Terraform for Digital Ocean Droplet(s)
Purpose
This repo contains terraform code and default variables that allow one to create Digital Ocean Droplet(s) with ease.
About
- All arguments for the
digitalocean_droplet
Terraform resource are enumerated inmain.tf
andvariables.tf
.tags
andvolume_ids
are commented out for first-time ease. - All available outputs will be printed upon completion of
terraform apply
.
Provisioners file
and remote-exec
are used to:
- Overwrite
/etc/sysctl.conf
with a web-server optimized and kernel-hardened parameters. - Add a new user according to the
ssh_user
variable. - Add this user to the
admin
group. - Modify
/etc/sudoers
so that theadmin
group can executesudo
without a password. - Add local
authorized_keys
file tossh_user
’s.ssh
directory. - Modify
/etc/ssh/sshd_config
to disallowroot
user login and allowPubkeyAuthentication
.
Requirements
- Terraform, obiously.
- A token for Digital Ocean that can
write
.
Required Variables
As long as these variables are provided, the defaults are to create one droplet in the sfo2
region with IPv6, monitoring, and private networking enabled.
do_token
: (string) Digital Ocean API Token.ssh_user
: (string) Name of user that will be allowed passwordless sudo and ssh access.ssh_key_path
: (string) path on local machine to SSH private key.vm_ssh_key_ids
: (list) ID(s) of SSH Key ID’s according to Digital Ocean. If providing over CLI, be wary of the data type. For example:bash var.vm_ssh_key_ids Enter a value: [25435191]
Prelude
Export your Digital Ocean API key:
export DIGITALOCEAN_TOKEN='YOUR_TOKEN_HERE'
Note: Piping to jq
required only for pretty-printing JSON response
Usage
terraform plan
terraform apply
Useful Commands
export TF_LOG_='DEBUG' && \
export TF_LOG_PATH='tf.log'
Get Droplet Sizes
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer ${DIGITALOCEAN_TOKEN}" "https://api.digitalocean.com/v2/sizes?page=1" | jq
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer ${DIGITALOCEAN_TOKEN}" "https://api.digitalocean.com/v2/sizes?page=2" | jq
Note: Multi-page responses
Locating your SSH Key ID(s)
If you want SSH keys already associated with your Digital Ocean account to be set on the Droplets, you first need to get the ID(s) of the key(s) according to Digital Ocean.
Use cURL to list keys and their IDs:
curl -H "Content-Type: application/json" -H "Authorization: Bearer ${DIGITALOCEAN_TOKEN}" "https://api.digitalocean.com/v2/account/keys" | jq
Use the desired Key ID from this output as the value(s) for the
vm_ssh_key_ids
variable.
0 Comments