Add habitat provisioner #16280
Add habitat provisioner #16280
Conversation
First pass at loading the config data using the TF schema. Signed-off-by: Nolan Davidson <ndavidson@chef.io>
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
|
Hi @nsdavidson! Thanks for working on this. We've traditionally been cautious about adding vendor-specific provisioners because the provisioner abstraction in Terraform is not very strong (compared to resources, which are the primary Terraform concept) and so they tend to be limiting in non-trivial environments. We added some while we were still learning, but we've generally been advising users to either bake necessary information into their machine images (avoiding the need for provisioning at all) or to build using the With that said, I'd like to explore the following with you:
|
|
@apparentlymart, I think I can help here, in answer to your questions: 1). Yes, Habitat is essentially stateless. There's some gossip that happens between Habitat services, but that conversation is designed to allow members of the gossip ring to depart unexpectedly (like during a destroy operation). 2). At my org we do use the 3). See my first answer - Habitat is designed with self-departure of group/ring members in mind. |
|
@apparentlymart Thanks for taking a look at it! @bixu is pretty much on point with the responses. It is stateless and no action needs to be taken upon destroying. I think most folks currently provisioning Habitat services with Terraform are using |
|
@apparentlymart Is there anything else I can help answer here? |
|
My or plans to transition completely to Terraform + Habitat for our infrastructure & service management needs, so we’d love to use this.
… On 29. Nov 2017, at 15:16, Nolan Davidson ***@***.***> wrote:
@apparentlymart Is there anything else I can help answer here?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
@apparentlymart, we'd love to see this integrated. We're trying to be an all Terraform+Habitat shop at the moment. |
|
Hi @nsdavidson! Sorry for the silence here. To be transparent with you, we ended up stalling on this because we've found it pretty hard to support the existing service-specific provisioners already present (chef, salt-masterless) because we don't have in-house expertise with these nor infrastructure in place to test them. Thus we find ourselves pretty nervous about adding new ones that may end up in the same situation. Given that there are far fewer provisioners than providers, we haven't developed a process for dealing with community-driven provisioner development/maintenance and so we found ourselves a bit stalled here, not really knowing how best to proceed. Do you think that, were this to be merged, you'd be able to help field issues and PRs that might be submitted against this provisioner on an ongoing basis? With the provisioner still living inside the main repository (vs. providers, which were split out) we don't have a proper mechanism in place yet for direct community maintenance of provisioners, but if you'd be willing to monitor for new issues and test/review new PRs (which we could then merge, trusting your review/test) I think that would help assuage the concern here. A new issue/PR label |
|
@apparentlymart No worries, that all makes sense. I totally understand the reservations. For sure, I'd be happy to help with issues and PRs. |
|
Thanks @nsdavidson! I've merged this for inclusion in the next release. |
|
Any issues and PRs for this provider will show up under the |
|
@nsdavidson, I could be missing something because I’m on thumbs, but I don’t see anything in this PR to handle GitHub Auth Tokens, which are used to access private Builder Origins. We’d need to pass such a token in to Feel free to ping me in the community Slack channel if you have questions. Very excited to use this :) |
| Description=Habitat Supervisor | ||
|
|
||
| [Service] | ||
| ExecStart=/bin/hab sup run %s |
There was a problem hiding this comment.
I think here we additionally (and optionally) need something like:
Environment="HAB_AUTH_TOKEN=<github_token>"
for anyone accessing private origins in Builder.
| command = fmt.Sprintf("sudo -E %s", command) | ||
| } | ||
|
|
||
| command = fmt.Sprintf("env HAB_NONINTERACTIVE=true %s", command) |
There was a problem hiding this comment.
@nsdavidson, I think we also need to be able to pass HAB_AUTH_TOKEN in here.
| func (p *provisioner) startHabService(o terraform.UIOutput, comm communicator.Communicator, service Service) error { | ||
| var command string | ||
| if p.UseSudo { | ||
| command = fmt.Sprintf("env HAB_NONINTERACTIVE=true sudo -E hab pkg install %s", service.Name) |
There was a problem hiding this comment.
@nsdavidson, I think we also need to be able to pass HAB_AUTH_TOKEN in here.
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
This adds a Habitat (https://habitat.sh) provisioner.