Once you have set up a Terraform configuration to successfully deploy the infrastructure you need on Jetstream2, you can turn your attention to provisioning that infrastructure. By this we mean taking a bare cloud instance and doing what is needed to get it ready for use in your application. That might include doing things like the following:

  • Updating the operating system
  • Performing system administration (creating accounts, configuring services, etc.)
  • Installing software
  • Copying data to the system
  • Passing configuration information (such as IP addresses) to the instances

Terraform is adept at performing deployment operations through cloud providers that follow well-understood patterns. But the realm of provisioning is much less consistently structured. Because of the numerous operating systems and many different commands you might want to execute, it isn't possible for Terraform to support provisioning with the kind of exacting mechanisms that it provides for deployment. This topic discusses your options for provisioning a configuration that is deployed through Terraform. Such provisioning of an instance can happen in one of four time frames:

  • Before you run Terraform
  • When a Terraform-created instance boots for the first time
  • After Terraform creates an instance but before Terraform finishes
  • After Terraform finishes

Before Running Terraform

One of the best ways to provision your Jetstream2 instances is by creating a custom image. You could then use the custom image when creating instances through Terraform. Such images can contain system configurations, user accounts, software installations and other customizations that do not change frequently. Custom images will not help you work with your most recent data set or access information that is only known once Terraform has run.

Creating a custom Jetstream2 image is not hard and the process is described in the Jetstream2 documentation, both through the Exosphere web interface (Horizon can also be used) and through the command-line interface (CLI). Basically, you need to create an instance from a standard Jetstream2 image, then customize it as you want while observing a few restrictions and guidelines. You can then save a snapshot of the instance that can server as an image.

During First Boot

When an instance is first booted on Jetstream2, OpenStack attempts to initialize it using cloud-init. Cloud-init is a method for passing metadata and "user data" to an instance, where the user data is a script that will be run on the new instance. Using cloud-init from within Terraform provides a good opportunity to update the operating system, perform configuration, install software and copy data to the instance. In some situations, you can also use it to pass information from Terraform to the new instance. Keep in mind that the tasks in a cloud-init "user data" script will be performed each time a new instance is deployed. If your initialization includes long tasks that will not change over time, it is recommended that they instead be included in a custom image, as described above.

If you are an experienced cloud-init user and want detailed control over it in your Terraform configuration, you can use the template_cloudinit_config template to produce multi-part MIME configurations for cloud-init. However, most people should only need to provide a script to run on new instances, and that process is described in the immediately following page, cloud-init and user_data.

Before Terraform Finishes

Terraform includes three "generic" provisioners that can be used in your configurations. These provisioners can copy files to instances or run scripts either on the "local" Terraform system or one of the "remote" instances that have been created. While you might imagine that these functionalities will let you do any provisioning you want to your instances, Terraform offers the caveat that you should consider these provisioners to be a "last resort". While respecting that opinion, we will still discuss:

After Running Terraform

Another provisioning option is to use a tool that is designed for the purpose, such as Ansible. You can choose to run such a tool on its own after Terraform has completed its deployment work. It is also possible to invoke a provisioning tool from a Terraform "exec" provisioner in your configuration.

 
©  |   Cornell University    |   Center for Advanced Computing    |   Copyright Statement    |   Inclusivity Statement