DEV Community

lykins
lykins

Posted on

Terraform Cloud Agents - Podman

#terraform #tfc #hashicorp

Question came up if Podman could run Terraform Cloud agents. Assumption would be yes, but surprisingly I did not see anyone posts or documentation on it. For those who do not care to read through this, the answer is yes.

Introduction - Terraform Agents Agents

If you are not familiar with Terraform Cloud agents, they are essentially ways to extend runs from Terraform Cloud/Enterprise within a private network.

Runs are pulled by the agents.

For more info, Kyle Ruddy wrote a more in depth post a couple years back when they were initially released.

Intro to Terraform Cloud Agents

For official documentation:

Terraform Docs : Terraform Cloud Agents

Testing

For this use case, I'm going to run Podman and the Terraform Cloud agent on a RHEL host. 



Operating System: Red Hat Enterprise Linux 9.2 (Plow)
     CPE OS Name: cpe:/o:redhat:enterprise_linux:9::baseos
          Kernel: Linux 5.14.0-284.30.1.el9_2.x86_64
    Architecture: x86-64
Enter fullscreen mode Exit fullscreen mode

Host Setup

These initial host steps might not be necessary, if the OS comes with either installed already.

Install Container-Tools 



dnf install container-tools
Enter fullscreen mode Exit fullscreen mode
Install Podman 


dnf install podman-docker
Enter fullscreen mode Exit fullscreen mode

Terraform Cloud Setup

In Terraform Cloud you will need to set up an agent pool and an agent.

  • Log into your Terraform Cloud Organization.
  • Go to settings.

Image description

  • Under security select agents.

Image description

  • Create your first agent pool.

Image description

  • Give the pool a descriptive name.

Image description

  • Create first token.

Image description

  • Copy token and securely store it.

Image description

  • Connect to the host running Podman. Export following, adding your generated token: 


export TFC_AGENT_TOKEN=
export TFC_AGENT_NAME=podman-agent
Enter fullscreen mode Exit fullscreen mode

With the pool, agent, and agent token ready, we can now go back to the host.

Starting Agent

With the agent token, go back the host start up the agent.

Run TFC Agent 



podman run -d -e TFC_AGENT_TOKEN -e TFC_AGENT_NAME hashicorp/tfc-agent:latest
? Please select an image:
  ▸ registry.access.redhat.com/hashicorp/tfc-agent:latest
    registry.redhat.io/hashicorp/tfc-agent:latest
    docker.io/hashicorp/tfc-agent:latest
Enter fullscreen mode Exit fullscreen mode

Confirm it is running 



podman ps
Enter fullscreen mode Exit fullscreen mode 


[root@tfc-agents-podman ~]# podman ps
CONTAINER ID  IMAGE                                 COMMAND     CREATED        STATUS        PORTS       NAMES
42c0be7d02c8  docker.io/hashicorp/tfc-agent:latest              5 seconds ago  Up 5 seconds              charming_carson
Enter fullscreen mode Exit fullscreen mode

From the agent logs:



2024-02-02T15:44:03.234Z [INFO]  agent: Starting: agent_name=podman-agent agent_version=1.14.3
2024-02-02T15:44:03.258Z [INFO]  core: Starting: version=1.14.3
2024-02-02T15:44:03.620Z [INFO]  core: Agent registered successfully with Terraform Cloud: agent_id=agent-1giqEK7yZEcvS1P9 agent_pool_id=apool-dQUJZyerJMiJ67kM
2024-02-02T15:44:03.684Z [INFO]  agent: Newer core versions are available, but are ignored due to the auto-update configuration: version=1.15.0-rc.3
2024-02-02T15:44:03.684Z [INFO]  agent: Core version is up to date: version=1.14.3
2024-02-02T15:44:03.685Z [INFO]  core: Waiting for next job
Enter fullscreen mode Exit fullscreen mode

Using agent execution mode on workspace in Terraform Cloud.

Was able to see that the agent is connecting. The console provides additional information on version, status and IP Address it is coming from (this Public IP is long gone away by now.)

Image description

Use agent on workspace and run

Now update a workspace to use the agent pool.

  • Go to workspace and select settings. Update execution mode to agent and select the agent pool. Make sure to save configuration on bottom of page.

Image description

  • Run first plan and apply. Notice it now shows which agent and agent pool the run is on.

Image description

  • From the agent logs:

We can also see this run occurring on the agent logs. 




2024-02-02T15:52:42.410Z [INFO]  core: Job received: job_type=plan job_id=run-eBAjKzZ9n3aSsYsA

2024-02-02T15:52:42.411Z [INFO]  terraform: Handling run: run_id=run-eBAjKzZ9n3aSsYsA run_operation=plan organization_name=lykins-demo-org workspace_name=demo-podman-agent-ws

2024-02-02T15:52:42.670Z [INFO]  terraform: Extracting Terraform from release archive

2024-02-02T15:52:43.453Z [INFO]  terraform: Terraform CLI details: version=1.7.2

2024-02-02T15:52:43.453Z [INFO]  terraform: Downloading Terraform configuration

2024-02-02T15:52:43.476Z [INFO]  terraform: Running terraform init

2024-02-02T15:52:44.743Z [INFO]  terraform: Running terraform plan

2024-02-02T15:52:45.647Z [INFO]  terraform: Generating and uploading plan JSON

2024-02-02T15:52:45.885Z [INFO]  terraform: Generating and uploading provider schemas JSON

2024-02-02T15:52:46.627Z [INFO]  terraform: Generating and uploading redacted plan JSON

2024-02-02T15:52:46.679Z [INFO]  terraform: Persisting filesystem to remote storage

2024-02-02T15:52:46.845Z [INFO]  terraform: Finished handling run

2024-02-02T15:52:47.491Z [INFO]  core: Waiting for next job
Enter fullscreen mode Exit fullscreen mode




Conclusion

Honestly what I expected, but thought I would put something out there. Terraform Cloud/Enterprise agents are a very useful tool when it comes to provisioning resources on premise or in more secured environments.

Resources

Top comments (0)

Read next

austin6799 profile image

5 Free GIS Software Options: Map the World

Austin -

misolainthecloud profile image

Set Up a Web App in the Cloud

Kemisola -

alona_instandart profile image

Team Topologies: DevOps Beyond Technical Excellence

Alona Potapova -

aaravjoshi profile image

Mastering Saga Pattern in Spring Boot: Streamline Complex Microservice Transactions

Aarav Joshi -