cfm / terraform-metal-securedrop-staging

Terraform module for standing up a SecureDrop staging environment at Equinix Metal (fka Packet)
MIT License
0 stars 2 forks source link

factor out cloud-init configuration from bare-metal provider #7

Open cfm opened 2 years ago

cfm commented 2 years ago

With the deprecation for new customers of the t1.small.x86 plan, Packet/Equinix is no longer (as of d6b3ccfdc2348d8e639b80031e1ab19352f0a4f2) the obvious bare-metal provider to use. Unfortunately, the provider is the basic unit of Terraform, right down to the terraform-metal- naming convention for this repository and the Terraform module it provides; its cloud-init configuration is assumed to be secondary in importance to the provider on which it's running.

I see two ways forward:

  1. Factor out the cloud-init configuration (user_data.sh as of #5) into a separate repository and consume it here as well as in one or more of terraform-{hetzner,scaleway,vultr}-securedrop-staging.
  2. Turn this into a provider-agnostic script (under whatever execution framework or none) that can just be pointed at a random root@A.B.C.D SSH connection and run, leaving the provisioning between you and your bare-metal provider of choice.

Whatever approach I take here will probably apply equally to cfm/terraform-metal-securedrop-production.

cfm commented 2 years ago

In discussion last month with @eloquence, approach (1) is preferable. Vultr looks like the way to go, starting at $0.179/hour. Scaleway is cheaper (€0.083 ~= $0.09/hour), but "OS installation can take up to 1 hour".