bug(iac): Fix openstack VMs always recreating due to Bcrypt being randomised (#16)

Author: alhendrickson

deployment/terraform/examples/openstack-docker/docker-deployment/main.tf

@@ -3,8 +3,8 @@ module "cogstack_docker_services" {
   source = "../../../modules/cogstack-docker-services"
   hosts  = var.hosts
   service_targets = {
-    observability  = { hostname = "cogstack-devops" }
-    medcat_service = { hostname = "medcat-nlp" }
+    observability  = { hostname = "cogstack-docker-controller" }
+    medcat_service = { hostname = "cogstack-docker-medcat-nlp" }
   }
   ssh_private_key_file = var.ssh_private_key_file
 }

deployment/terraform/examples/openstack-docker/openstack-vms/main.tf

@@ -1,8 +1,8 @@
 module "openstack_cogstack_infra" {
   source = "../../../modules/openstack-cogstack-infra"
   host_instances = [
-    { name = "cogstack-devops", is_controller = true },
-    { name = "medcat-nlp" }
+    { name = "cogstack-docker-controller", is_controller = true },
+    { name = "cogstack-docker-medcat-nlp" }
   ]
   allowed_ingress_ips_cidr = var.allowed_ingress_ips_cidr
   ubuntu_immage_name       = var.ubuntu_immage_name

deployment/terraform/modules/openstack-cogstack-infra/cloud-init-controller.yaml

@@ -8,6 +8,8 @@ system_info:
   default_user:
     groups: [docker]
 
+packages:
+  - apache2-utils
 
 runcmd:
 # Install Docker
@@ -31,6 +33,7 @@ runcmd:
 
 # Run Portainer
   - echo "Running Portainer"
+  - bcrypted_pw=$(htpasswd -nb -B admin "${PORTAINER_ADMIN_PASSWORD}" | cut -d ":" -f 2)
   - docker pull portainer/portainer-ce:2.33.0
   - docker network create portainer-network 
   - docker volume create portainer-data
@@ -45,7 +48,7 @@ runcmd:
       -l 'traefik.enable="true"' \
       -l 'traefik.http.routers.portainer-path-router.rule="PathPrefix(`/portainer`)"' \
       portainer/portainer-ce:2.33.0 \
-      --admin-password='${PORTAINER_ADMIN_PASSWORD}'
+      --admin-password="$${bcrypted_pw}"
   - docker pull portainer/agent:2.33.0
   - |
     docker run -d \

deployment/terraform/modules/openstack-cogstack-infra/compute.tf

@@ -69,7 +69,7 @@ data "cloudinit_config" "init_docker_controller" {
     content = templatefile("${path.module}/cloud-init-controller.yaml",
       {
         PORTAINER_AGENT_SECRET   = var.portainer_secrets.agent_secret,
-        PORTAINER_ADMIN_PASSWORD = local.portainer_admin_password_bcrypt_hash
+        PORTAINER_ADMIN_PASSWORD = local.portainer_admin_password
       }
     )
   }

deployment/terraform/modules/openstack-cogstack-infra/shared-locals.tf

@@ -24,6 +24,5 @@ resource "random_password" "portainer_password" {
   length = 16
 }
 locals {
-  portainer_admin_password_bcrypt_hash = var.portainer_secrets.admin_password != null ? bcrypt(var.portainer_secrets.admin_password) : random_password.portainer_password[0].bcrypt_hash
-  portainer_admin_password             = var.portainer_secrets.admin_password != null ? var.portainer_secrets.admin_password : random_password.portainer_password[0].result
+  portainer_admin_password = var.portainer_secrets.admin_password != null ? var.portainer_secrets.admin_password : random_password.portainer_password[0].result
 }