Relation with hashicorp, specifically for registry.terraform.io

roman · December 9, 2017, 12:42am

I’m wondering what’s the deal with modules in the registry? Is it the same production-ready modules your customers are using?

I’ve started to poke around modules for nomad and consul and they are… not very robust, especially server configs.

jim · December 9, 2017, 1:02am

Can you be a bit more specific about what issues you are seeing?

roman · December 9, 2017, 5:15pm

Specifically, the config management done in a way that it’s almost impossible to extend it.

For example, if I want to add an option to enable script run on consul node:

github.com

hashicorp/terraform-aws-consul/blob/master/modules/run-consul/run-consul#L194




  instance_tags=$(get_instance_tags "$instance_id" "$instance_region")
  cluster_size=$(get_cluster_size "$instance_tags" "$instance_region")


  bootstrap_expect="\"bootstrap_expect\": $cluster_size,"
  ui="true"
fi


log_info "Creating default Consul config file in $config_path"
cat > "$config_path" <<EOF
{
"advertise_addr": "$instance_ip_address",
"bind_addr": "$instance_ip_address",
$bootstrap_expect
"client_addr": "0.0.0.0",
"datacenter": "$instance_region",
"node_name": "$instance_id",
$retry_join_json
"server": $server,
"ui": $ui
}

Did you consider any config management to manage settings and apps installation? Chef, ansible or any other.

Thanks!

jim · December 9, 2017, 10:51pm

We looked into a number of different ways to manage this code, including Chef, Puppet, Ansible, and many others. You can read about it here. In general, there are trade-offs with any set of tools.

That said, if you have suggestions on how to manage this configuration management code so it’s more extensible, we’re very open to feedback!

roman · December 9, 2017, 11:06pm

That’s interesting. I haven’t decided yet what to do with consul/nomad configurations.

I think it should be a config management system, so it abstracts away all those details that ‘run-script’ and other similar scripts are doing in the repo. With usual change/apply/test lifecycle, packer could run all that in the build.

jim · December 9, 2017, 11:22pm

So, there are two types of scripts: one to install all dependencies, the other to configure & run the code during boot.

How would you use Chef/Puppet/etc to improve either of those so you could “extend” the code better?

Jim

roman · December 12, 2017, 6:44pm

With ansible, chef or what not.
Packer can run different provisioners and configure the required type of instance (server, agent etc).
It can run any sorts of integrating tests too. And those configs can be extended to run on different OS.

This doesn’t scale…
if [[ ! -f “/usr/bin/supervisorctl” ]]; then
sudo ln -s /usr/local/bin/supervisorctl /usr/bin/supervisorctl
fi
if [[ ! -f “/usr/bin/supervisord” ]]; then
sudo ln -s /usr/local/bin/supervisord /usr/bin/supervisord
fi

Another consideration is relatively easy local dev cycles: vagrant up --provision can run exactly same playbooks on a local VM. Not a dealbreaker, but a very nice thing to have.

jim · December 12, 2017, 10:48pm

We use our install scripts in Packer templates too.

In what sense?

You can run a local VM or Docker container with our scripts too.

It sounded to me like your original complaint was that the config management is impossible to “extend.” Can you give a concrete example of the type of extension you have in mind and how Chef/Ansible/etc would make that possible where bash would not?

To be clear, I’m not against other cfg mgmt tools, but introducing a dependency on a new toolset has a significant cost of its own (every user has to learn it, we have to keep up with new versions, we have to install clients/agents, etc), so it needs to offer something very compelling for this use case to be worth it.

roman · December 13, 2017, 2:30pm

If there is more than one developer working on the codebase.

For example, if few instances need to have script checks enabled (optionally): Agents - Configuration File Reference | Consul | HashiCorp Developer

Trivial with ansible, can add a line to a template and set variable
enable_script_checks = {{ enable_script_checks | default('False') | bool | lower }}

jim · December 13, 2017, 6:41pm

We aren’t trying to generate the entire config file here, as there are a very large number of settings and permutations. Instead, we try to fill in reasonable defaults for a few of the parameters. For the rest, you can simply include your own config file on the server in the right folder, and it gets picked up automatically: https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/run-consul#overriding-the-configuration

roman · December 14, 2017, 3:45am

I see. Yes, pretty easy to add a file. But things like consul are almost never run by themselves - there is tons of other little apps and utilities to configure - from logs shipment to firewalls and dns.

Anyways, I was simply wondering about having real config management.
Seems like it is a legit case.

jim · December 14, 2017, 12:45pm

There’s no reason you can’t do that. You can run our Consul bash scripts from any cfg mgmt tool you might be using or as part of a Packer template (as in this example).

That’s the nice thing about simple scripts: it’s fairly straightforward to fit them into whatever tools you’re already using. On the other hand, if we had picked, say, Ansible, then anyone using Chef or Puppet would more or less automatically refuse to touch this code.

Topic		Replies	Views
Deploying a single module with Circle CI Gruntwork Customers terragrunt , modules	4	1159	March 13, 2018
Terraform 0.11 has been released... and is backwards incompatible Gruntwork Customers announcement	1	1214	November 30, 2017
Testing tools? Gruntwork Customers test	3	1081	December 9, 2017
Comments on getting `infrastructure-live-acme` up and running Gruntwork Customers	2	717	May 21, 2018
Disaster recovery best practices for vault + consul Gruntwork Customers vault , consul	1	2057	April 6, 2018

Relation with hashicorp, specifically for registry.terraform.io

Related Topics