initial terraform-provider-bluechi implementation

Signed-off-by: Michael Engel <[email protected]>

Makefile

@@ -0,0 +1,33 @@
+HOSTNAME=registry.terraform.io
+NAMESPACE=bluechi
+NAME=bluechi
+BINARY=terraform-provider-${NAME}
+VERSION=1.0.0
+OS_ARCH=linux_amd64
+INSTALLDIR=~/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH}
+
+.PHONY: default
+default: all
+
+.PHONY: all
+all: install
+
+.PHONY: ${BINARY}
+${BINARY}:
+	go build -o ${BINARY}
+
+.PHONY: install
+install: ${BINARY}
+	mkdir -p ${INSTALLDIR}
+	cp ${BINARY} ${INSTALLDIR}
+
+uninstall:
+	rm -f ${INSTALLDIR}/${BINARY}
+
+clean: uninstall
+	rm -f ${BINARY}
+
+test:
+	bash container/container-setup.sh start bluechi
+	TF_ACC=1 go test ./... -v $(TESTARGS) -timeout 120m
+	bash container/container-setup.sh stop

README.md

@@ -1,2 +1,8 @@
-# terraform-provider-bluechi
-Terraform provider for setting up systems with BlueChi
+# Terraform Provider for BlueChi
+
+This terraform provider can be used to setup a multi-node system to be controlled via [BlueChi](https://github.com/containers/bluechi/). 
+
+For examples on how to use this provider, please refer to the [examples](./examples/) directory which contains examples to:
+
+- [setup multiple containers with BlueChi](./examples/resources/bluechi_plain_ssh/)
+- [setup AWS EC2 instances with BlueChi](./examples/resources/bluechi_with_aws/)

container/bluechi.image

@@ -0,0 +1,33 @@
+FROM quay.io/centos/centos:stream9
+
+RUN dnf upgrade --refresh -y --nodocs && \
+    dnf install --nodocs \
+        policycoreutils-python-utils \
+        python3-dasbus \
+        selinux-policy \
+        systemd \
+        systemd-devel \
+        openssh-server \
+        openssh-clients \
+        dnf-plugin-config-manager \
+    -y && \
+    dnf -y clean all
+
+RUN dnf copr enable -y @centos-automotive-sig/bluechi-snapshot
+RUN dnf install \
+        --nogpgcheck \
+        --nodocs \
+        bluechi \
+        bluechi-debuginfo \
+        bluechi-agent \
+        bluechi-agent-debuginfo \
+        bluechi-ctl \
+        bluechi-ctl-debuginfo \
+        bluechi-selinux \
+        python3-bluechi \
+    -y && \
+    dnf -y clean all
+
+RUN systemctl enable sshd
+
+CMD [ "/sbin/init" ]

container/centos.image

@@ -0,0 +1,17 @@
+FROM quay.io/centos/centos:stream9
+
+RUN dnf upgrade --refresh -y --nodocs && \
+    dnf install --nodocs \
+        policycoreutils-python-utils \
+        selinux-policy \
+        systemd \
+        systemd-devel \
+        openssh-server \
+        openssh-clients \
+        dnf-plugin-config-manager \
+    -y && \
+    dnf -y clean all
+
+RUN systemctl enable sshd
+
+CMD [ "/sbin/init" ]

container/container-setup.sh

@@ -0,0 +1,46 @@
+#!/bin/bash -xe
+
+PUBKEYPATH=~/.ssh/id_rsa.pub
+PUBKEY=$( cat $PUBKEYPATH )
+
+SCRIPT_DIR=$( realpath "$0"  )
+SCRIPT_DIR=$(dirname "$SCRIPT_DIR")
+
+CONTAINER_NAMES=(main worker1 worker2 worker3)
+
+function build_image(){
+    if [[ "$1" == "bluechi" ]]; then
+        podman build -t localhost/bluechi -f $SCRIPT_DIR/bluechi.image
+    elif [[ "$1" == "centos" ]]; then
+        podman build -t localhost/centos -f $SCRIPT_DIR/centos.image
+    else
+        echo "Unknown image: '$1'"
+    fi
+}
+
+function start(){
+    if [[ "$1" != "bluechi" && "$1" != "centos" ]]; then
+        echo "Unknown container image: '$1'"
+        exit 1
+    fi
+
+    port=2020
+    for name in ${CONTAINER_NAMES[@]}; do
+        # start all containers
+        podman run -dt --rm --name $name --network host localhost/$1:latest
+        # inject public key
+        podman exec $name bash -c "echo $PUBKEY >> ~/.ssh/authorized_keys"
+        # change the port for the ssh config
+        podman exec $name bash -c "echo 'Port $port' >> /etc/ssh/sshd_config"
+        podman exec $name bash -c "systemctl restart sshd"
+        let port++
+    done
+}
+
+function stop() {
+    for name in ${CONTAINER_NAMES[@]}; do
+        podman stop $name
+    done
+}
+
+$1 $2

examples/provider/provider.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_providers {
+    bluechi = {
+      source = "bluechi/bluechi"
+    }
+  }
+}
+
+provider "bluechi" {
+  use_mock = var.use_mock
+}

examples/provider/variables.tf

@@ -0,0 +1,4 @@
+variable "use_mock" {
+  type    = bool
+  default = true
+}

examples/resources/bluechi_plain_ssh/README.md

@@ -0,0 +1,19 @@
+This example requires a container setup as provided by [container-setup.sh](../../../container/container-setup.sh):
+
+```bash
+# build image with bluechi pre-installed or
+$ bash container/container-setup.sh build_image bluechi
+# use a plain centos container without bluechi
+$ bash container/container-setup.sh build_image centos
+
+# start all container, bluechi isn't setup, yet
+$ bash container/container-setup.sh start bluechi
+
+# build and install terraform-provider-bluechi
+$ make install
+
+# apply the terraform example
+$ cd examples/resources/bluechi_plain_ssh/
+$ tf init
+$ tf apply
+```

examples/resources/bluechi_plain_ssh/provider.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    bluechi = {
+      source  = "bluechi/bluechi"
+      version = "1.0.0"
+    }
+  }
+}
+
+provider "bluechi" {
+  use_mock = var.use_mock
+}

examples/resources/bluechi_plain_ssh/resource.tf

@@ -0,0 +1,97 @@
+resource "bluechi_node" "main" {
+
+  ssh = {
+    host                     = "127.0.0.1:2020"
+    user                     = "root"
+    password                 = ""
+    private_key_path         = "~/.ssh/id_rsa"
+    accept_host_key_insecure = true
+  }
+
+  bluechi_controller = {
+    allowed_node_names = [
+      "main", "worker1", "worker2", "worker3",
+    ]
+    manager_port = 3030
+    log_level    = "DEBUG"
+    log_target   = "stderr-full"
+    log_is_quiet = false
+  }
+
+  bluechi_agent = {
+    node_name          = "main"
+    manager_host       = "127.0.0.1"
+    manager_port       = 3030
+    manager_address    = ""
+    heartbeat_interval = 5000
+    log_level          = "DEBUG"
+    log_target         = "stderr-full"
+    log_is_quiet       = false
+  }
+}
+
+resource "bluechi_node" "worker1" {
+
+  ssh = {
+    host                     = "127.0.0.1:2021"
+    user                     = "root"
+    password                 = ""
+    private_key_path         = "~/.ssh/id_rsa"
+    accept_host_key_insecure = true
+  }
+
+  bluechi_agent = {
+    node_name          = "worker1"
+    manager_host       = "127.0.0.1"
+    manager_port       = 3030
+    manager_address    = ""
+    heartbeat_interval = 5000
+    log_level          = "DEBUG"
+    log_target         = "stderr-full"
+    log_is_quiet       = false
+  }
+}
+
+resource "bluechi_node" "worker2" {
+
+  ssh = {
+    host                     = "127.0.0.1:2022"
+    user                     = "root"
+    password                 = ""
+    private_key_path         = "~/.ssh/id_rsa"
+    accept_host_key_insecure = true
+  }
+
+  bluechi_agent = {
+    node_name          = "worker2"
+    manager_host       = "127.0.0.1"
+    manager_port       = 3030
+    manager_address    = ""
+    heartbeat_interval = 5000
+    log_level          = "DEBUG"
+    log_target         = "stderr-full"
+    log_is_quiet       = false
+  }
+}
+
+resource "bluechi_node" "worker3" {
+
+  ssh = {
+    host                     = "127.0.0.1:2023"
+    user                     = "root"
+    password                 = ""
+    private_key_path         = "~/.ssh/id_rsa"
+    accept_host_key_insecure = true
+  }
+
+  bluechi_agent = {
+    node_name          = "worker3"
+    manager_host       = "127.0.0.1"
+    manager_port       = 3030
+    manager_address    = ""
+    heartbeat_interval = 5000
+    log_level          = "DEBUG"
+    log_target         = "stderr-full"
+    log_is_quiet       = false
+  }
+}

examples/resources/bluechi_plain_ssh/variables.tf

@@ -0,0 +1,4 @@
+variable "use_mock" {
+  type    = bool
+  default = false
+}