Add pre-install, post-install hooks to install-ptfe.sh

.gitignore

@@ -1,4 +1,5 @@
-# Local .terraform directories
+*.env
+*.tfstate*
+*.tfvars
 **/.terraform/*
-
-work/
+work/

.terraform-version

@@ -0,0 +1 @@
+latest:^0.12

config.tf

@@ -70,11 +70,12 @@ data "template_file" "cloud_config" {
     repl_cidr            = var.repl_cidr
     ca_bundle_url        = var.ca_bundle_url
     import_key           = var.import_key
-    startup_script       = base64encode(var.startup_script)
     role                 = count.index == 0 ? "main" : "primary"
     distro               = var.distribution
     rptfeconf            = base64encode(data.template_file.repl_ptfe_config.rendered)
     replconf             = base64encode(data.template_file.repl_config.rendered)
+    postinstall_script   = var.postinstall_script
+    preinstall_script    = var.preinstall_script
   }
 }
 
@@ -106,6 +107,8 @@ data "template_file" "cloud_config_secondary" {
     airgap_installer_url = var.airgap_package_url == "" ? "" : local.internal_airgap_url
     ca_bundle_url        = var.ca_bundle_url
     import_key           = var.import_key
+    postinstall_script   = var.postinstall_script
+    preinstall_script    = var.preinstall_script
   }
 }
 
@@ -128,4 +131,3 @@ data "template_file" "ssh_config" {
     keyfile_path = module.common.ssh_priv_key_file
   }
 }
-

docs/inputs.md

@@ -32,7 +32,9 @@
 | postgresql\_extra\_params | additional connection string parameters (must be url query params) | `string` | `""` | no |
 | postgresql\_password | password to connect to external postgresql database as | `string` | `""` | no |
 | postgresql\_user | user to connect to external postgresql database as | `string` | `""` | no |
+| postinstall\_script | A custom shell script which will be invoked after TFE is installed. The value must start with a shebang line in order to be executed. | `string` | `"#!/bin/bash\n\necho 'A post-install script was not provided.'\n"` | no |
 | prefix | Name prefix for resource names and tags | `string` | `"tfe"` | no |
+| preinstall\_script | A custom shell script which will be invoked before TFE is installed. The value must start with a shebang line in order to be executed. | `string` | `"#!/bin/bash\n\necho 'A pre-install script was not provided.'\n"` | no |
 | primary\_instance\_type | ec2 instance type | `string` | `"m4.xlarge"` | no |
 | private\_zone | set to true if your route53 zone is private | `string` | `false` | no |
 | release\_sequence | Replicated release sequence number to install - this locks the install to a specific release | `string` | `""` | no |
@@ -42,7 +44,6 @@
 | secondary\_count | The number of secondary cluster nodes to run | `string` | `5` | no |
 | secondary\_instance\_type | ec2 instance type (Defaults to `primary_instance_type` if not set.) | `string` | `""` | no |
 | ssh\_user | the user to connect to the instance as | `string` | `""` | no |
-| startup\_script | shell script to run when primary instance boots the first time | `string` | `""` | no |
 | subnet\_tags | tags to use to match subnets to use | `map(string)` | `{}` | no |
 | tags | Map of tags to add to all resources | `map(string)` | `{}` | no |
 | update\_route53 | whether or not to automatically update route53 records for the cluster | `string` | `true` | no |

templates/cloud-config-secondary.yaml

@@ -46,12 +46,24 @@ write_files:
   content: ${airgap_installer_url}
 %{ endif }
 
-- path: /var/lib/cloud/scripts/per-once/install-ptfe.sh
+- path: /var/lib/cloud/scripts/per-once/000-pre-install.sh
   owner: root:root
-  permissions: "0555"
+  permissions: "0500"
+  encoding: b64
+  content: ${base64encode(preinstall_script)}
+
+- path: /var/lib/cloud/scripts/per-once/001-install-ptfe.sh
+  owner: root:root
+  permissions: "0500"
   encoding: b64
   content: ${install_ptfe_sh}
 
+- path: /var/lib/cloud/scripts/per-once/002-post-install.sh
+  owner: root:root
+  permissions: "0500"
+  encoding: b64
+  content: ${base64encode(postinstall_script)}
+
 - path: /etc/ptfe/proxy-url
   owner: root:root
   permissions: "0400"

templates/cloud-config.yaml

@@ -58,20 +58,24 @@ write_files:
   permissions: "0444"
   content: "${role_id}"
 
-%{ if startup_script != "" }
-- path: /var/lib/cloud/scripts/per-once/000-user-startup-script.sh
+- path: /var/lib/cloud/scripts/per-once/000-pre-install.sh
   owner: root:root
-  permissions: "0555"
+  permissions: "0500"
   encoding: b64
-  content: ${startup_script}
-%{ endif }
+  content: ${base64encode(preinstall_script)}
 
-- path: /var/lib/cloud/scripts/per-once/install-ptfe.sh
+- path: /var/lib/cloud/scripts/per-once/001-install-ptfe.sh
   owner: root:root
-  permissions: "0555"
+  permissions: "0500"
   encoding: b64
   content: ${install_ptfe_sh}
 
+- path: /var/lib/cloud/scripts/per-once/002-post-install.sh
+  owner: root:root
+  permissions: "0500"
+  encoding: b64
+  content: ${base64encode(postinstall_script)}
+
 - path: /etc/ptfe/proxy-url
   owner: root:root
   permissions: "0400"

templates/ssh_config

@@ -7,4 +7,5 @@ Host default
     PasswordAuthentication no
     IdentityFile ${keyfile_path}
     IdentitiesOnly yes
-    LogLevel FATAL
+    LogLevel FATAL
+    ForwardAgent yes

variables.tf

@@ -139,12 +139,6 @@ variable "ssh_user" {
   default     = ""
 }
 
-variable "startup_script" {
-  type        = string
-  description = "shell script to run when primary instance boots the first time"
-  default     = ""
-}
-
 variable "subnet_tags" {
   type        = map(string)
   description = "tags to use to match subnets to use"
@@ -187,6 +181,25 @@ variable "tags" {
   default     = {}
 }
 
+variable "postinstall_script" {
+  default     = <<-EOD
+  #!/bin/bash
+
+  echo 'A post-install script was not provided.'
+  EOD
+  description = "A custom shell script which will be invoked after TFE is installed. The value must start with a shebang line in order to be executed."
+  type        = string
+}
+
+variable "preinstall_script" {
+  default     = <<-EOD
+  #!/bin/bash
+
+  echo 'A pre-install script was not provided.'
+  EOD
+  description = "A custom shell script which will be invoked before TFE is installed. The value must start with a shebang line in order to be executed."
+  type        = string
+}
 
 ### ================================ External Services Support
 
@@ -331,4 +344,3 @@ resource "random_string" "setup_token" {
   upper   = false
   special = false
 }
-