Replace Terraform with OpenTofu

Resolves #594 Signed-off-by: Roman Hros <[email protected]>
SovereignCloudStack · Oct 6, 2023 · 52e8478 · 52e8478
1 parent f49e66a
commit 52e8478
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 27 deletions.
diff --git a/playbooks/dependencies.yaml b/playbooks/dependencies.yaml
@@ -7,17 +7,17 @@
     kubectl_version: "1.28.1"
     openstackclient_version: "6.2.0"
     octaviaclient_version: "3.4.0"
-    tf_version: "1.4.6"
+    opentofu_version: "1.6.0-alpha2"
     install_dir: "{{ ansible_user_dir }}/.local/bin"
   environment:
     PATH: "{{ install_dir }}:{{ ansible_env.PATH }}"
   roles:
   - role: ensure-pip  # https://zuul-ci.org/docs/zuul-jobs/latest/python-roles.html#role-ensure-pip
-  - role: ensure-terraform  # https://zuul-ci.org/docs/zuul-jobs/latest/hashicorp-roles.html#role-ensure-terraform
-    vars:
-      terraform_version: "{{ tf_version }}"
-      terraform_install_dir: "{{ install_dir }}"
   tasks:
+  - name: Make sure installation directory exists
+    file:
+      path: "{{ install_dir }}"
+      state: directory
   - name: Install jq
     get_url:
       url: "https://github.com/jqlang/jq/releases/download/jq-{{ jq_version }}/jq-linux64"
@@ -44,6 +44,47 @@
       extra_args: --user
   - name: Install ip command
     package:
-      name:
-        - iproute2
+      name: iproute2
     become: true
+  - name: Install OpenTofu
+    # TODO: write separate role ensure-opentofu, see https://opendev.org/zuul/zuul-jobs/src/branch/master/roles/ensure-terraform
+    block:
+      - name: Check if unzip is installed
+        command: "unzip -v"
+        failed_when: false
+        register: _unzip_probe
+      - name: Install unzip
+        when: _unzip_probe.rc != 0
+        package:
+          name: unzip
+        become: true
+      - name: Create temp directory
+        tempfile:
+          state: directory
+        register: tofu_install_tempdir
+      - name: Download OpenTofu archive
+        get_url:
+          url: "https://github.com/opentofu/opentofu/releases/download/v{{ opentofu_version }}/tofu_{{ opentofu_version }}_linux_amd64.zip"
+          dest: "{{ tofu_install_tempdir.path }}/opentofu.zip"
+      # TODO: checksum
+      - name: Create OpenTofu package directory
+        file:
+          path: "{{ tofu_install_tempdir.path }}/opentofu"
+          state: directory
+      - name: Unarchive OpenTofu
+        unarchive:
+          src: "{{ tofu_install_tempdir.path }}/opentofu.zip"
+          dest: "{{ tofu_install_tempdir.path }}/opentofu"
+          remote_src: true
+      - name: Install OpenTofu
+        copy:
+          src: "{{ tofu_install_tempdir.path }}/opentofu/tofu"
+          dest: "{{ install_dir }}/tofu"
+          mode: "+x"
+          remote_src: true
+      - name: Remove temp directory
+        file:
+          path: "{{ tofu_install_tempdir }}"
+          state: absent
+      - name: Output OpenTofu version
+        command: "tofu version"
diff --git a/terraform/Makefile b/terraform/Makefile
@@ -19,7 +19,7 @@ else
 endif
 USERNAME=$(shell ( grep '^ssh_username' environments/environment-$(ENVIRONMENT).tfvars || echo ubuntu ) | $(SED) 's@^ssh_username[^=]*= *"*\([^"]*\).*$$@\1@' )
 
-# if enabled, use s3 for remote terraform state
+# if enabled, use s3 for remote tofu state
 ifneq (,$(wildcard ./minio.env))
   include minio.env
 endif
@@ -48,20 +48,20 @@ GITREFERENCE=$(shell git rev-parse HEAD)
 GITREPO=$(shell git config --get remote.origin.url | $(SED) 's%git@\([^:]*\):%https://\1/%')
 
 init:	mycloud
-	@if [ ! -d .terraform/plugins ]; then terraform init; fi
-	@terraform workspace select ${ENVIRONMENT} || terraform workspace new ${ENVIRONMENT}
+	@if [ ! -d .terraform/plugins ]; then tofu init; fi
+	@tofu workspace select ${ENVIRONMENT} || tofu workspace new ${ENVIRONMENT}
 
 attach: init
-	@terraform import -var-file="environments/environment-$(ENVIRONMENT).tfvars" $(RESOURCE) $(PARAMS)
+	@tofu import -var-file="environments/environment-$(ENVIRONMENT).tfvars" $(RESOURCE) $(PARAMS)
 
 detach: init
-	@terraform state rm $(RESOURCE) $(PARAMS)
+	@tofu state rm $(RESOURCE) $(PARAMS)
 
 state-push: init
-	@terraform state push $(STATE)
+	@tofu state push $(STATE)
 
 dry-run: init
-	terraform plan -var-file="environments/environment-$(ENVIRONMENT).tfvars" -var "git_reference=$(GITREFERENCE)" $(PARAMS)
+	tofu plan -var-file="environments/environment-$(ENVIRONMENT).tfvars" -var "git_reference=$(GITREFERENCE)" $(PARAMS)
 
 mycloud: environments/environment-$(ENVIRONMENT).tfvars
 	@if [ -f "clouds.yaml" ]; then \
@@ -88,18 +88,18 @@ create: init
 		echo "Management cluster with prefix $(PREFIX) already exists. This is not supported due to unexpected side-effects." && exit 1; \
 	else \
 		touch .deploy.$(ENVIRONMENT); \
-		terraform apply -auto-approve -var-file="environments/environment-$(ENVIRONMENT).tfvars" -var "git_reference=$(GITREFERENCE)" -var "git_repo=$(GITREPO)"; \
+		tofu apply -auto-approve -var-file="environments/environment-$(ENVIRONMENT).tfvars" -var "git_reference=$(GITREFERENCE)" -var "git_repo=$(GITREPO)"; \
 	fi
 
 show: init
-	@terraform show
+	@tofu show
 
 clean: init
 	@if test -e ./.deploy.MGMTCLUSTER_ADDRESS.$(ENVIRONMENT); then source ./.deploy.MGMTCLUSTER_ADDRESS.$(ENVIRONMENT); \
 	ssh -o StrictHostKeyChecking=no -i .deploy.id_rsa.$(ENVIRONMENT) $(USERNAME)@$$MGMTCLUSTER_ADDRESS "timeout 320 ~/bin/cleanup.sh || true"; fi
-	terraform destroy -auto-approve -var-file="environments/environment-$(ENVIRONMENT).tfvars" $(PARAMS)
-	@terraform workspace select default
-	terraform workspace delete $(ENVIRONMENT)
+	tofu destroy -auto-approve -var-file="environments/environment-$(ENVIRONMENT).tfvars" $(PARAMS)
+	@tofu workspace select default
+	tofu workspace delete $(ENVIRONMENT)
 	@if test -e ./.deploy.MGMTCLUSTER_ADDRESS.$(ENVIRONMENT); then source ./.deploy.MGMTCLUSTER_ADDRESS.$(ENVIRONMENT); ssh-keygen -R $$MGMTCLUSTER_ADDRESS -f ~/.ssh/known_hosts; fi
 	@rm -f .deploy.$(ENVIRONMENT) .deploy.MGMTCLUSTER_ADDRESS.$(ENVIRONMENT) .deploy.id_rsa.$(ENVIRONMENT) mycloud.$(ENVIRONMENT).yaml
 	@rm -f .kubeconfig.$(ENVIRONMENT) $(TESTCLUSTER).yaml.$(ENVIRONMENT) clusterctl.$(TESTCLUSTER).yaml.$(ENVIRONMENT) $(TESTCLUSTER)-config.yaml.$(ENVIRONMENT)
@@ -115,7 +115,7 @@ forceclean:
 	$(MAKE) clean
 
 purge:
-	@echo "Warning, going to delete ALL resources in $(ENVIRONMENT), even those that have not been created by the CAPI or terraform. The SSH-Key $(PREFIX)-keypair will be removed for all projects."
+	@echo "Warning, going to delete ALL resources in $(ENVIRONMENT), even those that have not been created by the CAPI or tofu. The SSH-Key $(PREFIX)-keypair will be removed for all projects."
 	@echo "Application credentials $(PREFIX)-appcred and $(PREFIX)-$(TESTCLUSTER)-appcred will be also removed for all projects."
 	@read -p "Continue? (y/n) " -r; \
         if [[ ! $$REPLY =~ ^[Yy] ]]; \
@@ -126,8 +126,8 @@ purge:
 	@$(OPENSTACK) application credential delete $(PREFIX)-appcred || true
 	@$(OPENSTACK) application credential delete $(PREFIX)-$(TESTCLUSTER)-appcred || true
 	@ospurge --purge-own-project --os-cloud $(ENVIRONMENT) --verbose || true
-	@terraform workspace select default
-	@terraform workspace delete -force $(ENVIRONMENT) || true
+	@tofu workspace select default
+	@tofu workspace delete -force $(ENVIRONMENT) || true
 	@if test -e ./.deploy.MGMTCLUSTER_ADDRESS.$(ENVIRONMENT); then source ./.deploy.MGMTCLUSTER_ADDRESS.$(ENVIRONMENT); ssh-keygen -R $$MGMTCLUSTER_ADDRESS -f ~/.ssh/known_hosts; fi
 	@rm -f .deploy.$(ENVIRONMENT) .deploy.MGMTCLUSTER_ADDRESS.$(ENVIRONMENT) .deploy.id_rsa.$(ENVIRONMENT) mycloud.$(ENVIRONMENT).yaml
 	@rm -f .kubeconfig.$(ENVIRONMENT) $(TESTCLUSTER).yaml.$(ENVIRONMENT) clusterctl.$(TESTCLUSTER).yaml.$(ENVIRONMENT) $(TESTCLUSTER)-config.yaml.$(ENVIRONMENT)
@@ -137,7 +137,7 @@ purge:
 	@ospurge --purge-own-project --os-cloud $(ENVIRONMENT) --verbose
 
 list: init
-	@terraform state list
+	@tofu state list
 
 ssh:    .deploy.MGMTCLUSTER_ADDRESS.$(ENVIRONMENT) .deploy.id_rsa.$(ENVIRONMENT)
 	@source ./.deploy.MGMTCLUSTER_ADDRESS.$(ENVIRONMENT); \
@@ -165,15 +165,15 @@ console:   .deploy.$(ENVIRONMENT)
 	@xdg-open $$( $(OPENSTACK) console url show $(CONSOLE) -f value -c url )
 
 .deploy.$(ENVIRONMENT): init
-	@STAT=$$(terraform state list); \
+	@STAT=$$(tofu state list); \
 	if test -n "$$STAT"; then touch .deploy.$(ENVIRONMENT); else echo 'please, use "make create"'; exit 1; fi
 
 .deploy.MGMTCLUSTER_ADDRESS.$(ENVIRONMENT): .deploy.$(ENVIRONMENT)
-	@MGMTCLUSTER_ADDRESS=$$(terraform output mgmtcluster_address); \
+	@MGMTCLUSTER_ADDRESS=$$(tofu output mgmtcluster_address); \
 	echo "MGMTCLUSTER_ADDRESS=$$MGMTCLUSTER_ADDRESS" > $@;
 
 .deploy.id_rsa.$(ENVIRONMENT): .deploy.$(ENVIRONMENT)
-	@PRIVATE_KEY=$$(terraform output private_key); \
+	@PRIVATE_KEY=$$(tofu output private_key); \
 	echo "$$PRIVATE_KEY" > $@; \
         chmod 0600 $@
 

diff --git a/terraform/main.tf b/terraform/main.tf
@@ -4,7 +4,7 @@ provider "openstack" {
 }
 
 terraform {
-  required_version = ">= 1.4.6, < 1.6.0"
+  required_version = ">= 1.4.6"
 
   required_providers {
     openstack = {