mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-12-25 03:11:40 +01:00
Code Issues Projects Releases Wiki Activity
vault/enos/modules/softhsm_install/main.tf
Vault Automation 7b470708ac
[VAULT-41521] enos(ec2_infor): update scenario base images (#11508) (#11533) 
Update the base images for all scenarios:

- RHEL: upgrade base image for 10 to 10.1
- RHEL: upgrade base image for 9 to 9.7
- SLES: upgrade base image for 15 to 15.7
- SLES: add SLES 16.0 to the matrix
- OpenSUSE: remove OpenSUSE Leap from the matrix

I ended up removing OpenSUSE because the images that we were on were rarely updated and that resulted in very slow scenarios because of package upgrades. Also, despite the latest release being in October I didn't find any public cloud images produced for the new version of Leap. We can consider adding it back later but I'm comfortable just leaving SLES 15 and 16 in there for that test coverage.

I also ended up fixing a bug in our integration host setup where we'd provision three nodes instead of one. That ought to result in many fewer instance provisions per scenario. I also had to make a few small tweaks in how we detected whether or not SELinux is enabled, as the prior implementation did not work for SLES 16.

Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
2025-12-22 14:17:51 -07:00

118 lines
2.7 KiB
HCL
Raw Permalink Blame History

# Copyright IBM Corp. 2016, 2025
# SPDX-License-Identifier: BUSL-1.1
terraform {
required_providers {
enos = {
source = "registry.terraform.io/hashicorp-forge/enos"
}
}
}
variable "hosts" {
type = map(object({
ipv6 = string
private_ip = string
public_ip = string
}))
description = "The hosts that will have access to the softhsm. We assume they're all the same platform and architecture"
}
variable "include_tools" {
type = bool
default = false
description = "Install opensc pkcs11-tools along with softhsm"
}
variable "retry_interval" {
type = string
default = "2"
description = "How long to wait between retries"
}
variable "timeout" {
type = string
default = "15"
description = "How many seconds to wait before timing out"
}
locals {
packages = var.include_tools ? {
// NOTE: The versions here always correspond to the output of enos_host_info.distro_version. These are used in
// several modules so if you change the keys here also consider the "artifact/metadata", "ec2_info",
amzn = {
"2023" = ["softhsm", "opensc"]
}
rhel = {
"8.10" = ["softhsm", "opensc"]
"9.7" = ["softhsm", "opensc"]
"10.1" = ["softhsm", "opensc"]
}
ubuntu = {
"22.04" = ["softhsm", "opensc"]
"24.04" = ["softhsm2", "opensc"]
}
} : {
amzn = {
"2023" = ["softhsm"]
}
rhel = {
"8.10" = ["softhsm"]
"9.7" = ["softhsm"]
"10.1" = ["softhsm"]
}
ubuntu = {
"22.04" = ["softhsm"]
"24.04" = ["softhsm2"]
}
}
}
// Get the host information so we can ensure that we install the correct packages depending on the
// distro and distro version
resource "enos_host_info" "target" {
transport = {
ssh = {
host = var.hosts["0"].public_ip
}
}
}
module "install_softhsm" {
source = "../install_packages"
hosts = var.hosts
packages = local.packages[enos_host_info.target.distro][enos_host_info.target.distro_version]
}
resource "enos_remote_exec" "find_shared_object" {
for_each = var.hosts
depends_on = [module.install_softhsm]
environment = {
RETRY_INTERVAL = var.retry_interval
TIMEOUT_SECONDS = var.timeout
}
scripts = [abspath("${path.module}/scripts/find-shared-object.sh")]
transport = {
ssh = {
host = each.value.public_ip
}
}
}
locals {
object_paths = compact(distinct(values(enos_remote_exec.find_shared_object)[*].stdout))
}
output "lib" {
value = local.object_paths[0]
precondition {
condition = length(local.object_paths) == 1
error_message = "SoftHSM targets cannot have different libsofthsm2.so shared object paths. Are they all the same Linux distro?"
}
}
Reference in New Issue View Git Blame Copy Permalink