Portal:Cloud VPS/Admin/OpenTofu
This page contains information about how Cloud VPS and the WMCS team have integrated Opentofu to manage infrastructure.
There is no single approach to using opentofu, and depending on the piece of infrastructure, there could be different workflows, repositories and setups involved.
Projects
Some well known opentofu-based projects:
| Name | URL | Docs | Workflow | Other comments |
|---|---|---|---|---|
| tofu-infra | https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/ | Portal:Cloud_VPS/Admin/tofu-infra | based on cookbook | Cloud-wide infra |
| toolforge tofu-provisioning | https://gitlab.wikimedia.org/repos/cloud/toolforge/tofu-provisioning/ | Portal:Toolforge/Admin/tofu-provisioning | based on factorized gitlab CICD | tools / toolsbeta infra |
| networktests tofu-provisioning | https://gitlab.wikimedia.org/repos/cloud/cloud-vps/networktests-tofu-provisioning | Portal:Cloud_VPS/Admin/Network/Tests | based on factorized gitlab CICD | eqiad1 / codfw1dev functional network tests infra |
| metricsinfra tofu-provisioning | https://gitlab.wikimedia.org/repos/cloud/metricsinfra/tofu-provisioning | TBD | other | metricsinfra (prometheus, etc) |
| tofu registry | https://gitlab.wikimedia.org/cloudvps-repos/tofu/tofu-provisioning | TBD | other | the registry for our own Cloud VPS opentofu provider |
Workflows
Some known workflows for opentofu.
based on cookbook
As of this writing this is only used by Portal:Cloud_VPS/Admin/tofu-infra.
based on factorized gitlab CICD
See https://gitlab.wikimedia.org/repos/cloud/cicd/gitlab-ci/-/tree/main/tofu-provisioning
other
There could be other workflows out there, and maybe the reason for them to exists is that they don't fit in other models for whatever reason (secret management?)
See also
- Help:Using OpenTofu on Cloud VPS -- end user docs
- Portal:Cloud VPS/Admin/Service accounts -- about service accounts, often used in some opentofu workflows