InputObject2 · InputObject2 · Dec 10, 2024 · Dec 10, 2024
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,4 @@
+.terraform
+.terraform.d
+.terraform.lock.hcl
+**/*.tfstate
diff --git a/README.md b/README.md
@@ -52,19 +52,20 @@ module "microk8s_cluster" {
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
 | <a name="requirement_macaddress"></a> [macaddress](#requirement\_macaddress) | >=0.3.0 |
-| <a name="requirement_null"></a> [null](#requirement\_null) | >=3.2.2 |
-| <a name="requirement_random"></a> [random](#requirement\_random) | >=3.6.2 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >=3.2.3 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >=3.6.3 |
 | <a name="requirement_sshcommand"></a> [sshcommand](#requirement\_sshcommand) | >=0.2.2 |
-| <a name="requirement_xenorchestra"></a> [xenorchestra](#requirement\_xenorchestra) | >=0.26.1 |
+| <a name="requirement_xenorchestra"></a> [xenorchestra](#requirement\_xenorchestra) | 0.29.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_null"></a> [null](#provider\_null) | 3.2.2 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.6.2 |
+| <a name="provider_macaddress"></a> [macaddress](#provider\_macaddress) | 0.3.2 |
+| <a name="provider_null"></a> [null](#provider\_null) | 3.2.3 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.6.3 |
 | <a name="provider_sshcommand"></a> [sshcommand](#provider\_sshcommand) | 0.2.2 |
-| <a name="provider_xenorchestra"></a> [xenorchestra](#provider\_xenorchestra) | 0.26.1 |
+| <a name="provider_xenorchestra"></a> [xenorchestra](#provider\_xenorchestra) | 0.29.0 |
 
 ## Modules
 
@@ -74,21 +75,24 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [macaddress_macaddress.mac_master_primary](https://registry.terraform.io/providers/ivoronin/macaddress/latest/docs/resources/macaddress) | resource |
+| [macaddress_macaddress.mac_master_secondaries](https://registry.terraform.io/providers/ivoronin/macaddress/latest/docs/resources/macaddress) | resource |
+| [macaddress_macaddress.mac_nodes](https://registry.terraform.io/providers/ivoronin/macaddress/latest/docs/resources/macaddress) | resource |
 | [null_resource.sleep_while_master_readies_up](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [random_integer.master](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) | resource |
 | [random_integer.node](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) | resource |
 | [random_uuid.custom_token](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
 | [sshcommand_command.get_kubeconfig](https://registry.terraform.io/providers/invidian/sshcommand/latest/docs/resources/command) | resource |
-| [xenorchestra_cloud_config.master](https://registry.terraform.io/providers/terra-farm/xenorchestra/latest/docs/resources/cloud_config) | resource |
-| [xenorchestra_cloud_config.node](https://registry.terraform.io/providers/terra-farm/xenorchestra/latest/docs/resources/cloud_config) | resource |
-| [xenorchestra_cloud_config.secondary](https://registry.terraform.io/providers/terra-farm/xenorchestra/latest/docs/resources/cloud_config) | resource |
-| [xenorchestra_vm.master](https://registry.terraform.io/providers/terra-farm/xenorchestra/latest/docs/resources/vm) | resource |
-| [xenorchestra_vm.node](https://registry.terraform.io/providers/terra-farm/xenorchestra/latest/docs/resources/vm) | resource |
-| [xenorchestra_vm.secondary](https://registry.terraform.io/providers/terra-farm/xenorchestra/latest/docs/resources/vm) | resource |
-| [xenorchestra_network.master](https://registry.terraform.io/providers/terra-farm/xenorchestra/latest/docs/data-sources/network) | data source |
-| [xenorchestra_network.node](https://registry.terraform.io/providers/terra-farm/xenorchestra/latest/docs/data-sources/network) | data source |
-| [xenorchestra_pool.xcp_ng_master](https://registry.terraform.io/providers/terra-farm/xenorchestra/latest/docs/data-sources/pool) | data source |
-| [xenorchestra_pool.xcp_ng_node](https://registry.terraform.io/providers/terra-farm/xenorchestra/latest/docs/data-sources/pool) | data source |
+| [xenorchestra_cloud_config.master](https://registry.terraform.io/providers/vatesfr/xenorchestra/0.29.0/docs/resources/cloud_config) | resource |
+| [xenorchestra_cloud_config.node](https://registry.terraform.io/providers/vatesfr/xenorchestra/0.29.0/docs/resources/cloud_config) | resource |
+| [xenorchestra_cloud_config.secondary](https://registry.terraform.io/providers/vatesfr/xenorchestra/0.29.0/docs/resources/cloud_config) | resource |
+| [xenorchestra_vm.master](https://registry.terraform.io/providers/vatesfr/xenorchestra/0.29.0/docs/resources/vm) | resource |
+| [xenorchestra_vm.node](https://registry.terraform.io/providers/vatesfr/xenorchestra/0.29.0/docs/resources/vm) | resource |
+| [xenorchestra_vm.secondary](https://registry.terraform.io/providers/vatesfr/xenorchestra/0.29.0/docs/resources/vm) | resource |
+| [xenorchestra_network.master](https://registry.terraform.io/providers/vatesfr/xenorchestra/0.29.0/docs/data-sources/network) | data source |
+| [xenorchestra_network.node](https://registry.terraform.io/providers/vatesfr/xenorchestra/0.29.0/docs/data-sources/network) | data source |
+| [xenorchestra_pool.xcp_ng_master](https://registry.terraform.io/providers/vatesfr/xenorchestra/0.29.0/docs/data-sources/pool) | data source |
+| [xenorchestra_pool.xcp_ng_node](https://registry.terraform.io/providers/vatesfr/xenorchestra/0.29.0/docs/data-sources/pool) | data source |
 
 ## Inputs
 
@@ -103,6 +107,7 @@ No modules.
 | <a name="input_k8s_image_swapper_private_registy"></a> [k8s\_image\_swapper\_private\_registy](#input\_k8s\_image\_swapper\_private\_registy) | Point this to the FQDN of a private registry so the k8s-image-swapper can pull from there. Has no effect if `install_k8s_image_swapper` is unused | `string` | `""` | no |
 | <a name="input_master_count"></a> [master\_count](#input\_master\_count) | Number of master nodes to deploy | `number` | `3` | no |
 | <a name="input_master_cpu_count"></a> [master\_cpu\_count](#input\_master\_cpu\_count) | Number of CPUs for each master node | `number` | `2` | no |
+| <a name="input_master_expected_cidr"></a> [master\_expected\_cidr](#input\_master\_expected\_cidr) | Expected CIDR for master nodes, used for checking if the virtual machine is now ready. Replaces the old `wait_for_ip` | `string` | `"10.0.0.0/16"` | no |
 | <a name="input_master_memory_gb"></a> [master\_memory\_gb](#input\_master\_memory\_gb) | Memory in GB for each master node | `number` | `4` | no |
 | <a name="input_master_os_disk_size"></a> [master\_os\_disk\_size](#input\_master\_os\_disk\_size) | OS disk size in GB for each master node | `number` | `32` | no |
 | <a name="input_master_os_disk_xoa_sr_uuid"></a> [master\_os\_disk\_xoa\_sr\_uuid](#input\_master\_os\_disk\_xoa\_sr\_uuid) | Storage repository UUID for master node OS disks | `list(string)` | n/a | yes |
@@ -114,6 +119,7 @@ No modules.
 | <a name="input_microk8s_version"></a> [microk8s\_version](#input\_microk8s\_version) | The snap channel version to install, for example `1.29/stable`. Defaults to latest if not specified | `string` | `null` | no |
 | <a name="input_node_count"></a> [node\_count](#input\_node\_count) | Number of worker nodes to deploy | `number` | `0` | no |
 | <a name="input_node_cpu_count"></a> [node\_cpu\_count](#input\_node\_cpu\_count) | Number of CPUs for each worker node | `number` | `4` | no |
+| <a name="input_node_expected_cidr"></a> [node\_expected\_cidr](#input\_node\_expected\_cidr) | Expected CIDR for nodes, used for checking if the virtual machine is now ready. Replaces the old `wait_for_ip` | `string` | `"10.0.0.0/16"` | no |
 | <a name="input_node_memory_gb"></a> [node\_memory\_gb](#input\_node\_memory\_gb) | Memory in GB for each worker node | `number` | `8` | no |
 | <a name="input_node_os_disk_size"></a> [node\_os\_disk\_size](#input\_node\_os\_disk\_size) | OS disk size in GB for each worker node | `number` | `32` | no |
 | <a name="input_node_os_disk_xoa_sr_uuid"></a> [node\_os\_disk\_xoa\_sr\_uuid](#input\_node\_os\_disk\_xoa\_sr\_uuid) | Storage repository UUID for worker node OS disks | `list(string)` | n/a | yes |

diff --git a/local_mac_addressses.tf b/local_mac_addressses.tf
diff --git a/providers.tf b/providers.tf
@@ -3,8 +3,8 @@
 terraform {
   required_providers {
     xenorchestra = {
-      source  = "terra-farm/xenorchestra"
-      version = ">=0.26.1"
+      source  = "vatesfr/xenorchestra"
+      version = "0.29.0"
     }
     macaddress = {
       source  = "ivoronin/macaddress"
@@ -16,13 +16,13 @@ terraform {
     }
     null = {
       source  = "hashicorp/null"
-      version = ">=3.2.2"
+      version = ">=3.2.3"
     }
     random = {
       source  = "hashicorp/random"
-      version = ">=3.6.2"
+      version = ">=3.6.3"
     }
   }
 
   required_version = ">= 1.0"
-}
+}
diff --git a/variables.tf b/variables.tf
@@ -45,6 +45,12 @@ variable "node_xoa_network_name" {
   default     = null
 }
 
+variable "node_expected_cidr" {
+  description = "Expected CIDR for nodes, used for checking if the virtual machine is now ready. Replaces the old `wait_for_ip`"
+  type        = string
+  default     = "10.0.0.0/16"
+}
+
 variable "node_tags" {
   description = "Tags to apply to worker nodes"
   type        = list(string)
@@ -101,6 +107,12 @@ variable "master_xoa_network_name" {
   default     = null
 }
 
+variable "master_expected_cidr" {
+  description = "Expected CIDR for master nodes, used for checking if the virtual machine is now ready. Replaces the old `wait_for_ip`"
+  type        = string
+  default     = "10.0.0.0/16"
+}
+
 variable "master_tags" {
   description = "Tags to apply to master nodes"
   type        = list(string)

diff --git a/xen_data.tf b/xen_data.tf
@@ -7,6 +7,8 @@ provider "xenorchestra" {
   insecure = var.xoa_ignore_ssl # Or set XOA_INSECURE environment variable to any value
 }
 
+provider "macaddress" {}
+
 
 # docs : https://github.com/terra-farm/terraform-provider-xenorchestra/blob/master/docs/resources/vm.md
 

diff --git a/xen_master.tf b/xen_master.tf
@@ -13,6 +13,10 @@ locals {
   microk8s_version_channel = var.microk8s_version == null ? "" : "--channel=${var.microk8s_version}"
 }
 
+resource "macaddress" "mac_master_primary" {
+  prefix = [0, 22, 62]
+}
+
 resource "xenorchestra_cloud_config" "master" {
   name     = "ubuntu-base-config-master-0-${var.cluster_name}"
   template = <<EOF
@@ -28,8 +32,9 @@ users:
     ssh_authorized_keys:
       - ${var.public_ssh_key}
 
+package_update: true
+
 packages:
-  - xe-guest-utilities
   - open-iscsi
   - lsscsi
   - sg3-utils
@@ -70,6 +75,9 @@ write_files:
           memory: 80Mi
 
 runcmd:
+  - wget https://github.com/xenserver/xe-guest-utilities/releases/download/v8.4.0/xe-guest-utilities_8.4.0-1_amd64.deb
+  - dpkg -i xe-guest-utilities_8.4.0-1_amd64.deb
+
   - |
     netplan apply
     snap install microk8s --classic ${local.microk8s_version_channel}
@@ -97,34 +105,6 @@ runcmd:
     ${var.install_k8s_image_swapper ? "microk8s helm install k8s-image-swapper estahn/k8s-image-swapper -n k8s-image-swapper --create-namespace --version 1.8.0 -f /tmp/k8s-image-swapper-values.yaml" : ""}
     microk8s enable metrics-server
 
-firewall:
-  rules:
-    - name: Allow traffic on port 16443
-      port: 16443
-      protocol: tcp
-      action: accept
-      source: 0.0.0.0/0
-    - name: Allow traffic on port 80
-      port: 80
-      protocol: tcp
-      action: accept
-      source: 0.0.0.0/0
-    - name: Allow traffic on port 443
-      port: 443
-      protocol: tcp
-      action: accept
-      source: 0.0.0.0/0
-    - name: Allow traffic on port 25000
-      port: 25000
-      protocol: tcp
-      action: accept
-      source: 0.0.0.0/0
-    - name: Allow traffic on port 32000
-      port: 32000
-      protocol: tcp
-      action: accept
-      source: 0.0.0.0/0
-
 power_state:
   delay: now
   mode: reboot
@@ -147,8 +127,9 @@ resource "xenorchestra_vm" "master" {
   name_description = "${local.master_prefix}-${random_integer.master[0].result}.${var.dns_sub_zone}.${substr(lower(var.dns_zone), 0, length(var.dns_zone) - 1)}"
 
   network {
-    network_id  = data.xenorchestra_network.master.id
-    mac_address = local.mac_address_list[random_integer.master[0].result]
+    network_id       = data.xenorchestra_network.master.id
+    mac_address      = macaddress.mac_master_primary.address
+    expected_ip_cidr = var.master_expected_cidr
   }
 
   disk {
@@ -160,8 +141,8 @@ resource "xenorchestra_vm" "master" {
   cpus       = var.master_cpu_count
   memory_max = var.master_memory_gb * 1024 * 1024 * 1024 # GB to B
 
-  wait_for_ip = true
-  start_delay = var.start_delay
+  destroy_cloud_config_vdi_after_boot = false
+  start_delay                         = var.start_delay
 
   tags = concat(var.tags, var.master_tags, ["kubernetes.io/role:primary", "xcp-ng.org/deployment:${var.cluster_name}"])
 

diff --git a/xen_nodes.tf b/xen_nodes.tf
@@ -8,6 +8,11 @@ resource "random_integer" "node" {
   max   = 9999
 }
 
+resource "macaddress" "mac_nodes" {
+  count  = var.node_count
+  prefix = [0, 22, 62]
+}
+
 resource "xenorchestra_cloud_config" "node" {
   count    = var.node_count
   name     = "ubuntu-base-config-node-${count.index}"
@@ -24,7 +29,6 @@ users:
       - ${var.public_ssh_key}
 
 packages:
-  - xe-guest-utilities
   - open-iscsi
   - lsscsi
   - sg3-utils
@@ -34,6 +38,8 @@ packages:
   - jq
 
 runcmd:
+  - wget https://github.com/xenserver/xe-guest-utilities/releases/download/v8.4.0/xe-guest-utilities_8.4.0-1_amd64.deb
+  - dpkg -i xe-guest-utilities_8.4.0-1_amd64.deb
   - |
     netplan apply
     snap install microk8s --classic
@@ -55,19 +61,6 @@ runcmd:
     microk8s start
     microk8s join ${xenorchestra_vm.master.ipv4_addresses[0]}:25000/${local.custom_token} --worker
     microk8s kubectl label node ${local.node_prefix}-${random_integer.node[count.index].result}.${var.dns_sub_zone}.${substr(lower(var.dns_zone), 0, length(var.dns_zone) - 1)} node-role.kubernetes.io/worker=worker
-
-firewall:
-  rules:
-    - name: Allow traffic on port 80
-      port: 80
-      protocol: tcp
-      action: accept
-      source: 0.0.0.0/0
-    - name: Allow traffic on port 443
-      port: 443
-      protocol: tcp
-      action: accept
-      source: 0.0.0.0/0
 EOF
 
   depends_on = [xenorchestra_vm.master]
@@ -85,8 +78,9 @@ resource "xenorchestra_vm" "node" {
   name_description = "${local.node_prefix}-${random_integer.node[count.index].result}.${var.dns_sub_zone}.${substr(lower(var.dns_zone), 0, length(var.dns_zone) - 1)}"
 
   network {
-    network_id  = data.xenorchestra_network.node.id
-    mac_address = local.mac_address_list[random_integer.node[count.index].result]
+    network_id       = data.xenorchestra_network.node.id
+    mac_address      = macaddress.mac_nodes[count.index].address
+    expected_ip_cidr = var.node_expected_cidr
   }
 
   disk {
@@ -98,8 +92,8 @@ resource "xenorchestra_vm" "node" {
   cpus       = var.node_cpu_count
   memory_max = var.node_memory_gb * 1024 * 1024 * 1024 # GB to B
 
-  wait_for_ip = true
-  start_delay = var.start_delay
+  start_delay                         = var.start_delay
+  destroy_cloud_config_vdi_after_boot = false
 
   tags = concat(var.tags, var.node_tags, ["kubernetes.io/role:worker", "xcp-ng.org/deployment:${var.cluster_name}"])
 

diff --git a/xen_secondaries.tf b/xen_secondaries.tf
@@ -14,7 +14,6 @@ users:
       - ${var.public_ssh_key}
 
 packages:
-  - xe-guest-utilities
   - open-iscsi
   - lsscsi
   - sg3-utils
@@ -24,6 +23,8 @@ packages:
   - jq
 
 runcmd:
+  - wget https://github.com/xenserver/xe-guest-utilities/releases/download/v8.4.0/xe-guest-utilities_8.4.0-1_amd64.deb
+  - dpkg -i xe-guest-utilities_8.4.0-1_amd64.deb
   - |
     netplan apply
     snap install microk8s --classic
@@ -45,37 +46,14 @@ runcmd:
     microk8s start
     microk8s join ${xenorchestra_vm.master.ipv4_addresses[0]}:25000/${local.custom_token}
     microk8s kubectl label node ${local.master_prefix}-${random_integer.master[count.index + 1].result}.${var.dns_sub_zone}.${substr(lower(var.dns_zone), 0, length(var.dns_zone) - 1)} node-role.kubernetes.io/control-plane
-
-firewall:
-  rules:
-    - name: Allow traffic on port 16443
-      port: 16443
-      protocol: tcp
-      action: accept
-      source: 0.0.0.0/0
-    - name: Allow traffic on port 80
-      port: 80
-      protocol: tcp
-      action: accept
-      source: 0.0.0.0/0
-    - name: Allow traffic on port 443
-      port: 443
-      protocol: tcp
-      action: accept
-      source: 0.0.0.0/0
-    - name: Allow traffic on port 25000
-      port: 25000
-      protocol: tcp
-      action: accept
-      source: 0.0.0.0/0
-    - name: Allow traffic on port 32000
-      port: 32000
-      protocol: tcp
-      action: accept
-      source: 0.0.0.0/0
 EOF
 }
 
+resource "macaddress" "mac_master_secondaries" {
+  count  = var.master_count - 1
+  prefix = [0, 22, 62]
+}
+
 
 resource "xenorchestra_vm" "secondary" {
   count                = var.master_count - 1
@@ -88,8 +66,9 @@ resource "xenorchestra_vm" "secondary" {
   name_description = "${local.master_prefix}-${random_integer.master[count.index + 1].result}.${var.dns_sub_zone}.${substr(lower(var.dns_zone), 0, length(var.dns_zone) - 1)}"
 
   network {
-    network_id  = data.xenorchestra_network.master.id
-    mac_address = local.mac_address_list[random_integer.master[count.index + 1].result]
+    network_id       = data.xenorchestra_network.master.id
+    mac_address      = macaddress.mac_master_secondaries[count.index].address
+    expected_ip_cidr = var.master_expected_cidr
   }
 
   disk {
@@ -101,8 +80,8 @@ resource "xenorchestra_vm" "secondary" {
   cpus       = var.master_cpu_count
   memory_max = var.master_memory_gb * 1024 * 1024 * 1024 # GB to B
 
-  wait_for_ip = true
-  start_delay = var.start_delay
+  start_delay                         = var.start_delay
+  destroy_cloud_config_vdi_after_boot = false
 
   tags = concat(var.tags, var.master_tags, ["kubernetes.io/role:secondary", "xcp-ng.org/deployment:${var.cluster_name}"])
-Original file line number
+Diff line change
@@ Expand Up / @@ -7,6 +7,8 @@ provider "xenorchestra" { @@
       insecure = var.xoa_ignore_ssl # Or set XOA_INSECURE environment variable to any value
     }
+    provider "macaddress" {}
     # docs : https://github.com/terra-farm/terraform-provider-xenorchestra/blob/master/docs/resources/vm.md
@@ Expand Down @@