When using terraform to create a swarm on DigitalOcean, how can I pass the join-token to a worker node? I can create a simple 2-node swarm; a manager node and a worker node; but there does not seem to be an efficient way to pass the join-token to the worker node:
*Code snippet manager node*
provisioner "remote-exec" {
inline = [
"sudo ufw allow 2377,7946/tcp",
"sudo ufw allow 4789,7946/udp",
"sudo docker swarm init --advertise-addr ${digitalocean_droplet.manager1.ipv4_address_private}"
]
}
*Code snippet worker node*
provisioner "remote-exec" {
inline = [
"sudo ufw allow 2377,7946/tcp",
"sudo ufw allow 4789,7946/udp",
"docker swarm join --token ${var.worker_token} ${digitalocean_droplet.manager1.ipv4_address_private}:2377"
]
}
If I issue this command: docker swarm join-token -q worker I can display the token, but cannot save it to the variable ${var.worker_token} Example: “docker swarm join-token worker -q > ${var.worker_token}”
Does anyone have some insight on how to assign the output of a command to a variable and reference it later in the terraform plan?
Thank you
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Heya,
an update on an old question in case anyone stumbles upon it
In order to get the join token from the manager node and use it for the worker node in Terraform, you can use the Terraform’s null_resource and the local-exec provisioner along with the remote-exec provisioner.
The local-exec provisioner invokes a local executable after a resource is created and the remote-exec provisioner invokes a remote command. This can be used to extract the swarm join token from the manager node and store it as a file.
Here’s how you can do it:
- First, get the join token from the manager node and store it in a file.
resource "null_resource" "get_swarm_token" {
depends_on = [digitalocean_droplet.manager1]
provisioner "remote-exec" {
inline = ["docker swarm join-token worker -q | tee swarm-worker-token.txt"]
connection {
host = digitalocean_droplet.manager1.ipv4_address
type = "ssh"
user = "root"
private_key = file("~/.ssh/id_rsa")
}
}
}
- Next, use the
local-execprovisioner to read the token from the file and store it in an environment variable. Then use that environment variable in theremote-execfor the worker node.
resource "digitalocean_droplet" "worker1" {
image = "docker-20-04"
name = "worker1"
region = "nyc1"
size = "s-1vcpu-1gb"
ssh_keys = [
var.ssh_fingerprint
]
provisioner "local-exec" {
command = "export WORKER_TOKEN=$(cat swarm-worker-token.txt)"
}
provisioner "remote-exec" {
inline = [
"sudo ufw allow 2377,7946/tcp",
"sudo ufw allow 4789,7946/udp",
"docker swarm join --token $WORKER_TOKEN ${digitalocean_droplet.manager1.ipv4_address_private}:2377"
]
}
}
Please replace the connection parameters and other specifics with your own.
This method will work if the Terraform script is being run on the same machine as the manager node. If you’re running Terraform from a different machine, you’ll need to adjust the solution to copy the token file to that machine using scp or another method.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.