terraform-provider-incus icon indicating copy to clipboard operation
terraform-provider-incus copied to clipboard

Published 20 hours ago verified publisher icon lxc

Allow executing commands following creation in `incus_instance`

Open tregubovav-dev opened this issue 8 months ago • 9 comments

This is follow up to the closed issue https://github.com/lxc/terraform-provider-incus/issues/27.

Preamble

Incus provider for terraform/open-tofu does not allow to deploy and provision any packages in the deployed container without 3'rd party tools. This impacts on deployment stability and possible compatibility issues with these 3rd party tools.

Problem

Infrastructure requires to deploy Linux container(s), and install and configure specific services on them. As incus provider does not provide functionality to install packages and/or run shell command in the container, we should use other solutions provided by incus and or terraform/open-tofu.

  • cloud-init

    • Pros
      • Well documented and widely used solution.
      • Configuration abstracted from Linux distribution and allows to deploy most of packages and configure them
      • Allow to run any commands
    • Cons
      • Complex configurations require understanding of execution order of cloud-init modules
      • Cloud-init requires 90-120MB RAM provisioned per container, which may impact on deployment on IoT devices
      • Terraform/open-tofu can't identify failures in the cloud-init provisioning directly.

  • terraform/open-tofu local provisioner

    • Pros
      • Local provisioner uses incus command-line client to execute commands which are well documented
      • Can be added to any resource and order of command execution can be controlled by regular terraform/open-tofu dependencies
      • Allows to run any commands
    • Cons
      • Requires installing and configuring incus client
      • There is not way to use provider configuration in the local provisioner (terraform/open-tofu does not allow to get provider configuration in the resources)

  • using ansible provider

    • Pros
      • Well documented and widely used solution.
      • Configuration abstracted from Linux distribution and allows to deploy most of packages and configure them
      • Allow to run any commands
    • Cons
      • Configuration in Ansible playbook and in terraform/open-tofu provider are not synchronized. This may require additional maintenance.

Proposed solution

To implement provisioner incus-exec which can run any command directly in the incus container or VM. Provisioner incus-exec section can be added to most of resources, for example to incus_instance, incus_file, incus_storage_volume, terraform_data, etc. This provisioner can use the same schema as local-exec provisioner.

tregubovav-dev avatar Jun 25 '24 06:06 tregubovav-dev