Portal:Cloud VPS/Admin/OpenTofu

Tracked in Phabricator
Task T365696

We (will) use OpenTofu to manage some cluster-wide OpenStack resources using the code in gitlab:repos/cloud/cloud-vps/tofu-infra.

Usage

TL;dr

  1. Log in to a cloudcontrol on the deployment you want to run tofu on
  2. Run Puppet agent (to pull latest changes from the Git repo)
  3. $ cd /srv/tofu-infra
  4. $ sudo tofu plan
  5. $ sudo tofu apply

Setup

There's a dedicated service account that OpenTofu authenticates with. The password for this account is in cloudvps-tofu-admin-account pwstore file.

That account has full OpenStack access to the default domain:

$ sudo wmcs-openstack role add --domain default --inherited --user tofuadmin admin
This article is issued from Wikimedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.