Bug #9279

[Ops] Create an "arvados" provider for terraform

Added by Nico César over 1 year ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
-
Target version:
-
Start date:
05/24/2016
Due date:
% Done:

0%

Estimated time:
Story points:
3.0

Description

we can see that you have several providers for app specific like:

https://www.terraform.io/docs/providers/mysql/index.html

Having an arvados provider that makes sure that has an api object will make things easier for deployment.

provider "arvados" {
    server               = "${var.arvados_api_server}" 
    token                = "${var.arvados_superuser_token}" 
}

# Create a new repo
resource "arvados_repository" "arvados" {
  name = "arvados" 
  owner_uuid = "${var.cluster}-tpzed-000000000000000" 
}

resource "arvados_link" "all" {
 tail_uuid = "${var.cluster}-j7d0g-fffffffffffffff" 
 head_uuid = "${arvados_repository.arvados.uuid}" 
 link_class = "permission" 
 name = "can_read" 
}

resource "arvados_group" "standard_docker" {
  name = "Arvados Standard Docker Images" 
  owner_uuid = "${var.cluster}-tpzed-000000000000000" 
}

resource "arvados_keep_service" "keep10" {
  service_host = ${azure_virtual_machine.keep10.hostname} ## this is a simple example. Should work with "count"  too.
  service_port = 25107
  service_ssl_flag = false
  service_type = azure
}

resource "arvados_virtual_machine" "shell" {
   hostname = ${azure_virtual_machine.shell.hostname}
}

resource "arvados_api_client_authorization" "shell_token" {
  scopes = '["GET /arvados/v1/virtual_machines/zzzzz-2x53u-zzzzzzzzzzzzzzz/logins"]'
}

resource "arvados_api_client" "workbench" {
   name = "workbench
   url_prefix = "https://workbench.zzz.arvadosapi.com/" 
   is_trusted" = true
}

Why is this soooo much better than a bash script that does the same

Terraform has a STATE. Meaning that is possible to resume partial operations and change stuff and it will do the right thing.

Terraform is resource centric. Meaning that if we add a virtual machine and a resource like a arvados_keep_service depends on that it will do the right thing

Terraform can do a plan. Meaning by default every operation has a "dry-run" mode that can be saved and reviewed by peers.


Related issues

Related to Arvados - Feature #9262: [API] Associate admin privileges with token instead of user account New

History

#1 Updated by Nico César over 1 year ago

#2 Updated by Nico César over 1 year ago

  • Description updated (diff)

#3 Updated by Nico César about 1 year ago

  • Description updated (diff)

#4 Updated by Nico César about 1 year ago

  • Description updated (diff)

#5 Updated by Nico César 2 months ago

  • Project changed from OPS to Arvados

Switching to Arvados Project because there is no sensitive information and is a good thing to share

Also available in: Atom PDF