Hello,
I’m using the following config file in terraform for cloud-init:
#cloud-config
${yamlencode({
users = [
{
name = "root"
groups = "users"
ssh_authorized_keys = [
root_ssh_key,
]
shell = "/bin/bash"
},
]
write_files = [
{
content = consul_config
path = "/etc/consul.d/consul.hcl",
},
{
content = consul_acl
path = "/etc/consul.d/consul-acl.hcl",
},
{
content = ssh_template
path = "/etc/consul-template.d/ssh-template.json"
},
{
content = consul_ca
path = "/etc/consul.d/certs/ca.crt"
},
{
content = consul_server_crt
path = "/etc/consul.d/certs/host.crt"
},
{
content = consul_server_key
path = "/etc/consul.d/certs/host.key"
},
]
})}
The problem that I’m having is that part of the config file is simply ignored. As you can see, I’m trying to write several certificate files, but that part simply doesn’t exist in the rendered cloud-init config file (/var/lib/cloud/instance/user-data.txt). Here is the relevant part:
"path": "/etc/consul.d/consul.hcl"
- "content": |
template {
contents = "{{ key \"consul-2/authorized_keys\" }}"
destination = "/root/.ssh/authorized_keys"
}
wait {
min = "1s"
max = "1s"
}
"path": "/etc/consul-template.d/ssh-template.json"
--===============1916385269702294627==
Content-Disposition: attachment; filename="initialise.sh"
Content-Transfer-Encoding: 7bit
Content-Type: text/x-shellscript
Mime-Version: 1.0
#!/usr/bin/env bash
So the first part finished at ssh-template (which is written correctly.
This is what the cloudinit configuration in main.tf looks like:
data "template_cloudinit_config" "consul_server" {
for_each = var.consul_servers
# split in parts - 1st is cloud-init cfg as such; from 2nd onwards, shell scripts.
# default gzip is true + base64 encoded (for proxmox don't encode or zip the cloud-init)
gzip = false
base64_encode = false
part {
filename = "cloud-init.cfg"
content_type = "text/cloud-config"
content = templatefile("${path.module}/files/consul/consul-server-userdata.tpl", {
root_ssh_key = file("${path.module}/files/id_ed25519.pub")
# we are using the same certificate for all consul instances at this point
consul_ca = file("${path.module}/files/ssl-certs/ca/ca.crt")
consul_server_crt = file("${path.module}/files/ssl-certs/certs/host.crt")
consul_server_key = file("${path.module}/files/ssl-certs/certs/host.key")
consul_config = templatefile("${path.module}/files/consul/consul-server-config.tftpl", {
consul_datacenter = var.consul_datacenter
ui_config = var.ui_config
server_role = var.server_role
bootstrap_expect = var.bootstrap_expect
retry_join = var.retry_join
consul_domain = var.consul_domain
})
ssh_template = templatefile("${path.module}/files/consul/ssh-template.tftpl", {
tf_hostname = each.key
})
consul_acl = file("${path.module}/files/consul/consul-server-acl.tftpl")
})
}
Any help is greatly appreciated!
