Terraform module to bootstrap a Juju controller.
The module bootstraps a Juju controller and, when controller_num_units > 1, enables HA.
Inputs and outputs map directly onto the juju_controller resource. For the authoritative
reference, see the upstream docs:
Bootstrap a controller.
module "controller" {
source = "juju/juju-controller/juju"
name = "my-controller"
controller_num_units = 1
cloud = {
name = "localhost"
type = "lxd"
auth_types = ["certificate"]
}
cloud_credential = {
name = "my-credential"
auth_type = "certificate"
attributes = {
server-cert = "..."
client-cert = "..."
client-key = "..."
}
}
}module "controller" {
source = "juju/juju-controller/juju"
name = "my-controller"
cloud = {
auth_types = ["certificate"]
name = "lxd-cloud"
type = "lxd"
endpoint = "https://10.0.0.1:8443"
region = {
name = "default"
endpoint = "https://10.0.0.1:8443"
}
}
cloud_credential = {
auth_type = "interactive"
name = "lxd-token"
attributes = {
trust-token = trimspace(file("/path/to/token"))
}
}
controller_num_units = 3
}module "controller" {
source = "juju/juju-controller/juju"
name = "my-controller"
cloud = {
auth_types = ["oauth1"]
type = "maas"
name = "maas-cloud"
endpoint = "http://10.0.0.1:5240/MAAS/"
}
cloud_credential = {
auth_type = "oauth1"
name = "maas-creds"
attributes = {
maas-oauth = trimspace(file("/path/to/maas_api_key"))
}
}
controller_num_units = 3
}See variables.tf and outputs.tf for the full input/output set.
The Terragrunt unit is available at terragrunt/units/juju_bootstrap. It is designed for use with Terragrunt stacks and reads its configuration from a values map provided by the enclosing stack.
Create a terragrunt.stack.hcl file that declares the unit and provides values:
unit "controller" {
source = "git::https://github.com/juju/terraform-juju-controller.git//terragrunt/units/juju_bootstrap?ref=main"
path = "controller"
values = {
version = "0.0.1-rc4"
name = "my-controller"
controller_num_units = 1
cloud = {
name = "localhost"
type = "lxd"
auth_types = ["certificate"]
}
cloud_credential = {
name = "my-credential"
auth_type = "certificate"
attributes = {
server-cert = "..."
client-cert = "..."
client-key = "..."
}
}
}
}Then generate and apply the stack:
terragrunt stack run -- applycontroller_num_units > 1 enables HA via a local-exec provisioner. Set
path_juju_binary if the Juju CLI is not at the default path.
- HA enablement is implemented with
terraform_data+local-execand Juju CLI commands as opposed to Terraform actions to ensure compatibility with OpenTofu, as actions are not yet supported. See opentofu/opentofu#3309.