Quite frequently, you will require some random data to be generated. This could be default password for a database or a random hostname for your servers. Terraform has random provider that solves this problem.
Of course, completely random values are harmful for Terraform. That's why, the random_id resource generates random string only on creation and then value is kept during updates (unless you change the configuration of this resource). Imagine that we want to pass random hostname to the previously configured template_file user data. We could do it as follows:
resource "random_id" "hostname" {
byte_length = 4
}
data "template_file" "user_data" {
template = "${file("${path.module}/user_data.sh.tpl")}"
vars {
packages = "${var.extra_packages}"
nameserver = "${var.external_nameserver}"
hostname = "${random_id.hostname.b64}"
}
}
Then, the actual script can use the hostname variable to set the hostname of the machine. If you want to have more control over when exactly random_id is recreated (and thus value is regenerated), then you can specify keepers parameter. keepers are stored in map, and when value of one of the keys is changed, then random value is regenerated. For example, take a look at the AMI ID keepers:
resource "random_id" "hostname" {
keepers {
ami_id = "${data.aws_ami.app-ami.id}"
}
byte_length = 4
}
Thus, if new AMI is there, then instance will be recreated and new hostname is required.
In addition, there is a random_shuffle resource that will return a randomly ordered list of items from the original list you provide. You could even use it together with the hostname generator we saw in the preceding example:
resource "random_shuffle" "hostname_creature" {
input = ["griffin", "gargoyle", "dragon"]
result_count = 1
}
resource "random_id" "hostname_random" {
byte_length = 4
}
data "template_file" "user_data" {
template = "${file("${path.module}/user_data.sh.tpl")}"
vars {
packages = "${var.extra_packages}"
nameserver = "${var.external_nameserver}"
hostname = "${random_shuffle.hostname_creature.result[0]}${random_id.hostname.b64}"
}
}
That's the complete random hostnames generator in a handful of lines of code right there!
Another important Terraform provider we most probably requires is a TLS provider. The resources of this provider are used to generate Transport Layer Security keys and certificates. It's a very handy way to generate few secret keys though you must keep in mind that they will end up in your state file. Because of this, Terraform authors themselves do not recommend using it for production deployment
There are four resources you can use, as follows:
tls_private_keytls_self_signed_certtls_locally_signed_certtls_cert_request
Their usage is well-documented in official Terraform documentation; let's just take a look at simplest one:
resource "tls_private_key" "example" {
algorithm = "ECDSA"
ecdsa_curve = "P384"
}
It will generate both private and public key and you could use it to get initial SSH connection to the server.
As we know, the number of providers and resources in Terraform is growing fast and not all of them are purely external service providers. There is a still small set of useful providers to generate some data. There are not that many ways to attach more powerful configuration stores, though. Well, except for the one: Consul.