From 837e1ecec9798381f78b838947f8028403cb0bef Mon Sep 17 00:00:00 2001
From: Christopher Baines <mail@cbaines.net>
Date: Sat, 23 Jun 2018 09:57:03 +0100
Subject: Handle SSH keys via the database

This makes it more explicit, and works around Terraform being
unpredictable when dealing with SSH agents.
---
 terraform/aws/backend/main.tf          | 19 +++++++++++++------
 terraform/aws/mini_environment/main.tf | 14 ++++++++++----
 2 files changed, 23 insertions(+), 10 deletions(-)

(limited to 'terraform')

diff --git a/terraform/aws/backend/main.tf b/terraform/aws/backend/main.tf
index 57e9348..346ab0d 100644
--- a/terraform/aws/backend/main.tf
+++ b/terraform/aws/backend/main.tf
@@ -26,6 +26,10 @@ variable "ssh_public_key" {
   type = "string"
 }
 
+variable "ssh_private_key" {
+  type = "string"
+}
+
 variable "guix_substitute_servers" {
   type = "map"
   default = {
@@ -237,8 +241,9 @@ resource "aws_spot_instance_request" "main" {
     destination = "/home/ubuntu/guix-daemon.service"
 
     connection {
-      type     = "ssh"
-      user     = "ubuntu"
+      type        = "ssh"
+      user        = "ubuntu"
+      private_key = "${var.ssh_private_key}"
     }
   }
 
@@ -247,8 +252,9 @@ resource "aws_spot_instance_request" "main" {
     destination = "/home/ubuntu/acl"
 
     connection {
-      type     = "ssh"
-      user     = "ubuntu"
+      type        = "ssh"
+      user        = "ubuntu"
+      private_key = "${var.ssh_private_key}"
     }
   }
 
@@ -305,8 +311,9 @@ EOF
     ]
 
     connection {
-      type     = "ssh"
-      user     = "ubuntu"
+      type        = "ssh"
+      user        = "ubuntu"
+      private_key = "${var.ssh_private_key}"
     }
   }
 }
diff --git a/terraform/aws/mini_environment/main.tf b/terraform/aws/mini_environment/main.tf
index b69f8f5..afeda8d 100644
--- a/terraform/aws/mini_environment/main.tf
+++ b/terraform/aws/mini_environment/main.tf
@@ -30,6 +30,10 @@ variable "backend_remote_state_address" {
   type = "string"
 }
 
+variable "ssh_private_key" {
+  type = "string"
+}
+
 provider "aws" {
   access_key = "${var.aws_access_key}"
   secret_key = "${var.aws_secret_key}"
@@ -79,8 +83,9 @@ resource "aws_spot_instance_request" "main" {
     destination = "/home/ubuntu/govuk.service"
 
     connection {
-      type     = "ssh"
-      user     = "ubuntu"
+      type        = "ssh"
+      user        = "ubuntu"
+      private_key = "${var.ssh_private_key}"
     }
   }
 
@@ -109,8 +114,9 @@ resource "aws_spot_instance_request" "main" {
     ]
 
     connection {
-      type     = "ssh"
-      user     = "ubuntu"
+      type        = "ssh"
+      user        = "ubuntu"
+      private_key = "${var.ssh_private_key}"
     }
   }
 }
-- 
cgit v1.2.3