Module to manage Ubuntu droplets in DigitalOcean with Puppet optionally handling the OS configuration.
This Terraform module will:
- Manage a DigitalOcean (referral link) Droplet
- Add all available SSH keys in DigitalOcean account to the Droplet
- Assign the following tags to the Droplet
all
- Specified list of tags
- Manage A and AAAA DNS records for the Droplets using DigitalOcean's DNS
- Include the droplet in the specified DigitalOcean project (default project name:
Default
) - Optional:
- Manage the DigitalOcean Project (default: true)
- Install Puppet Agent from a Puppet Enterprise server, and:
- Pass data to the Agent to configure the following Trusted Facts
pp_application
(required)pp_role
(default:server
)pp_environment
(default:production
)pp_datacenter
(using the droplet region value)
- Pass an auto-sign token to the Puppet Agent installer
- Pass data to the Agent to configure the following Trusted Facts
NOTE: The module uses the Puppet Enterprise agent installer to keep things simple. You can change it to use the open source repos by modifying the user data template in the templates directory.
The module doesn't manage the DNS domain, nor the DigitalOcean firewall rules.
I use these DigitalOcean tags for the firewall rules:
all
does the basic firewall rules (deny all, allows ping, allows SSH from certain IPs/subnets)
The code in the examples directory includes code to setup additional rules linked to a tag.
This is done by Puppet using the trusted facts to assign a Puppet role class to the droplet.
Name | Version |
---|---|
digitalocean | ~> 2 |
Name | Version |
---|---|
digitalocean | 2.40.0 |
No modules.
Name | Type |
---|---|
digitalocean_droplet.server | resource |
digitalocean_project.server | resource |
digitalocean_project_resources.server | resource |
digitalocean_record.server_ipv4 | resource |
digitalocean_record.server_ipv6 | resource |
digitalocean_projects.server | data source |
digitalocean_ssh_keys.all | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
dns_ttl | Domaing name. Must be managed using DigitalOcean DNS | number |
"1800" |
no |
domain | Domaing name. Must be managed using DigitalOcean DNS | string |
n/a | yes |
enable_backups | Enable backups for the droplet | bool |
true |
no |
enable_ipv6 | Enable ipv6 for the droplet | bool |
true |
no |
enable_monitoring | Enable monitoring for the droplet | bool |
true |
no |
hostname | Server short hostname (without domain name) | string |
n/a | yes |
image | DigitalOcean Droplet image (do not change unless you know what you're doing) | string |
"ubuntu-24-04-x64" |
no |
manage_project | Manage the DigitalOcean project | bool |
false |
no |
project_name | DigitalOcean project name | string |
"Default" |
no |
puppet_application | Puppet Application (pp_application trusted fact) | string |
null |
no |
puppet_autosign_token | Puppet SSL cert autosign token | string |
null |
no |
puppet_environment | Puppet environment (pp_environment trusted fact) | string |
"production" |
no |
puppet_install_agent | Install Puppet Agent (you need to set all the other Puppet related input variables if true) | bool |
false |
no |
puppet_role | Puppet Role (pp_role trusted fact) | string |
"server" |
no |
puppet_server | Puppet server FQDN | string |
null |
no |
region | DigitalOcean region (also used for Puppet's pp_datacenter trusted fact) | string |
"lon1" |
no |
size | DigitalOcean Droplet size | string |
"s-1vcpu-1gb" |
no |
ssh_keys | List of SSH keys allowed to login (WARNING: if empty, it will add all your configured SSH keys) | list(string) |
[] |
no |
tags | List of existing DigitalOcean tags (he module will not create them) | list(string) |
[] |
no |
tailscale_auth_key | Tailscale VPN authentication key used to register the node | string |
null |
no |
tailscale_exit_node | Publish this Tailscale node as an exit node | bool |
false |
no |
tailscale_install_client | Install Tailscale VPN Client (you need to set at least the tailscale_auth_key input variable if true) | bool |
false |
no |
tailscale_ssh | Enable Tailscale VPN SSH | bool |
false |
no |
vpc_id | VPC ID to use for the droplet private network | string |
null |
no |
Name | Description |
---|---|
fqdn | n/a |
ipv4 | n/a |
ipv6 | n/a |