terraform-digitalocean-droplets-ubuntu

Use Terraform with default variables to create Digital Ocean Droplets.

Terraform for Digital Ocean Droplet(s)

Purpose

This repo contains terraform code and default variables that allow one to create Digital Ocean Droplet(s) with ease.

About

  • All arguments for the digitalocean_droplet Terraform resource are enumerated in main.tf and variables.tf. tags and volume_ids are commented out for first-time ease.
  • All available outputs will be printed upon completion of terraform apply.

Provisioners file and remote-exec are used to:

  1. Overwrite /etc/sysctl.conf with a web-server optimized and kernel-hardened parameters.
  2. Add a new user according to the ssh_user variable.
  3. Add this user to the admin group.
  4. Modify /etc/sudoers so that the admin group can execute sudo without a password.
  5. Add local authorized_keys file to ssh_user's .ssh directory.
  6. Modify /etc/ssh/sshd_config to disallow root user login and allow PubkeyAuthentication.

Requirements

  1. Terraform, obiously.
  2. A token for Digital Ocean that can write.

Required Variables

As long as these variables are provided, the defaults are to create one droplet in the sfo2 region with IPv6, monitoring, and private networking enabled.

  1. do_token: (string) Digital Ocean API Token.
  2. ssh_user: (string) Name of user that will be allowed passwordless sudo and ssh access.
  3. ssh_key_path: (string) path on local machine to SSH private key.
  4. vm_ssh_key_ids: (list) ID(s) of SSH Key ID's according to Digital Ocean. If providing over CLI, be wary of the data type. For example: bash var.vm_ssh_key_ids Enter a value: [25435191]

Prelude

Export your Digital Ocean API key:

export DIGITALOCEAN_TOKEN='YOUR_TOKEN_HERE'

Note: Piping to jq required only for pretty-printing JSON response

Usage

terraform plan
terraform apply

Useful Commands

export TF_LOG_='DEBUG' && \
export TF_LOG_PATH='tf.log'

Get Droplet Sizes

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer ${DIGITALOCEAN_TOKEN}" "https://api.digitalocean.com/v2/sizes?page=1" | jq
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer ${DIGITALOCEAN_TOKEN}" "https://api.digitalocean.com/v2/sizes?page=2" | jq

Note: Multi-page responses

Locating your SSH Key ID(s)

If you want SSH keys already associated with your Digital Ocean account to be set on the Droplets, you first need to get the ID(s) of the key(s) according to Digital Ocean.

  1. Use cURL to list keys and their IDs:

    curl -H "Content-Type: application/json" -H "Authorization: Bearer ${DIGITALOCEAN_TOKEN}" "https://api.digitalocean.com/v2/account/keys" | jq
    
  2. Use the desired Key ID from this output as the value(s) for the vm_ssh_key_ids variable.

References

0 Comments