• Overview
    • Enforce Policy as Code
    • Infrastructure as Code
    • Inject Secrets into Terraform
    • Integrate with Existing Workflows
    • Manage Kubernetes
    • Manage Virtual Machine Images
    • Multi-Cloud Deployment
    • Network Infrastructure Automation
    • Terraform CLI
    • Terraform Cloud
    • Terraform Enterprise
  • Registry
  • Tutorials
    • About the Docs
    • Intro to Terraform
    • Configuration Language
    • Terraform CLI
    • Terraform Cloud
    • Terraform Enterprise
    • Provider Use
    • Plugin Development
    • Registry Publishing
    • Integration Program
    • Terraform Tools
    • CDK for Terraform
    • Glossary
  • Community
GitHubTerraform Cloud
Download

    Terraform Language

  • Overview
  • Attributes as Blocks - Configuration Language
  • Terraform v1.0 Compatibility Promises
    • Overview
    • Override Files
    • Dependency Lock File
    • Overview
    • Configuration Syntax
    • JSON Configuration Syntax
    • Style Conventions
    • Overview
    • Resource Blocks
    • Resource Behavior
      • depends_on
      • count
      • for_each
      • provider
      • lifecycle
      • Declaring Provisioners
      • Provisioner Connections
      • Provisioners Without a Resource
      • file
      • local-exec
      • remote-exec

      • chef
      • habitat
      • puppet
      • salt-masterless
  • Data Sources
    • count
    • depends_on
    • for_each
    • lifecycle
    • providers
    • provider
    • Overview
    • Provider Configuration
    • Provider Requirements
    • Dependency Lock File
    • Overview
    • Input Variables
    • Output Values
    • Local Values
    • Overview
    • Module Blocks
    • Module Sources
      • providers
      • depends_on
      • count
      • for_each
      • Overview
      • Standard Module Structure
      • Providers Within Modules
      • Best Practices: Module Composition
      • Publishing Modules
      • Refactoring Modules
    • Module Testing Experiment
    • Overview
    • Types and Values
    • Strings and Templates
    • References to Values
    • Operators
    • Function Calls
    • Conditional Expressions
    • For Expressions
    • Splat Expressions
    • Dynamic Blocks
    • Custom Condition Checks
    • Type Constraints
    • Version Constraints
    • Overview
      • abs
      • ceil
      • floor
      • log
      • max
      • min
      • parseint
      • pow
      • signum
      • chomp
      • format
      • formatlist
      • indent
      • join
      • lower
      • regex
      • regexall
      • replace
      • split
      • strrev
      • substr
      • title
      • trim
      • trimprefix
      • trimsuffix
      • trimspace
      • upper
      • alltrue
      • anytrue
      • chunklist
      • coalesce
      • coalescelist
      • compact
      • concat
      • contains
      • distinct
      • element
      • flatten
      • index
      • keys
      • length
      • list
      • lookup
      • map
      • matchkeys
      • merge
      • one
      • range
      • reverse
      • setintersection
      • setproduct
      • setsubtract
      • setunion
      • slice
      • sort
      • sum
      • transpose
      • values
      • zipmap
      • base64decode
      • base64encode
      • base64gzip
      • csvdecode
      • jsondecode
      • jsonencode
      • textdecodebase64
      • textencodebase64
      • urlencode
      • yamldecode
      • yamlencode
      • abspath
      • dirname
      • pathexpand
      • basename
      • file
      • fileexists
      • fileset
      • filebase64
      • templatefile
      • formatdate
      • timeadd
      • timestamp
      • base64sha256
      • base64sha512
      • bcrypt
      • filebase64sha256
      • filebase64sha512
      • filemd5
      • filesha1
      • filesha256
      • filesha512
      • md5
      • rsadecrypt
      • sha1
      • sha256
      • sha512
      • uuid
      • uuidv5
      • cidrhost
      • cidrnetmask
      • cidrsubnet
      • cidrsubnets
      • can
      • defaults
      • nonsensitive
      • sensitive
      • tobool
      • tolist
      • tomap
      • tonumber
      • toset
      • tostring
      • try
      • type
    • abs
    • abspath
    • alltrue
    • anytrue
    • base64decode
    • base64encode
    • base64gzip
    • base64sha256
    • base64sha512
    • basename
    • bcrypt
    • can
    • ceil
    • chomp
    • chunklist
    • cidrhost
    • cidrnetmask
    • cidrsubnet
    • cidrsubnets
    • coalesce
    • coalescelist
    • compact
    • concat
    • contains
    • csvdecode
    • defaults
    • dirname
    • distinct
    • element
    • file
    • filebase64
    • filebase64sha256
    • filebase64sha512
    • fileexists
    • filemd5
    • fileset
    • filesha1
    • filesha256
    • filesha512
    • flatten
    • floor
    • format
    • formatdate
    • formatlist
    • indent
    • index
    • join
    • jsondecode
    • jsonencode
    • keys
    • length
    • list
    • log
    • lookup
    • lower
    • map
    • matchkeys
    • max
    • md5
    • merge
    • min
    • nonsensitive
    • one
    • parseint
    • pathexpand
    • pow
    • range
    • regex
    • regexall
    • replace
    • reverse
    • rsadecrypt
    • sensitive
    • setintersection
    • setproduct
    • setsubtract
    • setunion
    • sha1
    • sha256
    • sha512
    • signum
    • slice
    • sort
    • split
    • strrev
    • substr
    • sum
    • templatefile
    • textdecodebase64
    • textencodebase64
    • timeadd
    • timestamp
    • title
    • tobool
    • tolist
    • tomap
    • tonumber
    • toset
    • tostring
    • transpose
    • trim
    • trimprefix
    • trimspace
    • trimsuffix
    • try
    • type
    • upper
    • urlencode
    • uuid
    • uuidv5
    • values
    • yamldecode
    • yamlencode
    • zipmap
    • Overview
    • Terraform Cloud
      • Backend Configuration
        • local
        • remote
        • artifactory
        • azurerm
        • consul
        • cos
        • etcd
        • etcdv3
        • gcs
        • http
        • Kubernetes
        • manta
        • oss
        • pg
        • s3
        • swift
      • local
      • remote
      • artifactory
      • azurerm
      • consul
      • cos
      • etcd
      • etcdv3
      • gcs
      • http
      • Kubernetes
      • manta
      • oss
      • pg
      • s3
      • swift
    • Overview
    • Purpose
    • The terraform_remote_state Data Source
    • Backends: State Storage and Locking
    • Import Existing Resources
    • Locking
    • Workspaces
    • Remote State
    • Sensitive Data
    • Overview
    • Upgrading to Terraform v1.2
    • Upgrading to Terraform v1.1
    • Upgrading to Terraform v1.0
    • v1.0 Compatibility Promises
    • Upgrading to Terraform v0.15
    • Upgrading to Terraform v0.14
    • Upgrading to Terraform v0.13
    • Upgrading to Terraform v0.12
    • Upgrading to Terraform v0.11
    • Upgrading to Terraform v0.10
    • Upgrading to Terraform v0.9
    • Upgrading to Terraform v0.8
    • Upgrading to Terraform v0.7
    • Overview
    • Load Order and Semantics
    • Configuration Syntax
    • Interpolation Syntax
    • Overrides
    • Resources
    • Data Sources
    • Providers
    • Variables
    • Outputs
    • Local Values
    • Modules
    • Terraform
    • Provisioners
    • Providers
    • Terraform Push (deprecated)
    • Environment Variables

  • Terraform Internals

  • Other Docs

  • Intro to Terraform
  • Configuration Language
  • Terraform CLI
  • Terraform Cloud
  • Terraform Enterprise
  • Provider Use
  • Plugin Development
  • Registry Publishing
  • Integration Program
  • Terraform Tools
  • CDK for Terraform
  • Glossary
Type '/' to Search

»Habitat Provisioner

The habitat provisioner installs the Habitat supervisor and loads configured services. This provisioner only supports Linux targets using the ssh connection type at this time.

Warning: This provisioner was removed in the 0.15.0 version of Terraform after being deprecated as of Terraform 0.13.4. Provisioners should also be a last resort. There are better alternatives for most situations. Refer to Declaring Provisioners for more details.

»Requirements

The habitat provisioner has some prerequisites for specific connection types:

  • For ssh type connections, we assume a few tools to be available on the remote host:
    • curl
    • tee
    • setsid - Only if using the unmanaged service type.

Without these prerequisites, your provisioning execution will fail.

»Example usage

resource "aws_instance" "redis" {
  count = 3

  provisioner "habitat" {
    peers = [aws_instance.redis[0].private_ip]
    use_sudo = true
    service_type = "systemd"
    accept_license = true

    service {
      name = "core/redis"
      topology = "leader"
      user_toml = file("conf/redis.toml")
    }
  }
}

resource "aws_instance" "redis" {
  count = 3

  provisioner "habitat" {
    peers = [aws_instance.redis[0].private_ip]
    use_sudo = true
    service_type = "systemd"
    accept_license = true

    service {
      name = "core/redis"
      topology = "leader"
      user_toml = file("conf/redis.toml")
    }
  }
}

»Argument Reference

There are 2 configuration levels, supervisor and service. Configuration placed directly within the provisioner block are supervisor configurations, and a provisioner can define zero or more services to run, and each service will have a service block within the provisioner. A service block can also contain zero or more bind blocks to create service group bindings.

»Supervisor Arguments

  • accept_license (bool) - (Required) Set to true to accept Habitat end user license agreement
  • version (string) - (Optional) The Habitat version to install on the remote machine. If not specified, the latest available version is used.
  • auto_update (bool) - (Optional) If set to true, the supervisor will auto-update itself as soon as new releases are available on the specified channel.
  • http_disable (bool) - (Optional) If set to true, disables the supervisor HTTP listener entirely.
  • peer (string) - (Optional, deprecated) IP addresses or FQDN's for other Habitat supervisors to peer with, like: --peer 1.2.3.4 --peer 5.6.7.8. (Defaults to none)
  • peers (array) - (Optional) A list of IP or FQDN's of other supervisor instance(s) to peer with. (Defaults to none)
  • service_type (string) - (Optional) Method used to run the Habitat supervisor. Valid options are unmanaged and systemd. (Defaults to systemd)
  • service_name (string) - (Optional) The name of the Habitat supervisor service, if using an init system such as systemd. (Defaults to hab-supervisor)
  • use_sudo (bool) - (Optional) Use sudo when executing remote commands. Required when the user specified in the connection block is not root. (Defaults to true)
  • permanent_peer (bool) - (Optional) Marks this supervisor as a permanent peer. (Defaults to false)
  • listen_ctl (string) - (Optional) The listen address for the countrol gateway system (Defaults to 127.0.0.1:9632)
  • listen_gossip (string) - (Optional) The listen address for the gossip system (Defaults to 0.0.0.0:9638)
  • listen_http (string) - (Optional) The listen address for the HTTP gateway (Defaults to 0.0.0.0:9631)
  • ring_key (string) - (Optional) The name of the ring key for encrypting gossip ring communication (Defaults to no encryption)
  • ring_key_content (string) - (Optional) The key content. Only needed if using ring encryption and want the provisioner to take care of uploading and importing it. Easiest to source from a file (eg ring_key_content = "${file("conf/foo-123456789.sym.key")}") (Defaults to none)
  • ctl_secret (string) - (Optional) Specify a secret to use (from hab sup secret generate) for control gateway communication between hab client(s) and the supervisor. (Defaults to none)
  • url (string) - (Optional) The URL of a Builder service to download packages and receive updates from. (Defaults to https://bldr.habitat.sh)
  • channel (string) - (Optional) The release channel in the Builder service to use. (Defaults to stable)
  • events (string) - (Optional) Name of the service group running a Habitat EventSrv to forward Supervisor and service event data to. (Defaults to none)
  • organization (string) - (Optional) The organization that the Supervisor and it's subsequent services are part of. (Defaults to default)
  • gateway_auth_token (string) - (Optional) The http gateway authorization token (Defaults to none)
  • builder_auth_token (string) - (Optional) The builder authorization token when using a private origin. (Defaults to none)

»Service Arguments

  • name (string) - (Required) The Habitat package identifier of the service to run. (ie core/haproxy or core/redis/3.2.4/20171002182640)
  • binds (array) - (Optional) An array of bind specifications. (ie binds = ["backend:nginx.default"])
  • bind - (Optional) An alternative way of declaring binds. This method can be easier to deal with when populating values from other values or variable inputs without having to do string interpolation. The following example is equivalent to binds = ["backend:nginx.default"]:
bind {
  alias = "backend"
  service = "nginx"
  group = "default"
}
bind {
  alias = "backend"
  service = "nginx"
  group = "default"
}
  • topology (string) - (Optional) Topology to start service in. Possible values standalone or leader. (Defaults to standalone)
  • strategy (string) - (Optional) Update strategy to use. Possible values at-once, rolling or none. (Defaults to none)
  • user_toml (string) - (Optional) TOML formatted user configuration for the service. Easiest to source from a file (eg user_toml = "${file("conf/redis.toml")}"). (Defaults to none)
  • channel (string) - (Optional) The release channel in the Builder service to use. (Defaults to stable)
  • group (string) - (Optional) The service group to join. (Defaults to default)
  • url (string) - (Optional) The URL of a Builder service to download packages and receive updates from. (Defaults to https://bldr.habitat.sh)
  • application (string) - (Optional) The application name. (Defaults to none)
  • environment (string) - (Optional) The environment name. (Defaults to none)
  • service_key (string) - (Optional) The key content of a service private key, if using service group encryption. Easiest to source from a file (eg service_key = "${file("conf/redis.default@org-123456789.box.key")}") (Defaults to none)
github logoEdit this page
  • Overview
  • Docs
  • Extend
  • Privacy
  • Security
  • Press Kit
  • Consent Manager