terraform-provider-ignition
terraform-provider-ignition copied to clipboard
hashicorp
Max length userData
This issue was originally opened by @andrejvanderzee as hashicorp/terraform#16493. It was migrated here as a result of the provider split. The original body of the issue is below.
Hi there,
I am encountering this issue when using ignition_file when copying encrypted PKI assets.
Error: Error applying plan:
1 error(s) occurred:
module.kubernetes.module.masters.aws_launch_configuration.master_conf: 1 error(s) occurred:
aws_launch_configuration.master_conf: Error creating launch configuration: ValidationError: 1 validation error detected: Value 'XXXXXXXXX' at 'userData' failed to satisfy constraint: Member must have length less than or equal to 21847 status code: 400, request id: 82919b36-bd60-11e7-8156-e1805ec22de2
$ terraform version
Terraform v0.10.8
This is one of the failing configs:
data "ignition_systemd_unit" "pki_decrypt" {
name = "decrypt-pki.service"
enabled = true
content = <<EOF
[Unit]
Description=decrypt pki assets
Before=kubelet.service
After=network.service
[Service]
Restart=on-failure
RemainAfterExit=yes
ExecStartPre=/usr/bin/rkt run \
--uuid-file-save=/var/run/coreos/decrypt-pki.uuid \
--volume=ssl,kind=host,source=/etc/kubernetes/ssl,readOnly=false \
--mount=volume=ssl,target=/etc/kubernetes/ssl \
--volume=dns,kind=host,source=/etc/resolv.conf,readOnly=true \
--mount volume=dns,target=/etc/resolv.conf \
--net=host \
--trust-keys-from-https \
${var.awscli_rkt_image} --exec=/bin/bash -- \
-ec \
'echo Decrypting PKI assets; \
shopt -s nullglob; \
for encKey in /etc/kubernetes/ssl/*.pem.enc; do \
echo Decrypting $encKey; \
/usr/bin/aws \
--region ${var.kms_region} kms decrypt \
--ciphertext-blob fileb://$encKey \
--output text \
--query Plaintext \
| base64 -d > $$$${encKey%.enc}; \
done; \
echo done.'
ExecStart=-/usr/bin/rkt rm --uuid-file=/var/run/coreos/decrypt-assets.uuid
[Install]
RequiredBy=kubelet.service
EOF
}
data "ignition_file" "pki_ca" {
filesystem = "root"
mode = 0644
path = "/etc/kubernetes/ssl/ca.pem.enc"
content {
mime = "application/base64"
content = "${var.pki_ca}"
}
}
data "ignition_file" "pki_apiserver" {
filesystem = "root"
mode = 0644
path = "/etc/kubernetes/ssl/apiserver.pem.enc"
content {
mime = "application/base64"
content = "${var.pki_apiserver}"
}
}
data "ignition_file" "pki_apiserver_key" {
filesystem = "root"
mode = 0644
path = "/etc/kubernetes/ssl/apiserver-key.pem.enc"
content {
mime = "application/base64"
content = "${var.pki_apiserver_key}"
}
}
