Official OpenStack clients commonly support specifing a client
certificate/key to enable SSL client authentication when communicating
with OpenStack services. This patch enables such feature in Terraform
with new parameters and environment variables:
* 'cert' provider parameter or OS_CERT env variable to specify client
certificate file,
* 'key' provider parameter or OS_KEY env variable to specify client
certificate private key file.
This commit patches a few acceptance tests in order to get them to
pass under OpenStack Mitaka.
The devstack dev environment script has also been updated to reflect
OpenStack Mitaka as well as the new Terraform dependency vendoring.
This commit enables the ability to authenticate to OpenStack by way
of a Keystone Token. Tokens can provide a way to use Terraform and
OpenStack with an expiring, temporary credential. The token will need
to be generated out of band from Terraform.
This commit adds a no_gateway attribute. When set, the subnet will
not have a gateway. This is different than not specifying a
gateway_ip since that will cause a default gateway of .1 to be used.
This behavior mirrors the OpenStack Neutron command-line tool.
Fixes#6031
Previously, resizing would only work if the flavor_id changed and
would create an error if the flavor_name changes. This commit fixes
this behavior.
It also quickly refactors the getFlavorID function to use
Gophercloud's IDFromName function. getFlavorID was the basis of
IDFromName so the exact same code is used.
Fixes#5780
This is to just catch possible breakage in the future. The actual
support was done in Gophercloud.
Previously, values of 0 were not allowed since there's no such port
as 0. However, there are ICMP codes of 0.
GH-4812 removed reading server.AccessIPv4 and server.AccessIPv6
because, AFAICT, they are not set by Nova. After removal, a user
reported that they were no longer able to read IPs from access_ip_v4
and access_ip_v6 on Rackspace. It's possible that Rackspace sets
the AccessIPv* attributes, and if that's true, other cloud providers
might as well through custom extensions.
The priority of how access_ip_v* is set might require some tweaks in
the future.
This commit allows "detaching" to be a valid pending state when
detaching a volume. Despite being obvious pending state, it also
helps in race situations when a volume is implicitly being detached
by Nova.
This commit fixes and cleans up instance block_device configuration.
Reverts #5354 in that `volume_size` is only required in certain
block_device configuration combinations. Therefore, the actual
attribute must be set to Optional and later checks done.
Doc upates, too.
This commit adds the ability to create instances with multiple
ephemeral disks. The ephemeral disks will appear as local block
devices to the instance.
The `volume_size` of a `block_device` was originally set to Optional,
but it's a required parameter in the OpenStack/Nova API. While it's
possible to infer a default size of the block device, making it required
more closely matches the Nova CLI client as well as provides consistent
experience when working with multiple block_devices.
Official OpenStack clients support specifing custom CA certificate file
that should be used when communicating with OpenStack server. This patch
adds similar behavior to Terraform OpenStack provider, by:
- Using OS_CACERT environmental variable, if available
- Using cacert_file provider parameter, if configured
This commit adds the ability to associate a Floating IP to a specific
network. Previously, there only existed a top-level floating IP
attribute which was automatically associated with either the first
defined network or the default network (when no network block was
used).
Now floating IPs can be associated with networks beyond the first
defined network as well as each network being able to have their own
floating IP.
Specifying the floating IP by using the top-level floating_ip
attribute and the per-network floating IP attribute is not possible.
Additionally, an `access_network` attribute has been added in order
to easily specify which network should be used for provisioning.
This commit adds the openstack_lb_member_v1 resource. This resource models a
load balancing member which was previously coupled to the openstack_lb_pool_v1
resource.
By creating an actual member resource, load balancing members can now be
dynamically managed through terraform.
This change better reflects how block devices are passed to the Nova API
and allows for future enablement of block_device features. It also resolves
an interpolation bug.
This commit prevents Terraform from erroring when an attempt is made
to delete a volume already in a "deleting" state. This can happen when
the volume is the root disk of an instance and the instance was
terminated.
This commit adds State Change support to the LBaaS resources which should
help with clean terminations.
It also adds an acceptance tests that builds out a 2-node load balance
service.
This commit makes a few attributes computed so the generated information
is accessible after creation.
It also fixes the "persistence" attribute, which previously had a typo.
Finally, it converts "admin_state_up" to a Boolean to match the majority
of other attributes of the same name.
This commit makes some quick updates to the port attributes to make them
more intuitive:
* `security_groups` to `security_group_ids`: since the port is expecting
IDs and not security group names like in other areas of OpenStack.
* `admin_state_up`: change to Boolean to match this same attribute on
other resources.
* `fixed_ips` to `fixed_ip`: while multiple `fixed_ip` blocks can be
specified, only one fixed IP can be specified in each block.
This commit fixes an issue with security group rules where the rules
were not being correctly computed due to a typo in the rule map.
Once rules were successfully computed, the rules then needed to be
converted into a Set so they can be correctly ordered.
This commit reverts the patch from #3796.
It has been discovered that multiple rules are being reported out
of order when the configuration is applied multiple times. I feel
this is a larger issue than the bug this patch originally fixed,
so until I can resolve it, I am reverting the patch.
This commit makes security groups in the openstack_compute_instance_v2
resource computed. This fixes issues where a security group is omitted
which causes the instance to have the "default" group applied. When
re-applying without this patch, an error will occur.
This commit adds further work to the OpenStack port resource:
* Makes relevant fields computed
* Adds state change functions
* Adds acceptance tests
* Adds Documentation
This commit cleans up areas that configure the image_id and image_name.
It enables the ability to not have to specify an image_id or image_name
when booting from a volume.
It also prevents Terraform from reporting an error when an image name is no
longer able to be resolved from an image ID. This usually happens when the
image has been deleted, but there are still running instances that were based
off of it.
The image_id and image_name parameters no longer immediately take a default
value from the OS_IMAGE_ID and OS_IMAGE_NAME environment variables. If no other
resolution of an image_id or image_name were found, then these variables will
be referenced. This further supports booting from a volume.
Finally, documentation was updated to take into account booting from a volume.
This commit cleans up the volume and block device handling in the instance
resource. It also adds more acceptance tests to deal with different workflows
of attaching and detaching a volume through the instance's lifecycle.
No new functionality has been added.
This commit fixes the previously broken "boot from volume" feature. It also
adds an acceptance test to ensure the feature continues to work.
The "delete_on_termination" option was also added.
This commit enables security groups to be deleted in a safe way by
checking their state over a period of time.
This fixes occurrences when the API says the instance is deleted but
it is still in the process of being deleted by OpenStack and thus the
security group returns an error saying that there are still instances
attached to the group.
When using an image as the source of new volume the state 'downloading'
prior to the state 'available' is fine.
It is also fine to destroy a volume in the state 'downloading'.
Closes-bug: #2865
Co-Authored-By: Joe Topjian <joe@topjian.net>
These two provider options are optional though if they are not set,
the user will be prompted to enter values.
By changing them to use the envDefaultFuncAllowMissing, the values
are still passed in the environment if they are set and safely
discarded if they are not.
This commit converts the openstack compute instances security groups to
a set from a list.
This fixes ordering problems which forces or indicates change to security
groups where none exist, and mimics the functionality in the aws
provider's compute resource.
Includes fixes from dupuy addressing crashes due to an empty state.
This commit follows suit of #1897 by fixing volume-related
parameters which allow the volume attach acceptance test
to work. It also re-enables the volume attach test.
This commit adds a server group resource. Users can create server
groups with different policies. If a server is launched in a certain
group, the server will adhere to that policy. For example, servers
can be made to all launch on the same compute node or different compute
nodes.
This commit resolves an issue where the tenant-network api extension
does not exist. The caveat is that the user must either specify no
networks (single network environment) or can only specify UUIDs for
network configurations.
This commit changes how the network info is read from OpenStack.
It pulls all relevant information from server.Addresses and merges
it with the available information from the networks parameters.
The access_v4, access_v6, and floating IP information is then
determined from the result.
A MAC address parameter is also added since that information is
available in server.Addresses.
This commit allows the user to specify a network by name rather than
just uuid. This is done via the os-tenant-networks api extension.
This works for both neutron and nova-network.
This commit causes the resource to manage floating IPs by way of the
os-floating-ips API.
At the moment, it works with both nova-network and Neutron environments,
but if you use multiple Neutron networks, the network that supports the
floating IP must be listed first.
The `getFirstNetworkID` does not work correctly because the first
network is not always the private network of the instance.
As long as the `GET /networks` gives a list containing also public
networks we don't have any guarantee that the first network is the
one we want. Furthermore, with a loop over the network list we are
not able to determine which network is the one we want.
Instead of retrieving the network ID and then finding the port ID,
it's better to basically take the first port ID of the instance.
This commit ensures that a volume is detached from all instances
before it is deleted.
It also adds in an `attachment` exported parameter that shows details
of the volume's attachment(s).
This commit populates access_ip_v6 by either the AccessIPv6 attribute
or by finding the first available IPv6 address.
This commit retains the original feature of setting the default ssh
connection to the IPv4 address unless one is not found. IPv6 access
can still be enabled by explicitly setting it in the resource paramters.
This commit also removes d.Set("host") in favor of SetConnInfo
This commit renames flavor_ref to flavor_id and adds the flavor_name
parameter. Users can now specify either a flavor ID or name when launching
instances.
This commit renames image_ref to image_id and adds the image_name
parameter. Users can now specify either an image UUID or image name
when launching instances.
image_name is preferrable as deployers/sysadmins generally regularly
deprecate/remove outdated and insecure images. Using a consistent
naming scheme allows end-users to always retrieve a working image.
Some cloud don't implement correctly IP addresses.
Instead of failing during the provisionning, we just take the
first IP available and try with this one.