IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2025-01-02 12:17:39 -06:00
Code Issues Packages Projects Releases Wiki Activity
f9ebae749c
opentofu/website/docs/provisioners/habitat.html.markdown
Martin Atkins e0d72930fa website: Warn against using provisioners 
For a long time now we've been advising against the use of provisioners,
but our documentation for them is pretty prominent on the website in
comparision to the better alternatives, and so it's little surprise that
many users end up making significant use of them.

Although in the longer term a change to our information architecture would
probably address this even better, this is an attempt to be explicit about
the downsides of using provisioners and to prominently describe the
alternatives that are available for common use-cases, along with some
reasons why we consider them to be better.

I took the unusual step here of directly linking to specific provider
documentation pages about the alternatives, even though we normally try
to keep the core documentation provider-agnostic, because otherwise that
information tends to be rather buried in the provider documentation and
thus the reader would be reasonable to use provisioners just because we're
not giving specific enough alternative recommendations.
2019-09-05 16:09:06 -07:00

5.8 KiB
Raw Blame History

layout page_title sidebar_current description
docs Provisioner: habitat docs-provisioners-habitat The `habitat` provisioner installs the Habitat supervisor, and loads configured services.

Habitat Provisioner

The habitat provisioner installs the Habitat supervisor and loads configured services. This provisioner only supports Linux targets using the ssh connection type at this time.

-> Note: Provisioners should only be used as a last resort. For most common situations there are better alternatives. For more information, see the main Provisioners page.

Requirements

The habitat provisioner has some prerequisites for specific connection types:

  • For ssh type connections, we assume a few tools to be available on the remote host:
    • curl
    • tee
    • setsid - Only if using the unmanaged service type.

Without these prerequisites, your provisioning execution will fail.

Example usage

resource "aws_instance" "redis" {
  count = 3

  provisioner "habitat" {
    peer = "${aws_instance.redis.0.private_ip}"
    use_sudo = true
    service_type = "systemd"

    service {
      name = "core/redis"
      topology = "leader"
      user_toml = "${file("conf/redis.toml")}"
    }
  }
}

Argument Reference

There are 2 configuration levels, supervisor and service. Configuration placed directly within the provisioner block are supervisor configurations, and a provisioner can define zero or more services to run, and each service will have a service block within the provisioner. A service block can also contain zero or more bind blocks to create service group bindings.

Supervisor Arguments

  • version (string) - (Optional) The Habitat version to install on the remote machine. If not specified, the latest available version is used.
  • use_sudo (bool) - (Optional) Use sudo when executing remote commands. Required when the user specified in the connection block is not root. (Defaults to true)
  • service_type (string) - (Optional) Method used to run the Habitat supervisor. Valid options are unmanaged and systemd. (Defaults to systemd)
  • service_name (string) - (Optional) The name of the Habitat supervisor service, if using an init system such as systemd. (Defaults to hab-supervisor)
  • peer (string) - (Optional) IP or FQDN of a supervisor instance to peer with. (Defaults to none)
  • permanent_peer (bool) - (Optional) Marks this supervisor as a permanent peer. (Defaults to false)
  • listen_gossip (string) - (Optional) The listen address for the gossip system (Defaults to 0.0.0.0:9638)
  • listen_http (string) - (Optional) The listen address for the HTTP gateway (Defaults to 0.0.0.0:9631)
  • ring_key (string) - (Optional) The name of the ring key for encrypting gossip ring communication (Defaults to no encryption)
  • ring_key_content (string) - (Optional) The key content. Only needed if using ring encryption and want the provisioner to take care of uploading and importing it. Easiest to source from a file (eg ring_key_content = "${file("conf/foo-123456789.sym.key")}") (Defaults to none)
  • url (string) - (Optional) The URL of a Builder service to download packages and receive updates from. (Defaults to https://bldr.habitat.sh)
  • channel (string) - (Optional) The release channel in the Builder service to use. (Defaults to stable)
  • events (string) - (Optional) Name of the service group running a Habitat EventSrv to forward Supervisor and service event data to. (Defaults to none)
  • override_name (string) - (Optional) The name of the Supervisor (Defaults to default)
  • organization (string) - (Optional) The organization that the Supervisor and it's subsequent services are part of. (Defaults to default)
  • builder_auth_token (string) - (Optional) The builder authorization token when using a private origin. (Defaults to none)

Service Arguments

  • name (string) - (Required) The Habitat package identifier of the service to run. (ie core/haproxy or core/redis/3.2.4/20171002182640)
  • binds (array) - (Optional) An array of bind specifications. (ie binds = ["backend:nginx.default"])
  • bind - (Optional) An alternative way of declaring binds. This method can be easier to deal with when populating values from other values or variable inputs without having to do string interpolation. The following example is equivalent to binds = ["backend:nginx.default"]:
bind {
  alias = "backend"
  service = "nginx"
  group = "default"
}
  • topology (string) - (Optional) Topology to start service in. Possible values standalone or leader. (Defaults to standalone)
  • strategy (string) - (Optional) Update strategy to use. Possible values at-once, rolling or none. (Defaults to none)
  • user_toml (string) - (Optional) TOML formatted user configuration for the service. Easiest to source from a file (eg user_toml = "${file("conf/redis.toml")}"). (Defaults to none)
  • channel (string) - (Optional) The release channel in the Builder service to use. (Defaults to stable)
  • group (string) - (Optional) The service group to join. (Defaults to default)
  • url (string) - (Optional) The URL of a Builder service to download packages and receive updates from. (Defaults to https://bldr.habitat.sh)
  • application (string) - (Optional) The application name. (Defaults to none)
  • environment (string) - (Optional) The environment name. (Defaults to none)
  • override_name (string) - (Optional) The name for the state directory if there is more than one Supervisor running. (Defaults to default)
  • service_key (string) - (Optional) The key content of a service private key, if using service group encryption. Easiest to source from a file (eg service_key = "${file("conf/redis.default@org-123456789.box.key")}") (Defaults to none)