IaC/advanced-libvirt-terraform-examples
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move up files to one level and erase default public key

Browse Source
This commit is contained in:
Lukas Greve
2025-10-18 13:18:32 +02:00
parent f5e85371e4
commit 91e23f0765
16 changed files with 72 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
shared_modules/cloud-init.tf Normal file
View File

@@ -0,0 +1,11 @@
# Only create the cloudinit disk if enabled
resource "libvirt_cloudinit_disk" "commoninit" {
count = var.enable_cloudinit ? var.instance_count : 0
name = "${var.cloudinit_filename}-${count.index}"
user_data = templatefile("${path.module}/cloud_init.yaml", {
ssh_key = var.ssh_key
})
pool = "${var.vm_name}-pool"
depends_on = [libvirt_pool.tf_tmp_storage]
}

10
shared_modules/cloud_init.yaml Normal file
View File

@@ -0,0 +1,10 @@
#cloud-config
disable_root: true
users:
- name: groot
sudo: ALL=(ALL) NOPASSWD:ALL
groups: wheel,sudo,adm
shell: /bin/bash
ssh_authorized_keys:
- ${ssh_key}
ssh_pwauth: false

67
shared_modules/domain.tf Normal file
View File

@@ -0,0 +1,67 @@
resource "libvirt_domain" "domain" {
count = var.instance_count
name = "${var.vm_name}-${count.index}"
memory = var.memory
vcpu = var.vcpu
machine = "q35"
# The chipset q35, which does not support the IDE bus, does not work with the terraform-provider-libvirt cloud-init implementation,
# which creates an ISO attached to an IDE bus by default. Workaround is implemented
# https://github.com/dmacvicar/terraform-provider-libvirt/issues/1137#issuecomment-2592329846
# A cleaner solution might be the following :
# https://github.com/dmacvicar/terraform-provider-libvirt/pull/895#issuecomment-1911167872
xml {
xslt = file("${path.module}/q35-workaround.xslt")
}
# Only include cloudinit if enabled
cloudinit = var.enable_cloudinit ? libvirt_cloudinit_disk.commoninit[count.index].id : null
# ---- optional UEFI support ------------------------------------
# Firmware only add the string when a path is supplied
firmware = can(var.uefi_firmware) && length(var.uefi_firmware) > 0 ? var.uefi_firmware : null
# NVRAM block dynamic block that is evaluated once per VM
dynamic "nvram" {
# create the block once if a firmware path *and* a template were given
for_each = (can(var.uefi_firmware) && length(var.uefi_firmware) > 0
&& can(var.uefi_nvram_template) && length(var.uefi_nvram_template) > 0
) ? [1] : []
content {
# The NVRAM filename is perVM, but we can honour an optional suffix
file = "/var/lib/libvirt/qemu/nvram/${var.vm_name}-${count.index}${var.uefi_nvram_file_suffix}_VARS.fd"
template = var.uefi_nvram_template
}
}
# ----------------------------------------------------------------
cpu {
mode = "host-passthrough"
}
disk {
volume_id = element(libvirt_volume.vm_disk.*.id, count.index)
scsi = "true"
}
console {
type = "pty"
target_port = "0"
target_type = "virtio"
}
video {
type = "virtio"
}
tpm {
backend_type = "emulator"
backend_version = "2.0"
}
network_interface {
network_name = "${var.vm_name}-network"
}
}

11
shared_modules/network.tf Normal file
View File

@@ -0,0 +1,11 @@
resource "libvirt_network" "tf_libvirt_network" {
name = "${var.vm_name}-network"
mode = var.network_mode
domain = local.computed_network_domain
addresses = var.network_addresses
dns {
enabled = var.dns_enabled
local_only = var.dns_local_only
}
}

7
shared_modules/pool.tf Normal file
View File

@@ -0,0 +1,7 @@
resource "libvirt_pool" "tf_tmp_storage" {
name = "${var.vm_name}-pool"
type = "dir"
target {
path = var.pool_path
}
}

9
shared_modules/provider.tf Normal file
View File

@@ -0,0 +1,9 @@
terraform {
required_version = ">= 0.13"
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
version = "0.8.3"
}
}
}

16
shared_modules/q35-workaround.xslt Normal file
View File

@@ -0,0 +1,16 @@
<?xml version="1.0" ?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output omit-xml-declaration="yes" indent="yes"/>
<xsl:template match="node()|@*">
<xsl:copy>
<xsl:apply-templates select="node()|@*"/>
</xsl:copy>
</xsl:template>
<xsl:template match="/domain/devices/disk[@device='cdrom']/target/@bus">
<xsl:attribute name="bus">
<xsl:value-of select="'sata'"/>
</xsl:attribute>
</xsl:template>
<xsl:template match="/domain/devices/disk[@device='cdrom']/alias" />
</xsl:stylesheet>

141
shared_modules/variables.tf Normal file
View File

@@ -0,0 +1,141 @@
variable "libvirt_uri" {
description = "URI for libvirt connection"
type = string
default = "qemu:///system"
}
variable "pool_name" {
description = "Name of the storage pool"
type = string
default = "tf_tmp_pool"
}
variable "pool_path" {
description = "Path for the storage pool"
type = string
default = "/tmp/tf_tmp_storage"
}
variable "instance_count" {
description = "Number of instances to create"
type = number
default = 1
}
variable "vm_name" {
description = "Name prefix for VMs"
type = string
}
variable "image_location" {
description = "Location of the OS image"
type = string
default = "https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img"
}
# To avoid refetching the cloud ISO each time, it could could be set to a local directory, like : "/var/lib/libvirt/images/noble-server-cloudimg-amd64.img"
variable "cloudinit_filename" {
description = "Name of the cloud-init ISO file"
type = string
default = "commoninit.iso"
}
variable "enable_cloudinit" {
description = "Enable cloud-init support"
type = bool
default = false
}
variable "ssh_key" {
description = "SSH authorized keys for cloud-init"
type = string
default = ""
}
variable "user_data" {
description = "User data for cloud-init"
type = string
default = ""
}
variable "memory" {
description = "Memory allocation in MB"
type = number
default = 2048
validation {
condition = var.memory >= 512
error_message = "Memory must be at least 512MB."
}
}
variable "vcpu" {
description = "Number of virtual CPUs"
type = number
default = 2
}
variable "network_mode" {
description = "Network mode (nat, none, route, open, bridge)"
type = string
default = "nat"
}
variable "network_domain" {
description = "Domain name for the network (derived from vm_name)"
type = string
# Default dynamically based on vm_name
default = ""
}
variable "network_addresses" {
description = "List of network addresses"
type = list(string)
default = ["10.17.3.0/24", "2001:db8:ca2:2::1/64"]
}
variable "dns_enabled" {
description = "Enable DNS for the network"
type = bool
default = true
}
variable "dns_local_only" {
description = "DNS requests only resolved by virtual network's DNS server"
type = bool
default = false
}
variable "uefi_firmware" {
description = <<EOT
Path to the UEFI firmware binary (OVMF_CODE.fd, QEMU_CODE.fd, …).
Leave empty (or omit on the module call) to create a plain BIOS VM.
EOT
type = string
default = "" # “BIOS only” when empty
}
variable "uefi_nvram_template" {
description = <<EOT
Path to an NVRAM template that backs the UEFI NVRAM.
If you specify a template, the VM will get a writable NVRAM block.
Leave empty for a plain BIOS VM or if you dont need UEFI NVRAM.
EOT
type = string
default = "" # no NVRAM when empty
}
variable "uefi_nvram_file_suffix" {
description = <<EOT
Optional filesuffix fragment that is appended to the
generated NVRAM file name. Useful when you want to put the
files under a dedicated directory (`/var/lib/libvirt/qemu/uefi/nvram/…`).
Empty string means “no suffix” (default behaviour).
EOT
type = string
default = ""
}
# Computed variable for network domain (derived from vm_name)
locals {
computed_network_domain = var.network_domain != "" ? var.network_domain : "${var.vm_name}.local"
}

9
shared_modules/volume.tf Normal file
View File

@@ -0,0 +1,9 @@
resource "libvirt_volume" "vm_disk" {
count = var.instance_count
name = "${var.vm_name}-${count.index}"
pool = "${var.vm_name}-pool"
source = var.image_location
format = "qcow2"
depends_on = [libvirt_pool.tf_tmp_storage]
}