Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# mumble-server-vultr-terraform
This is based on the use of [vultr-terraform-example] (https://github.com/Psmths/vultr-terraform-example)
This will deploy a mumble server (or murmur as it may be) onto a Vultr vc2-1c-1gb instance in the Sydney region, running Fedora 33 x64.
### Startup Script
The startup script is located in two places for convenience. Because Vultr expects the script to be passed in Base64 encoding, we can use Terraform's `filebase64` functionality to automatically encode a file in base64 and pass it to this instance, like so:
```
resource "vultr_startup_script" "standup" {
name = "mumble-fedora33"
script = filebase64("startup.sh")
type = "boot"
}
```
The startup script is applied to the instance (referenced by id) with this line in the main instance resource:
```
script_id = vultr_startup_script.standup.id
```
### SSH Keys
***This is commented out/disabled by default***
This terraform deployment will also add an authorized SSH key to the root account. The relevant provider is as follows, and is self-explanatory:
```
resource "vultr_ssh_key" "my_user" {
name = "Root SSH key"
ssh_key = "${file("sshkey.pub")}"
}
```
The SSH key is applied to the instance in the main instance provider as follows:
```
ssh_key_ids = ["${vultr_ssh_key.my_user.id}"]
```
### tfvars
The file `terraform.tfvars` contains all of the variable assignments listed in `variable.tf`. To obtain these values, use `vultr-cli`, which can be found [here](https://github.com/vultr/vultr-cli). You can also check through the Vultr API docs [here](https://www.vultr.com/api/v1/) We see these values applied to the main instance provider as shown below:
```
plan = var.plan
region = var.region
os_id = var.os
label = var.label
hostname = var.hostname
```
### Firewall
***The inbound SSH rule is commented out/disabled by default***
The firewall rules added are for the default mumble/murmur ports - TCP & UDP inbound IPv4 traffic allowed from anywhere to port 64738.
This deployment creates a firewall group, adds rules to this group, and assigns the group to the instance. It first creates the group as follows:
```
resource "vultr_firewall_group" "my_firewall_grp" {
description = "mumble-fw-deployed-by-terrafor"
}
```
This group is then applied to the main instance:
```
firewall_group_id = vultr_firewall_group.my_firewall_grp.id
```
### Output
The output provider in `output.tf` simply prints the instance's final IP address after the deployment is complete.
So once Terraform has completed an apply, it'll output the public IP address of the instance to **$instance_ip**.
### Updating Cloudflare DNS record to instance public IP address
```cloudflare-set-dns-record.sh``` has to be run seperately to Terraform after a successful apply (just tack it onto a one-liner when you do the Terraform apply). This will read the **$instance_ip$$ value and use it to update a DNS record inside a Cloudlare DNS zone. It's ideal to have this run locally rather than part of the startup script that runs on the instance - so that we can avoid any Cloudflare API keys being transported unnecessarily.
## Deploying
To deploy this instance, simply issue the following commands:
```
terraform init
terraform plan
terraform apply;./cloudflare-set-dns-record.sh
```
## Destroying and clearing Cloudflare DNS record
To destroy the environment, simply issue:
```
terraform destroy
```
During this process, Terraform will trigger the ```cloudflare-clear-dns-record.sh``` script. This will simply set the DNS record over at Cloudflare to 127.0.0.1.