Merge pull request #79 from hashicorp/aaron-lane-install-hooks

Add pre-install, post-install hooks to install-ptfe.sh
hashicorp · May 8, 2020 · 4c2b759 · 4c2b759
2 parents efdc646 + b87a7fc
commit 4c2b759
Show file tree

Hide file tree

Showing 10 changed files with 61 additions and 23 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
-# Local .terraform directories
+*.env
+*.tfstate*
+*.tfvars
 **/.terraform/*
-
-work/
+work/
diff --git a/.terraform-version b/.terraform-version
@@ -0,0 +1 @@
+latest:^0.12
diff --git a/config.tf b/config.tf
@@ -2,6 +2,12 @@ locals {
   app_data_mode    = var.postgresql_address != "" ? "external_services" : "demo"
   app_network_type = var.airgap_package_url != "" ? "airgap" : "online"
   install_type     = "${local.app_data_mode}-${local.app_network_type}"
+  postinstall_script = var.postinstall_script == "" ? (
+    file("${path.module}/files/post-install-default.sh")
+  ) : var.postinstall_script
+  preinstall_script = var.preinstall_script == "" ? (
+    file("${path.module}/files/pre-install-default.sh")
+  ) : var.preinstall_script
 }
 
 # Settings for automated PTFE installation
@@ -70,11 +76,12 @@ data "template_file" "cloud_config" {
     repl_cidr            = var.repl_cidr
     ca_bundle_url        = var.ca_bundle_url
     import_key           = var.import_key
-    startup_script       = base64encode(var.startup_script)
     role                 = count.index == 0 ? "main" : "primary"
     distro               = var.distribution
     rptfeconf            = base64encode(data.template_file.repl_ptfe_config.rendered)
     replconf             = base64encode(data.template_file.repl_config.rendered)
+    postinstall_script   = local.postinstall_script
+    preinstall_script    = local.preinstall_script
   }
 }
 
@@ -106,6 +113,8 @@ data "template_file" "cloud_config_secondary" {
     airgap_installer_url = var.airgap_package_url == "" ? "" : local.internal_airgap_url
     ca_bundle_url        = var.ca_bundle_url
     import_key           = var.import_key
+    postinstall_script   = local.postinstall_script
+    preinstall_script    = local.preinstall_script
   }
 }
 
@@ -128,4 +137,3 @@ data "template_file" "ssh_config" {
     keyfile_path = module.common.ssh_priv_key_file
   }
 }
-
diff --git a/docs/inputs.md b/docs/inputs.md
@@ -32,7 +32,9 @@
 | postgresql\_extra\_params | additional connection string parameters (must be url query params) | `string` | `""` | no |
 | postgresql\_password | password to connect to external postgresql database as | `string` | `""` | no |
 | postgresql\_user | user to connect to external postgresql database as | `string` | `""` | no |
+| postinstall\_script | A custom shell script which will be invoked after TFE is installed. The value must start with a shebang line in order to be executed. If no value is provided, a default script will be used. | `string` | `""` | no |
 | prefix | Name prefix for resource names and tags | `string` | `"tfe"` | no |
+| preinstall\_script | A custom shell script which will be invoked before TFE is installed. The value must start with a shebang line in order to be executed. If no value is provided, a default script will be used. | `string` | `""` | no |
 | primary\_instance\_type | ec2 instance type | `string` | `"m4.xlarge"` | no |
 | private\_zone | set to true if your route53 zone is private | `string` | `false` | no |
 | release\_sequence | Replicated release sequence number to install - this locks the install to a specific release | `string` | `""` | no |
@@ -42,7 +44,6 @@
 | secondary\_count | The number of secondary cluster nodes to run | `string` | `5` | no |
 | secondary\_instance\_type | ec2 instance type (Defaults to `primary_instance_type` if not set.) | `string` | `""` | no |
 | ssh\_user | the user to connect to the instance as | `string` | `""` | no |
-| startup\_script | shell script to run when primary instance boots the first time | `string` | `""` | no |
 | subnet\_tags | tags to use to match subnets to use | `map(string)` | `{}` | no |
 | tags | Map of tags to add to all resources | `map(string)` | `{}` | no |
 | update\_route53 | whether or not to automatically update route53 records for the cluster | `string` | `true` | no |

diff --git a/files/post-install-default.sh b/files/post-install-default.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo 'A post-install script was not provided.'
diff --git a/files/pre-install-default.sh b/files/pre-install-default.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo 'A pre-install script was not provided.'
diff --git a/templates/cloud-config-secondary.yaml b/templates/cloud-config-secondary.yaml
@@ -46,12 +46,24 @@ write_files:
   content: ${airgap_installer_url}
 %{ endif }
 
-- path: /var/lib/cloud/scripts/per-once/install-ptfe.sh
+- path: /var/lib/cloud/scripts/per-once/000-pre-install.sh
   owner: root:root
-  permissions: "0555"
+  permissions: "0500"
+  encoding: b64
+  content: ${base64encode(preinstall_script)}
+
+- path: /var/lib/cloud/scripts/per-once/001-install-ptfe.sh
+  owner: root:root
+  permissions: "0500"
   encoding: b64
   content: ${install_ptfe_sh}
 
+- path: /var/lib/cloud/scripts/per-once/002-post-install.sh
+  owner: root:root
+  permissions: "0500"
+  encoding: b64
+  content: ${base64encode(postinstall_script)}
+
 - path: /etc/ptfe/proxy-url
   owner: root:root
   permissions: "0400"

diff --git a/templates/cloud-config.yaml b/templates/cloud-config.yaml
@@ -58,20 +58,24 @@ write_files:
   permissions: "0444"
   content: "${role_id}"
 
-%{ if startup_script != "" }
-- path: /var/lib/cloud/scripts/per-once/000-user-startup-script.sh
+- path: /var/lib/cloud/scripts/per-once/000-pre-install.sh
   owner: root:root
-  permissions: "0555"
+  permissions: "0500"
   encoding: b64
-  content: ${startup_script}
-%{ endif }
+  content: ${base64encode(preinstall_script)}
 
-- path: /var/lib/cloud/scripts/per-once/install-ptfe.sh
+- path: /var/lib/cloud/scripts/per-once/001-install-ptfe.sh
   owner: root:root
-  permissions: "0555"
+  permissions: "0500"
   encoding: b64
   content: ${install_ptfe_sh}
 
+- path: /var/lib/cloud/scripts/per-once/002-post-install.sh
+  owner: root:root
+  permissions: "0500"
+  encoding: b64
+  content: ${base64encode(postinstall_script)}
+
 - path: /etc/ptfe/proxy-url
   owner: root:root
   permissions: "0400"

diff --git a/templates/ssh_config b/templates/ssh_config
@@ -7,4 +7,5 @@ Host default
     PasswordAuthentication no
     IdentityFile ${keyfile_path}
     IdentitiesOnly yes
-    LogLevel FATAL
+    LogLevel FATAL
+    ForwardAgent yes
diff --git a/variables.tf b/variables.tf
@@ -139,12 +139,6 @@ variable "ssh_user" {
   default     = ""
 }
 
-variable "startup_script" {
-  type        = string
-  description = "shell script to run when primary instance boots the first time"
-  default     = ""
-}
-
 variable "subnet_tags" {
   type        = map(string)
   description = "tags to use to match subnets to use"
@@ -187,6 +181,17 @@ variable "tags" {
   default     = {}
 }
 
+variable "postinstall_script" {
+  default     = ""
+  description = "A custom shell script which will be invoked after TFE is installed. The value must start with a shebang line in order to be executed. If no value is provided, a default script will be used."
+  type        = string
+}
+
+variable "preinstall_script" {
+  default     = ""
+  description = "A custom shell script which will be invoked before TFE is installed. The value must start with a shebang line in order to be executed. If no value is provided, a default script will be used."
+  type        = string
+}
 
 ### ================================ External Services Support
 
@@ -331,4 +336,3 @@ resource "random_string" "setup_token" {
   upper   = false
   special = false
 }
-