Skip to content

Fix openstack terraform group vars#13275

Open
pushpak-23 wants to merge 2 commits into
kubernetes-sigs:masterfrom
pushpak-23:fix-openstack-terraform-group-vars
Open

Fix openstack terraform group vars#13275
pushpak-23 wants to merge 2 commits into
kubernetes-sigs:masterfrom
pushpak-23:fix-openstack-terraform-group-vars

Conversation

@pushpak-23
Copy link
Copy Markdown

@pushpak-23 pushpak-23 commented May 26, 2026

/kind bug

What this PR does / why we need it:

Fixes an OpenStack Terraform workflow issue where the local-exec provisioner could fail while generating group_vars/no_floating.yml.

The failure occurs because the module assumed the target group_vars directory existed relative to the module execution path. This breaks when Terraform is executed using -chdir or from automation environments where the working directory differs from the module path.

This PR:

  • passes an absolute group_vars_path
  • creates the destination directory using mkdir -p
  • keeps generated file paths quoted for safer shell execution

Which issue(s) this PR fixes:

Fixes #13201

Special notes for your reviewer:

Validated using:

terraform -chdir="contrib/terraform/openstack" validate

and verified successful execution of:

terraform -chdir="contrib/terraform/openstack" apply \
  -var-file=$PWD/inventory/test-cluster/cluster.tfvars

Does this PR introduce a user-facing change?:

Fixed an issue in the OpenStack Terraform workflow where generating group_vars/no_floating.yml could fail when Terraform was executed using -chdir or from different working directories.

Copilot AI review requested due to automatic review settings May 26, 2026 06:06
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/bug Categorizes issue or PR as related to a bug. labels May 26, 2026
@k8s-ci-robot k8s-ci-robot requested review from tico88612 and yankay May 26, 2026 06:06
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 26, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented May 26, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: pushpak-23
Once this PR has been reviewed and has the lgtm label, please assign tico88612 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented May 26, 2026

Hi @pushpak-23. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Copilot AI reviewed May 26, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

This PR improves the reliability of generating Ansible group_vars output from the OpenStack Terraform configuration by ensuring the destination directory exists and by normalizing the group_vars_path to an absolute path.

Changes:

  • Pre-create group_vars_path via mkdir -p before writing no_floating.yml in several local-exec provisioners.
  • Quote template and output paths in shell commands to better handle paths with spaces.
  • Pass group_vars_path to the compute module as an absolute path using abspath().

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.

File Description
contrib/terraform/openstack/modules/compute/main.tf Ensures the group vars directory exists and quotes paths before writing no_floating.yml from the bastion template.
contrib/terraform/openstack/kubespray.tf Normalizes group_vars_path to an absolute path when passed into the compute module.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread contrib/terraform/openstack/modules/compute/main.tf

provisioner "local-exec" {
command = "sed -e s/USER/${var.ssh_user}/ -e s/BASTION_ADDRESS/${var.bastion_fips[0]}/ ${path.module}/ansible_bastion_template.txt > ${var.group_vars_path}/no_floating.yml"
command = "mkdir -p \"${var.group_vars_path}\" && sed -e s/USER/${var.ssh_user}/ -e s/BASTION_ADDRESS/${var.bastion_fips[0]}/ \"${path.module}/ansible_bastion_template.txt\" > \"${var.group_vars_path}/no_floating.yml\""
Comment thread contrib/terraform/openstack/modules/compute/main.tf

provisioner "local-exec" {
command = "%{if each.value.floating_ip}sed s/USER/${var.ssh_user}/ ${path.module}/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element(concat(var.bastion_fips, [for key, value in var.k8s_masters_fips : value.address]), 0)}/ > ${var.group_vars_path}/no_floating.yml%{else}true%{endif}"
command = "%{if each.value.floating_ip}mkdir -p \"${var.group_vars_path}\" && sed s/USER/${var.ssh_user}/ \"${path.module}/ansible_bastion_template.txt\" | sed s/BASTION_ADDRESS/${element(concat(var.bastion_fips, [for key, value in var.k8s_masters_fips : value.address]), 0)}/ > \"${var.group_vars_path}/no_floating.yml\"%{else}true%{endif}"
Comment thread contrib/terraform/openstack/modules/compute/main.tf

provisioner "local-exec" {
command = "sed -e s/USER/${var.ssh_user}/ -e s/BASTION_ADDRESS/${element(concat(var.bastion_fips, var.k8s_master_fips), 0)}/ ${path.module}/ansible_bastion_template.txt > ${var.group_vars_path}/no_floating.yml"
command = "mkdir -p \"${var.group_vars_path}\" && sed -e s/USER/${var.ssh_user}/ -e s/BASTION_ADDRESS/${element(concat(var.bastion_fips, var.k8s_master_fips), 0)}/ \"${path.module}/ansible_bastion_template.txt\" > \"${var.group_vars_path}/no_floating.yml\""
Comment thread contrib/terraform/openstack/modules/compute/main.tf

provisioner "local-exec" {
command = "sed -e s/USER/${var.ssh_user}/ -e s/BASTION_ADDRESS/${element(concat(var.bastion_fips, var.k8s_node_fips), 0)}/ ${path.module}/ansible_bastion_template.txt > ${var.group_vars_path}/no_floating.yml"
command = "mkdir -p \"${var.group_vars_path}\" && sed -e s/USER/${var.ssh_user}/ -e s/BASTION_ADDRESS/${element(concat(var.bastion_fips, var.k8s_node_fips), 0)}/ \"${path.module}/ansible_bastion_template.txt\" > \"${var.group_vars_path}/no_floating.yml\""
Comment thread contrib/terraform/openstack/modules/compute/main.tf

provisioner "local-exec" {
command = "%{if each.value.floating_ip}sed -e s/USER/${var.ssh_user}/ -e s/BASTION_ADDRESS/${element(concat(var.bastion_fips, [for key, value in var.k8s_nodes_fips : value.address]), 0)}/ ${path.module}/ansible_bastion_template.txt > ${var.group_vars_path}/no_floating.yml%{else}true%{endif}"
command = "%{if each.value.floating_ip}mkdir -p \"${var.group_vars_path}\" && sed -e s/USER/${var.ssh_user}/ -e s/BASTION_ADDRESS/${element(concat(var.bastion_fips, [for key, value in var.k8s_nodes_fips : value.address]), 0)}/ \"${path.module}/ansible_bastion_template.txt\" > \"${var.group_vars_path}/no_floating.yml\"%{else}true%{endif}"
Comment thread contrib/terraform/openstack/modules/compute/main.tf

provisioner "local-exec" {
command = "%{if each.value.floating_ip}sed s/USER/${var.ssh_user}/ ${path.module}/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element(concat(var.bastion_fips, [for key, value in var.k8s_masters_fips : value.address]), 0)}/ > ${var.group_vars_path}/no_floating.yml%{else}true%{endif}"
command = "%{if each.value.floating_ip}mkdir -p \"${var.group_vars_path}\" && sed s/USER/${var.ssh_user}/ \"${path.module}/ansible_bastion_template.txt\" | sed s/BASTION_ADDRESS/${element(concat(var.bastion_fips, [for key, value in var.k8s_masters_fips : value.address]), 0)}/ > \"${var.group_vars_path}/no_floating.yml\"%{else}true%{endif}"
@yankay
Copy link
Copy Markdown
Member

yankay commented May 26, 2026

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@tico88612 tico88612 Awaiting requested review from tico88612

@yankay yankay Awaiting requested review from yankay

Assignees

No one assigned

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

OpenStack Terraform fails to create no_floating.yml when using terraform -chdir due to relative group_vars_path

4 participants

@pushpak-23 @k8s-ci-robot @yankay