Hello,
I have the following cloud-init configuration where I want to copy a custom bashrc:
data "template_cloudinit_config" "vault_server" {
for_each = var.vault_servers
# split in parts - 1st is cloud-init cfg as such; from 2nd onwards, shell scripts.
# default gzip is true + base64 encoded (for proxmox don't encode or zip the cloud-init)
gzip = false
base64_encode = false
part {
filename = "cloud-init.cfg"
content_type = "text/cloud-config"
content = templatefile("${path.module}/files/consul/consul-server-userdata.tpl", {
bashrc = file("${path.module}/files/common/bashrc")
vault_role = "true"
consul_ca = file("${path.module}/files/ssl-certs-consul/ca/ca.crt")
consul_server_crt = file("${path.module}/files/ssl-certs-consul/certs/host.crt")
consul_server_key = file("${path.module}/files/ssl-certs-consul/certs/host.key")
root_ssh_key = file("${path.module}/files/id_ed25519.pub")
provision_node_ssh_key = file("${path.module}/files/provision_node_ssh_key.pub")
# we are using the same certificate for all consul instances at this point
consul_config = templatefile("${path.module}/files/consul/consul-client-config.tftpl", {
consul_datacenter = var.consul_datacenter
ui_config = "false"
server_role = "false"
retry_join = var.retry_join
consul_domain = var.consul_domain
consul_keygen = var.consul_keygen
})
consul_bootstrap_token = data.external.bootstrap_consul.result.token
ssh_template = templatefile("${path.module}/files/consul/ssh-template.tftpl", {
tf_hostname = each.key
})
consul_acl = file("${path.module}/files/consul/consul-server-acl.tftpl")
vault_ca = file("${path.module}/files/ssl-certs-consul/ca/ca.crt")
vault_crt = file("${path.module}/files/ssl-certs-vault/certs/host.crt")
vault_key = file("${path.module}/files/ssl-certs-vault/certs/host.key")
vault_config = templatefile("${path.module}/files/vault/vault-config.tftpl", {
vault_hostname = "${each.key}.node.ejobs.internal"
})
})
}
part {
filename = "initialise.sh"
content_type = "text/x-shellscript"
content = templatefile("${path.module}/files/vault/initialise.sh", {
tf_hostname = each.key
root_ssh_key = file("${path.module}/files/id_ed25519.pub")
})
}
}
This is what the cloud-config looks like:
#cloud-config
${yamlencode({
users = [
{
name = "root"
groups = "users"
ssh_authorized_keys = [
root_ssh_key,
provision_node_ssh_key,
]
shell = "/bin/bash"
},
]
write_files = [
{
content = bashrc
path = "/root/.bashrc"
},
{
content = consul_config
path = "/etc/consul.d/consul.hcl"
},
{
content = consul_acl
path = "/etc/consul.d/consul-acl.hcl"
},
{
content = ssh_template
path = "/etc/consul-template.d/ssh-template.json"
},
{
content = consul_ca
path = "/etc/consul.d/certs/ca.crt"
},
{
content = consul_server_crt
path = "/etc/consul.d/certs/host.crt"
},
{
content = consul_server_key
path = "/etc/consul.d/certs/host.key"
},
{
content = vault_config
path = "/etc/vault.d/vault.hcl"
},
{
content = vault_ca
path = "/opt/vault/tls/ca.crt"
},
{
content = vault_crt
path = "/opt/vault/tls/tls.crt"
},
{
content = vault_key
path = "/opt/vault/tls/tls.key"
}
]
})}
When I run terraform plan, terraform simply starts with the second variable “consul_config” and goes before “vault_config”.
So I have two issues here. First I’ve no idea what I’m doing wrong.
Secondly terraform silently ignores part of the data that I’m trying to use in cloud-init.