Terraform Metal resources is a plugin for HPEGL terraform provider that allows the full lifecycle management of HPEGL
Metal resources. This provider is maintained by HPEGL Metal resources team.
Requirements
- Terraform version >= v0.13 install terraform
- A Service Client to authenticate against GreenLake.
- Terraform basics. Terraform Introduction
Usage
See the Terraform provider for
hpegl documentation
to get started using the provider.
Building the resources as a stand-alone provider
$ git clone https://github.com/hewlettpackard/hpegl-metal-terraform-resources.git
$ cd hpegl-metal-terraform-resources
$ make build
Note: For debugging the provider please refer to the
debugging guide
Using GreenLake Cloud Services (GLCS) tokens
NOTE: The below steps are applicable only when using stand-alone provider. If you are using hpegl provider,
then follow the steps explained on that page to specify the parameters.
When using GLCS tokens, the required parameters is to be provided in a .gltform
file.
This file can be written in home or in the directory from which terraform is run.
The file contents:
space_name: <...>
rest_url: http://localhost:3002
project_id: 65c82181-fefc-4ea7-870e-628225fe7664
access_token: <...>
space_name
is optional, and is only required if the terraform provider is going to be used to create projects.
Access token may be obtained by logging into HPE GreenLake Central and then clicking API Access on the User menu.
NOTE: The below steps are applicable only when using stand-alone provider. If you are using hpegl provider,
then follow the steps explained on that page to specify the parameters.
When using GreenLake tokens, the required parameters is to be provided in a .gltform
file.
This file can be written in home or in the directory from which terraform is run.
The file contents:
rest_url: http://localhost:3002
project_id: 65c82181-fefc-4ea7-870e-628225fe7664
access_token: <...>
The terraform provider is also capable of using Metal tokens. The provider reads the required details - Bearer Token, URL, and membership from the file ~/.qjwt
.
The easiest way to create ~/.qjwt
is by using qctl
CLI tool. Log into the GL Metal Operator portal using qctl
. Note that you must login as a Project member in order to run TF.
The file contents:
rest_url: http://172.25.0.2:3002
user: projectuser1@hpe.com
jwt: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlJFTk.dlfkjsj.dfsdf
member_id: 835590C1-AFF7-438B-BBBD-D6184157CB41
To make the provider use Metal tokens - i.e. use the information in the .qjwt file - the gl_token
field must be set
to false
in the provider definition stanza:
provider "hpegl" {
metal {
gl_token = false
}
}
gl_token
field can also be set or overridden through the HPEGL_METAL_GL_TOKEN
env-var.
Testing stand-alone provider
Unit tests
Unit tests can be executed using
make test
Acceptance tests
Running Terraform acceptance level testing requires a Metal service endpoint and a Project_Owner membership.
The tests as of now work with a Metal simulator and assume that the required environment is already available.
- Hoster TestHoster1 and Project TestTeam1
- Metal issued JWT tokens
- Also assumes the availability of certain resources like services, networks, etc.
To run the acceptance test,
- When the Metal token is used, the Plugin reads the token, URL, and membership details from the file ~/.qjwt.
Create this file in the format:
rest_url: http://172.25.0.2:3002
user: h1@hpe.com
jwt: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlJFTk.dlfkjsj.dfsdf
member_id: 835590C1-AFF7-438B-BBBD-D6184157CB41
- Set the environment variable HPEGL_METAL_GL_TOKEN to
false
to indicate Metal authentication mode.
export HPEGL_METAL_GL_TOKEN=false
- Run test
make acceptance