From c1d2301ca39ae81b750dbe0b8a01e3b9f9a3b05b Mon Sep 17 00:00:00 2001 From: "James C. Womack" Date: Thu, 11 Apr 2024 21:19:01 +0100 Subject: [PATCH 1/5] New Terraform variables * clouds_yaml: clouds.yaml used by CitC instance for OS API auth * ssh_extra_flags: specify additional flags for scp command used in temporary solution to inject clouds.yaml to mgmt in compute.tf --- openstack/compute.tf | 2 +- openstack/variables.tf | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/openstack/compute.tf b/openstack/compute.tf index 4d27e49..e0b1a0f 100644 --- a/openstack/compute.tf +++ b/openstack/compute.tf @@ -81,6 +81,6 @@ resource "openstack_compute_floatingip_associate_v2" "mgmt" { provisioner "local-exec" { # TODO HACK This is a temporary solution I hope - command = "for i in {1..60}; do echo Attempt $i; scp -A -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null clouds.yaml cloud-user@${openstack_compute_floatingip_v2.mgmt.address}:. && break || sleep 1; done" + command = "for i in {1..60}; do echo Attempt $i; scp ${var.ssh_extra_flags} -A -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null ${var.clouds_yaml} cloud-user@${openstack_compute_floatingip_v2.mgmt.address}:clouds.yaml && break || sleep 1; done" } } diff --git a/openstack/variables.tf b/openstack/variables.tf index 78b9548..0b08301 100644 --- a/openstack/variables.tf +++ b/openstack/variables.tf @@ -38,3 +38,20 @@ variable "ansible_branch" { nullable = false sensitive = false } + +variable "clouds_yaml" { + default = "clouds.yaml" + type = string + description = "Path to OpenStack clouds.yaml to be used by CitC instance to authenticate to OpenStack API. The file should contain a single application credential defined for cloud 'openstack'. This does not have to be named 'clouds.yaml'." + nullable = false + sensitive = false +} + +# TODO HACK This supports the temporary solution to scp clouds.yaml to mgmt in compute.tf +variable "ssh_extra_flags" { + default = "" + type = string + description = "Additional flags for ssh/scp command necessary to connect to deployed instances, e.g. jump host" + nullable = false + sensitive = false +} From c9b96dcea89703d64894cae09cef7d04416dc801 Mon Sep 17 00:00:00 2001 From: "James C. Womack" Date: Thu, 11 Apr 2024 21:20:00 +0100 Subject: [PATCH 2/5] Remove hard-coded cloud and tenancy names for OpenStack provider These options can instead be set using environment variables --- openstack/provider.tf | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/openstack/provider.tf b/openstack/provider.tf index c0f761d..57f5b9d 100644 --- a/openstack/provider.tf +++ b/openstack/provider.tf @@ -9,6 +9,12 @@ terraform { } provider openstack { - cloud = "openstack" - tenant_name = "demo" + # Recommend using environment variables to set up OpenStack authentication for Terraform, see + # https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs + # e.g. set OS_CLOUD to the name of a cloud specified in a clouds.yaml file. + + # Note that the OpenStack authentication information used by Terraform does not need to be the + # same as used by the deployed CitC instance. A different application credential can be used by + # setting the clouds_yaml Terraform variable to a file containing CitC-specific application + # credential information } From 9ed5ca722cf5b4e8aa3c51d87c95497d52ca7936 Mon Sep 17 00:00:00 2001 From: "James C. Womack" Date: Thu, 11 Apr 2024 21:20:53 +0100 Subject: [PATCH 3/5] Example terraform.tfvars and citc_clouds.yaml --- openstack/citc_clouds.yaml.example | 14 ++++++++++++++ openstack/terraform.tfvars.example | 12 ++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 openstack/citc_clouds.yaml.example create mode 100644 openstack/terraform.tfvars.example diff --git a/openstack/citc_clouds.yaml.example b/openstack/citc_clouds.yaml.example new file mode 100644 index 0000000..29933e9 --- /dev/null +++ b/openstack/citc_clouds.yaml.example @@ -0,0 +1,14 @@ +clouds: + openstack: + # Project name: + # Credential name: + # Credential creator: + # Expires: + auth: + auth_url: + application_credential_id: + application_credential_secret: + auth_type: v3applicationcredential + region_name: "RegionOne" + interface: "public" + identity_api_version: 3 diff --git a/openstack/terraform.tfvars.example b/openstack/terraform.tfvars.example new file mode 100644 index 0000000..57ed822 --- /dev/null +++ b/openstack/terraform.tfvars.example @@ -0,0 +1,12 @@ +# The public keys you will use to log in to the admin `citc` account on the cluster +admin_public_keys = < Date: Thu, 11 Apr 2024 21:29:54 +0100 Subject: [PATCH 4/5] Ignore terraform.tfvars and Terraform lock file --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 3c73eab..d585d41 100644 --- a/.gitignore +++ b/.gitignore @@ -9,5 +9,7 @@ __pycache__ terraform.*.tfstate terraform.*.tfstate.backup terraform.*.tfvars +terraform.tfvars +.terraform.lock.hcl venv test_ssh_key* From bb48e93e1815d43fbd4053215a99fd3b11b8c207 Mon Sep 17 00:00:00 2001 From: "James C. Womack" Date: Thu, 11 Apr 2024 21:30:58 +0100 Subject: [PATCH 5/5] Ignore {,citc_}clouds.yaml --- openstack/.gitignore | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 openstack/.gitignore diff --git a/openstack/.gitignore b/openstack/.gitignore new file mode 100644 index 0000000..201e2bf --- /dev/null +++ b/openstack/.gitignore @@ -0,0 +1,2 @@ +clouds.yaml +citc_clouds.yaml \ No newline at end of file