comment on test template equal to final config

Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>

deployment/check/data-model-tf-proxmox/nixosTest.nix

@@ -15,7 +15,6 @@ let
     TF_HTTP_UNLOCK_ADDRESS = TF_HTTP_ADDRESS;
     TF_HTTP_ADDRESS = "http://localhost:${backendPort}/state/${fragment}";
   };
-  # FIXME generate the image `nixos-generate` was to make, but now do it for a desired `-c configuration.nix` rather than whatever generic thing now
   template-deployment =
     (import ./setups/template.nix {
       inherit sources system modulesPath;
@@ -35,6 +34,8 @@ let
         inherit (import ./constants.nix) pathToRoot;
         nodeName = "pve";
         targetSystem = system;
+        # for the test use the proxmox host as jump host,
+        # as we have no static IPs the deployer can reach the deployed VM on
         sshOpts = [
           "ProxyCommand=ssh -W %h:%p pve"
         ];
@@ -159,6 +160,7 @@ in
         enable = true;
         settings = {
           LISTEN_ADDR = ":${backendPort}";
+          # FIXME randomly generate this
           KMS_KEY = "tsjxw9NjKUBUlzbTnD7orqIAdEmpGYRARvxD51jtY+o=";
         };
       };
@@ -172,9 +174,10 @@ in
 
     cert = pve.succeed("cat /etc/pve/pve-root-ca.pem").strip()
 
-    # set up proxmox
+    pve.succeed("pvesh create /pools --poolid Fediversity")
+
+    # allow upload of `import` (template) files
     pve.succeed("""
-      pvesh create /pools --poolid Fediversity
       pvesh set /storage/local --content "vztmpl,rootdir,backup,snippets,import,iso,images" 1>/dev/null
     """)
 

deployment/check/data-model-tf-proxmox/setups/template.nix

@@ -62,6 +62,7 @@ in
         type = env.resource-mapping.output-type;
         default = env.deployment {
           deployment-name = "default";
+          # normally our template is distinct, but our test cannot download build deps due to sandboxing
           configuration = config."example-configuration";
         };
       };

deployment/data-model.nix

@@ -332,7 +332,7 @@ let
                   inherit sources system;
                   configuration = tf-host.config.nixos-configuration;
                 };
-                name = "monkey";
+                name = "fediversity-template";
 
                 # worse for cross-compilation, better for pre-/post-processing, needs manual `imageSize`, random failures: https://github.com/nix-community/disko/issues/550#issuecomment-2503736973
                 raw = "${machine.config.system.build.diskoImages}/main.raw";
@@ -367,10 +367,12 @@ let
 
                   ls -l ${raw} >&2
                   ls -l /tmp/${name}.qcow2 >&2
+                  checksum="$(sha256sum /tmp/${name}.qcow2 | cut -d " " -f1)"
 
                   env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
                   ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
                   TF_VAR_image=/tmp/${name}.qcow2 \
+                  TF_VAR_checksum="$checksum" \
                   tf_env=${tf-env} bash ./deployment/run/tf-proxmox-template/run.sh
                 '';
           };

deployment/run/tf-proxmox-template/main.tf

@@ -30,21 +30,11 @@ data "external" "hash" {
   program = ["sh", "-c", "echo \"{\\\"hash\\\":\\\"$(nix-hash ../../..)\\\"}\""]
 }
 
-# FIXME (un)stream
-# FIXME handle known-hosts in TF state
-# FIXME move to host
-# FIXME switch to base image shared between jobs as upload seems a bottleneck? e.g. by:
-# - recursive TF
-# - hash in name over overwrite
-# won't notice file changes: https://github.com/bpg/terraform-provider-proxmox/issues/677
 resource "proxmox_virtual_environment_file" "upload" {
   depends_on = [
     data.external.hash,
   ]
   content_type = "import"
-  # https://192.168.51.81:8006/#v1:0:=storage%2Fnode051%2Flocal:4::=contentIso:::::
-  # PVE -> Datacenter -> Storage -> local -> Edit -> General -> Content -> check Import + Disk Images -> OK
-  # that UI action also adds it in `/etc/pve/storage.cfg`
   datastore_id = var.image_datastore_id
   node_name    = var.node_name
   overwrite = true
@@ -53,8 +43,7 @@ resource "proxmox_virtual_environment_file" "upload" {
   source_file {
     path = var.image
     file_name = local.dump_name
-    # FIXME compute and pass hash (so identical builds don't trigger drift)
+    checksum = var.checksum
-    # checksum = "sha256"
   }
 }
 

deployment/run/tf-proxmox-template/variables.tf

@@ -24,3 +24,8 @@ variable "category" {
   description = "Category to be used in naming the base image."
   default = "test"
 }
+
+variable "checksum" {
+  type = string
+  description = "The SHA256 checksum of the source file."
+}

deployment/run/tf-proxmox-vm/main.tf

@@ -14,15 +14,10 @@ provider "proxmox" {
   endpoint = "https://${var.host}:8006/"
 
   # used only for files and creating custom disks
+  # FIXME handle known-hosts in TF state
   ssh {
     agent = true
-    # uncomment and configure if using api_token instead of password
     username = "root"
-    # node {
-    #   name = "${var.node_name}"
-    #   address = "${var.host}"
-    #   # port = 22
-    # }
   }
 }
 
@@ -34,8 +29,6 @@ data "external" "hash" {
 
 resource "proxmox_virtual_environment_vm" "nix_vm" {
   lifecycle {
-    # wait, would this not disseminate any changes to this property,
-    # or just defer syncing when only this changed?
     ignore_changes = [
       disk["import_from"],
       initialization,
@@ -117,7 +110,7 @@ resource "null_resource" "await_ssh" {
     proxmox_virtual_environment_vm.nix_vm
   ]
   provisioner "local-exec" {
-    command = "env username='root' host='${proxmox_virtual_environment_vm.nix_vm.ipv4_addresses[1][0]}' key_file=${var.key_file} ssh_opts='${var.ssh_opts}' bash ./await-ssh.sh"
+    command = "env username='root' host='${proxmox_virtual_environment_vm.nix_vm.ipv4_addresses[1][0]}' key_file='${var.key_file}' ssh_opts='${var.ssh_opts}' bash ./await-ssh.sh"
   }
 }