Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revisiting ssh-oidc config #370

Merged
merged 8 commits into from
Sep 17, 2024
Merged

Revisiting ssh-oidc config #370

merged 8 commits into from
Sep 17, 2024

Conversation

sebastian-luna-valero
Copy link
Member

@sebastian-luna-valero sebastian-luna-valero commented Sep 17, 2024
edited
Loading

Summary

We previously tried to grant access via ssh-oidc to members of the cloud.egi.eu VO with the auditor role. See #364, #365, #366, #367, and #368.

However, the ansible configuration of the VM fails after completing the grycap.motley_cue role and starting with the catchall role in the playbook with this error:

TASK [catchall : Ensure cron is available] *************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AttributeError: module 'lib' has no attribute 'X509_V_FLAG_NOTIFY_POLICY'. Did you mean: 'X509_V_FLAG_EXPLICIT_POLICY'?

The issue seems to happen with the version of ansible installed with apt on Ubuntu 22.04. Installing the latest ansible version with pip seems to solve the issue.

In this PR I am also:

  • adding a security group to enable access with ssh-oidc
  • passing an access token to the grycap.motley_cue role with Ansible

Let's see how it goes this time.

Related issue :

@github-actions GitHub Actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

Show Plan 
terraform
Acquiring state lock. This may take a few moments...
openstack_compute_instance_v2.cloud-info: Refreshing state... [id=38eca867-7153-4094-903a-790f17e6cd37]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_instance_v2.cloud-info must be replaced
-/+ resource "openstack_compute_instance_v2" "cloud-info" {
      ~ access_ip_v4        = "192.168.1.101" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2024-09-13 11:47:18 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "svc1.m" -> (known after apply)
      ~ id                  = "38eca867-7153-4094-903a-790f17e6cd37" -> (known after apply)
      ~ image_name          = "ubuntu-22.04-amd64-raw" -> (known after apply)
        name                = "cloud-info"
      + region              = (known after apply)
      ~ security_groups     = [
          + "motley",
            # (1 unchanged element hidden)
        ]
      - tags                = [] -> null
      ~ updated             = "2024-09-13 11:47:51 +0000 UTC" -> (known after apply)
      ~ user_data           = "79b0063733db832b791f0197dc36d327e7f072b4" -> "8d50c60e34deb06ce23de23fc15ce8e5aa3fd0f9" # forces replacement
        # (5 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.1.101" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          + floating_ip    = (known after apply)
          ~ mac            = "fa:16:3e:a9:6c:97" -> (known after apply)
          ~ name           = "cloud_egi_net" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

  # openstack_networking_secgroup_rule_v2.motley-8080 will be created
  + resource "openstack_networking_secgroup_rule_v2" "motley-8080" {
      + direction         = "ingress"
      + ethertype         = "IPv4"
      + id                = (known after apply)
      + port_range_max    = 8080
      + port_range_min    = 8080
      + protocol          = "tcp"
      + region            = (known after apply)
      + remote_group_id   = (known after apply)
      + remote_ip_prefix  = "0.0.0.0/0"
      + security_group_id = (known after apply)
      + tenant_id         = (known after apply)
    }

  # openstack_networking_secgroup_v2.motley will be created
  + resource "openstack_networking_secgroup_v2" "motley" {
      + all_tags             = (known after apply)
      + delete_default_rules = true
      + description          = "Open ports for motley-cue"
      + id                   = (known after apply)
      + name                 = "motley"
      + region               = (known after apply)
      + tenant_id            = (known after apply)
    }

Plan: 3 to add, 0 to change, 1 to destroy.

Changes to Outputs:
  ~ instance-id = "38eca867-7153-4094-903a-790f17e6cd37" -> (known after apply)

Warning: Argument is deprecated

  with provider["registry.terraform.io/terraform-provider-openstack/openstack"],
  on backend.tf line 10, in provider "openstack":
  10: provider "openstack" {

Users not using loadbalancer resources can ignore this message. Support for
neutron-lbaas will be removed on next major release. Octavia will be the only
supported method for loadbalancer resources. Users using octavia will have to
remove 'use_octavia' option from the provider configuration block. Users
using neutron-lbaas will have to migrate/upgrade to octavia.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

@github-actions GitHub Actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

Show Plan 
terraform
Acquiring state lock. This may take a few moments...
openstack_blockstorage_volume_v3.image-cache: Refreshing state... [id=3a70b748-457f-42ec-abd6-01872ae51204]
openstack_compute_instance_v2.image-sync: Refreshing state... [id=856fc821-2d51-42b4-b0e0-fce5d14d412f]
openstack_compute_volume_attach_v2.attached: Refreshing state... [id=856fc821-2d51-42b4-b0e0-fce5d14d412f/3a70b748-457f-42ec-abd6-01872ae51204]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_instance_v2.image-sync must be replaced
-/+ resource "openstack_compute_instance_v2" "image-sync" {
      ~ access_ip_v4        = "192.168.1.115" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2024-09-13 07:36:41 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "svc1.m" -> (known after apply)
      ~ id                  = "856fc821-2d51-42b4-b0e0-fce5d14d412f" -> (known after apply)
      ~ image_name          = "ubuntu-22.04-amd64-raw" -> (known after apply)
        name                = "image-sync"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-13 07:37:03 +0000 UTC" -> (known after apply)
      ~ user_data           = "102fd156b7cde88b4a891b17637cb73cfc49d493" -> "ae682b6e33ab2acfc9ea08e3299e9d68d374208c" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.1.115" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          + floating_ip    = (known after apply)
          ~ mac            = "fa:16:3e:6b:57:52" -> (known after apply)
          ~ name           = "cloud_egi_net" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

  # openstack_compute_volume_attach_v2.attached must be replaced
-/+ resource "openstack_compute_volume_attach_v2" "attached" {
      ~ device      = "/dev/sdb" -> (known after apply)
      ~ id          = "856fc821-2d51-42b4-b0e0-fce5d14d412f/3a70b748-457f-42ec-abd6-01872ae51204" -> (known after apply)
      ~ instance_id = "856fc821-2d51-42b4-b0e0-fce5d14d412f" -> (known after apply) # forces replacement
      + region      = (known after apply)
        # (1 unchanged attribute hidden)
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Changes to Outputs:
  ~ instance-id = "856fc821-2d51-42b4-b0e0-fce5d14d412f" -> (known after apply)

Warning: Argument is deprecated

  with provider["registry.terraform.io/terraform-provider-openstack/openstack"],
  on backend.tf line 10, in provider "openstack":
  10: provider "openstack" {

Users not using loadbalancer resources can ignore this message. Support for
neutron-lbaas will be removed on next major release. Octavia will be the only
supported method for loadbalancer resources. Users using octavia will have to
remove 'use_octavia' option from the provider configuration block. Users
using neutron-lbaas will have to migrate/upgrade to octavia.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @sebastian-luna-valero, Action: pull_request

@github-actions GitHub Actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

Show Plan 
terraform

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # openstack_compute_instance_v2.cloud-info will be created
  + resource "openstack_compute_instance_v2" "cloud-info" {
      + access_ip_v4        = (known after apply)
      + access_ip_v6        = (known after apply)
      + all_metadata        = (known after apply)
      + all_tags            = (known after apply)
      + availability_zone   = (known after apply)
      + created             = (known after apply)
      + flavor_id           = "737f8483-8063-4567-a8e5-e09a4bcbdb49"
      + flavor_name         = (known after apply)
      + force_delete        = false
      + id                  = (known after apply)
      + image_id            = "966f2e5a-7b48-4cb2-be92-6e2132413cf2"
      + image_name          = (known after apply)
      + name                = "cloud-info"
      + power_state         = "active"
      + region              = (known after apply)
      + security_groups     = [
          + "default",
          + "motley",
        ]
      + stop_before_destroy = false
      + updated             = (known after apply)
      + user_data           = "87cbc9691ba3761a2bfe9b67d3e64cdbe60b8703"

      + network {
          + access_network = false
          + fixed_ip_v4    = (known after apply)
          + fixed_ip_v6    = (known after apply)
          + floating_ip    = (known after apply)
          + mac            = (known after apply)
          + name           = (known after apply)
          + port           = (known after apply)
          + uuid           = "f15a0e1f-570e-4135-9739-a59b8c2b3e8e"
        }
    }

  # openstack_networking_secgroup_rule_v2.motley-8080 will be created
  + resource "openstack_networking_secgroup_rule_v2" "motley-8080" {
      + direction         = "ingress"
      + ethertype         = "IPv4"
      + id                = (known after apply)
      + port_range_max    = 8080
      + port_range_min    = 8080
      + protocol          = "tcp"
      + region            = (known after apply)
      + remote_group_id   = (known after apply)
      + remote_ip_prefix  = "0.0.0.0/0"
      + security_group_id = (known after apply)
      + tenant_id         = (known after apply)
    }

  # openstack_networking_secgroup_v2.motley will be created
  + resource "openstack_networking_secgroup_v2" "motley" {
      + all_tags             = (known after apply)
      + delete_default_rules = true
      + description          = "Open ports for motley-cue"
      + id                   = (known after apply)
      + name                 = "motley"
      + region               = (known after apply)
      + tenant_id            = (known after apply)
    }

Plan: 3 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + instance-id = (known after apply)

Warning: Argument is deprecated

  with provider["registry.terraform.io/terraform-provider-openstack/openstack"],
  on backend.tf line 2, in provider "openstack":
   2: provider "openstack" {

Users not using loadbalancer resources can ignore this message. Support for
neutron-lbaas will be removed on next major release. Octavia will be the only
supported method for loadbalancer resources. Users using octavia will have to
remove 'use_octavia' option from the provider configuration block. Users
using neutron-lbaas will have to migrate/upgrade to octavia.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @sebastian-luna-valero, Action: pull_request

@github-actions GitHub Actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

Show Plan 
terraform
Acquiring state lock. This may take a few moments...
openstack_blockstorage_volume_v3.image-cache: Refreshing state... [id=3a70b748-457f-42ec-abd6-01872ae51204]
openstack_compute_instance_v2.image-sync: Refreshing state... [id=856fc821-2d51-42b4-b0e0-fce5d14d412f]
openstack_compute_volume_attach_v2.attached: Refreshing state... [id=856fc821-2d51-42b4-b0e0-fce5d14d412f/3a70b748-457f-42ec-abd6-01872ae51204]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_instance_v2.image-sync must be replaced
-/+ resource "openstack_compute_instance_v2" "image-sync" {
      ~ access_ip_v4        = "192.168.1.115" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2024-09-13 07:36:41 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "svc1.m" -> (known after apply)
      ~ id                  = "856fc821-2d51-42b4-b0e0-fce5d14d412f" -> (known after apply)
      ~ image_name          = "ubuntu-22.04-amd64-raw" -> (known after apply)
        name                = "image-sync"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-13 07:37:03 +0000 UTC" -> (known after apply)
      ~ user_data           = "102fd156b7cde88b4a891b17637cb73cfc49d493" -> "37108fd5cb6966e98e174e7335c32effb977d5d6" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.1.115" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          + floating_ip    = (known after apply)
          ~ mac            = "fa:16:3e:6b:57:52" -> (known after apply)
          ~ name           = "cloud_egi_net" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

  # openstack_compute_volume_attach_v2.attached must be replaced
-/+ resource "openstack_compute_volume_attach_v2" "attached" {
      ~ device      = "/dev/sdb" -> (known after apply)
      ~ id          = "856fc821-2d51-42b4-b0e0-fce5d14d412f/3a70b748-457f-42ec-abd6-01872ae51204" -> (known after apply)
      ~ instance_id = "856fc821-2d51-42b4-b0e0-fce5d14d412f" -> (known after apply) # forces replacement
      + region      = (known after apply)
        # (1 unchanged attribute hidden)
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Changes to Outputs:
  ~ instance-id = "856fc821-2d51-42b4-b0e0-fce5d14d412f" -> (known after apply)

Warning: Argument is deprecated

  with provider["registry.terraform.io/terraform-provider-openstack/openstack"],
  on backend.tf line 10, in provider "openstack":
  10: provider "openstack" {

Users not using loadbalancer resources can ignore this message. Support for
neutron-lbaas will be removed on next major release. Octavia will be the only
supported method for loadbalancer resources. Users using octavia will have to
remove 'use_octavia' option from the provider configuration block. Users
using neutron-lbaas will have to migrate/upgrade to octavia.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

@github-actions GitHub Actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

Show Plan 
terraform

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # openstack_compute_instance_v2.cloud-info will be created
  + resource "openstack_compute_instance_v2" "cloud-info" {
      + access_ip_v4        = (known after apply)
      + access_ip_v6        = (known after apply)
      + all_metadata        = (known after apply)
      + all_tags            = (known after apply)
      + availability_zone   = (known after apply)
      + created             = (known after apply)
      + flavor_id           = "737f8483-8063-4567-a8e5-e09a4bcbdb49"
      + flavor_name         = (known after apply)
      + force_delete        = false
      + id                  = (known after apply)
      + image_id            = "966f2e5a-7b48-4cb2-be92-6e2132413cf2"
      + image_name          = (known after apply)
      + name                = "cloud-info"
      + power_state         = "active"
      + region              = (known after apply)
      + security_groups     = [
          + "default",
          + "motley",
        ]
      + stop_before_destroy = false
      + updated             = (known after apply)
      + user_data           = "f6f794f85121ee937ee33c969a36796bb39dd2f1"

      + network {
          + access_network = false
          + fixed_ip_v4    = (known after apply)
          + fixed_ip_v6    = (known after apply)
          + floating_ip    = (known after apply)
          + mac            = (known after apply)
          + name           = (known after apply)
          + port           = (known after apply)
          + uuid           = "f15a0e1f-570e-4135-9739-a59b8c2b3e8e"
        }
    }

  # openstack_networking_secgroup_rule_v2.motley-8080 will be created
  + resource "openstack_networking_secgroup_rule_v2" "motley-8080" {
      + direction         = "ingress"
      + ethertype         = "IPv4"
      + id                = (known after apply)
      + port_range_max    = 8080
      + port_range_min    = 8080
      + protocol          = "tcp"
      + region            = (known after apply)
      + remote_group_id   = (known after apply)
      + remote_ip_prefix  = "0.0.0.0/0"
      + security_group_id = (known after apply)
      + tenant_id         = (known after apply)
    }

  # openstack_networking_secgroup_v2.motley will be created
  + resource "openstack_networking_secgroup_v2" "motley" {
      + all_tags             = (known after apply)
      + delete_default_rules = true
      + description          = "Open ports for motley-cue"
      + id                   = (known after apply)
      + name                 = "motley"
      + region               = (known after apply)
      + tenant_id            = (known after apply)
    }

Plan: 3 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + instance-id = (known after apply)

Warning: Argument is deprecated

  with provider["registry.terraform.io/terraform-provider-openstack/openstack"],
  on backend.tf line 2, in provider "openstack":
   2: provider "openstack" {

Users not using loadbalancer resources can ignore this message. Support for
neutron-lbaas will be removed on next major release. Octavia will be the only
supported method for loadbalancer resources. Users using octavia will have to
remove 'use_octavia' option from the provider configuration block. Users
using neutron-lbaas will have to migrate/upgrade to octavia.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @sebastian-luna-valero, Action: pull_request

@github-actions GitHub Actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

Show Plan 
terraform
Acquiring state lock. This may take a few moments...
openstack_blockstorage_volume_v3.image-cache: Refreshing state... [id=3a70b748-457f-42ec-abd6-01872ae51204]
openstack_compute_instance_v2.image-sync: Refreshing state... [id=856fc821-2d51-42b4-b0e0-fce5d14d412f]
openstack_compute_volume_attach_v2.attached: Refreshing state... [id=856fc821-2d51-42b4-b0e0-fce5d14d412f/3a70b748-457f-42ec-abd6-01872ae51204]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_instance_v2.image-sync must be replaced
-/+ resource "openstack_compute_instance_v2" "image-sync" {
      ~ access_ip_v4        = "192.168.1.115" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2024-09-13 07:36:41 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "svc1.m" -> (known after apply)
      ~ id                  = "856fc821-2d51-42b4-b0e0-fce5d14d412f" -> (known after apply)
      ~ image_name          = "ubuntu-22.04-amd64-raw" -> (known after apply)
        name                = "image-sync"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-13 07:37:03 +0000 UTC" -> (known after apply)
      ~ user_data           = "102fd156b7cde88b4a891b17637cb73cfc49d493" -> "a8fb5efc32248feb77ba79e2f0c2d910188dd301" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.1.115" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          + floating_ip    = (known after apply)
          ~ mac            = "fa:16:3e:6b:57:52" -> (known after apply)
          ~ name           = "cloud_egi_net" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

  # openstack_compute_volume_attach_v2.attached must be replaced
-/+ resource "openstack_compute_volume_attach_v2" "attached" {
      ~ device      = "/dev/sdb" -> (known after apply)
      ~ id          = "856fc821-2d51-42b4-b0e0-fce5d14d412f/3a70b748-457f-42ec-abd6-01872ae51204" -> (known after apply)
      ~ instance_id = "856fc821-2d51-42b4-b0e0-fce5d14d412f" -> (known after apply) # forces replacement
      + region      = (known after apply)
        # (1 unchanged attribute hidden)
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Changes to Outputs:
  ~ instance-id = "856fc821-2d51-42b4-b0e0-fce5d14d412f" -> (known after apply)

Warning: Argument is deprecated

  with provider["registry.terraform.io/terraform-provider-openstack/openstack"],
  on backend.tf line 10, in provider "openstack":
  10: provider "openstack" {

Users not using loadbalancer resources can ignore this message. Support for
neutron-lbaas will be removed on next major release. Octavia will be the only
supported method for loadbalancer resources. Users using octavia will have to
remove 'use_octavia' option from the provider configuration block. Users
using neutron-lbaas will have to migrate/upgrade to octavia.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

@sebastian-luna-valero sebastian-luna-valero marked this pull request as ready for review September 17, 2024 10:14
@sebastian-luna-valero sebastian-luna-valero requested a review from a team as a code owner September 17, 2024 10:14
enolfc
enolfc requested changes Sep 17, 2024
View reviewed changes
deploy/cloud-info/backend.tf Outdated Show resolved Hide resolved
deploy/cloud-info/main.tf Show resolved Hide resolved
@github-actions GitHub Actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

Show Plan 
terraform
Acquiring state lock. This may take a few moments...
openstack_compute_instance_v2.cloud-info: Refreshing state... [id=38eca867-7153-4094-903a-790f17e6cd37]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_instance_v2.cloud-info must be replaced
-/+ resource "openstack_compute_instance_v2" "cloud-info" {
      ~ access_ip_v4        = "192.168.1.101" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2024-09-13 11:47:18 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "svc1.m" -> (known after apply)
      ~ id                  = "38eca867-7153-4094-903a-790f17e6cd37" -> (known after apply)
      ~ image_name          = "ubuntu-22.04-amd64-raw" -> (known after apply)
        name                = "cloud-info"
      ~ power_state         = "shutoff" -> "active"
      + region              = (known after apply)
      ~ security_groups     = [
          + "motley",
            # (1 unchanged element hidden)
        ]
      - tags                = [] -> null
      ~ updated             = "2024-09-17 10:47:16 +0000 UTC" -> (known after apply)
      ~ user_data           = "79b0063733db832b791f0197dc36d327e7f072b4" -> "6254d4d80c1d7b444f83997dfd4fadcb1d234a50" # forces replacement
        # (4 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.1.101" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          + floating_ip    = (known after apply)
          ~ mac            = "fa:16:3e:a9:6c:97" -> (known after apply)
          ~ name           = "cloud_egi_net" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

  # openstack_networking_secgroup_rule_v2.motley-8080 will be created
  + resource "openstack_networking_secgroup_rule_v2" "motley-8080" {
      + direction         = "ingress"
      + ethertype         = "IPv4"
      + id                = (known after apply)
      + port_range_max    = 8080
      + port_range_min    = 8080
      + protocol          = "tcp"
      + region            = (known after apply)
      + remote_group_id   = (known after apply)
      + remote_ip_prefix  = "0.0.0.0/0"
      + security_group_id = (known after apply)
      + tenant_id         = (known after apply)
    }

  # openstack_networking_secgroup_v2.motley will be created
  + resource "openstack_networking_secgroup_v2" "motley" {
      + all_tags             = (known after apply)
      + delete_default_rules = true
      + description          = "Open ports for motley-cue"
      + id                   = (known after apply)
      + name                 = "motley"
      + region               = (known after apply)
      + tenant_id            = (known after apply)
    }

Plan: 3 to add, 0 to change, 1 to destroy.

Changes to Outputs:
  ~ instance-id = "38eca867-7153-4094-903a-790f17e6cd37" -> (known after apply)

Warning: Argument is deprecated

  with provider["registry.terraform.io/terraform-provider-openstack/openstack"],
  on backend.tf line 10, in provider "openstack":
  10: provider "openstack" {

Users not using loadbalancer resources can ignore this message. Support for
neutron-lbaas will be removed on next major release. Octavia will be the only
supported method for loadbalancer resources. Users using octavia will have to
remove 'use_octavia' option from the provider configuration block. Users
using neutron-lbaas will have to migrate/upgrade to octavia.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @sebastian-luna-valero, Action: pull_request

@github-actions GitHub Actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

Show Plan 
terraform
Acquiring state lock. This may take a few moments...
openstack_blockstorage_volume_v3.image-cache: Refreshing state... [id=3a70b748-457f-42ec-abd6-01872ae51204]
openstack_compute_instance_v2.image-sync: Refreshing state... [id=856fc821-2d51-42b4-b0e0-fce5d14d412f]
openstack_compute_volume_attach_v2.attached: Refreshing state... [id=856fc821-2d51-42b4-b0e0-fce5d14d412f/3a70b748-457f-42ec-abd6-01872ae51204]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_instance_v2.image-sync must be replaced
-/+ resource "openstack_compute_instance_v2" "image-sync" {
      ~ access_ip_v4        = "192.168.1.115" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2024-09-13 07:36:41 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "svc1.m" -> (known after apply)
      ~ id                  = "856fc821-2d51-42b4-b0e0-fce5d14d412f" -> (known after apply)
      ~ image_name          = "ubuntu-22.04-amd64-raw" -> (known after apply)
        name                = "image-sync"
      ~ power_state         = "shutoff" -> "active"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-09-17 10:47:16 +0000 UTC" -> (known after apply)
      ~ user_data           = "102fd156b7cde88b4a891b17637cb73cfc49d493" -> "77b6b1cb63d0b2cb990764e228492d6e34743f5b" # forces replacement
        # (5 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.1.115" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          + floating_ip    = (known after apply)
          ~ mac            = "fa:16:3e:6b:57:52" -> (known after apply)
          ~ name           = "cloud_egi_net" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

  # openstack_compute_volume_attach_v2.attached must be replaced
-/+ resource "openstack_compute_volume_attach_v2" "attached" {
      ~ device      = "/dev/sdb" -> (known after apply)
      ~ id          = "856fc821-2d51-42b4-b0e0-fce5d14d412f/3a70b748-457f-42ec-abd6-01872ae51204" -> (known after apply)
      ~ instance_id = "856fc821-2d51-42b4-b0e0-fce5d14d412f" -> (known after apply) # forces replacement
      + region      = (known after apply)
        # (1 unchanged attribute hidden)
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Changes to Outputs:
  ~ instance-id = "856fc821-2d51-42b4-b0e0-fce5d14d412f" -> (known after apply)

Warning: Argument is deprecated

  with provider["registry.terraform.io/terraform-provider-openstack/openstack"],
  on backend.tf line 10, in provider "openstack":
  10: provider "openstack" {

Users not using loadbalancer resources can ignore this message. Support for
neutron-lbaas will be removed on next major release. Octavia will be the only
supported method for loadbalancer resources. Users using octavia will have to
remove 'use_octavia' option from the provider configuration block. Users
using neutron-lbaas will have to migrate/upgrade to octavia.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @sebastian-luna-valero, Action: pull_request

enolfc
enolfc approved these changes Sep 17, 2024
View reviewed changes
Copy link
Contributor

@enolfc enolfc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@enolfc enolfc merged commit 553eabe into main Sep 17, 2024
35 checks passed
@enolfc enolfc deleted the ssh-oidc branch September 17, 2024 11:46
@sebastian-luna-valero sebastian-luna-valero mentioned this pull request Sep 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@enolfc enolfc enolfc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sebastian-luna-valero @enolfc