Question came up if Podman could run Terraform Cloud agents. Assumption would be yes, but surprisingly I did not see anyone posts or documentation on it. For those who do not care to read through this, the answer is yes.
Introduction - Terraform Agents Agents
If you are not familiar with Terraform Cloud agents, they are essentially ways to extend runs from Terraform Cloud/Enterprise within a private network.
Runs are pulled by the agents.
For more info, Kyle Ruddy wrote a more in depth post a couple years back when they were initially released.
Intro to Terraform Cloud Agents
For official documentation:
Terraform Docs : Terraform Cloud Agents
Testing
For this use case, I'm going to run Podman and the Terraform Cloud agent on a RHEL host.
Operating System: Red Hat Enterprise Linux 9.2 (Plow)
CPE OS Name: cpe:/o:redhat:enterprise_linux:9::baseos
Kernel: Linux 5.14.0-284.30.1.el9_2.x86_64
Architecture: x86-64
Host Setup
These initial host steps might not be necessary, if the OS comes with either installed already.
Install Container-Tools
dnf install container-tools
Install Podman
dnf install podman-docker
Terraform Cloud Setup
In Terraform Cloud you will need to set up an agent pool and an agent.
- Log into your Terraform Cloud Organization.
- Go to settings.
- Under security select agents.
- Create your first agent pool.
- Give the pool a descriptive name.
- Create first token.
- Copy token and securely store it.
- Connect to the host running Podman. Export following, adding your generated token:
export TFC_AGENT_TOKEN=
export TFC_AGENT_NAME=podman-agent
With the pool, agent, and agent token ready, we can now go back to the host.
Starting Agent
With the agent token, go back the host start up the agent.
Run TFC Agent
podman run -d -e TFC_AGENT_TOKEN -e TFC_AGENT_NAME hashicorp/tfc-agent:latest
? Please select an image:
▸ registry.access.redhat.com/hashicorp/tfc-agent:latest
registry.redhat.io/hashicorp/tfc-agent:latest
docker.io/hashicorp/tfc-agent:latest
Confirm it is running
podman ps
[root@tfc-agents-podman ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
42c0be7d02c8 docker.io/hashicorp/tfc-agent:latest 5 seconds ago Up 5 seconds charming_carson
From the agent logs:
2024-02-02T15:44:03.234Z [INFO] agent: Starting: agent_name=podman-agent agent_version=1.14.3
2024-02-02T15:44:03.258Z [INFO] core: Starting: version=1.14.3
2024-02-02T15:44:03.620Z [INFO] core: Agent registered successfully with Terraform Cloud: agent_id=agent-1giqEK7yZEcvS1P9 agent_pool_id=apool-dQUJZyerJMiJ67kM
2024-02-02T15:44:03.684Z [INFO] agent: Newer core versions are available, but are ignored due to the auto-update configuration: version=1.15.0-rc.3
2024-02-02T15:44:03.684Z [INFO] agent: Core version is up to date: version=1.14.3
2024-02-02T15:44:03.685Z [INFO] core: Waiting for next job
Using agent execution mode on workspace in Terraform Cloud.
Was able to see that the agent is connecting. The console provides additional information on version, status and IP Address it is coming from (this Public IP is long gone away by now.)
Use agent on workspace and run
Now update a workspace to use the agent pool.
- Go to workspace and select settings. Update execution mode to agent and select the agent pool. Make sure to save configuration on bottom of page.
- Run first plan and apply. Notice it now shows which agent and agent pool the run is on.
- From the agent logs:
We can also see this run occurring on the agent logs.
2024-02-02T15:52:42.410Z [INFO] core: Job received: job_type=plan job_id=run-eBAjKzZ9n3aSsYsA
2024-02-02T15:52:42.411Z [INFO] terraform: Handling run: run_id=run-eBAjKzZ9n3aSsYsA run_operation=plan organization_name=lykins-demo-org workspace_name=demo-podman-agent-ws
2024-02-02T15:52:42.670Z [INFO] terraform: Extracting Terraform from release archive
2024-02-02T15:52:43.453Z [INFO] terraform: Terraform CLI details: version=1.7.2
2024-02-02T15:52:43.453Z [INFO] terraform: Downloading Terraform configuration
2024-02-02T15:52:43.476Z [INFO] terraform: Running terraform init
2024-02-02T15:52:44.743Z [INFO] terraform: Running terraform plan
2024-02-02T15:52:45.647Z [INFO] terraform: Generating and uploading plan JSON
2024-02-02T15:52:45.885Z [INFO] terraform: Generating and uploading provider schemas JSON
2024-02-02T15:52:46.627Z [INFO] terraform: Generating and uploading redacted plan JSON
2024-02-02T15:52:46.679Z [INFO] terraform: Persisting filesystem to remote storage
2024-02-02T15:52:46.845Z [INFO] terraform: Finished handling run
2024-02-02T15:52:47.491Z [INFO] core: Waiting for next job
Conclusion
Honestly what I expected, but thought I would put something out there. Terraform Cloud/Enterprise agents are a very useful tool when it comes to provisioning resources on premise or in more secured environments.
Top comments (0)