[BUG] How to migrate from Chef Provisioner to Terraform

[andrew-sumner]

General details

https://docs.chef.io/terraform/

Product

[ ] Chef Automate
[ ] Chef Habitat
[X ] Chef Infra Client
[ ] Chef Infra Server
[ ] Chef InSpec
[ ] Other________________

Describe the update that needs to be made. Be as specific as possible:

Your warning states that the Chef Provisioner will be removed from terraform, it has been removed and can no longer be used.

Question

I’ve been trying to figure out how to migrate a module to run under terraform version 1.x but cannot find any good examples or documentation.

The code below is my starting point - any suggestions on what I need to change?

My Chef knowledge is VERY basic so this https://github.com/hashicorp/terraform-provisioner-migration really doesn’t provide enough information for me to get started.

resource "vsphere_virtual_machine" "vm" {
  lifecycle {
    ignore_changes = [
      disk,
      custom_attributes,
      boot_delay
    ]
  }
  name                   = var.node_name
  resource_pool_id       = data.vsphere_compute_cluster.cluster.resource_pool_id
  datastore_cluster_id   = data.vsphere_datastore_cluster.datastore_cluster.id
  guest_id               = data.vsphere_virtual_machine.template.guest_id
  num_cpus               = var.num_cpus
  memory                 = var.memory
  folder                 = "${var.dc}${var.compute_cluster_name}${var.vm_path}"
  enable_logging         = true
  cpu_hot_add_enabled    = true
  cpu_hot_remove_enabled = true
  memory_hot_add_enabled = true
  enable_disk_uuid       = var.enable_disk_uuid
  custom_attributes = {
    "${data.vsphere_custom_attribute.ApplicationID.id}"   = var.ApplicationID,
    "${data.vsphere_custom_attribute.BackupRequired.id}"  = var.BackupRequired,
    "${data.vsphere_custom_attribute.CreatorSalaryID.id}" = var.CreatorSalaryID,
    "${data.vsphere_custom_attribute.Environment.id}"     = var.Environment,
    "${data.vsphere_custom_attribute.SupportRU.id}"       = var.SupportRU,
    "${data.vsphere_custom_attribute.Squad.id}"           = var.Squad,
    "${data.vsphere_custom_attribute.ExpiryDate.id}"      = local.expiry
  }

  # Create the FRONT NIC on demand if needed.
  dynamic "network_interface" {
    for_each = data.vsphere_network.network_front

    content {
      network_id = data.vsphere_network.network_front[network_interface.key].id
    }
  }

  # Each virtual server has at least one NIC (AKA rear NIC).
  network_interface {
    network_id = data.vsphere_network.network_rear.id
  }
  cdrom {
    client_device = "1"
  }
  disk {
    label            = "disk0"
    size             = data.vsphere_virtual_machine.template.disks.0.size
    eagerly_scrub    = data.vsphere_virtual_machine.template.disks.0.eagerly_scrub
    thin_provisioned = data.vsphere_virtual_machine.template.disks.0.thin_provisioned
  }
  dynamic "disk" {
    for_each = var.disks
    content {
      label       = "disk${disk.key + 1}"
      size        = disk.value
      unit_number = disk.key + 1
    }
  }

  clone {
    template_uuid = data.vsphere_virtual_machine.template.id

    customize {
      linux_options {
        host_name = var.hostname
        domain    = var.domain_name
      }

      dynamic "network_interface" {
        for_each = var.ipv4_address_list

        content {
          ipv4_address = split("/", network_interface.value)[0]
          ipv4_netmask = split("/", network_interface.value)[1]
        }
      }

      ipv4_gateway    = var.ipv4_gateway_list[0]
      dns_suffix_list = [var.domain_name]
      dns_server_list = var.dns_server_list
    }
  }

  provisioner "remote-exec" {
    inline = [
      "sudo hostnamectl set-hostname ${var.hostname}.${var.domain_name}",
      "sudo hostnamectl set-location ${var.dc}",
      "sudo hostnamectl set-deployment Terraform-${var.Environment}-${var.CreatorSalaryID}",
      "sudo echo -e '[Chef]\nname=local Chef repository\nbaseurl=https://artifactory.internal.co.nz/yum-chef-remote/el/7/x86_64/\nenabled=1\nfastestmirror_enabled=0\ngpgcheck=0'>/tmp/Chef.repo",
      "sudo cp /tmp/Chef.repo /etc/yum.repos.d/Chef.repo",
      "sudo yum install ${var.chef_version} -y",
      # Below commands are required to allow GEMs to be successfully installed from artifactory2 - which uses SSL.  Required if any cookbooks have gem dependencies as Chef will put GEM installs BEFORE initial Chef runlist
      "for geminstall in `find /opt/chef -name ssl_certs`; do sudo mkdir -p $${geminstall}/artifactory.internal.co.nz; for sourcecert in `ls /etc/pki/ca-trust/source/anchors`; do pemfile=`basename $${sourcecert} .crt`; sudo ln -s /etc/pki/ca-trust/source/anchors/$${sourcecert} $${geminstall}/artifactory.internal.co.nz/$${pemfile}.pem; done; done",
      "sudo /opt/chef/embedded/bin/gem sources -r https://rubygems.org/",
      "sudo /opt/chef/embedded/bin/gem sources -a https://artifactory.internal.co.nz/api/gems/gems-remote/"
    ]

    connection {
      host        = local.remote_exec_ip
      type        = "ssh"
      user        = var.remote_ssh_user
      private_key = file(var.remote_ssh_key)
      script_path = "/var/tmp/init.sh"
    }
  }

  provisioner "chef" {
    attributes_json = jsonencode(
      var.chef_node_extra_attributes == {} ?
      merge(local.chef_node_basic_attributes, local.chef_node_basic_attributes) :
      merge(local.chef_node_basic_attributes, var.chef_node_extra_attributes)
    )

    server_url = var.chef_server_url
    node_name  = var.node_name

    use_policyfile = true
    policy_name    = var.policy_name
    policy_group   = var.policy_group
    os_type        = "linux"
    client_options = [
      "chef_license 'accept'",
      "rubygems_url 'https://artifactory.internal.co.nz/api/gems/gems-remote/'",
    ]
    skip_install            = true
    fetch_chef_certificates = true
    recreate_client         = true
    vault_json              = var.chef_vaults
    user_name               = var.chef_user_name
    user_key                = file(var.private_chef_key)

    # If you have a self signed cert on your chef server change this to :verify_none
    ssl_verify_mode = ":verify_none"

    connection {
      host        = local.remote_exec_ip
      type        = "ssh"
      user        = var.remote_ssh_user
      private_key = file(var.remote_ssh_key)
    }
  }
}

[kagarmoe]

Thank you @andrew-sumner ! We will look into this.