weave-scope/tools/provisioning/do

Digital Ocean

Introduction

This project allows you to get hold of some machine on Digital Ocean. You can then use these machines as is or run various Ansible playbooks from ../config_management to set up Weave Net, Kubernetes, etc.

Setup

• Log in cloud.digitalocean.com with your account.

• Go to Settings > Security > SSH keys > Add SSH Key. Enter your SSH public key and the name for it, and click Add SSH Key. Set the path to your private key as an environment variable:

export DIGITALOCEAN_SSH_KEY_NAME=<your Digital Ocean SSH key name>
export TF_VAR_do_private_key_path="$HOME/.ssh/id_rsa"

• Go to API > Tokens > Personal access tokens > Generate New Token Enter your token name and click Generate Token to get your 64-characters-long API token. Set these as environment variables:

export DIGITALOCEAN_TOKEN_NAME="<your Digital Ocean API token name>"
export DIGITALOCEAN_TOKEN=<your Digital Ocean API token>

• Run the following command to get the Digital Ocean ID for your SSH public key (e.g. 1234567) and set it as an environment variable:

$ export TF_VAR_do_public_key_id=$(curl -s -X GET -H "Content-Type: application/json" \
-H "Authorization: Bearer $DIGITALOCEAN_TOKEN" "https://api.digitalocean.com/v2/account/keys" \
| jq -c --arg key_name "$DIGITALOCEAN_SSH_KEY_NAME" '.ssh_keys | .[] | select(.name==$key_name) | .id')

or pass it as a Terraform variable:

$ terraform <command> \
-var 'do_private_key_path=<path to your SSH private key>' \
-var 'do_public_key_id=<ID of your SSH public key>'

Bash aliases

You can set the above variables temporarily in your current shell, permanently in your ~/.bashrc file, or define aliases to activate/deactivate them at will with one single command by adding the below to your ~/.bashrc file:

function _do_on() {
  export DIGITALOCEAN_TOKEN_NAME="<your_token_name>"        # Replace with appropriate value.
  export DIGITALOCEAN_TOKEN=<your_token>                    # Replace with appropriate value.
  export DIGITALOCEAN_SSH_KEY_NAME="<your_ssh_key_name>"    # Replace with appropriate value.
  export TF_VAR_do_private_key_path="$HOME/.ssh/id_rsa"     # Replace with appropriate value.
  export TF_VAR_do_public_key_path="$HOME/.ssh/id_rsa.pub"  # Replace with appropriate value.
  export TF_VAR_do_public_key_id=<your_ssh_key_id>          # Replace with appropriate value.
}
alias _do_on='_do_on'
function _do_off() {
  unset DIGITALOCEAN_TOKEN_NAME
  unset DIGITALOCEAN_TOKEN
  unset DIGITALOCEAN_SSH_KEY_NAME
  unset TF_VAR_do_private_key_path
  unset TF_VAR_do_public_key_path
  unset TF_VAR_do_public_key_id
}
alias _do_off='_do_off'

N.B.:

• sourcing ../setup.sh defines aliases called do_on and do_off, similarly to the above (however, notice no _ in front of the name, as opposed to the ones above);
• ../setup.sh's do_on alias needs the SECRET_KEY environment variable to be set in order to decrypt sensitive information.

Usage

• Create the machine: terraform apply
• Show the machine's status: terraform show
• Stop and destroy the machine: terraform destroy
• SSH into the newly-created machine:

$ ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no `terraform output username`@`terraform output public_ips`

or

source ../setup.sh
tf_ssh 1  # Or the nth machine, if multiple VMs are provisioned.

Resources

• https://www.terraform.io/docs/providers/do/
• https://www.terraform.io/docs/providers/do/r/droplet.html
• Terraform variables