diff --git a/.gitignore b/.gitignore index 3c73eab..d585d41 100644 --- a/.gitignore +++ b/.gitignore @@ -9,5 +9,7 @@ __pycache__ terraform.*.tfstate terraform.*.tfstate.backup terraform.*.tfvars +terraform.tfvars +.terraform.lock.hcl venv test_ssh_key* diff --git a/openstack/.gitignore b/openstack/.gitignore new file mode 100644 index 0000000..201e2bf --- /dev/null +++ b/openstack/.gitignore @@ -0,0 +1,2 @@ +clouds.yaml +citc_clouds.yaml \ No newline at end of file diff --git a/openstack/citc_clouds.yaml.example b/openstack/citc_clouds.yaml.example new file mode 100644 index 0000000..29933e9 --- /dev/null +++ b/openstack/citc_clouds.yaml.example @@ -0,0 +1,14 @@ +clouds: + openstack: + # Project name: + # Credential name: + # Credential creator: + # Expires: + auth: + auth_url: + application_credential_id: + application_credential_secret: + auth_type: v3applicationcredential + region_name: "RegionOne" + interface: "public" + identity_api_version: 3 diff --git a/openstack/compute.tf b/openstack/compute.tf index 4d27e49..e0b1a0f 100644 --- a/openstack/compute.tf +++ b/openstack/compute.tf @@ -81,6 +81,6 @@ resource "openstack_compute_floatingip_associate_v2" "mgmt" { provisioner "local-exec" { # TODO HACK This is a temporary solution I hope - command = "for i in {1..60}; do echo Attempt $i; scp -A -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null clouds.yaml cloud-user@${openstack_compute_floatingip_v2.mgmt.address}:. && break || sleep 1; done" + command = "for i in {1..60}; do echo Attempt $i; scp ${var.ssh_extra_flags} -A -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null ${var.clouds_yaml} cloud-user@${openstack_compute_floatingip_v2.mgmt.address}:clouds.yaml && break || sleep 1; done" } } diff --git a/openstack/provider.tf b/openstack/provider.tf index c0f761d..57f5b9d 100644 --- a/openstack/provider.tf +++ b/openstack/provider.tf @@ -9,6 +9,12 @@ terraform { } provider openstack { - cloud = "openstack" - tenant_name = "demo" + # Recommend using environment variables to set up OpenStack authentication for Terraform, see + # https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs + # e.g. set OS_CLOUD to the name of a cloud specified in a clouds.yaml file. + + # Note that the OpenStack authentication information used by Terraform does not need to be the + # same as used by the deployed CitC instance. A different application credential can be used by + # setting the clouds_yaml Terraform variable to a file containing CitC-specific application + # credential information } diff --git a/openstack/terraform.tfvars.example b/openstack/terraform.tfvars.example new file mode 100644 index 0000000..57ed822 --- /dev/null +++ b/openstack/terraform.tfvars.example @@ -0,0 +1,12 @@ +# The public keys you will use to log in to the admin `citc` account on the cluster +admin_public_keys = <