mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-06 06:03:06 -06:00
526 lines
14 KiB
Go
526 lines
14 KiB
Go
// This package implements a provisioner for Terraform that executes a
|
|
// saltstack state within the remote machine
|
|
//
|
|
// Adapted from gitub.com/hashicorp/packer/provisioner/salt-masterless
|
|
|
|
package saltmasterless
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"os"
|
|
"path/filepath"
|
|
|
|
"github.com/hashicorp/terraform/communicator"
|
|
"github.com/hashicorp/terraform/communicator/remote"
|
|
"github.com/hashicorp/terraform/helper/schema"
|
|
"github.com/hashicorp/terraform/terraform"
|
|
linereader "github.com/mitchellh/go-linereader"
|
|
)
|
|
|
|
type provisionFn func(terraform.UIOutput, communicator.Communicator) error
|
|
|
|
type provisioner struct {
|
|
SkipBootstrap bool
|
|
BootstrapArgs string
|
|
LocalStateTree string
|
|
DisableSudo bool
|
|
CustomState string
|
|
MinionConfig string
|
|
LocalPillarRoots string
|
|
RemoteStateTree string
|
|
RemotePillarRoots string
|
|
TempConfigDir string
|
|
NoExitOnFailure bool
|
|
LogLevel string
|
|
SaltCallArgs string
|
|
CmdArgs string
|
|
}
|
|
|
|
const DefaultStateTreeDir = "/srv/salt"
|
|
const DefaultPillarRootDir = "/srv/pillar"
|
|
|
|
// Provisioner returns a salt-masterless provisioner
|
|
func Provisioner() terraform.ResourceProvisioner {
|
|
return &schema.Provisioner{
|
|
Schema: map[string]*schema.Schema{
|
|
"local_state_tree": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
},
|
|
"local_pillar_roots": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
},
|
|
"remote_state_tree": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
Default: DefaultStateTreeDir,
|
|
},
|
|
"remote_pillar_roots": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
Default: DefaultPillarRootDir,
|
|
},
|
|
"temp_config_dir": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
Default: "/tmp/salt",
|
|
},
|
|
"skip_bootstrap": &schema.Schema{
|
|
Type: schema.TypeBool,
|
|
Optional: true,
|
|
},
|
|
"no_exit_on_failure": &schema.Schema{
|
|
Type: schema.TypeBool,
|
|
Optional: true,
|
|
},
|
|
"bootstrap_args": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
},
|
|
"disable_sudo": &schema.Schema{
|
|
Type: schema.TypeBool,
|
|
Optional: true,
|
|
},
|
|
"custom_state": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
},
|
|
"minion_config_file": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
},
|
|
"cmd_args": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
},
|
|
"salt_call_args": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
},
|
|
"log_level": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
},
|
|
},
|
|
|
|
ApplyFunc: applyFn,
|
|
ValidateFunc: validateFn,
|
|
}
|
|
}
|
|
|
|
// Apply executes the file provisioner
|
|
func applyFn(ctx context.Context) error {
|
|
// Decode the raw config for this provisioner
|
|
o := ctx.Value(schema.ProvOutputKey).(terraform.UIOutput)
|
|
d := ctx.Value(schema.ProvConfigDataKey).(*schema.ResourceData)
|
|
connState := ctx.Value(schema.ProvRawStateKey).(*terraform.InstanceState)
|
|
|
|
p, err := decodeConfig(d)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Get a new communicator
|
|
comm, err := communicator.New(connState)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
retryCtx, cancel := context.WithTimeout(ctx, comm.Timeout())
|
|
defer cancel()
|
|
|
|
// Wait and retry until we establish the connection
|
|
err = communicator.Retry(retryCtx, func() error {
|
|
return comm.Connect(o)
|
|
})
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Wait for the context to end and then disconnect
|
|
go func() {
|
|
<-ctx.Done()
|
|
comm.Disconnect()
|
|
}()
|
|
|
|
var src, dst string
|
|
|
|
o.Output("Provisioning with Salt...")
|
|
if !p.SkipBootstrap {
|
|
cmd := &remote.Cmd{
|
|
// Fallback on wget if curl failed for any reason (such as not being installed)
|
|
Command: fmt.Sprintf("curl -L https://bootstrap.saltstack.com -o /tmp/install_salt.sh || wget -O /tmp/install_salt.sh https://bootstrap.saltstack.com"),
|
|
}
|
|
o.Output(fmt.Sprintf("Downloading saltstack bootstrap to /tmp/install_salt.sh"))
|
|
if err = comm.Start(cmd); err != nil {
|
|
err = fmt.Errorf("Unable to download Salt: %s", err)
|
|
}
|
|
|
|
if err := cmd.Wait(); err != nil {
|
|
return err
|
|
}
|
|
|
|
outR, outW := io.Pipe()
|
|
errR, errW := io.Pipe()
|
|
go copyOutput(o, outR)
|
|
go copyOutput(o, errR)
|
|
defer outW.Close()
|
|
defer errW.Close()
|
|
|
|
cmd = &remote.Cmd{
|
|
Command: fmt.Sprintf("%s /tmp/install_salt.sh %s", p.sudo("sh"), p.BootstrapArgs),
|
|
Stdout: outW,
|
|
Stderr: errW,
|
|
}
|
|
|
|
o.Output(fmt.Sprintf("Installing Salt with command %s", cmd.Command))
|
|
if err := comm.Start(cmd); err != nil {
|
|
return fmt.Errorf("Unable to install Salt: %s", err)
|
|
}
|
|
|
|
if err := cmd.Wait(); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
o.Output(fmt.Sprintf("Creating remote temporary directory: %s", p.TempConfigDir))
|
|
if err := p.createDir(o, comm, p.TempConfigDir); err != nil {
|
|
return fmt.Errorf("Error creating remote temporary directory: %s", err)
|
|
}
|
|
|
|
if p.MinionConfig != "" {
|
|
o.Output(fmt.Sprintf("Uploading minion config: %s", p.MinionConfig))
|
|
src = p.MinionConfig
|
|
dst = filepath.ToSlash(filepath.Join(p.TempConfigDir, "minion"))
|
|
if err = p.uploadFile(o, comm, dst, src); err != nil {
|
|
return fmt.Errorf("Error uploading local minion config file to remote: %s", err)
|
|
}
|
|
|
|
// move minion config into /etc/salt
|
|
o.Output(fmt.Sprintf("Make sure directory %s exists", "/etc/salt"))
|
|
if err := p.createDir(o, comm, "/etc/salt"); err != nil {
|
|
return fmt.Errorf("Error creating remote salt configuration directory: %s", err)
|
|
}
|
|
src = filepath.ToSlash(filepath.Join(p.TempConfigDir, "minion"))
|
|
dst = "/etc/salt/minion"
|
|
if err = p.moveFile(o, comm, dst, src); err != nil {
|
|
return fmt.Errorf("Unable to move %s/minion to /etc/salt/minion: %s", p.TempConfigDir, err)
|
|
}
|
|
}
|
|
|
|
o.Output(fmt.Sprintf("Uploading local state tree: %s", p.LocalStateTree))
|
|
src = p.LocalStateTree
|
|
dst = filepath.ToSlash(filepath.Join(p.TempConfigDir, "states"))
|
|
if err = p.uploadDir(o, comm, dst, src, []string{".git"}); err != nil {
|
|
return fmt.Errorf("Error uploading local state tree to remote: %s", err)
|
|
}
|
|
|
|
// move state tree from temporary directory
|
|
src = filepath.ToSlash(filepath.Join(p.TempConfigDir, "states"))
|
|
dst = p.RemoteStateTree
|
|
if err = p.removeDir(o, comm, dst); err != nil {
|
|
return fmt.Errorf("Unable to clear salt tree: %s", err)
|
|
}
|
|
if err = p.moveFile(o, comm, dst, src); err != nil {
|
|
return fmt.Errorf("Unable to move %s/states to %s: %s", p.TempConfigDir, dst, err)
|
|
}
|
|
|
|
if p.LocalPillarRoots != "" {
|
|
o.Output(fmt.Sprintf("Uploading local pillar roots: %s", p.LocalPillarRoots))
|
|
src = p.LocalPillarRoots
|
|
dst = filepath.ToSlash(filepath.Join(p.TempConfigDir, "pillar"))
|
|
if err = p.uploadDir(o, comm, dst, src, []string{".git"}); err != nil {
|
|
return fmt.Errorf("Error uploading local pillar roots to remote: %s", err)
|
|
}
|
|
|
|
// move pillar root from temporary directory
|
|
src = filepath.ToSlash(filepath.Join(p.TempConfigDir, "pillar"))
|
|
dst = p.RemotePillarRoots
|
|
|
|
if err = p.removeDir(o, comm, dst); err != nil {
|
|
return fmt.Errorf("Unable to clear pillar root: %s", err)
|
|
}
|
|
if err = p.moveFile(o, comm, dst, src); err != nil {
|
|
return fmt.Errorf("Unable to move %s/pillar to %s: %s", p.TempConfigDir, dst, err)
|
|
}
|
|
}
|
|
|
|
outR, outW := io.Pipe()
|
|
errR, errW := io.Pipe()
|
|
go copyOutput(o, outR)
|
|
go copyOutput(o, errR)
|
|
defer outW.Close()
|
|
defer errW.Close()
|
|
|
|
o.Output(fmt.Sprintf("Running: salt-call --local %s", p.CmdArgs))
|
|
cmd := &remote.Cmd{
|
|
Command: p.sudo(fmt.Sprintf("salt-call --local %s", p.CmdArgs)),
|
|
Stdout: outW,
|
|
Stderr: errW,
|
|
}
|
|
if err = comm.Start(cmd); err != nil {
|
|
err = fmt.Errorf("Error executing salt-call: %s", err)
|
|
}
|
|
|
|
if err := cmd.Wait(); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Prepends sudo to supplied command if config says to
|
|
func (p *provisioner) sudo(cmd string) string {
|
|
if p.DisableSudo {
|
|
return cmd
|
|
}
|
|
|
|
return "sudo " + cmd
|
|
}
|
|
|
|
func validateDirConfig(path string, name string, required bool) error {
|
|
if required == true && path == "" {
|
|
return fmt.Errorf("%s cannot be empty", name)
|
|
} else if required == false && path == "" {
|
|
return nil
|
|
}
|
|
info, err := os.Stat(path)
|
|
if err != nil {
|
|
return fmt.Errorf("%s: path '%s' is invalid: %s", name, path, err)
|
|
} else if !info.IsDir() {
|
|
return fmt.Errorf("%s: path '%s' must point to a directory", name, path)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func validateFileConfig(path string, name string, required bool) error {
|
|
if required == true && path == "" {
|
|
return fmt.Errorf("%s cannot be empty", name)
|
|
} else if required == false && path == "" {
|
|
return nil
|
|
}
|
|
info, err := os.Stat(path)
|
|
if err != nil {
|
|
return fmt.Errorf("%s: path '%s' is invalid: %s", name, path, err)
|
|
} else if info.IsDir() {
|
|
return fmt.Errorf("%s: path '%s' must point to a file", name, path)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (p *provisioner) uploadFile(o terraform.UIOutput, comm communicator.Communicator, dst, src string) error {
|
|
f, err := os.Open(src)
|
|
if err != nil {
|
|
return fmt.Errorf("Error opening: %s", err)
|
|
}
|
|
defer f.Close()
|
|
|
|
if err = comm.Upload(dst, f); err != nil {
|
|
return fmt.Errorf("Error uploading %s: %s", src, err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (p *provisioner) moveFile(o terraform.UIOutput, comm communicator.Communicator, dst, src string) error {
|
|
o.Output(fmt.Sprintf("Moving %s to %s", src, dst))
|
|
cmd := &remote.Cmd{Command: fmt.Sprintf(p.sudo("mv %s %s"), src, dst)}
|
|
if err := comm.Start(cmd); err != nil {
|
|
return fmt.Errorf("Unable to move %s to %s: %s", src, dst, err)
|
|
}
|
|
if err := cmd.Wait(); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (p *provisioner) createDir(o terraform.UIOutput, comm communicator.Communicator, dir string) error {
|
|
o.Output(fmt.Sprintf("Creating directory: %s", dir))
|
|
cmd := &remote.Cmd{
|
|
Command: fmt.Sprintf("mkdir -p '%s'", dir),
|
|
}
|
|
if err := comm.Start(cmd); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := cmd.Wait(); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (p *provisioner) removeDir(o terraform.UIOutput, comm communicator.Communicator, dir string) error {
|
|
o.Output(fmt.Sprintf("Removing directory: %s", dir))
|
|
cmd := &remote.Cmd{
|
|
Command: fmt.Sprintf("rm -rf '%s'", dir),
|
|
}
|
|
if err := comm.Start(cmd); err != nil {
|
|
return err
|
|
}
|
|
if err := cmd.Wait(); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (p *provisioner) uploadDir(o terraform.UIOutput, comm communicator.Communicator, dst, src string, ignore []string) error {
|
|
if err := p.createDir(o, comm, dst); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Make sure there is a trailing "/" so that the directory isn't
|
|
// created on the other side.
|
|
if src[len(src)-1] != '/' {
|
|
src = src + "/"
|
|
}
|
|
return comm.UploadDir(dst, src)
|
|
}
|
|
|
|
// Validate checks if the required arguments are configured
|
|
func validateFn(c *terraform.ResourceConfig) (ws []string, es []error) {
|
|
// require a salt state tree
|
|
localStateTreeTmp, ok := c.Get("local_state_tree")
|
|
var localStateTree string
|
|
if !ok {
|
|
es = append(es,
|
|
errors.New("Required local_state_tree is not set"))
|
|
} else {
|
|
localStateTree = localStateTreeTmp.(string)
|
|
}
|
|
err := validateDirConfig(localStateTree, "local_state_tree", true)
|
|
if err != nil {
|
|
es = append(es, err)
|
|
}
|
|
|
|
var localPillarRoots string
|
|
localPillarRootsTmp, ok := c.Get("local_pillar_roots")
|
|
if !ok {
|
|
localPillarRoots = ""
|
|
} else {
|
|
localPillarRoots = localPillarRootsTmp.(string)
|
|
}
|
|
|
|
err = validateDirConfig(localPillarRoots, "local_pillar_roots", false)
|
|
if err != nil {
|
|
es = append(es, err)
|
|
}
|
|
|
|
var minionConfig string
|
|
minionConfigTmp, ok := c.Get("minion_config_file")
|
|
if !ok {
|
|
minionConfig = ""
|
|
} else {
|
|
minionConfig = minionConfigTmp.(string)
|
|
}
|
|
err = validateFileConfig(minionConfig, "minion_config_file", false)
|
|
if err != nil {
|
|
es = append(es, err)
|
|
}
|
|
|
|
var remoteStateTree string
|
|
remoteStateTreeTmp, ok := c.Get("remote_state_tree")
|
|
if !ok {
|
|
remoteStateTree = DefaultStateTreeDir
|
|
} else {
|
|
remoteStateTree = remoteStateTreeTmp.(string)
|
|
}
|
|
|
|
var remotePillarRoots string
|
|
remotePillarRootsTmp, ok := c.Get("remote_pillar_roots")
|
|
if !ok {
|
|
remotePillarRoots = DefaultPillarRootDir
|
|
} else {
|
|
remotePillarRoots = remotePillarRootsTmp.(string)
|
|
}
|
|
|
|
if minionConfig != "" && (remoteStateTree != DefaultStateTreeDir || remotePillarRoots != DefaultPillarRootDir) {
|
|
es = append(es,
|
|
errors.New("remote_state_tree and remote_pillar_roots only apply when minion_config_file is not used"))
|
|
}
|
|
|
|
if len(es) > 0 {
|
|
return ws, es
|
|
}
|
|
|
|
return ws, es
|
|
}
|
|
|
|
func decodeConfig(d *schema.ResourceData) (*provisioner, error) {
|
|
p := &provisioner{
|
|
LocalStateTree: d.Get("local_state_tree").(string),
|
|
LogLevel: d.Get("log_level").(string),
|
|
SaltCallArgs: d.Get("salt_call_args").(string),
|
|
CmdArgs: d.Get("cmd_args").(string),
|
|
MinionConfig: d.Get("minion_config_file").(string),
|
|
CustomState: d.Get("custom_state").(string),
|
|
DisableSudo: d.Get("disable_sudo").(bool),
|
|
BootstrapArgs: d.Get("bootstrap_args").(string),
|
|
NoExitOnFailure: d.Get("no_exit_on_failure").(bool),
|
|
SkipBootstrap: d.Get("skip_bootstrap").(bool),
|
|
TempConfigDir: d.Get("temp_config_dir").(string),
|
|
RemotePillarRoots: d.Get("remote_pillar_roots").(string),
|
|
RemoteStateTree: d.Get("remote_state_tree").(string),
|
|
LocalPillarRoots: d.Get("local_pillar_roots").(string),
|
|
}
|
|
|
|
// build the command line args to pass onto salt
|
|
var cmdArgs bytes.Buffer
|
|
|
|
if p.CustomState == "" {
|
|
cmdArgs.WriteString(" state.highstate")
|
|
} else {
|
|
cmdArgs.WriteString(" state.sls ")
|
|
cmdArgs.WriteString(p.CustomState)
|
|
}
|
|
|
|
if p.MinionConfig == "" {
|
|
// pass --file-root and --pillar-root if no minion_config_file is supplied
|
|
if p.RemoteStateTree != "" {
|
|
cmdArgs.WriteString(" --file-root=")
|
|
cmdArgs.WriteString(p.RemoteStateTree)
|
|
} else {
|
|
cmdArgs.WriteString(" --file-root=")
|
|
cmdArgs.WriteString(DefaultStateTreeDir)
|
|
}
|
|
if p.RemotePillarRoots != "" {
|
|
cmdArgs.WriteString(" --pillar-root=")
|
|
cmdArgs.WriteString(p.RemotePillarRoots)
|
|
} else {
|
|
cmdArgs.WriteString(" --pillar-root=")
|
|
cmdArgs.WriteString(DefaultPillarRootDir)
|
|
}
|
|
}
|
|
|
|
if !p.NoExitOnFailure {
|
|
cmdArgs.WriteString(" --retcode-passthrough")
|
|
}
|
|
|
|
if p.LogLevel == "" {
|
|
cmdArgs.WriteString(" -l info")
|
|
} else {
|
|
cmdArgs.WriteString(" -l ")
|
|
cmdArgs.WriteString(p.LogLevel)
|
|
}
|
|
|
|
if p.SaltCallArgs != "" {
|
|
cmdArgs.WriteString(" ")
|
|
cmdArgs.WriteString(p.SaltCallArgs)
|
|
}
|
|
|
|
p.CmdArgs = cmdArgs.String()
|
|
|
|
return p, nil
|
|
}
|
|
|
|
func copyOutput(
|
|
o terraform.UIOutput, r io.Reader) {
|
|
lr := linereader.New(r)
|
|
for line := range lr.Ch {
|
|
o.Output(line)
|
|
}
|
|
}
|