From ba24c4f70211dc876e438e786f4a2b64f99bd4fa Mon Sep 17 00:00:00 2001 From: Amy Brown Date: Mon, 4 Nov 2019 10:18:52 -0600 Subject: [PATCH 1/3] If no encryption password is specified, generate one This both resolves an issue with empty metadata on RHEL, but also prevents an empty encryption password from being set. --- outputs.tf | 5 +++++ variables.tf | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/outputs.tf b/outputs.tf index d7cf5044..6a99cdba 100644 --- a/outputs.tf +++ b/outputs.tf @@ -22,3 +22,8 @@ output "primary_public_ip" { value = "${var.public_ip}" description = "The Public IP for the load balancer to use." } + +output "encryption_password" { + value = "${random_string.default_enc_password.result}" + description = "If you did not specify an encryption password, this was used." +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index 8cb5477b..cf4bf59a 100644 --- a/variables.tf +++ b/variables.tf @@ -2,6 +2,7 @@ locals { assistant_port = 23010 rendered_secondary_machine_type = "${var.secondary_machine_type != "" ? var.secondary_machine_type : var.primary_machine_type }" internal_airgap_url = "http://${var.prefix}-primary-0-${random_string.postfix.result}:${local.assistant_port}/setup-files/replicated.tar.gz?token=${random_string.setup_token.result}" + encryption_password = "${var.encryption_password != "" ? var.encryption_password : random_string.default_enc_password.result}" } ################################################### @@ -268,3 +269,9 @@ resource "random_string" "setup_token" { upper = false special = false } + +resource "random_string" "default_enc_password" { + length = 32 + upper = true + special = false +} From 7adb17a008545c8c64fb881f5ea4f64e3a654aaa Mon Sep 17 00:00:00 2001 From: Amy Brown Date: Mon, 4 Nov 2019 10:56:00 -0600 Subject: [PATCH 2/3] Fleshed out enc passwd change and updated examples --- examples/rhel-production-example/main.tf | 1 + examples/root-example/main.tf | 1 + module-instance-template.tf | 2 +- outputs.tf | 2 +- primary.tf | 2 +- 5 files changed, 5 insertions(+), 3 deletions(-) diff --git a/examples/rhel-production-example/main.tf b/examples/rhel-production-example/main.tf index e8c79b22..8fc500ed 100644 --- a/examples/rhel-production-example/main.tf +++ b/examples/rhel-production-example/main.tf @@ -50,5 +50,6 @@ output "tfe-cluster" { installer_dashboard_password = "${module.tfe-cluster.installer_dashboard_password}" installer_dashboard__url = "${module.tfe-cluster.installer_dashboard_url}" primary_public_ip = "${module.tfe-cluster.primary_public_ip}" + encryption_password = "${module.tfe-beta.encryption_password}" } } diff --git a/examples/root-example/main.tf b/examples/root-example/main.tf index 7ffd088e..6fb03b9d 100644 --- a/examples/root-example/main.tf +++ b/examples/root-example/main.tf @@ -42,5 +42,6 @@ output "tfe-cluster" { installer_dashboard_password = "${module.tfe-cluster.installer_dashboard_password}" installer_dashboard__url = "${module.tfe-cluster.installer_dashboard_url}" primary_public_ip = "${module.tfe-cluster.primary_public_ip}" + encryption_password = "${module.tfe-beta.encryption_password}" } } diff --git a/module-instance-template.tf b/module-instance-template.tf index 36f85159..861cbf9b 100644 --- a/module-instance-template.tf +++ b/module-instance-template.tf @@ -19,7 +19,7 @@ module "instance-template" { http_proxy_url = "${var.http_proxy_url}" airgap_package_url = "${var.airgap_package_url}" airgap_installer_url = "${var.airgap_installer_url}" - encryption_password = "${var.encryption_password}" + encryption_password = "${local.encryption_password}" postgresql_user = "${var.postgresql_user}" postgresql_password = "${var.postgresql_password}" postgresql_address = "${var.postgresql_address}" diff --git a/outputs.tf b/outputs.tf index 6a99cdba..7801751d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -24,6 +24,6 @@ output "primary_public_ip" { } output "encryption_password" { - value = "${random_string.default_enc_password.result}" + value = "${local.encryption_password}" description = "If you did not specify an encryption password, this was used." } \ No newline at end of file diff --git a/primary.tf b/primary.tf index 2f3600ce..8a87febf 100644 --- a/primary.tf +++ b/primary.tf @@ -52,7 +52,7 @@ resource "google_compute_instance" "primary" { airgap-installer-url = "${var.airgap_package_url == "none" ? "none" : count.index == 0 ? var.airgap_installer_url : local.internal_airgap_url}" repl-data = "${base64encode("${random_pet.console_password.id}")}" ptfe-hostname = "${var.prefix}-primary-${count.index}-${random_string.postfix.result}.${data.google_dns_managed_zone.dnszone.dns_name}" - encpasswd = "${var.encryption_password}" + encpasswd = "${local.encryption_password}" release-sequence = "${var.release_sequence}" pg_user = "${var.postgresql_user}" pg_password = "${var.postgresql_password}" From 586436f82bbaea3785b553277491f054ddb6ff13 Mon Sep 17 00:00:00 2001 From: Amy Brown Date: Mon, 4 Nov 2019 11:02:46 -0600 Subject: [PATCH 3/3] format --- outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/outputs.tf b/outputs.tf index 7801751d..2c84c555 100644 --- a/outputs.tf +++ b/outputs.tf @@ -26,4 +26,4 @@ output "primary_public_ip" { output "encryption_password" { value = "${local.encryption_password}" description = "If you did not specify an encryption password, this was used." -} \ No newline at end of file +}