Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new incus_server resource #139

Open
trunet opened this issue Sep 23, 2024 · 8 comments
Open

Add new incus_server resource #139

trunet opened this issue Sep 23, 2024 · 8 comments
Labels
Easy Good for new contributors Feature New feature, not a bug Maybe Undecided whether in scope for the project

Comments

@trunet
Copy link

trunet commented Sep 23, 2024

Would be nice to have a way to set server configurations. In my use-case instances.placement.scriptlet.

I propose creating incus_config resource.

References:
@stgraber
Copy link
Member

I'd probably have it be incus_server instead of incus_config so it doesn't get confusing with incus_instance and incus_profile.

This is one that will most likely need an import to be useful as most servers/clusters will have pre-existing configuration.

@stgraber stgraber changed the title Set global server configuration Add new incus_server resource Sep 23, 2024
@stgraber stgraber added Easy Good for new contributors Feature New feature, not a bug labels Sep 23, 2024
@stgraber stgraber added this to the 1.0 milestone Sep 23, 2024
@maveonair
Copy link
Member

So it would look like this:

incus_server {
  config = {
    " core.https_address" = "[::]:8443"
    // ...
  }
}

@maveonair
Copy link
Member

I did some research and I'm not sure if we can configure this properly with a Terraform resource because of how Terraform works. That is, Terraform has the concept of resources that are created, updated or removed.

For an Incus server, there would only be updates and no other lifecycle methods, so the Terraform framework itself is not meant to do that. So I see the Terraform provider to manage the resources within an Incus server, but not the Incus server itself. That would more likely be done with Ansible?

@trunet
Copy link
Author

trunet commented Sep 30, 2024
edited
Loading

you can create, update and remove. the config, will have to have everything.

my incus server config:

❯ curl -sk --cert ~/.config/incus/client.crt --key ~/.config/incus/client.key https://10.[REDACTED].68:8443/1.0 | jq '.metadata.config'
{
  "cluster.https_address": "10.[REDACTED].68:8443",
  "core.bgp_address": "10.[REDACTED].4:179",
  "core.bgp_asn": "[REDACTED]",
  "core.bgp_routerid": "10.[REDACTED].4",
  "core.https_address": "10.[REDACTED].68:8443",
  "network.ovn.northbound_connection": "tcp:10.[REDACTED].4:6641,tcp:10.[REDACTED].5:6641,tcp:10.[REDACTED].6:6641"
}

so, you can refresh, you can add and you can remove.

/1.0 endpoint, have PATCH, PUT to be able to do anything you want. delete will PUT an empty config key.

@maveonair
Copy link
Member

maveonair commented Sep 30, 2024
edited
Loading

you can create, update and remove. the config, will have to have everything.

my incus server config:

❯ curl -sk --cert ~/.config/incus/client.crt --key ~/.config/incus/client.key https://10.[REDACTED].68:8443/1.0 | jq '.metadata.config'
{
  "cluster.https_address": "10.[REDACTED].68:8443",
  "core.bgp_address": "10.[REDACTED].4:179",
  "core.bgp_asn": "[REDACTED]",
  "core.bgp_routerid": "10.[REDACTED].4",
  "core.https_address": "10.[REDACTED].68:8443",
  "network.ovn.northbound_connection": "tcp:10.[REDACTED].4:6641,tcp:10.[REDACTED].5:6641,tcp:10.[REDACTED].6:6641"
}

so, you can refresh, you can add and you can remove.

/1.0 endpoint, have PATCH, PUT to be able to do anything you want. delete will PUT an empty config key.

I think you have misunderstood me. It's not about the Incus API and whether it can be done with it, it's just about how Terraform works and this use case is not about creating, updating or removing a resource within Incus, it's about configuring Incus itself.

If we want to do this with Terraform, the resource definition would have to look like this, which I think is very far-fetched and not worth implementing:

 incus_config "http_address {
    key = "core.https_address"
    value = "[::]:8443"
}

For the configuration of the Incus server itself, I suggest that we use the Ansible playbooks: https://github.com/lxc/incus-deploy

@maveonair maveonair added the Maybe Undecided whether in scope for the project label Sep 30, 2024
@trunet
Copy link
Author

trunet commented Sep 30, 2024

In my opinion, this provider was created to manage everything inside incus. It's inside incus, and the provider should handle it.

It makes sense for ansible to configure ceph, ovn and install incus, configurations in the OS (like if there's an /etc/incus.conf) but not configure and maintain incus state inside incus itself. You're already connected to it through it's API. Terraform is way more powerful (and faster) than running ansible playbooks for this use-case.

It's fine to do a block config inside incus_server, like you proposed.

@maveonair maveonair removed this from the 1.0 milestone Sep 30, 2024
@stgraber
Copy link
Member

stgraber commented Oct 1, 2024

I agree it's a bit of a weird one as you can only have one server config, you can't add more incus_server resources or delete any.

It's somewhat similar to what we have with the default profile situation, you can't create it, you can't delete it, you can only update it.

@trunet do you have an example of any other similar Terraform providers doing this?
I had a look at what's been done for VMware, Proxmox and OpenStack and all of them seem to be limited to creating and managing resources on top of the configured system rather than configuring the system itself.

@trunet
Copy link
Author

trunet commented Oct 1, 2024

I understand your point about the profile situation. we don't use default for this reason.

I found some cases which are similar to a "whole cluster config":
vsphere license: https://registry.terraform.io/providers/hashicorp/vsphere/latest/docs/resources/license
vsphere host: https://registry.terraform.io/providers/hashicorp/vsphere/latest/docs/resources/host
RHCS: https://registry.terraform.io/providers/terraform-redhat/rhcs/latest/docs/resources/tuning_config

Could we have some configs which could be done from terraform in the form of an attribute? We could start with incus_server resource with instance-placement-scriptlet attribute. Include others if there's a need.

Scriptlet is constantly evolving here, and is difficult to ansible-playbook all clusters/servers we have everytime there's a change in it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Easy Good for new contributors Feature New feature, not a bug Maybe Undecided whether in scope for the project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@trunet @maveonair @stgraber