fix: update terraform with newer version (#24284)

The terraform shipped with snap (in the older version of Ubuntu)
only supported public key encryption with ssh-rsa. New versions
of Linux started deprecating ssh-rsa, so this version bump
is required.
pull/24299/head
Brandon Pfeifer 2023-06-13 16:55:37 -04:00 committed by GitHub
parent 2f3733c2cb
commit b352a179a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 20 deletions

View File

@ -22,11 +22,11 @@ executors:
resource_class: large
linux-amd64:
machine:
image: ubuntu-2004:202107-02
image: ubuntu-2204:current
resource_class: large
linux-arm64:
machine:
image: ubuntu-2004:202101-01
image: ubuntu-2204:current
resource_class: arm.large
darwin:
macos:
@ -503,8 +503,8 @@ jobs:
name: Install Package Dependencies
command: |
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install --yes \
sudo -E apt-get update
sudo -E apt-get install --yes \
build-essential \
git \
rpm \
@ -664,7 +664,7 @@ jobs:
- checkout
- add_ssh_keys:
fingerprints:
- "91:0a:5b:a7:f9:46:77:f3:5d:4a:cf:d2:44:c8:2c:5a"
- 3a:d1:7a:b7:57:d7:85:0b:76:79:85:51:38:f3:e4:67
- terraform/validate:
path: scripts/ci/
- run:
@ -720,7 +720,7 @@ jobs:
# To ssh into aws without failing host key checks
- add_ssh_keys:
fingerprints:
- "91:0a:5b:a7:f9:46:77:f3:5d:4a:cf:d2:44:c8:2c:5a"
- 3a:d1:7a:b7:57:d7:85:0b:76:79:85:51:38:f3:e4:67
- run:
name: Set up AWS CLI
command: |
@ -758,7 +758,7 @@ jobs:
- checkout
- add_ssh_keys:
fingerprints:
- "91:0a:5b:a7:f9:46:77:f3:5d:4a:cf:d2:44:c8:2c:5a"
- 3a:d1:7a:b7:57:d7:85:0b:76:79:85:51:38:f3:e4:67
- run:
name: Destroy AWS instances with datestring more than a day old
no_output_timeout: 20m
@ -978,24 +978,18 @@ jobs:
/tmp/workspace/artifacts/influxdb2*-arm64.deb
check_package_rpm:
executor: linux-amd64
parameters:
arch:
type: string
executor: linux-amd64
steps:
- attach_workspace:
at: /tmp/workspace
- checkout
- run:
name: Install Dependencies
command: |
sudo snap install --classic terraform
- add_ssh_keys:
fingerprints:
- "91:0a:5b:a7:f9:46:77:f3:5d:4a:cf:d2:44:c8:2c:5a"
- run:
name: Validate RPM Package
command: |
export AWS_ACCESS_KEY_ID=$TEST_AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY=$TEST_AWS_SECRET_ACCESS_KEY
.circleci/scripts/package-validation/redhat << parameters.arch >> /tmp/workspace/artifacts/influxdb2*.<< parameters.arch >>.rpm
- 3a:d1:7a:b7:57:d7:85:0b:76:79:85:51:38:f3:e4:67
- checkout
- run: |
AWS_ACCESS_KEY_ID=$TEST_AWS_ACCESS_KEY_ID \
AWS_SECRET_ACCESS_KEY=$TEST_AWS_SECRET_ACCESS_KEY \
.circleci/scripts/package-validation/redhat << parameters.arch >> /tmp/workspace/artifacts/influxdb2*.<< parameters.arch >>.rpm

View File

@ -63,6 +63,30 @@ trap "terraform_free \"${arch}\" \"${package}\"" \
ERR \
EXIT
function terraform_setup()
{
# TODO(bnpfeife): remove this once the executor is updated.
#
# Unfortunately, terraform provided by the CircleCI executor is *terribly*
# out of date. Most Linux distributions are disabling "ssh-rsa" public key
# algorithms which this uses to remote into the ec2 instance . This
# installs the latest version of terraform.
#
# Addendum: the "terraform_version" CircleCI option is broken!
sudo tee /etc/apt/sources.list.d/hashicorp.list <<EOF >/dev/null || true
deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main
EOF
curl -fL https://apt.releases.hashicorp.com/gpg | gpg --dearmor | \
sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg >/dev/null
export DEBIAN_FRONTEND=noninteractive
sudo -E apt-get update
sudo -E apt-get install --yes terraform
}
terraform_setup
terraform_init "${arch}" "${package}"
printf 'Setup complete! Testing %s... (this takes several minutes!)' "${1}"