}
}
-resource "aws_key_pair" "deployer" {
- key_name = local.pubkey_name
- public_key = file(local.pubkey_path)
-}
-
resource "aws_iam_instance_profile" "keepstore_instance_profile" {
name = "${local.cluster_name}-keepstore-00-iam-role"
role = data.terraform_remote_state.data-storage.outputs.keepstore_iam_role_name
for_each = toset(concat(local.public_hosts, local.private_hosts))
ami = data.aws_ami.debian-11.image_id
instance_type = var.default_instance_type
- key_name = local.pubkey_name
user_data = templatefile("user_data.sh", {
- "hostname": each.value
+ "hostname": each.value,
+ "deploy_user": var.deploy_user,
+ "ssh_pubkey": file(local.pubkey_path)
})
private_ip = local.private_ip[each.value]
subnet_id = contains(local.user_facing_hosts, each.value) ? data.terraform_remote_state.vpc.outputs.public_subnet_id : data.terraform_remote_state.vpc.outputs.private_subnet_id
# AWS secret's name which holds the SSL certificate private key's password.
# Default: "arvados-ssl-privkey-password"
-# ssl_password_secret_name_suffix = "some-name-suffix"
\ No newline at end of file
+# ssl_password_secret_name_suffix = "some-name-suffix"
+
+# User for software deployment. Depends on the AMI's distro.
+# Default: 'admin'
+# deploy_user = ubuntu
done
apt-get -o Acquire::ForceIPv4=true install -y git curl
+
+SSH_DIR="/home/${deploy_user}/.ssh"
+if [ ! -d "$${SSH_DIR}" ]; then
+ mkdir $${SSH_DIR}
+ chown ${deploy_user}.${deploy_user} $${SSH_DIR}
+ chmod 700 $${SSH_DIR}
+fi
+
+echo "${ssh_pubkey}" > $${SSH_DIR}/authorized_keys
+chmod 600 $${SSH_DIR}/authorized_keys
default = "~/.ssh/id_rsa.pub"
}
+variable "deploy_user" {
+ description = "User for deploying the software"
+ type = string
+ default = "admin"
+}
+
variable "ssl_password_secret_name_suffix" {
description = "Name suffix for the SSL certificate's private key password AWS secret."
type = string
projects / arvados.git / commitdiff