fix terraform resource paths, use templatefile, update metal version

.gitignore

@@ -1,3 +1,12 @@
+# Local .terraform directories
+**/.terraform/*
+.terraform*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+!.terraform.lock.hcl
 envrc
 out
 !deploy/.env
@@ -9,3 +18,4 @@ deploy/compose/state/webroot/workflow/*
 deploy/compose/state/webroot/*.gz
 workflow_id.txt
 compose.tar.gz
+compose.zip

deploy/terraform/cloud-config.cfg

@@ -0,0 +1,12 @@
+packages:
+- unzip
+
+write_files:
+- encoding: b64
+  content: ${COMPOSE_ZIP}
+  path: /root/compose.zip
+
+runcmd:
+- cd /root/sandbox/compose && unzip /root/compose.zip
+- cd /root/sandbox/compose && TINKERBELL_CLIENT_MAC=${WORKER_MAC} TINKERBELL_TEMPLATE_MANIFEST=/manifests/template/ubuntu-equinix-metal.yaml TINKERBELL_HARDWARE_MANIFEST=/manifests/hardware/hardware-equinix-metal.json docker-compose up -d
+

deploy/terraform/main.tf

@@ -1,9 +1,9 @@
-# Configure the Packet Provider.
+# Configure the Equinix Metal Provider.
 terraform {
   required_providers {
     metal = {
       source  = "equinix/metal"
-      version = "3.1.0"
+      version = "3.2.0"
     }
     null = {
       source  = "hashicorp/null"
@@ -23,86 +23,86 @@ provider "metal" {
 # Create a new VLAN in datacenter "ewr1"
 resource "metal_vlan" "provisioning_vlan" {
   description = "provisioning_vlan"
-  facility    = var.facility
+  metro       = var.metro
   project_id  = var.project_id
 }
 
 # Create a device and add it to tf_project_1
 resource "metal_device" "tink_worker" {
   hostname         = "tink-worker"
   plan             = var.device_type
-  facilities       = [var.facility]
+  metro            = var.metro
   operating_system = "custom_ipxe"
   ipxe_script_url  = "https://boot.netboot.xyz"
   always_pxe       = "true"
   billing_cycle    = "hourly"
   project_id       = var.project_id
 }
 
-resource "metal_device_network_type" "tink_worker_network_type" {
-  device_id = metal_device.tink_worker.id
-  type      = "layer2-individual"
+resource "metal_port" "tink_worker_bond0" {
+  port_id = [for p in metal_device.tink_worker.ports : p.id if p.name == "bond0"][0]
+  layer2  = true
+  bonded  = false
+  #  vlan_ids = [metal_vlan.provisioning_vlan.id] 
+  # Can't do this: │ Error: vlan assignment batch could not be created: POST https://api.equinix.com/metal/v1/ports/b0bdf6d8-589e-4988-9000-9f49c97a54e1/vlan-assignments/batches: 422 Can't assign VLANs to port b0bdf6d8-589e-4988-9000-9f49c97a54e1, the port is configured for Layer 3 mode., Port b0bdf6d8-589e-4988-9000-9f49c97a54e1 cannot be assigned to VLANs., Bond disabled 
 }
 
 # Attach VLAN to worker
-resource "metal_port_vlan_attachment" "worker" {
-  depends_on = [metal_device_network_type.tink_worker_network_type]
-
-  device_id = metal_device.tink_worker.id
-  port_name = "eth0"
-  vlan_vnid = metal_vlan.provisioning_vlan.vxlan
+resource "metal_port" "tink_worker_eth0" {
+  depends_on = [metal_port.tink_worker_bond0]
+  port_id    = [for p in metal_device.tink_worker.ports : p.id if p.name == "eth0"][0]
+  #layer2     = true 
+  # TODO(displague) the terraform provider is not permitting this, perhaps a bug in the provider validation
+  # layer2 flag can be set only for bond ports
+  bonded   = false
+  vlan_ids = [metal_vlan.provisioning_vlan.id]
+  // vxlan_ids = [1000]
 }
 
-
 # Create a device and add it to tf_project_1
 resource "metal_device" "tink_provisioner" {
   hostname         = "tink-provisioner"
   plan             = var.device_type
-  facilities       = [var.facility]
+  metro            = var.metro
   operating_system = "ubuntu_20_04"
   billing_cycle    = "hourly"
   project_id       = var.project_id
-  user_data        = file("setup.sh")
+  user_data        = data.cloudinit_config.setup.rendered
 }
 
-resource "metal_device_network_type" "tink_provisioner_network_type" {
-  device_id = metal_device.tink_provisioner.id
-  type      = "hybrid"
+# Provisioners eth1 (unbonded) is attached to the provisioning VLAN
+resource "metal_port" "eth1" {
+  port_id  = [for p in metal_device.tink_provisioner.ports : p.id if p.name == "eth1"][0]
+  bonded   = false
+  vlan_ids = [metal_vlan.provisioning_vlan.id]
 }
 
-# Attach VLAN to provisioner
-resource "metal_port_vlan_attachment" "provisioner" {
-  depends_on = [metal_device_network_type.tink_provisioner_network_type]
-  device_id  = metal_device.tink_provisioner.id
-  port_name  = "eth1"
-  vlan_vnid  = metal_vlan.provisioning_vlan.vxlan
+data "archive_file" "compose" {
+  type        = "zip"
+  source_dir  = "${path.module}/../compose"
+  output_path = "${path.module}/compose.zip"
 }
 
+locals {
+  compose_zip = data.archive_file.compose.output_size > 0 ? filebase64("${path.module}/compose.zip") : ""
+}
 
+data "cloudinit_config" "setup" {
+  depends_on = [
+    data.archive_file.compose,
+  ]
+  gzip          = false # not supported on Equinix Metal
+  base64_encode = false # not supported on Equinix Metal
 
-resource "null_resource" "setup" {
-  connection {
-    type        = "ssh"
-    user        = "root"
-    host        = metal_device.tink_provisioner.network[0].address
-    agent       = var.use_ssh_agent
-    private_key = var.use_ssh_agent ? null : file(var.ssh_private_key)
-  }
-
-  # need to tar the compose directory because the 'provisioner "file"' does not preserve file permissions
-  provisioner "local-exec" {
-    command = "cd ../ && tar zcvf compose.tar.gz compose"
-  }
-
-  provisioner "file" {
-    source      = "../compose.tar.gz"
-    destination = "/root/compose.tar.gz"
+  part {
+    content_type = "text/x-shellscript"
+    content      = file("${path.module}/setup.sh")
   }
-
-  provisioner "remote-exec" {
-    inline = [
-      "cd /root && tar zxvf /root/compose.tar.gz -C /root/sandbox",
-      "cd /root/sandbox/compose && TINKERBELL_CLIENT_MAC=${metal_device.tink_worker.ports[1].mac} TINKERBELL_TEMPLATE_MANIFEST=/manifests/template/ubuntu-equinix-metal.yaml TINKERBELL_HARDWARE_MANIFEST=/manifests/hardware/hardware-equinix-metal.json docker-compose up -d",
-    ]
+  part {
+    content_type = "text/cloud-config"
+    content = templatefile("${path.module}/cloud-config.cfg", {
+      COMPOSE_ZIP = local.compose_zip
+      WORKER_MAC  = metal_device.tink_worker.ports[1].mac
+    })
   }
 }

deploy/terraform/variables.tf

@@ -8,10 +8,10 @@ variable "project_id" {
   type        = string
 }
 
-variable "facility" {
-  description = "Packet facility to provision in"
+variable "metro" {
+  description = "Equinix Metal metro to provision in"
   type        = string
-  default     = "sjc1"
+  default     = "sv"
 }
 
 variable "device_type" {
@@ -30,4 +30,4 @@ variable "ssh_private_key" {
   type        = string
   description = "ssh private key file to use"
   default     = "~/.ssh/id_rsa"
-}
+}

docs/quickstarts/TERRAFORMEM.md

@@ -42,7 +42,7 @@ This option will also show you how to create a machine to provision.
    Or if you have the [Equinix Metal CLI](https://github.com/equinix/metal-cli) installed run the following:
 
    ```bash
-   metal device reboot -i $(terraform show -json | jq -r '.values.root_module.resources[1].values.id')
+   metal device reboot -i $(terraform show -json | jq -r '.values.root_module.resources[3].values.id')
    ```
 
 5. Watch the provision complete
@@ -94,7 +94,7 @@ This option will also show you how to create a machine to provision.
    Now reboot the `tink-worker` via the [Equinix Metal Web UI](https://console.equinix.com), or if you have the [Equinix Metal CLI](https://github.com/equinix/metal-cli) installed run the following:
 
    ```bash
-   metal device reboot -i $(terraform show -json | jq -r '.values.root_module.resources[1].values.id')
+   metal device reboot -i $(terraform show -json | jq -r '.values.root_module.resources[3].values.id')
    ```
 
 7. Login to the machine