Moved examples to the right folder

2026-02-08 21:34:25 +00:00 · 2023-01-20 22:12:54 +01:00
parent 6801e76541
commit 4c62081ca6
23 changed files with 0 additions and 0 deletions
--- a/terraform/airgapped
+++ b/terraform/airgapped
@@ -1,41 +0,0 @@
-# Airgapped Terraform Enterprise on Azure
-
-> In progress and absolutely, totally **not** ready for use.
-
-Stateless active/active.
-
-1. [Requirements](#requirements)
-2. [Sources](#sources)
-
-## Requirements
-
-| Requirement             | Description                                                                                                                                        |
-| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Passwords               | All passwords must be stored as a Base64 encoded secret in Azure Key Vault and retrieved during runtime.                                           |
-| Replicated license file | A valid Replicated license file (`.rli`) must be stored as a Base64 encoded secret in Azure Key Vault and retrieved during runtime.                |
-| TFE airgap bundle       | The TFE airgap bundle for Replicated must be stored as a Blob in a Storage Account and retrieved by the VM after first boot.                       |
-| TLS certificate         | The TLS certificate and private key files must be PEM-encoded. The TLS certificate file can contain a full chain of TLS certificates if necessary. |
-| Tokens                  | All tokens must be stored as a Base64 encoded secret in Azure Key Vault and retrieved during runtime.                                              |
-| Virtual machine         | Must be a Linux VM.                                                                                                                                |
-
-![requirements diagram]
-
-## Sources
-
- [Terraform Enterprise]
- [Automated installations] of Replicated
- Hashicorp's [Terraform Enterprise Azure Module][hashicorp/terraform-azurerm-terraform-enterprise] on GitHub
- Azure's [Terraform Enterprise Azure Instance Module][azure-terraform/terraform-azurerm-terraform-enterprise-instance] on GitHub
-
-<!-- knowledge base -->
-[requirements diagram]: design/requirements.png
-
-<!-- hashicorp references -->
-[terraform enterprise]: https://developer.hashicorp.com/terraform/enterprise
-
-<!-- replicated references -->
-[automated installations]: https://help.replicated.com/docs/native/customer-installations/automating/
-
-<!-- repositories -->
-[azure-terraform/terraform-azurerm-terraform-enterprise-instance]: https://github.com/Azure-Terraform/terraform-azurerm-terraform-enterprise-instance
-[hashicorp/terraform-azurerm-terraform-enterprise]: https://github.com/hashicorp/terraform-azurerm-terraform-enterprise
--- a/terraform/airgapped
+++ b/terraform/airgapped
@@ -1,37 +0,0 @@
-# See:
-# - https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs
-# - https://github.com/chrusty/terraform-multipart-userdata/blob/master/example/cloudinit.tf
-
-data "cloudinit_config" "user_data" {
-  # Disabled only to make the rendered config readable in the outputs.
-  gzip          = false
-  base64_encode = false
-
-  part {
-    content = templatefile(
-      "${path.module}/templates/cloud-init/docker-ce.yaml.tftpl",
-      {
-        docker_user = "azureuser"
-      }
-    )
-    content_type = "text/cloud-config"
-    filename     = "docker-ce"
-  }
-
-  part {
-    content = templatefile(
-      "${path.module}/templates/cloud-init/tfe.yaml.tftpl",
-      {
-        replicated_config_file_location             = var.replicated_config_file_location
-        replicated_config_file_contents_b64encoded  = base64encode(local.replicated_config_file_contents)
-        replicated_license_file_location            = var.replicated_config_license_file_location
-        replicated_license_file_contents_b64encoded = base64encode("") # FIXME: get from Key Vault
-        tfe_config_file_location                    = var.tfe_config_file_location
-        tfe_config_file_contents_b64encoded         = base64encode(local.tfe_config_file_contents)
-      }
-    )
-    content_type = "text/cloud-config"
-    merge_type   = "dict(recurse_array,no_replace)+list(append)"
-    filename     = "tfe"
-  }
-}
--- a/azure/design/requirements.png
+++ b/azure/design/requirements.png
--- a/azure/design/requirements.py
+++ b/azure/design/requirements.py
@@ -1,33 +0,0 @@
-#!/usr/bin/env python3
-
-from diagrams import Diagram
-from diagrams.azure.compute import VMLinux
-from diagrams.azure.database import CacheForRedis, DatabaseForPostgresqlServers
-from diagrams.azure.network import LoadBalancers, NetworkInterfaces, Subnets, VirtualNetworks
-from diagrams.azure.security import KeyVaults
-from diagrams.azure.storage import BlobStorage
-from diagrams.onprem.container import Docker
-from diagrams.onprem.iac import Terraform
-
-with Diagram("Requirements", show=False):
-
-    cache = CacheForRedis("Redis Cache")
-    db = DatabaseForPostgresqlServers("PostgreSQL DB")
-    engine = Docker("Docker Engine")
-    kv = KeyVaults("Key Vault")
-    lb = LoadBalancers("Load Balancer")
-    nic = NetworkInterfaces("Network Interface")
-    storage = BlobStorage("Blob Storage")
-    subnet_private = Subnets("Private Subnet")
-    subnet_public = Subnets("Public Subnet")
-    tfe = Terraform("Terraform Enterprise")
-    vm = VMLinux("Linux Virtual Machine")
-    vnet = VirtualNetworks("VNet")
-
-    vnet >> [subnet_private, subnet_public]
-    subnet_private >> kv
-    [subnet_private, subnet_public] >> nic
-    kv >> [cache, db, storage, vm]
-    nic >> [lb, vm]
-    vm >> engine
-    [cache, db, engine, lb, storage] >> tfe
--- a/terraform/airgapped
+++ b/terraform/airgapped
@@ -1,23 +0,0 @@
-locals {
-  # See https://help.replicated.com/docs/native/customer-installations/automating/#configure-replicated-automatically
-  replicated_config = {
-    LicenseFileLocation               = var.replicated_config_license_file_location
-    LicenseBootstrapAirgapPackagePath = var.replicated_config_license_bootstrap_airgap_package_path
-  }
-
-  # Replicated's settings file is JSON formatted.
-  # See https://help.replicated.com/docs/native/customer-installations/automating
-  replicated_config_file_contents = jsonencode(local.replicated_config)
-
-  # See https://developer.hashicorp.com/terraform/enterprise/install/automated/automating-the-installer#available-settings
-  tfe_config = {
-    hostname     = "hostname"
-    enc_password = "password"
-  }
-
-  # TFE's settings file is JSON formatted.
-  # All defined keys must be objects with the 'value' key in it. (ノಠ益ಠ)ノ彡┻━┻
-  # All values must be strings.
-  # See https://developer.hashicorp.com/terraform/enterprise/install/automated/automating-the-installer#format
-  tfe_config_file_contents = jsonencode({ for k, v in local.tfe_config : k => { "value" : tostring(v) } })
-}
--- a/terraform/airgapped
+++ b/terraform/airgapped
@@ -1,16 +0,0 @@
-output "replicated_config_file" {
-  value = {
-    contents = local.replicated_config_file_contents
-    location = var.replicated_config_file_location
-  }
-}
-output "tfe_config_file" {
-  value = {
-    contents = local.tfe_config_file_contents
-    location = var.tfe_config_file_location
-  }
-}
-
-output "cloudinit_config" {
-  value = data.cloudinit_config.user_data.rendered
-}
--- a/azure/templates/cloud-init/docker-ce.yaml.tftpl
+++ b/azure/templates/cloud-init/docker-ce.yaml.tftpl
@@ -1,23 +0,0 @@
-#cloud-config
-
-# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#package-update-upgrade-install
-packages:
-  - docker-ce
-
-# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#runcmd
-runcmd:
-
-  # Give the user permissions to use Docker without `sudo`ing.
-  # The 'users' module overrode *both* the SSH keys *and* group assignments in
-  # previous tests. (┛◉Д◉)┛彡┻━┻
-  - grep -qE '^docker:' /etc/group && usermod -a -G docker ${docker_user} || true
-
-# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#yum-add-repo
-yum_repos:
-  docker-ce:
-    name: Docker CE Stable - $basearch
-    enabled: true
-    baseurl: https://download.docker.com/linux/rhel/$releasever/$basearch/stable
-    priority: 1
-    gpgcheck: true
-    gpgkey: https://download.docker.com/linux/rhel/gpg
--- a/azure/templates/cloud-init/tfe.yaml.tftpl
+++ b/azure/templates/cloud-init/tfe.yaml.tftpl
@@ -1,25 +0,0 @@
-#cloud-config
-
-# Replicated requires Docker
-# TFE requires Replicated
-
-# See https://cloudinit.readthedocs.io/en/latest/reference/modules.html#write-files
-write_files:
-  - encoding: b64
-    path: ${replicated_config_file_location}
-    content: |
-      ${replicated_config_file_contents_b64encoded}
-    permissions: '0600'
-    defer: true
-  - encoding: b64
-    path: ${replicated_license_file_location}
-    content: |
-      ${replicated_license_file_contents_b64encoded}
-    permissions: '0600'
-    defer: true
-  - encoding: b64
-    path: ${tfe_config_file_location}
-    content: |
-      ${tfe_config_file_contents_b64encoded}
-    permissions: '0600'
-    defer: true
--- a/terraform/airgapped
+++ b/terraform/airgapped
@@ -1,17 +0,0 @@
-variable "replicated_config_file_location" {
-  type        = string
-  default     = "/etc/replicated.conf"
-  description = "Only read on initial startup."
-}
-variable "replicated_config_license_bootstrap_airgap_package_path" {
-  type = string
-}
-variable "replicated_config_license_file_location" {
-  type    = string
-  default = "/etc/license.rli"
-}
-
-variable "tfe_config_file_location" {
-  type    = string
-  default = "/etc/settings.conf"
-}
--- a/terraform/multi-part
+++ b/terraform/multi-part
@@ -1,50 +0,0 @@
-# https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs
-# https://github.com/chrusty/terraform-multipart-userdata/blob/master/example/cloudinit.tf
-
-data "cloudinit_config" "azurerm_linux_virtual_machine" {
-  # Disabled only to make the rendered config readable in the outputs.
-  gzip          = false
-  base64_encode = false
-
-  part {
-    content      = file("${path.module}/files/base.yaml")
-    content_type = "text/cloud-config"
-    filename     = "base"
-  }
-
-  part {
-    content = templatefile(
-      "${path.module}/templates/docker-ce.yaml.tftpl",
-      {
-        user = "azureuser"
-      }
-    )
-    content_type = "text/cloud-config"
-    merge_type   = "dict(recurse_array,no_replace)+list(append)"
-    filename     = "docker-ce"
-  }
-}
-
-data "cloudinit_config" "oci_core_instance" {
-  # Disabled only to make the rendered config readable in the outputs.
-  gzip          = false
-  base64_encode = false
-
-  part {
-    content      = file("${path.module}/files/base.yaml")
-    content_type = "text/cloud-config"
-    filename     = "base"
-  }
-
-  part {
-    content = templatefile(
-      "${path.module}/templates/docker-ce.yaml.tftpl",
-      {
-        user = "opc"
-      }
-    )
-    content_type = "text/cloud-config"
-    merge_type   = "dict(recurse_array,no_replace)+list(append)"
-    filename     = "docker-ce"
-  }
-}
--- a/cloud-init/files/base.yaml
+++ b/cloud-init/files/base.yaml
@@ -1,4 +0,0 @@
-#cloud-config
-
-package_reboot_if_required: false
-package_upgrade: false
--- a/terraform/multi-part
+++ b/terraform/multi-part
@@ -1,12 +0,0 @@
-# resource "azurerm_linux_virtual_machine" "vm" {
-#   user_data = data.cloudinit_config.azurerm_linux_virtual_machine.rendered
-#   …
-# }
-
-# resource "oci_core_instance" "instance" {
-#   …
-#   metadata = {
-#     …
-#     user_data = data.cloudinit_config.oci_core_instance.rendered
-#   }
-# }
--- a/cloud-init/outputs.tf
+++ b/cloud-init/outputs.tf
@@ -1,7 +0,0 @@
-output "cloudinit_config_azurerm_linux_virtual_machine" {
-  value = data.cloudinit_config.azurerm_linux_virtual_machine.rendered
-}
-
-output "cloudinit_config_oci_core_instance" {
-  value = data.cloudinit_config.oci_core_instance.rendered
-}
--- a/cloud-init/templates/docker-ce.yaml.tftpl
+++ b/cloud-init/templates/docker-ce.yaml.tftpl
@@ -1,20 +0,0 @@
-#cloud-config
-
-packages:
-  - docker-ce
-
-runcmd:
-
-  # Give the user permissions to use Docker without `sudo`ing.
-  # The 'users' module overrode *both* the SSH keys *and* group assignments in
-  # previous tests. (┛◉Д◉)┛彡┻━┻
-  - grep -qE '^docker:' /etc/group && usermod -a -G docker ${user} || true
-
-yum_repos:
-  docker-ce:
-    name: Docker CE Stable - $basearch
-    enabled: true
-    baseurl: https://download.docker.com/linux/rhel/$releasever/$basearch/stable
-    priority: 1
-    gpgcheck: true
-    gpgkey: https://download.docker.com/linux/rhel/gpg
--- a/instance/README.md
+++ b/instance/README.md
@@ -1,37 +0,0 @@
-# Oracle free tier Ampere VM
-
-Simple example to create an Ampere VM instance in Oracle Cloud's free tier.
-
-1. [Requirements](#requirements)
-2. [Further readings](#further-readings)
-3. [Sources](#sources)
-
-## Requirements
-
-1. VCN
-1. Public Subnet
-
-For a Subnet to be considered Public, it needs to have associated a Route Table with a default route pointing to an Internet Gateway.
-
-The default route table created using Terraform does not contain this route, nor it is possible to create the single route in it at the time of writing.<br />
-A solution to this is to create a new Route Table **with** the default route above and attach it to the Subnet. See the code for details.
-
-![requirements]
-
-## Further readings
-
-## Sources
-
- [Ridiculously powerful free server in the cloud]
- [Always free resources] in Oracle Cloud
- [Oracle Cloud Infrastructure Provider documentation]
- [oracle-terraform-modules/terraform-oci-compute-instance]
-
-<!-- internal references -->
-[requirements]: design/requirements.png
-
-<!-- external references -->
-[always free resources]: https://docs.oracle.com/en-us/iaas/Content/FreeTier/freetier_topic-Always_Free_Resources.htm
-[oracle cloud infrastructure provider documentation]: https://registry.terraform.io/providers/oracle/oci/latest/docs
-[ridiculously powerful free server in the cloud]: https://medium.com/codex/ridiculously-powerful-free-server-in-the-cloud-dd4da8524a9c
-[oracle-terraform-modules/terraform-oci-compute-instance]: https://github.com/oracle-terraform-modules/terraform-oci-compute-instance
--- a/instance/design/requirements.png
+++ b/instance/design/requirements.png
--- a/instance/design/requirements.py
+++ b/instance/design/requirements.py
@@ -1,18 +0,0 @@
-#!/usr/bin/env python3
-
-from diagrams import Cluster, Diagram
-from diagrams.oci.compute import VM
-from diagrams.oci.network import InternetGateway, RouteTable, Vcn
-
-with Diagram("Requirements", show=False):
-
-    vcn = Vcn("VCN")
-    vm = VM("Ampere instance")
-
-    with Cluster("Public Subnet"):
-
-        ig = InternetGateway("Internet Gateway")
-        rt = RouteTable("Route Table")
-
-    vcn >> ig >> rt
-    rt >> vm
--- a/instance/example.tfvars
+++ b/instance/example.tfvars
@@ -1,14 +0,0 @@
-availability_domain = "FIXME" # get it with `oci iam availability-domain list`
-compartment_id      = "FIXME" # get it with `oci iam compartment list`
-
-memory_in_gbs = 24
-ocpus         = 4
-
-# get it with `oci compute image list -c 'tenancy_id'`
-# or check https://docs.oracle.com/en-us/iaas/images/
-source_id = "ocid1.image.oc1.eu-amsterdam-1.aaaaaaaavmra3s4va4fqd4vlcrqc5v5jyqov5vdla3x3b6gzc64n6dkpuqua"
-
-ssh_authorized_keys = <<-EOT
-  ssh-ed25519 key-1 comment
-  ssh-ed25519 key-n comment
-EOT
--- a/instance/main.tf
+++ b/instance/main.tf
@@ -1,61 +0,0 @@
-# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_vcn
-resource "oci_core_vcn" "this" {
-  compartment_id = var.compartment_id
-  cidr_blocks    = ["10.0.0.0/16"]
-}
-
-# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_subnet
-resource "oci_core_subnet" "this" {
-  compartment_id = var.compartment_id
-  vcn_id         = oci_core_vcn.this.id
-  cidr_block     = "10.0.0.0/24"
-}
-
-# Needed to be able to connect to the instance from the Internet.
-# Need to create a route table with the default route 0.0.0.0/0 pointing to the
-# internet gateway, and associate the subnet to it.
-# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_internet_gateway
-resource "oci_core_internet_gateway" "this" {
-  compartment_id = var.compartment_id
-  vcn_id         = oci_core_vcn.this.id
-}
-resource "oci_core_route_table" "this" {
-  compartment_id = var.compartment_id
-  vcn_id         = oci_core_vcn.this.id
-
-  route_rules {
-    destination       = "0.0.0.0/0"
-    destination_type  = "CIDR_BLOCK"
-    network_entity_id = oci_core_internet_gateway.this.id
-  }
-}
-resource "oci_core_route_table_attachment" "this" {
-  subnet_id      = oci_core_subnet.this.id
-  route_table_id = oci_core_route_table.this.id
-}
-
-# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_instance
-resource "oci_core_instance" "this" {
-  compartment_id      = var.compartment_id
-  availability_domain = var.availability_domain
-  shape               = var.shape
-
-  create_vnic_details {
-    subnet_id = oci_core_subnet.this.id
-  }
-
-  metadata = {
-    ssh_authorized_keys = var.ssh_authorized_keys
-  }
-
-  shape_config {
-    memory_in_gbs = var.memory_in_gbs
-    ocpus         = var.ocpus
-  }
-
-  source_details {
-    boot_volume_size_in_gbs = var.boot_volume_size_in_gbs
-    source_id               = var.source_id
-    source_type             = var.source_type
-  }
-}
--- a/instance/outputs.tf
+++ b/instance/outputs.tf
@@ -1,3 +0,0 @@
-output "instance" {
-  value = oci_core_instance.this
-}
--- a/instance/variables.tf
+++ b/instance/variables.tf
@@ -1,35 +0,0 @@
-variable "availability_domain" {
-  type = string
-}
-variable "compartment_id" {
-  type = string
-}
-variable "shape" {
-  type    = string
-  default = "VM.Standard.A1.Flex"
-}
-
-variable "memory_in_gbs" {
-  type    = number
-  default = 24
-}
-variable "ocpus" {
-  type    = number
-  default = 4
-}
-
-variable "boot_volume_size_in_gbs" {
-  type    = number
-  default = 50
-}
-variable "source_id" {
-  type = string
-}
-variable "source_type" {
-  type    = string
-  default = "image"
-}
-
-variable "ssh_authorized_keys" {
-  type = string
-}