More detailed tutorial for newbies?

[drozzy]

Sorry for the elementary question... but is it possible to have a more detailed tutorial for newbies?

Certain things I don't understand are:

• SSH Keys added to your DigitalOcean account (which keys? how?)
• manager_ssh_keys = [1234, 1235, ...] (what are these numbers? where can I get them?)
• you can modify this using the variable provision_ssh_key (how? usually I have a custom key I use from Gitlab-CI)
• "Note that for this to work, you need to open the Docker remote API port in both iptables (not necessary with default images) and the DigitalOcean cloud firewall." - how do I open Docker remote API port in both ip tables? What does that mean and what is DO cloud firewall?

Fyi, I am currently creating images with packer (following a book I read), like so:

{
  "variables" : {
    "SNAPSHOT_NAME" : "{{env `SNAPSHOT_NAME`}}"
  },
  "builders": [{
    "type": "digitalocean",
    "region": "nyc1",
    "image": "ubuntu-16-04-x64",
    "size": "1gb",
    "private_networking": true,
    "snapshot_name": "{{user `SNAPSHOT_NAME`}}",
    "ssh_username": "root"
  }],
  "provisioners": [{
    "type": "shell",
    "inline": [
      "sudo apt-get update",
      "sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common",
      "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -",
      "sudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"",
      "sudo apt-get update",
      "sudo apt-get install -y docker-ce"
    ]
  }]
}

[thojkooi]

Hi @drozzy ,

The ssh keys are the public key from your machine which will be executing the Terraform commands, any any additional public key from machines that you will be using to connect to the provisioned machines through SSH. You have to add those public keys to your account.

You can follow this tutorial for a how-to: https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/to-account/

The numbers can be either numbers of the fingerprint of the public ssh key. The fingerprint will be shown in the UI, after you have added the public key to your account. The number is an id that refers to the public key. To find those, you can query the DigitalOcean API. I usually use doctl to find it:

$ doctl compute ssh-key ls
ID          Name                      FingerPrint
1234        my-key                    .......

Regarding the Docker remote API firewalling; it may not be necessary to open the port - it depends on your system and iptables set up.

An example to open a port with iptables:

sudo iptables -A INPUT -p tcp --dport 2376 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT.

For the DigitalOcean cloud firewall, you can use the following snippet for that: https://github.com/thojkooi/terraform-digitalocean-docker-swarm-mode/blob/9c7b0d92a15b762d0a3a434af9f059596cd47dd8/examples/usage/main.tf#L80-L86

It uses the following Terraform package: https://github.com/thojkooi/terraform-digitalocean-firewall-docker-api

Note: this is only necessary if you apply other firewall rules to your cluster droplets (you definitely should). If you don't, applying this rule will means you have to open up other ports in your DO cloud firewall as needed.

You can see this file for more examples: https://github.com/thojkooi/terraform-digitalocean-docker-swarm-mode/blob/master/examples/usage/main.tf

[drozzy]

Ok, thank you. This gives me something to try!