image size.
Optional:
content(Set of String) List of trusted CA certificates to add (encoded as base64).filename(Set of String) List of paths to files containing SSL certificates.remove_defaults(Boolean) Remove default CA certificates if true. Default: false.
Optional:
expire(Boolean) Whether to expire all user passwords such that a password will need to be reset on the user's next login. **Default: true.users(Block List) This key represents a list of existing users to set passwords for. Each item under users contains the following required keys: name and password or in the case of a randomly generated password, name and type. The type key has a default value of hash, and may alternatively be set to text or RANDOM. (see below for nested schema)
Optional:
name(String) Username.password(String, Sensitive) Password.Security Notice: The password will be stored unencrypted in your Terraform state file. Use of this attribute for production deployments is not recommended!
type(String) Password type (hash, text or RANDOM). Default: hash.
Optional:
files(Block List) Create a disk image from custom files. The generated configuration files will be overwritten by the current files. (see below for nested schema)meta_data(String) Use custom metadata file. Instance Metadatanetwork_data(String) Use custom network configuration file. Network Configurationopennebula_context(String) Use custom 'context.sh' file. OpenNebula contextualization variablesscripts_per_boot(Set of String) Any scripts in the scripts/per-boot directory on the datasource will be run every time the system boots. Scripts will be run in alphabetical order. This module does not accept any config keys. Infoscripts_per_instance(Set of String) Any scripts in the scripts/per-instance directory on the datasource will be run when a new instance is first booted. Scripts will be run in alphabetical order. This module does not accept any config keys. Some cloud platforms change instance-id if a significant change was made to the system. As a result per-instance scripts will run again.Infoscripts_per_once(Set of String) Any scripts in the scripts/per-once directory on the datasource will be run only once. Changes to the instance will not force a re-run. The only way to re-run these scripts is to run the clean subcommand and reboot. Scripts will be run in alphabetical order. This module does not accept any config keys.Infouser_data(String) Use custom user data file. User Datavendor_data(String) Use custom vendor data file. Vendor Data
Optional:
dst(String) Destination path.src(String) Source file.
Optional:
layout(String) Partitions can be specified by providing a list to layout, where each entry in the list is either a size or a list containing a size and the numerical value for a partition type. The size for partitions is specified in percentage of disk space, not in bytes (e.g. a size of 33 would take up 1/3 of the disk space). The partition type defaults to '83' (Linux partition), for other types of partition, such as Linux swap, the type must be passed as part of a list along with the size. Boolean not supportedoverwrite(Boolean) Controls whether this module tries to be safe about writing partition tables or not. If overwrite: false is set, the device will be checked for a partition table and for a file system and if either is found, the operation will be skipped. If overwrite: true is set, no checks will be performed. Using overwrite: true is dangerous and can lead to data loss, so double check that the correct device has been specified if using this option. Default: false.table_type(String) The partition table type, either mbr or gpt. Default: mbr.
Optional:
cmd(String) Optional command to run to create the filesystem. Can include string substitutions of the other fs_setup config keys. This is only necessary if you need to override the default command.device(String) Specified either as a path or as an alias in the format . where denotes the partition number on the device. If specifying device using the . format, the value of partition will be overwritten.extra_opts(String) Optional options to pass to the filesystem creation command. Ignored if you using cmd directly.filesystem(String) Filesystem type to create. E.g., ext4 or btrfs.label(String) Label for the filesystem.overwrite(Boolean) If true, overwrite any existing filesystem. Using overwrite: true for filesystems is dangerous and can lead to data loss, so double check the entry in fs_setup. Default: false.partition(String) (string/auto/any/none) The partition option can be set to auto, in which this module will search for the existence of a filesystem matching the label, type and device of the fs_setup entry and will skip creating the filesystem if one is found. The partition option may also be set to any, in which case any file system that matches type and device will cause this module to skip filesystem creation for the fs_setup entry, regardless of label matching or not. To write a filesystem directly to a device, use partition: none. partition: none will always write the filesystem, even when the label and filesystem are matched, and overwrite is false. Integer not supportedreplace_fs(String) Ignored unless partition is auto or any.
Optional:
devices(Set of String) The devices to resize. Each entry can either be the path to the device's mountpoint in the filesystem or a path to the block device in '/dev'. Default: [/].ignore_growroot_disabled(Boolean) If true, ignore the presence of /etc/growroot-disabled. If false and the file exists, then don't resize. Default: false.mode(String) The utility to use for resizing. Default: auto.
Optional:
layout(String) Keyboard layout. Corresponds to XKBLAYOUT.model(String) Keyboard model. Corresponds to XKBMODEL. Default: pc105.options(String) Keyboard options. Corresponds to XKBOPTIONS.variant(String) Keyboard variant. Corresponds to XKBVARIANT.
Optional:
interface(Block List) (see below for nested schema)
Read-Only:
version(Number)
Required:
name(String)type(String)
Optional:
bond_interfaces(Set of String)bridge_interfaces(Set of String)dns_interface(Set of String)dns_nameservers(Set of String)dns_search(Set of String)mac_address(String)mtu(Number)params(Map of String)route_destination(String)route_gateway(String)route_metric(Number)subnets(Block List) (see below for nested schema)vlan_id(Number)vlan_link(String)
Optional:
address(String)control(String)dns_nameservers(Set of String)dns_search(Set of String)gateway(String)netmask(String)routes(Block List) (see below for nested schema)type(String)
Optional:
destination(String)gateway(String)netmask(String)
Optional:
bonds(Block List) (see below for nested schema)bridges(Block List) (see below for nested schema)ethernets(Block List) (see below for nested schema)vlans(Block List) (see below for nested schema)
Read-Only:
version(Number)
Required:
alias(String) Local interface identifier within the configuration file. This identifier can be referenced in the following stanzas.
Optional:
addresses(Set of String)dhcp4(Boolean)dhcp4_overrides(Map of String)dhcp6(Boolean)dhcp6_overrides(Map of String)gateway4(String)gateway6(String)interfaces(Set of String)mtu(Number)nameservers(Block, Optional) (see below for nested schema)parameters(Map of String)renderer(String)routes(Block List) (see below for nested schema)
Optional:
addresses(Set of String)search(Set of String)
Optional:
metric(Number)to(String)via(String)
Required:
alias(String) Local interface identifier within the configuration file. This identifier can be referenced in the following stanzas.
Optional:
addresses(Set of String)dhcp4(Boolean)dhcp4_overrides(Map of String)dhcp6(Boolean)dhcp6_overrides(Map of String)gateway4(String)gateway6(String)interfaces(Set of String)mtu(Number)nameservers(Block, Optional) (see below for nested schema)parameters(Map of String)renderer(String)routes(Block List) (see below for nested schema)
Optional:
addresses(Set of String)search(Set of String)
Optional:
metric(Number)to(String)via(String)
Required:
alias(String) Local interface identifier within the configuration file. This identifier can be referenced in the following stanzas.
Optional:
addresses(Set of String)dhcp4(Boolean)dhcp4_overrides(Map of String)dhcp6(Boolean)dhcp6_overrides(Map of String)gateway4(String)gateway6(String)match(Block, Optional) (see below for nested schema)mtu(Number)nameservers(Block, Optional) (see below for nested schema)renderer(String)routes(Block List) (see below for nested schema)set_name(String)wakeonlan(Boolean)
Optional:
driver(String)macaddress(String)name(String)
Optional:
addresses(Set of String)search(Set of String)
Optional:
metric(Number)to(String)via(String)
Required:
alias(String) Local interface identifier within the configuration file. This identifier can be referenced in the following stanzas.
Optional:
addresses(Set of String)dhcp4(Boolean)dhcp4_overrides(Map of String)dhcp6(Boolean)dhcp6_overrides(Map of String)gateway4(String)gateway6(String)link(String)mtu(Number)nameservers(Block, Optional) (see below for nested schema)renderer(String)routes(Block List) (see below for nested schema)
Read-Only:
id(Number) The ID of this resource.
Optional:
addresses(Set of String)search(Set of String)
Optional:
metric(Number)to(String)via(String)
Optional:
condition(String) Apply state change only if condition is met. May be true (always met), false (never met), or a command string(s) (in list representation) to be executed. For command formatting, see the documentation. If exit code is 0, condition is met, otherwise not.delay(Number) Time in minutes to delay after cloud-init has finished. If no delay time is specified, the action will take place immediately.message(String) Optional message to display to the user when the system is powering off or rebooting.mode(String) Must be one of poweroff, halt, or reboot.timeout(Number) Time in seconds to wait for the cloud-init process to finish before executing shutdown. Default: 30.
Optional:
command(List of String) Execute this command to seed random. The command will have RANDOM_SEED_FILE in its environment set to the value of file above.command_required(Boolean) If true, and command is not available to be run then an exception is raised and cloud-init will record failure. Otherwise, only debug error is mentioned. Default: false.data(String) This data will be written to file before data from the datasource.encoding(String) Used to decode data provided. Allowed values are raw, base64, b64, gzip, gz. If you use the gzip format, you need to convert the contents of the file into base64 encoding and specify it with the binary data flag: "bin'QmluYXJ5IGRhdGEK'" Default: raw.file(String) File to write random data to. Default: /dev/urandom.
Optional:
domain(String) The domain to be added as domain line.nameservers(List of String) A list of nameservers to use to be added as nameserver lines.options(Map of String) Key/value pairs of options to go under options heading.searchdomains(List of String) A list of domains to be added search line.sortlist(List of String) A list of IP addresses to be added to sortlist line.
Optional:
blacklist(List of String) The SSH key types to ignore when publishing. Default: [dsa]enabled(Boolean) If true, will read host keys from /etc/ssh/*.pub and publish them to the datasource (if supported). Default: true
Optional:
filename(String) Path to the swap file to create.maxsize(String) The maxsize in bytes of the swap file.size(String) The size in bytes of the swap file, 'auto' or a human-readable size abbreviation of the format <float_size> where units are one of B, K, M, G or T.
Optional:
create_groups(Boolean) Boolean set false to disable creation of specified user groups. Default: true.default(Boolean) Add thedefault_userfrom /etc/cloud/cloud.cfg.expiredate(String) Date on which the user's account will be disabled.gecos(String) Comment about the user, usually a comma-separated string of real name and contact information.groups(String) Comma-separated string of groups to add the user to.hashed_passwd(String, Sensitive) Hash of user password to be applied. This will be applied even if the user is pre-existing. To generate this hash, run:mkpasswd -method=SHA-512 -rounds=4096.
Note: While hashed_password is better than plain_text_passwd, using passwd in user-data represents a security risk as user-data could be accessible by third-parties depending on your cloud platform.
homedir(String) Home dir for user.Default: /home/<username>.inactive(String) String representing the number of days until the user is disabled.lock_passwd(Boolean) Disable password login. Default: true.name(String) The user's login name. Required otherwise user creation will be skipped for this user.no_create_home(Boolean) Do not create home directory. Default: false.no_log_init(Boolean) Do not initialize lastlog and faillog for user. Default: false.no_user_group(Boolean) Do not create group named after user. Default: false.passwd(String, Sensitive) Hash of user password applied when user does not exist. This will NOT be applied if the user already exists. To generate this hash, run:mkpasswd -method=SHA-512 -rounds=4096.
Note: While hashed password is better than plain text, using passwd in user-data represents a security risk as user-data could be accessible by third-parties depending on your cloud platform.
plain_text_passwd(String, Sensitive) Clear text of user password to be applied. This will be applied even if the user is pre-existing. There are many more secure options than using plain text passwords, such as ssh_import_id or hashed_passwd. Do not use this in production as user-data and your password can be exposed.Security Notice: The password will be stored unencrypted in your Terraform state file. Use of this attribute for production deployments is not recommended!
primary_group(String) Primary group for user.Default: <username>.selinux_user(String) SELinux user for user's login. Default to default SELinux user.shell(String) Path to the user's login shell. The default is to set no shell, which results in a system-specific default being used.snapuser(String) Specify an email address to create the user as a Snappy user through snap create-user. If an Ubuntu SSO account is associated with the address, username and SSH keys will be requested from there.ssh_authorized_keys(List of String) List of SSH keys to add to user's authkeys file. Can not be combined with ssh_redirect_user.ssh_import_id(List of String) List of SSH IDs to import for user. Can not be combined with ssh_redirect_user.ssh_redirect_user(Boolean) Boolean set to true to disable SSH logins for this user. When specified, all cloud meta-data public SSH keys will be set up in a disabled state for this username. Any SSH login as this username will timeout and prompt with a message to login instead as thedefault_usernamefor this instance. **Default: **false. This key can not be combined withssh_import_idorssh_authorized_keys.sudo(String) Sudo rule to use or false. Absence of a sudo value ornullwill result in no sudo rules added for this user.system(Boolean) Create user as system user with no home directory. Default: false.uid(Number) The user's ID. Default is next available value.
Optional:
interfaces(Block List) Interface list. (see below for nested schema)readinessprobe(List of String) List of shell commands to be executed as probes.
Optional:
config_path(String) Path to configuration file of Wireguard interface.content(String) Wireguard interface configuration. Contains key, peer, etc.name(String) Name of the interface. Typically wgx (example: wg0).
Required:
path(String) Path of the file to which content is decoded and written.
Optional:
append(Boolean) Whether to append content to existing file if path exists.Default: false.content(String) Optional content to write to the provided path. When content is present and encoding is nottext/plain, decode the content prior to writing. Binaries will be gzip+base64 encodeddefer(Boolean) Defer writing the file until 'final' stage, after users were created, and packages were installed.Default: false.encoding(String) Optional encoding type of the content. Default is base64 and no content decoding is performed. Supported encoding types are:gz,gzip,gz+base64,gzip+base64,gz+b64,gzip+b64,b64,base64,text/plain.local_file(String) Path of the local file data from which will be written to the attribute 'content'.owner(String) Optional owner:group to chown on the file.Default: root:root.permissions(String) Optional file permissions to set on path represented as an octal string'0###'.Default: 0644
ca_certs {
remove_defaults = true
content = [<<EOT
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
EOT
]
}resource "cloudinit-drive" "vm-test-cloudinit-drive" {
drive_name = "vm-101-cloud-init.%s"
drive_path = "file://./"
drive_type = "configdrive2"
iso_maker = "mkisofs"
custom_files {
scripts_per_boot = ["tests/ca_certs.tf", "tests/ca_certs.yml"]
scripts_per_instance = ["tests/disk_setup.tf", "tests/disk_setup.yml"]
scripts_per_once = ["tests/final_message.tf", "tests/final_message.yml"]
user_data = "tests/growpart.tf"
vendor_data = "tests/hostname.tf"
network_data = "tests/keyboard.tf"
# opennebula_context = "tests/locale.tf"
files {
src = "tests/mounts.tf"
dst = "/files/1/file-1.tf"
}
files {
src = "tests/mounts.yml"
dst = "/files/2/file-2.yml"
}
}
network_v2 {}
}device_aliases = {
my_alias = "/dev/sdb"
swap_disk = "/dev/sdc"
}
disk_setup = {
my_alias = {
table_type = "gpt"
layout = "[50, 50]"
overwrite = true
}
swap_disk = {
table_type = "gpt"
layout = "[[100, 82]]"
overwrite = true
}
"/dev/sdd" = {
table_type = "mbr"
layout = "true"
overwrite = true
}
}
fs_setup {
label = "fs1"
filesystem = "ext4"
device = "my_alias.1"
cmd = "mkfs -t %(filesystem)s -L %(label)s %(device)s"
}
fs_setup {
label = "fs2"
device = "my_alias.2"
filesystem = "ext4"
}
fs_setup {
label = "swap"
device = "swap_disk.1"
filesystem = "swap"
}
fs_setup {
label = "fs3"
device = "/dev/sdd1"
filesystem = "ext4"
}
mounts = [
["my_alias.1", "/mnt1"],
["my_alias.2", "/mnt2"],
["swap_disk.1", "none", "swap", "sw", "'0'", "'0'"],
["/dev/sdd1", "/mnt3"],
]final_message = <<EOT
cloud-init has finished
version: $version
timestamp: $timestamp
datasource: $datasource
uptime: $uptim
EOTgrowpart {
mode = "growpart"
devices = ["/", "/dev/vdb1"]
ignore_growroot_disabled = true
}# preserve_hostname = true
hostname = "myhost"
fqdn = "myhost.example.com"
prefer_fqdn_over_hostname = truekeyboard {
layout = "de"
model = "pc105"
variant = "nodeadkeys"
options = "compose:rwin"
}locale = "fr_CA"
locale_configfile = "/etc/alternate_path/locale"manage_etc_hosts = "localhost"mounts = [
["/dev/ephemeral0", "/mnt", "auto", "defaults,noexec"],
["sdc", "/opt/data"],
["xvdh", "/opt/data", "auto", "defaults,nofail", "'0'", "'0'"]
]
mount_default_fields = ["None", "None", "auto", "defaults,nofail", "'0'", "'2'"]
swap {
filename = "/my/swapfile"
size = "auto"
maxsize = "10485760"
}packages = [
"pwgen",
"pastebinit",
"[libpython3.8, 3.8.10-0ubuntu1~20.04.2]"
]
package_update = true
package_upgrade = true
package_reboot_if_required = truessh_pwauth = false
# password = "password1"
chpasswd {
expire = false
users {
name = "user1"
password = "password1"
type = "text"
}
users {
name = "user2"
password = "$6$rounds=4096$5DJ8a9WMTEzIo5J4$Yms6imfeBvf3Yfu84mQBerh18l7OR1Wm1BJXZqFSpJ6BVas0AYJqIjP7czkOaAZHZi1kxQ5Y1IhgWN8K9NgxR1"
}
users {
name = "user3"
type = "RANDOM"
}
}power_state {
delay = 30
mode = "reboot"
timeout = 2
message = "Rebooting machine"
condition = "test -f /var/tmp/reboot_me"
}random_seed {
file = "/dev/urandom"
data = <<EOT
bin__H4sIAAAAAAAAAwGAAH//lgRNKp3SkVVNP2jbhM1PVjvWE2DCjV7kzNg80ga5640qlc8KT64tsyyw
1GCCQf5e9ScfMpU/pLQtha9mfaqcrdj6uIAm7qbzD9TzzbNCwuOFl5yeexlpEHFFmH2JmjqlEBMB
YbUEKw49XDkxMQQuWUjh5EcmrakXgQrvc4wPex2vUqGkgAAAAA==
EOT
encoding = "gz"
command = ["sh", "-c", "dd if=/dev/urandom of=$RANDOM_SEED_FILE"]
command_required = true
}manage_resolv_conf = true
resolv_conf {
nameservers = ["8.8.8.8", "8.8.4.4"]
searchdomains = ["foo.example.com", "bar.example.com"]
domain = "example.com"
sortlist = ["10.0.0.1/255", "10.0.0.2"]
options = {
rotate = true
timeout = 1
}
}runcmd = [
"ls -l /",
"sh -c echo \"=========hello world'=========\"",
"ls -l /root",
"wget \"http://example.org\" -O /tmp/index.html"
]ssh_keys = {
rsa_private = <<EOT
-----BEGIN RSA PRIVATE KEY-----
MIIBxwIBAAJhAKD0YSHy73nUgysO13XsJmd4fHiFyQ+00R7VVu2iV9Qco
...
-----END RSA PRIVATE KEY-----
EOT
rsa_public = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEAoPRhIfLvedSDKw7Xd ..."
rsa_certificate = <<EOT
[email protected] AAAAIHNzaC1lZDI1NTE5LWNlcnQt ...
EOT
dsa_private = <<EOT
-----BEGIN DSA PRIVATE KEY-----
MIIBxwIBAAJhAKD0YSHy73nUgysO13XsJmd4fHiFyQ+00R7VVu2iV9Qco
...
-----END DSA PRIVATE KEY-----
EOT
dsa_public = "ssh-dsa AAAAB3NzaC1yc2EAAAABIwAAAGEAoPRhIfLvedSDKw7Xd ..."
dsa_certificate = <<EOT
[email protected] AAAAIHNzaC1lZDI1NTE5LWNlcnQt ...
EOT
}
ssh_authorized_keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEA3FSyQwBI6Z+nCSjUU ...",
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3I7VUf2l5gSn5uavROsc5HRDpZ ..."
]
ssh_deletekeys = true
ssh_genkeytypes = ["rsa", "dsa", "ecdsa", "ed25519"]
disable_root = true
disable_root_opts = "no-port-forwarding,no-agent-forwarding,no-X11-forwarding"
allow_public_ssh_keys = true
ssh_quiet_keygen = true
ssh_publish_hostkeys {
enabled = true
blacklist = ["dsa"]
}timezone = "US/Eastern"groups = {
admingroup = ["root", "sys"],
cloud-users = []
}
users {
name = "newsuper"
gecos = "Big Stuff"
groups = "users, admin"
sudo = "ALL=(ALL) NOPASSWD:ALL"
shell = "/bin/bash"
lock_passwd = true
ssh_import_id = [
"lp:falcojr",
"gh:TheRealFalcon"
]
}
users {
name = "youruser"
selinux_user = "staff_u"
}wireguard {
interfaces {
name = "wg0"
config_path = "/etc/wireguard/wg0.conf"
content = <<EOT
[Interface]
PrivateKey = <private_key>
Address = <address>
[Peer]
PublicKey = <public_key>
Endpoint = <endpoint_ip>:<endpoint_ip_port>
AllowedIPs = <allowedip1>, <allowedip2>, ...
EOT
}
interfaces {
name = "wg1"
config_path = "/etc/wireguard/wg1.conf"
content = <<EOT
[Interface]
PrivateKey = <private_key>
Address = <address>
[Peer]
PublicKey = <public_key>
Endpoint = <endpoint_ip>:<endpoint_ip_port>
AllowedIPs = <allowedip1>
EOT
}
readinessprobe = [
"systemctl restart service",
"curl https://webhook.endpoint/example",
"nc -zv some-service-fqdn 443"
]
}write_files {
encoding = "b64"
content = "CiMgVGhpcyBmaWxlIGNvbnRyb2xzIHRoZSBzdGF0ZSBvZiBTRUxpbnV4..."
owner = "root:root"
path = "/etc/sysconfig/selinux"
permissions = "'0644'"
}
write_files {
content = <<EOT
15 * * * * root ship_logs
EOT
path = "/etc/crontab"
append = true
}
write_files {
encoding = "gzip"
content = "bin__H4sIAIDb/U8C/1NW1E/KzNMvzuBKTc7IV8hIzcnJVyjPL8pJ4QIA6N+MVxsAAAA="
path = "/usr/bin/hello"
permissions = "'0755'"
}
write_files {
path = "/root/CLOUD_INIT_WAS_HERE"
}
write_files {
path = "/etc/nginx/conf.d/example.com.conf"
content = <<EOT
server {
server_name example.com;
listen 80;
root /var/www;
location / {
try_files $uri $uri/ $uri.html =404;
}
}
EOT
owner = "nginx:nginx"
permissions = "'0640'"
defer = true
}
write_files {
local_file = "tests/test_file.txt"
path = "/tmp/write_files.tf"
encoding = "gz+b64"
} network_v1 {
interface {
type = "physical"
name = "interface0"
mac_address = "52:54:00:12:34:00"
mtu = 1450
subnets {
type = "static"
address = "192.168.1.10"
netmask = "255.255.255.0"
dns_nameservers = ["192.168.1.11"]
}
}
interface {
type = "bond"
name = "bond0"
bond_interfaces = ["gbe0", "gbe1"]
mac_address = "52:54:00:12:34:00"
params = {
bond-mode = "active-backup"
bond-lacp-rate = "false"
}
mtu = 1450
subnets {
type = "static"
address = "192.168.1.10"
netmask = "255.255.255.0"
dns_nameservers = ["192.168.1.11"]
}
}
}