From abc4f94cb86f718b0f3c8b14737021c6f35a388c Mon Sep 17 00:00:00 2001 From: alhendrickson <159636032+alhendrickson@users.noreply.github.com.> Date: Wed, 27 Aug 2025 10:27:10 +0000 Subject: [PATCH 1/3] bug(iac): Fix Openstack docker VMs always recreating due to bcrypt --- .../examples/openstack-docker/openstack-vms/main.tf | 7 +++++-- .../openstack-cogstack-infra/cloud-init-controller.yaml | 5 ++++- .../terraform/modules/openstack-cogstack-infra/compute.tf | 2 +- .../modules/openstack-cogstack-infra/shared-locals.tf | 3 +-- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/deployment/terraform/examples/openstack-docker/openstack-vms/main.tf b/deployment/terraform/examples/openstack-docker/openstack-vms/main.tf index 101ea04..a9f570a 100644 --- a/deployment/terraform/examples/openstack-docker/openstack-vms/main.tf +++ b/deployment/terraform/examples/openstack-docker/openstack-vms/main.tf @@ -1,9 +1,12 @@ module "openstack_cogstack_infra" { source = "../../../modules/openstack-cogstack-infra" host_instances = [ - { name = "cogstack-devops", is_controller = true }, - { name = "medcat-nlp" } + { name = "cogstack-devops-toolkit", is_controller = true }, + #{ name = "medcat-nlp" } ] allowed_ingress_ips_cidr = var.allowed_ingress_ips_cidr ubuntu_immage_name = var.ubuntu_immage_name + portainer_secrets = { + admin_password = "test" + } } diff --git a/deployment/terraform/modules/openstack-cogstack-infra/cloud-init-controller.yaml b/deployment/terraform/modules/openstack-cogstack-infra/cloud-init-controller.yaml index 47bfe61..0ef7b15 100644 --- a/deployment/terraform/modules/openstack-cogstack-infra/cloud-init-controller.yaml +++ b/deployment/terraform/modules/openstack-cogstack-infra/cloud-init-controller.yaml @@ -8,6 +8,8 @@ system_info: default_user: groups: [docker] +packages: + - apache2-utils runcmd: # Install Docker @@ -31,6 +33,7 @@ runcmd: # Run Portainer - echo "Running Portainer" + - bcrypted_pw=$(htpasswd -nb -B admin "${PORTAINER_ADMIN_PASSWORD}" | cut -d ":" -f 2) - docker pull portainer/portainer-ce:2.33.0 - docker network create portainer-network - docker volume create portainer-data @@ -45,7 +48,7 @@ runcmd: -l 'traefik.enable="true"' \ -l 'traefik.http.routers.portainer-path-router.rule="PathPrefix(`/portainer`)"' \ portainer/portainer-ce:2.33.0 \ - --admin-password='${PORTAINER_ADMIN_PASSWORD}' + --admin-password="$${bcrypted_pw}" - docker pull portainer/agent:2.33.0 - | docker run -d \ diff --git a/deployment/terraform/modules/openstack-cogstack-infra/compute.tf b/deployment/terraform/modules/openstack-cogstack-infra/compute.tf index 2a2c58e..ada0a55 100644 --- a/deployment/terraform/modules/openstack-cogstack-infra/compute.tf +++ b/deployment/terraform/modules/openstack-cogstack-infra/compute.tf @@ -69,7 +69,7 @@ data "cloudinit_config" "init_docker_controller" { content = templatefile("${path.module}/cloud-init-controller.yaml", { PORTAINER_AGENT_SECRET = var.portainer_secrets.agent_secret, - PORTAINER_ADMIN_PASSWORD = local.portainer_admin_password_bcrypt_hash + PORTAINER_ADMIN_PASSWORD = local.portainer_admin_password } ) } diff --git a/deployment/terraform/modules/openstack-cogstack-infra/shared-locals.tf b/deployment/terraform/modules/openstack-cogstack-infra/shared-locals.tf index 9b833ea..5bc9dd0 100644 --- a/deployment/terraform/modules/openstack-cogstack-infra/shared-locals.tf +++ b/deployment/terraform/modules/openstack-cogstack-infra/shared-locals.tf @@ -24,6 +24,5 @@ resource "random_password" "portainer_password" { length = 16 } locals { - portainer_admin_password_bcrypt_hash = var.portainer_secrets.admin_password != null ? bcrypt(var.portainer_secrets.admin_password) : random_password.portainer_password[0].bcrypt_hash - portainer_admin_password = var.portainer_secrets.admin_password != null ? var.portainer_secrets.admin_password : random_password.portainer_password[0].result + portainer_admin_password = var.portainer_secrets.admin_password != null ? var.portainer_secrets.admin_password : random_password.portainer_password[0].result } From 482fd5b840a8433c1c32036a01cb06914df4a5c0 Mon Sep 17 00:00:00 2001 From: alhendrickson <159636032+alhendrickson@users.noreply.github.com.> Date: Wed, 27 Aug 2025 10:33:42 +0000 Subject: [PATCH 2/3] bug(iac): Fix Openstack docker VMs always recreating due to bcrypt --- .../examples/openstack-docker/openstack-vms/main.tf | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/deployment/terraform/examples/openstack-docker/openstack-vms/main.tf b/deployment/terraform/examples/openstack-docker/openstack-vms/main.tf index a9f570a..2354380 100644 --- a/deployment/terraform/examples/openstack-docker/openstack-vms/main.tf +++ b/deployment/terraform/examples/openstack-docker/openstack-vms/main.tf @@ -2,11 +2,8 @@ module "openstack_cogstack_infra" { source = "../../../modules/openstack-cogstack-infra" host_instances = [ { name = "cogstack-devops-toolkit", is_controller = true }, - #{ name = "medcat-nlp" } + { name = "medcat-nlp" } ] allowed_ingress_ips_cidr = var.allowed_ingress_ips_cidr ubuntu_immage_name = var.ubuntu_immage_name - portainer_secrets = { - admin_password = "test" - } } From 0dadb16b2c5cde257748d297668675ad6b54b1c6 Mon Sep 17 00:00:00 2001 From: alhendrickson <159636032+alhendrickson@users.noreply.github.com.> Date: Wed, 27 Aug 2025 10:35:24 +0000 Subject: [PATCH 3/3] bug(iac): Fix Openstack docker VMs always recreating due to bcrypt --- .../examples/openstack-docker/docker-deployment/main.tf | 4 ++-- .../terraform/examples/openstack-docker/openstack-vms/main.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deployment/terraform/examples/openstack-docker/docker-deployment/main.tf b/deployment/terraform/examples/openstack-docker/docker-deployment/main.tf index 4b451d7..e34c4c5 100644 --- a/deployment/terraform/examples/openstack-docker/docker-deployment/main.tf +++ b/deployment/terraform/examples/openstack-docker/docker-deployment/main.tf @@ -3,8 +3,8 @@ module "cogstack_docker_services" { source = "../../../modules/cogstack-docker-services" hosts = var.hosts service_targets = { - observability = { hostname = "cogstack-devops" } - medcat_service = { hostname = "medcat-nlp" } + observability = { hostname = "cogstack-docker-controller" } + medcat_service = { hostname = "cogstack-docker-medcat-nlp" } } ssh_private_key_file = var.ssh_private_key_file } diff --git a/deployment/terraform/examples/openstack-docker/openstack-vms/main.tf b/deployment/terraform/examples/openstack-docker/openstack-vms/main.tf index 2354380..15ee288 100644 --- a/deployment/terraform/examples/openstack-docker/openstack-vms/main.tf +++ b/deployment/terraform/examples/openstack-docker/openstack-vms/main.tf @@ -1,8 +1,8 @@ module "openstack_cogstack_infra" { source = "../../../modules/openstack-cogstack-infra" host_instances = [ - { name = "cogstack-devops-toolkit", is_controller = true }, - { name = "medcat-nlp" } + { name = "cogstack-docker-controller", is_controller = true }, + { name = "cogstack-docker-medcat-nlp" } ] allowed_ingress_ips_cidr = var.allowed_ingress_ips_cidr ubuntu_immage_name = var.ubuntu_immage_name