aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c8d8736f49'
${ noResults }
boundary/enos/modules/docker_worker/main.tf

160 lines
4.0 KiB
Raw Blame History

# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "3.0.1"
}
tls = {
source = "hashicorp/tls"
version = "4.0.4"
}
enos = {
source = "app.terraform.io/hashicorp-qti/enos"
}
}
}
variable "image_name" {
description = "Name of Docker Image"
type = string
}
variable "network_name" {
description = "Name of Docker Networks to join"
type = list(string)
}
variable "container_name" {
description = "Name of Docker Container"
type = string
default = "worker"
}
variable "boundary_license" {
description = "License string"
type = string
}
variable "initial_upstream" {
description = "Address to upstream instance that it communicates to"
type = string
}
variable "port" {
description = "Port to use"
type = number
default = 9402
}
variable "tags" {
description = "Tags to set on worker for use in worker filters"
type = list(string)
default = ["e2e"]
}
variable "config_file" {
description = "Path to config file"
type = string
default = "worker-config.hcl"
}
variable "token" {
description = "Controller generated activation token to initialize worker"
type = string
default = ""
}
variable "worker_led_registration" {
description = "Enables worker-led registration flow"
type = bool
default = false
}
resource "docker_image" "boundary" {
name = var.image_name
keep_locally = true
}
locals {
recording_storage_path = "/recordings"
port_ops = var.port + 1
}
resource "docker_container" "worker" {
image = docker_image.boundary.image_id
name = var.container_name
command = ["boundary", "server", "-config", "/boundary/worker-config.hcl"]
env = [
"BOUNDARY_LICENSE=${var.boundary_license}",
"HOSTNAME=boundary",
"SKIP_CHOWN=true",
]
ports {
internal = var.port
external = var.port
}
ports {
internal = local.port_ops
external = local.port_ops
}
capabilities {
add = ["IPC_LOCK"]
}
mounts {
type = "tmpfs"
target = local.recording_storage_path
}
mounts {
type = "tmpfs"
target = "/boundary/logs"
}
upload {
content = templatefile("${abspath(path.module)}/${var.config_file}", {
worker_name = var.container_name
initial_upstream = var.initial_upstream
type_tags = jsonencode(var.tags)
recording_storage_path = local.recording_storage_path
port = var.port
port_ops = local.port_ops
token = var.token
})
file = "/boundary/worker-config.hcl"
}
healthcheck {
test = ["CMD", "grep", "-i", "worker has successfully authenticated", "/boundary/logs/events.log"]
interval = "3s"
timeout = "5s"
retries = 5
}
wait = var.worker_led_registration ? false : true
must_run = true
dynamic "networks_advanced" {
for_each = var.network_name
content {
name = networks_advanced.value
}
}
}
resource "enos_local_exec" "get_worker_led_token" {
count = var.worker_led_registration ? 1 : 0
depends_on = [
docker_container.worker
]
inline = ["timeout 10s bash -c 'set -eo pipefail; until docker logs ${var.container_name} 2>&1 | grep \"Worker Auth Registration Request: .*\" | cut -f2- -d':' | xargs; do sleep 2; done'"]
}
resource "enos_local_exec" "check_address" {
count = var.worker_led_registration ? 0 : 1
depends_on = [
docker_container.worker
]
inline = ["timeout 10s bash -c 'until echo $(curl -s -i \"http://0.0.0.0:${local.port_ops}/health?worker_info=1\") | grep -i \\\"upstream_connection_state\\\":\\\"READY\\\"; do sleep 2; done'"]
}
output "upstream_address" {
value = "${var.container_name}:${var.port}"
}
output "worker_led_token" {
value = var.worker_led_registration ? trimspace(enos_local_exec.get_worker_led_token[0].stdout) : ""
}
Reference in new issue View Git Blame Copy Permalink