Merge pull request #92 from Ontotext-AD/GDB-12003

simonzhekoff · web-flow · commit 211d53c66401 · 2025-03-27T15:19:07.000+02:00
Added ability to provide additional custom user data scripts
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,6 +15,7 @@
 * Added new variable, deployment_restriction_tag to be used for tagging resources as part of the deployment. This allows for stricter IAM policies on certain (dangerous) actions
 * Changed graphdb_instance_volume policy to restrict ec2:AttachVolume and ec2:CreateVolume for only specifically tagged volumes
 * Extended graphdb_instance_volume_tagging by adding an additional constraint on ec2:CreateTags to allow instances that are already tagged with deployment_restriction_tag to be tagged with a Name
+* Added ability to attach custom user data scripts, templates or rendered templates to the EC2 Userdata
 
 ## 1.3.3
 
diff --git a/README.md b/README.md
@@ -175,6 +175,9 @@ Before you begin using this Terraform module, ensure you meet the following prer
 | asg\_enable\_instance\_refresh | Enables instance refresh for the GraphDB Auto scaling group. A refresh is started when any of the following Auto Scaling Group properties change: launch\_configuration, launch\_template, mixed\_instances\_policy | `bool` | `false` | no |
 | asg\_instance\_refresh\_checkpoint\_delay | Number of seconds to wait after a checkpoint. | `number` | `3600` | no |
 | graphdb\_enable\_userdata\_scripts\_on\_reboot | (Experimental) Modifies cloud-config to always run user data scripts on EC2 boot | `bool` | `false` | no |
+| graphdb\_user\_supplied\_scripts | A list of paths to user-supplied shell scripts (local files) to be injected as additional parts in the EC2 user\_data. | `list(string)` | `[]` | no |
+| graphdb\_user\_supplied\_rendered\_templates | A list of strings containing pre-rendered shell script content to be added as parts in EC2 user\_data. | `list(string)` | `[]` | no |
+| graphdb\_user\_supplied\_templates | A list of maps where each map contains a 'path' to the template file and a 'variables' map used to render it. | ```list(object({ path = string variables = map(any) }))``` | `[]` | no |
 | create\_s3\_kms\_key | Enable creation of KMS key for S3 bucket encryption | `bool` | `false` | no |
 | s3\_kms\_key\_admin\_arn | ARN of the role or user granted administrative access to the S3 KMS key. | `string` | `""` | no |
 | s3\_key\_rotation\_enabled | Specifies whether key rotation is enabled. | `bool` | `true` | no |
@@ -531,6 +534,49 @@ vpc_public_subnet_ids = ["subnet-123456","subnet-234567","subnet-345678"]
 vpc_private_subnet_ids = ["subnet-456789","subnet-567891","subnet-678912"]
 ```
 
+#### User Data Customization
+
+- Providing user_supplied_scripts
+
+Paths to local shell script files that will be injected into the instance user data.
+Each file should be a valid shell script.
+•	Scripts are executed in the order provided.
+
+```hcl
+user_supplied_scripts = [
+"${path.module}/scripts/init.sh",
+"${path.module}/scripts/configure.sh"
+]
+```
+- Providing user_supplied_rendered_templates
+
+A list of raw shell script strings, already rendered, which will be included directly into the instance user data.
+
+```hcl
+user_supplied_rendered_templates = [
+  <<-EOT
+    #!/bin/bash
+    echo "Inline startup task"
+    export ENV=production
+  EOT
+]
+```
+
+- Providing user_supplied_templates
+
+A list of template files (plus variables) that will be rendered and included into the instance user data.
+
+```hcl
+graphdb_user_supplied_templates = [
+  {
+    path = "s3_copy.sh.tpl"
+    variables = {
+      s3_bucket_url = "s3://test-bucket-zhekov"
+    }
+  }
+]
+```
+
 ## Single Node Deployment
 
 This Terraform module can deploy a single instance of GraphDB.
diff --git a/main.tf b/main.tf
@@ -340,6 +340,9 @@ module "graphdb" {
   asg_enable_instance_refresh               = var.asg_enable_instance_refresh
   asg_instance_refresh_checkpoint_delay     = var.asg_instance_refresh_checkpoint_delay
   graphdb_enable_userdata_scripts_on_reboot = var.graphdb_enable_userdata_scripts_on_reboot
+  user_supplied_scripts                     = var.graphdb_user_supplied_scripts
+  user_supplied_templates                   = var.graphdb_user_supplied_templates
+  user_supplied_rendered_templates          = var.graphdb_user_supplied_rendered_templates
 
   # Parameter store encryption
 
diff --git a/modules/graphdb/user_data.tf b/modules/graphdb/user_data.tf
@@ -170,7 +170,32 @@ data "cloudinit_config" "graphdb_user_data" {
       chmod -R og-rwx /usr/local/aws-cli/
     EOF
     }
+  }
+
+  # Execute additional scripts
+  dynamic "part" {
+    for_each = var.user_supplied_scripts
+    content {
+      content_type = "text/x-shellscript"
+      content      = file(part.value)
+    }
+  }
 
+  # Execute additional rendered templates
+  dynamic "part" {
+    for_each = var.user_supplied_rendered_templates
+    content {
+      content_type = "text/x-shellscript"
+      content      = part.value
+    }
   }
 
+  # Execute additional templates
+  dynamic "part" {
+    for_each = var.user_supplied_templates
+    content {
+      content_type = "text/x-shellscript"
+      content      = templatefile(part.value["path"], part.value["variables"])
+    }
+  }
 }
diff --git a/modules/graphdb/variables.tf b/modules/graphdb/variables.tf
@@ -421,3 +421,24 @@ variable "instance_maintenance_policy_max_healthy_percentage" {
   type        = number
   default     = 100
 }
+
+variable "user_supplied_scripts" {
+  description = "A list of paths to user-supplied shell scripts (local files) to be injected as additional parts in the EC2 user_data."
+  type        = list(string)
+  default     = []
+}
+
+variable "user_supplied_rendered_templates" {
+  description = "A list of strings containing pre-rendered shell script content to be added as parts in EC2 user_data."
+  type        = list(string)
+  default     = []
+}
+
+variable "user_supplied_templates" {
+  description = "A list of maps where each map contains a 'path' to the template file and a 'variables' map used to render it."
+  type = list(object({
+    path      = string
+    variables = map(any)
+  }))
+  default = []
+}
diff --git a/variables.tf b/variables.tf
@@ -547,6 +547,27 @@ variable "graphdb_enable_userdata_scripts_on_reboot" {
   default     = false
 }
 
+variable "graphdb_user_supplied_scripts" {
+  description = "A list of paths to user-supplied shell scripts (local files) to be injected as additional parts in the EC2 user_data."
+  type        = list(string)
+  default     = []
+}
+
+variable "graphdb_user_supplied_rendered_templates" {
+  description = "A list of strings containing pre-rendered shell script content to be added as parts in EC2 user_data."
+  type        = list(string)
+  default     = []
+}
+
+variable "graphdb_user_supplied_templates" {
+  description = "A list of maps where each map contains a 'path' to the template file and a 'variables' map used to render it."
+  type = list(object({
+    path      = string
+    variables = map(any)
+  }))
+  default = []
+}
+
 # S3 bucket encryption
 
 variable "create_s3_kms_key" {
