Mirantis · james-nesbitt · Apr 30, 2026 · Apr 30, 2026 · Apr 30, 2026 · Apr 30, 2026
diff --git a/.github/workflows/smoke-test-full.yaml b/.github/workflows/smoke-test-full.yaml
diff --git a/.github/workflows/smoke-test-small.yaml b/.github/workflows/smoke-test-small.yaml
diff --git a/.github/workflows/smoke-tests.yaml b/.github/workflows/smoke-tests.yaml
@@ -0,0 +1,70 @@
+name: Smoke Tests
+
+on:
+  pull_request:
+    types: [labeled, opened, synchronize, reopened]
+    paths:
+      - "**.go"
+      - "**.tf"
+      - ".terraform.lock.hcl"
+      - "go.mod"
+      - "go.sum"
+      - "examples/terraform/aws-simple/**"
+      - ".github/workflows/smoke-tests.yaml"
+  push:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  smoke-modern:
+    runs-on: ubuntu-latest
+    if: |
+      github.event_name == 'push' ||
+      contains(github.event.pull_request.labels.*.name, 'smoke-test') ||
+      contains(github.event.pull_request.labels.*.name, 'smoke-modern')
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+      - name: Run modern smoke test
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: make smoke-modern
+
+  smoke-legacy:
+    runs-on: ubuntu-latest
+    if: |
+      github.event_name == 'push' ||
+      contains(github.event.pull_request.labels.*.name, 'smoke-test') ||
+      contains(github.event.pull_request.labels.*.name, 'smoke-legacy')
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+      - name: Run legacy smoke test
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: make smoke-legacy
+
+  smoke-windows:
+    runs-on: ubuntu-latest
+    if: |
+      github.event_name == 'push' ||
+      contains(github.event.pull_request.labels.*.name, 'smoke-test') ||
+      contains(github.event.pull_request.labels.*.name, 'smoke-windows')
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+      - name: Run windows smoke test
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: make smoke-windows
diff --git a/Makefile b/Makefile
@@ -52,14 +52,17 @@ functional-test:
 integration-test:
 	go test -v ./test/integration/... -timeout 20m
 
-.PHONY: smoke-small
-smoke-small:
-	go test -count=1 -v ./test/smoke/... -run TestSmallCluster -timeout 20m
+.PHONY: smoke-modern
+smoke-modern:
+	go test -count=1 -v ./test/smoke/... -run TestModernCluster -timeout 50m
 
-.PHONY: smoke-full
-smoke-full:
-	go test -count=1 -v ./test/smoke/... -run TestSupportedMatrixCluster -timeout 50m
+.PHONY: smoke-legacy
+smoke-legacy:
+	go test -count=1 -v ./test/smoke/... -run TestLegacyCluster -timeout 50m
 
+.PHONY: smoke-windows
+smoke-windows:
+	go test -count=1 -v ./test/smoke/... -run TestWindowsCluster -timeout 60m
 .PHONY: clean-launchpad-chart
 clean-launchpad-chart:
 	terraform -chdir=./examples/tf-aws/launchpad apply --auto-approve --destroy
diff --git a/examples/terraform/aws-simple/.terraform.lock.hcl b/examples/terraform/aws-simple/.terraform.lock.hcl
diff --git a/examples/terraform/aws-simple/key.tf b/examples/terraform/aws-simple/key.tf
@@ -1,20 +1,34 @@
 #
-# We could use multiple keys for this stack if needed
+# SSH keypair — supports both ed25519 (default) and rsa (required for Windows nodes).
 #
 
-module "key" {
-  source = "terraform-mirantis-modules/provision-aws/mirantis//modules/key/ed25519"
+variable "ssh_key_algorithm" {
+  description = "Algorithm for the generated SSH keypair. Must be 'rsa' or 'ed25519'. Use 'rsa' when Windows nodes are present."
+  type        = string
+  default     = "ed25519"
+  validation {
+    condition     = contains(["rsa", "ed25519"], var.ssh_key_algorithm)
+    error_message = "ssh_key_algorithm must be 'rsa' or 'ed25519'."
+  }
+}
+
+resource "tls_private_key" "this" {
+  algorithm = var.ssh_key_algorithm == "rsa" ? "RSA" : "ED25519"
+  rsa_bits  = var.ssh_key_algorithm == "rsa" ? 4096 : null
+}
 
-  name = "${var.name}-common"
-  tags = local.tags
+resource "aws_key_pair" "this" {
+  key_name   = "${var.name}-common"
+  public_key = tls_private_key.this.public_key_openssh
+  tags       = local.tags
 }
 
 locals {
   pk_path = var.ssh_pk_location != "" ? join("/", [var.ssh_pk_location, "${var.name}-common.pem"]) : "./ssh-keys/${var.name}-common.pem"
 }
 
 resource "local_sensitive_file" "ssh_private_key" {
-  content              = module.key.private_key
+  content              = tls_private_key.this.private_key_openssh
   filename             = local.pk_path
   file_permission      = "0600"
   directory_permission = "0700"

diff --git a/examples/terraform/aws-simple/platform.tf b/examples/terraform/aws-simple/platform.tf
@@ -1,22 +1,83 @@
-
 // variables calculated before ami data is retrieved
 locals {
-  // find the unique platforms actually used in the node_group_definitions, so that we can combine platform definiton and ami data together
-  // - this is unique to avoid repeated ami pulls for the same definition
-  // - only node-group platforms are pulled to avoid pulling images data sources that are not used anywhere
+  // find the unique platforms actually used in the node_group_definitions
   unique_used_platforms = distinct([for ngd in var.nodegroups : ngd.platform])
+
+  // platforms defined in the upstream module
+  upstream_platform_keys = [for p in local.unique_used_platforms : p if !contains(keys(local.lib_local_platform_definitions), p)]
+  // platforms defined locally (not in upstream module)
+  local_platform_keys    = [for p in local.unique_used_platforms : p if contains(keys(local.lib_local_platform_definitions), p)]
+
+  // local platform AMI definitions (supplements upstream module)
+  lib_local_platform_definitions = {
+    "ubuntu_24.04" = {
+      ami_name   = "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*"
+      owner      = "099720109477"
+      interface  = "eth0"
+      connection = "ssh"
+      ssh_user   = "ubuntu"
+      ssh_port   = 22
+    }
+    "windows_2025" = {
+      ami_name       = "Windows_Server-2025-English-Core-Base-*"
+      owner          = "801119661308"
+      interface      = "Ethernet 3"
+      connection     = "winrm"
+      winrm_user     = "Administrator"
+      winrm_useHTTPS = true
+      winrm_insecure = true
+    }
+  }
 }
 
 module "platform" {
-  count  = length(local.unique_used_platforms)
+  count  = length(local.upstream_platform_keys)
   source = "terraform-mirantis-modules/provision-aws/mirantis//modules/platform"
 
-  platform_key     = local.unique_used_platforms[count.index]
+  platform_key     = local.upstream_platform_keys[count.index]
   windows_password = var.windows_password
 }
 
+data "aws_ami" "local" {
+  for_each = { for p in local.local_platform_keys : p => local.lib_local_platform_definitions[p] }
+
+  most_recent = true
+  owners      = [each.value.owner]
+
+  filter {
+    name   = "name"
+    values = [each.value.ami_name]
+  }
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+}
+
 // variables calculated after ami data is pulled
 locals {
-  // convert platform ami list to a map
-  platforms_with_ami = { for k, p in local.unique_used_platforms : p => module.platform[k].platform }
+  // upstream platforms: build map from upstream module outputs
+  upstream_platforms_with_ami = {
+    for k, p in local.upstream_platform_keys : p => module.platform[k].platform
+  }
+
+  // local platforms: build map matching the shape upstream module produces
+  local_platforms_with_ami = {
+    for p, def in local.lib_local_platform_definitions : p => merge(def, {
+      ami              = data.aws_ami.local[p].id
+      root_device_name = data.aws_ami.local[p].root_device_name
+      user_data = def.connection == "winrm" ? templatefile("${path.module}/userdata_windows.tpl", {
+        windows_administrator_password = var.windows_password
+      }) : ""
+    }) if contains(local.local_platform_keys, p)
+  }
+
+  // merge upstream + local into the single map consumed by provision.tf / launchpad.tf
+  platforms_with_ami = merge(local.upstream_platforms_with_ami, local.local_platforms_with_ami)
 }
diff --git a/examples/terraform/aws-simple/provision.tf b/examples/terraform/aws-simple/provision.tf
@@ -20,7 +20,7 @@ module "provision" {
     }
     count : ngd.count
     type : ngd.type
-    keypair_id : module.key.keypair_id
+    keypair_id : aws_key_pair.this.key_name
     root_device_name : ngd.root_device_name
     volume_size : ngd.volume_size
     role : ngd.role