Bug #9279

[Ops] Create an "arvados" provider for terraform

Added by Nico César over 2 years ago. Updated 6 months ago.

Assigned To:
Target version:
Start date:
Due date:
% Done:


Estimated time:
Story points:


we can see that you have several providers for app specific like:


Having an arvados provider that makes sure that has an api object will make things easier for deployment.

provider "arvados" {
    server               = "${var.arvados_api_server}" 
    token                = "${var.arvados_superuser_token}" 

# Create a new repo
resource "arvados_repository" "arvados" {
  name = "arvados" 
  owner_uuid = "${var.cluster}-tpzed-000000000000000" 

resource "arvados_link" "all" {
 tail_uuid = "${var.cluster}-j7d0g-fffffffffffffff" 
 head_uuid = "${arvados_repository.arvados.uuid}" 
 link_class = "permission" 
 name = "can_read" 

resource "arvados_group" "standard_docker" {
  name = "Arvados Standard Docker Images" 
  owner_uuid = "${var.cluster}-tpzed-000000000000000" 

resource "arvados_keep_service" "keep10" {
  service_host = ${azure_virtual_machine.keep10.hostname} ## this is a simple example. Should work with "count"  too.
  service_port = 25107
  service_ssl_flag = false
  service_type = azure

resource "arvados_virtual_machine" "shell" {
   hostname = ${azure_virtual_machine.shell.hostname}

resource "arvados_api_client_authorization" "shell_token" {
  scopes = '["GET /arvados/v1/virtual_machines/zzzzz-2x53u-zzzzzzzzzzzzzzz/logins"]'

resource "arvados_api_client" "workbench" {
   name = "workbench
   url_prefix = "https://workbench.zzz.arvadosapi.com/" 
   is_trusted" = true

Why is this soooo much better than a bash script that does the same

Terraform has a STATE. Meaning that is possible to resume partial operations and change stuff and it will do the right thing.

Terraform is resource centric. Meaning that if we add a virtual machine and a resource like a arvados_keep_service depends on that it will do the right thing

Terraform has dependencies, and knows what has been done already.

Terraform can do a plan. Meaning by default every operation has a "dry-run" mode that can be saved and reviewed by peers.

Related issues

Related to Arvados - Feature #9262: [API] Associate admin privileges with token instead of user account New


#1 Updated by Nico César over 2 years ago

#2 Updated by Nico César over 2 years ago

  • Description updated (diff)

#3 Updated by Nico César about 2 years ago

  • Description updated (diff)

#4 Updated by Nico César almost 2 years ago

  • Description updated (diff)

#5 Updated by Nico César 12 months ago

  • Project changed from OPS to Arvados

Switching to Arvados Project because there is no sensitive information and is a good thing to share

#6 Updated by Nico César 6 months ago

  • Description updated (diff)

Also available in: Atom PDF