Puppet Class: profile::openstack::base::opentofu
- Defined in:
- modules/profile/manifests/openstack/base/opentofu.pp
Summary
Sets up the OpenTofu environment for managing Cloud VPS infrastructure resources.Overview
SPDX-License-Identifier: Apache-2.0
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 |
# File 'modules/profile/manifests/openstack/base/opentofu.pp', line 4
class profile::openstack::base::opentofu (
String[1] $region = lookup('profile::openstack::base::region'),
Stdlib::Fqdn $keystone_api_fqdn = lookup('profile::openstack::base::keystone_api_fqdn'),
String[1] $admin_username = lookup('profile::openstack::base::opentofu::admin_username', {default_value => 'tofuadmin'}),
String[1] $admin_password = lookup('profile::openstack::base::opentofu::admin_password'),
Stdlib::HTTPSUrl $s3_endpoint = lookup('profile::openstack::base::opentofu::s3_endpoint'),
String[1] $s3_access_key = lookup('profile::openstack::base::opentofu::s3_access_key'),
String[1] $s3_secret_key = lookup('profile::openstack::base::opentofu::s3_secret_key'),
Stdlib::Fqdn $diff_host = lookup('profile::openstack::base::opentofu::diff_host'),
) {
apt::package_from_component { 'tofu':
component => 'thirdparty/tofu',
packages => ['tofu'],
}
$clouds_file = '/root/.config/openstack/clouds.yaml'
openstack::util::envscript { 'tofu':
region => $region,
keystone_api_fqdn => $keystone_api_fqdn,
keystone_api_port => 25357,
keystone_api_interface => 'admin',
os_user => $admin_username,
os_password => $admin_password,
os_project => 'admin',
os_user_domain_id => 'default',
os_project_domain_id => 'default',
clouds_files => [$clouds_file],
do_script => false,
}
file { '/root/.tofurc':
ensure => file,
source => 'puppet:///modules/profile/openstack/base/opentofu/tofurc',
owner => 'root',
group => 'root',
mode => '0550',
}
file { '/root/.config/.tofurc':
ensure => absent,
}
file { '/usr/local/bin/tofu':
ensure => file,
source => 'puppet:///modules/profile/openstack/base/opentofu/tofu-wrapper.sh',
owner => 'root',
group => 'root',
mode => '0555',
}
$tofu_env = {
# s3 related
'AWS_ENDPOINT_URL_S3' => $s3_endpoint,
'AWS_REGION' => $region,
'AWS_ACCESS_KEY_ID' => $s3_access_key,
'AWS_SECRET_ACCESS_KEY' => $s3_secret_key,
# openstack related
'OS_CLOUD' => 'tofu',
'OS_REGION_NAME' => $region,
'TF_VAR_cloudvps_region' => $region,
}
$tofu_env_str = $tofu_env.reduce('') |$memo, $value| {
"${memo}export ${value[0]}=\"${value[1]}\"\n"
}
file { '/etc/tofu.env':
ensure => file,
content => $tofu_env_str,
owner => 'root',
group => 'root',
mode => '0550',
show_diff => false,
}
git::clone { 'repos/cloud/cloud-vps/tofu-infra':
ensure => 'latest',
source => 'gitlab',
directory => '/srv/tofu-infra',
owner => 'root',
group => 'root',
update_method => 'checkout',
}
# Monitoring: This will trigger the generic systemd unit failure alert
# if there are unapplied changes. And after investigating the changes
# one can do systemctl reset-failed to clear the alert.
systemd::timer::job { 'opentofu-infra-diff':
ensure => stdlib::ensure($diff_host == $facts['networking']['fqdn']),
user => 'root',
description => 'check for unapplied changes in the opentofu-infra setup',
working_directory => '/srv/tofu-infra',
exec_start_pre => '/usr/local/bin/tofu init',
command => '/usr/local/bin/tofu plan -detailed-exitcode',
interval => {'start' => 'OnCalendar', 'interval' => '*-*-* 3:10:00'},
max_runtime_seconds => 1800,
}
}
|