From 4b476b5b850d2b6483a58fab1bddeb8b4678c870 Mon Sep 17 00:00:00 2001 From: alhendrickson <159636032+alhendrickson@users.noreply.github.com.> Date: Tue, 26 Aug 2025 16:13:18 +0000 Subject: [PATCH 1/2] ops(iac): improve Openstack Docker terraform example feat(iac): Generate portainer password feat(iac): Split docker example into two folders feat(iac): Allow any flavour in openstack compute fix(iac): Pin portainer version --- .../openstack-docker/.terraform.lock.hcl | 30 ++--- .../examples/openstack-docker/README.md | 50 ++++---- .../docker-deployment/.terraform.lock.hcl | 64 +++++++++++ .../docker-deployment/main.tf | 10 ++ .../docker-deployment/outputs.tf | 3 + .../docker-deployment/providers.tf | 20 ++++ .../terraform.tfvars.example | 15 +++ .../docker-deployment/variables.tf | 30 +++++ .../examples/openstack-docker/main.tf | 27 ----- .../openstack-vms/.terraform.lock.hcl | 81 +++++++++++++ .../openstack-docker/openstack-vms/main.tf | 9 ++ .../openstack-docker/openstack-vms/outputs.tf | 17 +++ .../{ => openstack-vms}/providers.tf | 13 --- .../terraform.tfvars.example | 6 - .../{ => openstack-vms}/variables.tf | 17 --- .../examples/openstack-docker/outputs.tf | 12 -- .../cogstack-docker-services/providers.tf | 4 +- .../cogstack-docker-services/variables.tf | 11 -- .../cloud-init-controller.yaml | 107 ++---------------- .../openstack-cogstack-infra/cloud-init.yaml | 9 +- .../openstack-cogstack-infra/compute.tf | 7 +- .../openstack-cogstack-infra/outputs.tf | 11 +- .../openstack-cogstack-infra/providers.tf | 2 +- .../openstack-cogstack-infra/shared-locals.tf | 12 +- .../openstack-cogstack-infra/variables.tf | 8 +- 25 files changed, 342 insertions(+), 233 deletions(-) create mode 100644 deployment/terraform/examples/openstack-docker/docker-deployment/.terraform.lock.hcl create mode 100644 deployment/terraform/examples/openstack-docker/docker-deployment/main.tf create mode 100644 deployment/terraform/examples/openstack-docker/docker-deployment/outputs.tf create mode 100644 deployment/terraform/examples/openstack-docker/docker-deployment/providers.tf create mode 100644 deployment/terraform/examples/openstack-docker/docker-deployment/terraform.tfvars.example create mode 100644 deployment/terraform/examples/openstack-docker/docker-deployment/variables.tf delete mode 100644 deployment/terraform/examples/openstack-docker/main.tf create mode 100644 deployment/terraform/examples/openstack-docker/openstack-vms/.terraform.lock.hcl create mode 100644 deployment/terraform/examples/openstack-docker/openstack-vms/main.tf create mode 100644 deployment/terraform/examples/openstack-docker/openstack-vms/outputs.tf rename deployment/terraform/examples/openstack-docker/{ => openstack-vms}/providers.tf (59%) rename deployment/terraform/examples/openstack-docker/{ => openstack-vms}/terraform.tfvars.example (66%) rename deployment/terraform/examples/openstack-docker/{ => openstack-vms}/variables.tf (69%) delete mode 100644 deployment/terraform/examples/openstack-docker/outputs.tf diff --git a/deployment/terraform/examples/openstack-docker/.terraform.lock.hcl b/deployment/terraform/examples/openstack-docker/.terraform.lock.hcl index fca4e09..3f06866 100644 --- a/deployment/terraform/examples/openstack-docker/.terraform.lock.hcl +++ b/deployment/terraform/examples/openstack-docker/.terraform.lock.hcl @@ -101,22 +101,22 @@ provider "registry.terraform.io/hashicorp/random" { } provider "registry.terraform.io/portainer/portainer" { - version = "1.4.2" - constraints = "1.4.2" + version = "1.10.0" + constraints = ">= 1.10.0, ~> 1.10.0" hashes = [ - "h1:6IVXGc4uF0opbbqZvZSdM/9J5MU4UoVohAHqYeg5iD0=", - "zh:0ca3ae941a3fa26b051817ec3d8009e4ee98e5b3dabe7522fc85dba63b1013cc", - "zh:16bc9931c6999da24d8d8953e56f207fa4e53fda1b47ff85565de112390b0e98", - "zh:1daf575848416bb6a01af8d18c873c3cb26b92aa59f831a55a8bd6f64b8559a0", - "zh:51cd95be5deb40e4b167e2c2257cbdae48a81daab06f89b2154dcb7cb75c51a3", - "zh:628f7248683b06c1df3f461f10d072953ece28db76e76d8e8ee394de2e6f55ae", - "zh:65f1737374dd1b8253a9d6b83f8544699459724015384c17ec5b9944a6f1da36", - "zh:6edfa705b08d7e23504384afc94821b0462c96a011beeb69a746682893d37eba", - "zh:bad0c05e946fd73c1bf9b5b221af56284e7d4b7272be6da75f2ab056b8bcdf53", - "zh:d3f9663983faf880006bcd8a37eb6a764e2239f8efed2d258962ceaa25126e4e", - "zh:d93a47fcac759fa021e98a53027e7ad6fd718e282237aea3e0aa075c2fc21cea", - "zh:ed323428a2533e03e9fa426b82bd6f9a4b4d147a56f18acffe42955569f3e878", - "zh:ee1e1268e4c778b527349d13fc59c23acdc4a27b9ad82bae6d65247294e18089", + "h1:KCWpNLRcLVcvPr5N9YvJg3AwhRaEe5S97yvYadw+lkE=", + "zh:06ffae765edc00cebe51899aaea5ae3178408c42db7233ff9d60565dc4384788", + "zh:6a568d1eb7728c6333e6f9ac26693736b8520420d47dfc990dcce032627282dc", + "zh:772a8ade8af4da96c75b7db46482d27fa3121a0b1bd062dba86f520059d28c5b", + "zh:80bfb03843d068f2b7138e0e5597af6b07c006f50de11fa326f93a6e876bf699", + "zh:970f248252d6ce345e50c856c8e7d87f6caa27a3c4d3a4d56d462cefbb7d02cb", + "zh:9c9415db1b2c28c198642c14d076636fb7b8e2956bef84b2db0352f226bb241f", + "zh:9fd97165c5c40f5e9575c9b687876679b775ce9323006b53cceaf3460a185721", + "zh:a1113a406c5f76b1fe0a704fd819d8eb5fb4d44f992725a63d988abced91bc61", + "zh:a8b09a62a23f74bb689c53677fb45271b47c09ebf505d0e718a0e3e278d218f2", + "zh:d3b7fb4976e4ab89324d11bdfab26b944694d4218402f08d86b6d991ef75567a", + "zh:d91e389af237bc2d30adab9c24aaf2a287f24cfab356860bf1b701d6c090b75e", + "zh:f88c7123e2cd0853e5f538f76437a4b3593fcc7fbf376b0f6a069a6c440f9faf", ] } diff --git a/deployment/terraform/examples/openstack-docker/README.md b/deployment/terraform/examples/openstack-docker/README.md index 090c545..a1c78cd 100644 --- a/deployment/terraform/examples/openstack-docker/README.md +++ b/deployment/terraform/examples/openstack-docker/README.md @@ -23,9 +23,27 @@ Create a `terraform.tfvars` file, based on `terraform.tfvars.example`, containin ### 2. Run Terraform +Terraform is run on two modules, so we will run one terraform apply in one folder, then another terraform apply in a second folder. This split is needed to solve dependency ordering with terraform providers. + ```bash +# Create VMs in openstack +cd openstack-vms terraform init -terraform apply +terraform apply --auto-approve + +# Export the created values as environment variables, for usage as terraform variables +OPENSTACK_HOSTS=$(terraform output -json created_hosts) +PORTAINER_INSTANCE=$(terraform output -json portainer_instance) +SSH_PRIVATE_KEY=$(terraform output -json ssh_keys | jq -r .private_key_file) + +export TF_VAR_portainer_instance=$PORTAINER_INSTANCE +export TF_VAR_hosts=$OPENSTACK_HOSTS +export TF_VAR_ssh_private_key_file=$SSH_PRIVATE_KEY + +# Deploy services using docker and portainer +cd ../docker-deployment +terraform init +terraform apply --auto-approve ``` Initial provisioning takes up to 10 minutes, where time is mostly downloading large docker images @@ -35,28 +53,16 @@ Initial provisioning takes up to 10 minutes, where time is mostly downloading la Once the deployment is complete and all services are running, you can access the CogStack platform and its components using the following URLs: ```bash -terraform output service_urls +terraform output ``` -## Troubleshooting - - -### unsupported protocol scheme -If you make changes to the created VM infrastructure, and want to reapply, you can run into this error - -``` -│ Error: Get "/api/endpoints/4": unsupported protocol scheme "" -│ -│ with module.cogstack_docker_services.portainer_environment.portainer_envs["cogstack-devops"], -│ on ../../modules/cogstack-docker-services/environments.tf line 3, in resource "portainer_environment" "portainer_envs": -│ 3: resource "portainer_environment" "portainer_envs" { -``` - -Fix by targetting just the infra module first: - -```bash -terraform apply -target=module.openstack_cogstack_infra -terraform apply +```hcl +created_services = { + "service_urls" = { + "grafana" = "http://10.0.0.1/grafana" + "medcat_service" = "http://10.0.0.1:5000" + "prometheus" = "http://10.0.0.1/prometheus" + } +} ``` -For details: the error specifically occurs after making a change to the controller host, forcing it to be deleted and recreated, however terraform still uses the IP address in the portainer provider. Targetting just the infra module first, means terraform wont call any APIs during the plan stage using the old IP address. diff --git a/deployment/terraform/examples/openstack-docker/docker-deployment/.terraform.lock.hcl b/deployment/terraform/examples/openstack-docker/docker-deployment/.terraform.lock.hcl new file mode 100644 index 0000000..c6765cd --- /dev/null +++ b/deployment/terraform/examples/openstack-docker/docker-deployment/.terraform.lock.hcl @@ -0,0 +1,64 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/ansible/ansible" { + version = "1.3.0" + constraints = ">= 1.3.0, ~> 1.3.0" + hashes = [ + "h1:Ki8m3lAW3l6f6tPktHiyecEzOydKACJv/vMriuLDWhE=", + "zh:0307c80c6a890b629e866318688ac6c73acd99dfd61c371e9036feb001baff45", + "zh:28bddf36dce285d79391b7bbceae08e33533da4412f9c9434eb769a1e75c3992", + "zh:3979596203cc64fd602a1e03cca198c2071f85ec29bf8c8816b35cc74b271411", + "zh:3bd68c5c9344e5de161688d49b286d25f32aaa9b47418ff4025db42b1a00fdf9", + "zh:415c46bd16f57e54564366ebdfed3dc69b0a27ef6f02828dbdbd874dee11627a", + "zh:4e7a47e95f8bb5e1d8b39be49e57101c820ae2a8a998fb9cc0ce56badea1b26a", + "zh:59e29ff43ddd0afb8341b45b3456c457ef9bfd091e2e6b4dafa0aaa4c0aa1c75", + "zh:7e3572a8654cd4e814077e3622bb9224b02c6fd59a9728049e22dc9d62bfdd1d", + "zh:82d4b17b383a78e0ba5c0639c1d92edcc5ece8dc73bda5f9235c0f7f2330618b", + "zh:8833120ae5bad12fb0b7bb6f50770b66ed9a8441c8c126f68969d45985a6d600", + "zh:a9c042b23d24d5a10eabb012bdd5ca0b0766074019d2380f713fcbfaf7c55c31", + "zh:b9756dd7aa0da71de765d9ec5faf03b26fe0d212af517cc8b453b17f673d64c0", + "zh:c73c81d669b5be4f6cc900277a42b14b73dc96ebd7bbc518ccd7984c26761c65", + "zh:e9e76b2d86a96f90168b06e411281cae5b2b01b260cd6211b9d67923e8414072", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/http" { + version = "3.5.0" + hashes = [ + "h1:8bUoPwS4hahOvzCBj6b04ObLVFXCEmEN8T/5eOHmWOM=", + "zh:047c5b4920751b13425efe0d011b3a23a3be97d02d9c0e3c60985521c9c456b7", + "zh:157866f700470207561f6d032d344916b82268ecd0cf8174fb11c0674c8d0736", + "zh:1973eb9383b0d83dd4fd5e662f0f16de837d072b64a6b7cd703410d730499476", + "zh:212f833a4e6d020840672f6f88273d62a564f44acb0c857b5961cdb3bbc14c90", + "zh:2c8034bc039fffaa1d4965ca02a8c6d57301e5fa9fff4773e684b46e3f78e76a", + "zh:5df353fc5b2dd31577def9cc1a4ebf0c9a9c2699d223c6b02087a3089c74a1c6", + "zh:672083810d4185076c81b16ad13d1224b9e6ea7f4850951d2ab8d30fa6e41f08", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:7b4200f18abdbe39904b03537e1a78f21ebafe60f1c861a44387d314fda69da6", + "zh:843feacacd86baed820f81a6c9f7bd32cf302db3d7a0f39e87976ebc7a7cc2ee", + "zh:a9ea5096ab91aab260b22e4251c05f08dad2ed77e43e5e4fadcdfd87f2c78926", + "zh:d02b288922811739059e90184c7f76d45d07d3a77cc48d0b15fd3db14e928623", + ] +} + +provider "registry.terraform.io/portainer/portainer" { + version = "1.10.0" + constraints = ">= 1.10.0, ~> 1.10.0" + hashes = [ + "h1:KCWpNLRcLVcvPr5N9YvJg3AwhRaEe5S97yvYadw+lkE=", + "zh:06ffae765edc00cebe51899aaea5ae3178408c42db7233ff9d60565dc4384788", + "zh:6a568d1eb7728c6333e6f9ac26693736b8520420d47dfc990dcce032627282dc", + "zh:772a8ade8af4da96c75b7db46482d27fa3121a0b1bd062dba86f520059d28c5b", + "zh:80bfb03843d068f2b7138e0e5597af6b07c006f50de11fa326f93a6e876bf699", + "zh:970f248252d6ce345e50c856c8e7d87f6caa27a3c4d3a4d56d462cefbb7d02cb", + "zh:9c9415db1b2c28c198642c14d076636fb7b8e2956bef84b2db0352f226bb241f", + "zh:9fd97165c5c40f5e9575c9b687876679b775ce9323006b53cceaf3460a185721", + "zh:a1113a406c5f76b1fe0a704fd819d8eb5fb4d44f992725a63d988abced91bc61", + "zh:a8b09a62a23f74bb689c53677fb45271b47c09ebf505d0e718a0e3e278d218f2", + "zh:d3b7fb4976e4ab89324d11bdfab26b944694d4218402f08d86b6d991ef75567a", + "zh:d91e389af237bc2d30adab9c24aaf2a287f24cfab356860bf1b701d6c090b75e", + "zh:f88c7123e2cd0853e5f538f76437a4b3593fcc7fbf376b0f6a069a6c440f9faf", + ] +} diff --git a/deployment/terraform/examples/openstack-docker/docker-deployment/main.tf b/deployment/terraform/examples/openstack-docker/docker-deployment/main.tf new file mode 100644 index 0000000..4b451d7 --- /dev/null +++ b/deployment/terraform/examples/openstack-docker/docker-deployment/main.tf @@ -0,0 +1,10 @@ + +module "cogstack_docker_services" { + source = "../../../modules/cogstack-docker-services" + hosts = var.hosts + service_targets = { + observability = { hostname = "cogstack-devops" } + medcat_service = { hostname = "medcat-nlp" } + } + ssh_private_key_file = var.ssh_private_key_file +} diff --git a/deployment/terraform/examples/openstack-docker/docker-deployment/outputs.tf b/deployment/terraform/examples/openstack-docker/docker-deployment/outputs.tf new file mode 100644 index 0000000..27b5856 --- /dev/null +++ b/deployment/terraform/examples/openstack-docker/docker-deployment/outputs.tf @@ -0,0 +1,3 @@ +output "created_services" { + value = module.cogstack_docker_services +} diff --git a/deployment/terraform/examples/openstack-docker/docker-deployment/providers.tf b/deployment/terraform/examples/openstack-docker/docker-deployment/providers.tf new file mode 100644 index 0000000..b1435eb --- /dev/null +++ b/deployment/terraform/examples/openstack-docker/docker-deployment/providers.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + portainer = { + source = "portainer/portainer" + version = "~> 1.10.0" + } + ansible = { + version = "~> 1.3.0" + source = "ansible/ansible" + } + } +} + + +provider "portainer" { + endpoint = var.portainer_instance.endpoint + api_user = var.portainer_instance.username + api_password = var.portainer_instance.password + skip_ssl_verify = true # optional (default value is `false`) +} diff --git a/deployment/terraform/examples/openstack-docker/docker-deployment/terraform.tfvars.example b/deployment/terraform/examples/openstack-docker/docker-deployment/terraform.tfvars.example new file mode 100644 index 0000000..0467b23 --- /dev/null +++ b/deployment/terraform/examples/openstack-docker/docker-deployment/terraform.tfvars.example @@ -0,0 +1,15 @@ +portainer_instance = { + endpoint = "https://10.0.0.1:9443" + username = "" + password = "" +} + +hosts = { + "cogstack-devops" = { + "ip_address" = "10.0.0.1" + "name" = "cogstack-devops" + "unique_name" = "w6R2tw-cogstack-devops" + } +} + +ssh_private_key_file = "~/my-key.pem" \ No newline at end of file diff --git a/deployment/terraform/examples/openstack-docker/docker-deployment/variables.tf b/deployment/terraform/examples/openstack-docker/docker-deployment/variables.tf new file mode 100644 index 0000000..c63daab --- /dev/null +++ b/deployment/terraform/examples/openstack-docker/docker-deployment/variables.tf @@ -0,0 +1,30 @@ +# Variables for Docker Deployment +# It's recommended to follow the README.md and use the output of the openstack-vms module + +variable "portainer_instance" { + type = object({ + endpoint = string + username = string + password = string + }) + + description = < /dev/null - sudo apt-get update - sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin - + - echo "Completed Installing Docker" # Run Portainer - - docker pull portainer/portainer-ce:lts + - echo "Running Portainer" + - docker pull portainer/portainer-ce:2.33.0 - docker network create portainer-network - docker volume create portainer-data + - echo "Admin password is ${PORTAINER_ADMIN_PASSWORD} - ok?" - | docker run -d \ --name portainer \ @@ -121,8 +45,9 @@ runcmd: -v portainer-data:/data \ -l 'traefik.enable="true"' \ -l 'traefik.http.routers.portainer-path-router.rule="PathPrefix(`/portainer`)"' \ - portainer/portainer-ce:lts - - docker pull portainer/agent:latest + portainer/portainer-ce:2.33.0 \ + --admin-password='${PORTAINER_ADMIN_PASSWORD}' + - docker pull portainer/agent:2.33.0 - | docker run -d \ --name portainer_agent \ @@ -133,17 +58,7 @@ runcmd: -v /var/run/docker.sock:/var/run/docker.sock \ -l 'traefik.enable="true"' \ -l 'traefik.http.routers.portainer-path-router.rule="PathPrefix(`/portainer-agent`)"' \ - portainer/agent:latest - - - PORTAINER_URL=https://localhost:9443 + portainer/agent:2.33.0 + - echo "Completed running Portainer" - - INIT_FILE=/opt/cogstack/init/portainer-init-snapshot.tar.gz - - - | - curl --insecure --request POST \ - --url $${PORTAINER_URL}/api/restore \ - --header 'Content-Type: multipart/form-data' \ - --form file=@$${INIT_FILE} \ - --form fileName=backup \ - --form password=${PORTAINER_SNAPSHOT_PASSWORD} - \ No newline at end of file + - echo "Completed Cloud Init" \ No newline at end of file diff --git a/deployment/terraform/modules/openstack-cogstack-infra/cloud-init.yaml b/deployment/terraform/modules/openstack-cogstack-infra/cloud-init.yaml index f654502..0685e19 100644 --- a/deployment/terraform/modules/openstack-cogstack-infra/cloud-init.yaml +++ b/deployment/terraform/modules/openstack-cogstack-infra/cloud-init.yaml @@ -10,6 +10,7 @@ system_info: runcmd: # Install Docker + - echo "Installing Docker" # Add Docker's official GPG key: - sudo apt-get update - sudo apt-get install ca-certificates curl @@ -25,9 +26,10 @@ runcmd: sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - sudo apt-get update - sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin - + - echo "Completed Installing Docker" # Run Portainer + - echo "Running Portainer" - docker network create portainer-network - docker pull portainer/agent:latest - | @@ -40,4 +42,7 @@ runcmd: -v /var/run/docker.sock:/var/run/docker.sock \ -l 'traefik.enable="true"' \ -l 'traefik.http.routers.portainer-path-router.rule="PathPrefix(`/portainer-agent`)"' \ - portainer/agent:latest + portainer/agent:2.33.0 + - echo "Completed running Portainer" + + - echo "Completed Cloud Init" \ No newline at end of file diff --git a/deployment/terraform/modules/openstack-cogstack-infra/compute.tf b/deployment/terraform/modules/openstack-cogstack-infra/compute.tf index 2ee258f..2a2c58e 100644 --- a/deployment/terraform/modules/openstack-cogstack-infra/compute.tf +++ b/deployment/terraform/modules/openstack-cogstack-infra/compute.tf @@ -61,21 +61,22 @@ data "cloudinit_config" "init_docker" { } } + data "cloudinit_config" "init_docker_controller" { part { filename = "cloud-init-controller.yaml" content_type = "text/cloud-config" content = templatefile("${path.module}/cloud-init-controller.yaml", { - PORTAINER_AGENT_SECRET = var.portainer_secrets.agent_secret, - PORTAINER_SNAPSHOT_PASSWORD = var.portainer_secrets.snapshot_password + PORTAINER_AGENT_SECRET = var.portainer_secrets.agent_secret, + PORTAINER_ADMIN_PASSWORD = local.portainer_admin_password_bcrypt_hash } ) } } data "openstack_compute_flavor_v2" "available_compute_flavors" { - for_each = toset(["2cpu4ram", "8cpu16ram"]) + for_each = toset([for vm in var.host_instances : vm.flavour]) name = each.value } diff --git a/deployment/terraform/modules/openstack-cogstack-infra/outputs.tf b/deployment/terraform/modules/openstack-cogstack-infra/outputs.tf index f9a13aa..ec613cf 100644 --- a/deployment/terraform/modules/openstack-cogstack-infra/outputs.tf +++ b/deployment/terraform/modules/openstack-cogstack-infra/outputs.tf @@ -25,4 +25,13 @@ output "compute_keypair" { private_key_file = local.ssh_keys.private_key_file, } description = "Absolute path to a public and private SSH key pair that is granted login on created VMs" -} \ No newline at end of file +} + +output "portainer_instance" { + sensitive = true + value = { + endpoint = "https://${local.controller_host_instance.access_ip_v4}:9443" + username = "admin" + password = local.portainer_admin_password + } +} diff --git a/deployment/terraform/modules/openstack-cogstack-infra/providers.tf b/deployment/terraform/modules/openstack-cogstack-infra/providers.tf index 837912b..ed8a8eb 100644 --- a/deployment/terraform/modules/openstack-cogstack-infra/providers.tf +++ b/deployment/terraform/modules/openstack-cogstack-infra/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { openstack = { source = "terraform-provider-openstack/openstack" - version = "~> 3.0.0" + version = ">= 3.0.0" } } } \ No newline at end of file diff --git a/deployment/terraform/modules/openstack-cogstack-infra/shared-locals.tf b/deployment/terraform/modules/openstack-cogstack-infra/shared-locals.tf index 1e9843e..9b833ea 100644 --- a/deployment/terraform/modules/openstack-cogstack-infra/shared-locals.tf +++ b/deployment/terraform/modules/openstack-cogstack-infra/shared-locals.tf @@ -9,7 +9,6 @@ locals { controller_host_instance = openstack_compute_instance_v2.cogstack_ops_compute[local.controller_host.name] } - resource "random_id" "server" { keepers = { # Generate a new id each time we recreate the hosts @@ -18,4 +17,13 @@ resource "random_id" "server" { } byte_length = 4 -} \ No newline at end of file +} + +resource "random_password" "portainer_password" { + count = var.portainer_secrets.admin_password != null ? 0 : 1 + length = 16 +} +locals { + portainer_admin_password_bcrypt_hash = var.portainer_secrets.admin_password != null ? bcrypt(var.portainer_secrets.admin_password) : random_password.portainer_password[0].bcrypt_hash + portainer_admin_password = var.portainer_secrets.admin_password != null ? var.portainer_secrets.admin_password : random_password.portainer_password[0].result +} diff --git a/deployment/terraform/modules/openstack-cogstack-infra/variables.tf b/deployment/terraform/modules/openstack-cogstack-infra/variables.tf index ecc14d4..ab2c46e 100644 --- a/deployment/terraform/modules/openstack-cogstack-infra/variables.tf +++ b/deployment/terraform/modules/openstack-cogstack-infra/variables.tf @@ -1,11 +1,13 @@ variable "portainer_secrets" { type = object({ - agent_secret = string, - snapshot_password = string, + agent_secret = optional(string, "portainer_agent_secret") + admin_password = optional(string, null), }) + default = { + } description = < Date: Tue, 26 Aug 2025 16:14:52 +0000 Subject: [PATCH 2/2] ops(iac): improve Openstack Docker terraform example feat(iac): Generate portainer password feat(iac): Split docker example into two folders feat(iac): Allow any flavour in openstack compute fix(iac): Pin portainer version --- .../modules/openstack-cogstack-infra/cloud-init-controller.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/deployment/terraform/modules/openstack-cogstack-infra/cloud-init-controller.yaml b/deployment/terraform/modules/openstack-cogstack-infra/cloud-init-controller.yaml index 9b24a3a..47bfe61 100644 --- a/deployment/terraform/modules/openstack-cogstack-infra/cloud-init-controller.yaml +++ b/deployment/terraform/modules/openstack-cogstack-infra/cloud-init-controller.yaml @@ -34,7 +34,6 @@ runcmd: - docker pull portainer/portainer-ce:2.33.0 - docker network create portainer-network - docker volume create portainer-data - - echo "Admin password is ${PORTAINER_ADMIN_PASSWORD} - ok?" - | docker run -d \ --name portainer \