added sleep to ensure oci-cli has finished installing before generati… (#146)

hyder · web-flow · commit 8ab6f21769bc · 2020-04-13T07:17:06.000+10:00
* added sleep to ensure oci-cli has finished installing before generating kubeconfig. also added explicit dependencies for generating the kubeconfig and creating the ocir secret on install_kubectl

* upgraded base module to 1.1.3, added wait until admin and instance_principal is ready to generate kubeconfig

Signed-off-by: Ali Mukadam &lt;ali.mukadam@oracle.com&gt;

* sleep for 30s after instance_principal for admin is detected before generating kubeconfig

Signed-off-by: Ali Mukadam &lt;ali.mukadam@oracle.com&gt;

* added separate delay to ensure OCI_CLI_AUTH is set, kubeconfig is created and instance_principal is active; removed unneceunnecessary token variable version and expiration

Signed-off-by: Ali Mukadam &lt;ali.mukadam@oracle.com&gt;
diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc
@@ -7,6 +7,11 @@ All notable changes to this project are documented in this file.
 
 The format is based on {uri-changelog}[Keep a Changelog].
 
+== 2.1.6 (April 13, 2020)
+* Fixed issue with admin host ordering of oci-cli installation, instance_principal creation and kubeconfig generation (#143)
+* Upgraded base module to 1.1.3 to be able to detect when admin instance_principal is ready
+* Removed unnecessary token variable version and expiration
+
 == 2.1.5 (April 06, 2020)
 * Added ig_route_id, nat_route_id, subnet_ids, vcn_id for reuse (#145)
 
diff --git a/main.tf b/main.tf
@@ -6,9 +6,8 @@ terraform {
 }
 
 module "base" {
-  # source = "github.com/oracle-terraform-modules/terraform-oci-base?ref=v1.1.1"
   source  = "oracle-terraform-modules/base/oci"
-  version = "1.1.1"
+  version = "1.1.3"
 
   # identity
   oci_base_identity = local.oci_base_identity
@@ -25,6 +24,9 @@ module "base" {
   # admin server parameters
   oci_base_admin = local.oci_base_admin
 
+  # tagging
+  tagging = var.tagging
+
 }
 
 module "policies" {
diff --git a/modules/oke/kubeconfig.tf b/modules/oke/kubeconfig.tf
@@ -3,8 +3,6 @@
 
 data "oci_containerengine_cluster_kube_config" "kube_config" {
   cluster_id    = oci_containerengine_cluster.k8s_cluster.id
-  expiration    = var.cluster_kube_config_expiration
-  token_version = var.cluster_kube_config_token_version
 }
 
 resource "null_resource" "create_local_kubeconfig" {
@@ -60,6 +58,31 @@ resource "null_resource" "install_kubectl_admin" {
   count = var.oke_admin.bastion_enabled == true && var.oke_admin.admin_enabled == true ? 1 : 0
 }
 
+# wait for 1. admin being ready 2. instance_principal created 3. kubectl is installed (the script will create the .kube directory)
+resource null_resource "wait_for_admin" {
+  connection {
+    host        = var.oke_admin.admin_private_ip
+    private_key = file(var.oke_ssh_keys.ssh_private_key_path)
+    timeout     = "40m"
+    type        = "ssh"
+    user        = "opc"
+
+    bastion_host        = var.oke_admin.bastion_public_ip
+    bastion_user        = "opc"
+    bastion_private_key = file(var.oke_ssh_keys.ssh_private_key_path)
+  }
+
+  depends_on = [null_resource.install_kubectl_admin]
+
+  provisioner "remote-exec" {
+    inline = [
+      "while [ ! -f /home/opc/admin.finish ]  || [ ! -f /home/opc/ip.finish  ]; do sleep 10; done",
+    ]
+  }
+
+  count = var.oke_admin.bastion_enabled == true && var.oke_admin.admin_enabled == true ? 1 : 0
+}
+
 data "template_file" "generate_kubeconfig" {
   template = file("${path.module}/scripts/generate_kubeconfig.template.sh")
 
@@ -84,7 +107,7 @@ resource "null_resource" "write_kubeconfig_on_admin" {
     bastion_private_key = file(var.oke_ssh_keys.ssh_private_key_path)
   }
 
-  depends_on = [oci_containerengine_cluster.k8s_cluster]
+  depends_on = [oci_containerengine_cluster.k8s_cluster, null_resource.wait_for_admin]
 
   provisioner "file" {
     content     = data.template_file.generate_kubeconfig[0].rendered
diff --git a/modules/oke/ocir.tf b/modules/oke/ocir.tf
@@ -31,7 +31,7 @@ resource null_resource "create_ocir_secret" {
     bastion_private_key = file(var.oke_ssh_keys.ssh_private_key_path)
   }
 
-  depends_on = [null_resource.write_kubeconfig_on_admin]
+  depends_on = [null_resource.install_kubectl_admin, null_resource.write_kubeconfig_on_admin]
   
   provisioner "file" {
     content     = data.template_file.create_ocir_script[0].rendered
diff --git a/modules/oke/variables.tf b/modules/oke/variables.tf
@@ -75,14 +75,6 @@ variable "lbs" {
   })
 }
 
-# kubeconfig
-variable "cluster_kube_config_expiration" {
-  default = 2592000
-}
-variable "cluster_kube_config_token_version" {
-  default = "2.0.0"
-}
-
 # ocir
 variable "oke_ocir" {
   type = object({
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
@@ -96,6 +96,11 @@ availability_domains = {
   admin  = 1
 }
 
+tagging = {
+  computetag = { "Environment" = "uat" }
+  networktag = { "Name" = "network" }
+}
+
 # oke
 
 allow_node_port_access = false
diff --git a/variables.tf b/variables.tf
@@ -100,7 +100,7 @@ variable "vcn_cidr" {
 }
 
 variable "vcn_dns_label" {
-  type    = string
+  type = string
 }
 
 variable "vcn_name" {
@@ -236,6 +236,19 @@ variable "availability_domains" {
   type = map
 }
 
+# tagging
+
+variable "tagging" {
+  type = object({
+    computetag = map(any)
+    networktag = map(any)
+  })
+  default = {
+    computetag = { "Environment" = "uat" }
+    networktag = { "Name" = "network" }
+  }
+}
+
 # oke
 
 variable "allow_node_port_access" {

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ resource null_resource "create_ocir_secret" {`
`31`	`31`	`bastion_private_key = file(var.oke_ssh_keys.ssh_private_key_path)`
`32`	`32`	`}`
`33`	`33`
`34`		`- depends_on = [null_resource.write_kubeconfig_on_admin]`
	`34`	`+ depends_on = [null_resource.install_kubectl_admin, null_resource.write_kubeconfig_on_admin]`
`35`	`35`
`36`	`36`	`provisioner "file" {`
`37`	`37`	`content = data.template_file.create_ocir_script[0].rendered`