hashicorp · brewgator · Aug 14, 2025 · Aug 12, 2025 · Aug 14, 2025
@@ -46,40 +46,44 @@ module "install_packages" {
   packages = var.packages
 }
 
-# Creating OpenLDAP Server
+# Creating OpenLDAP Server using generic container script
 resource "enos_remote_exec" "setup_openldap" {
   depends_on = [module.install_packages]
 
+  scripts = [abspath("${path.module}/scripts/start-container.sh")]
+
   environment = {
-    LDAP_CONTAINER_VERSION = local.ldap_server.version
-    LDAP_DOMAIN            = local.ldap_server.domain
-    LDAP_ORG               = local.ldap_server.org
-    LDAP_ADMIN_PW          = local.ldap_server.admin_pw
-    LDAP_IP_ADDRESS        = local.test_server_address
-    LDAP_PORT              = local.ldap_server.port
-    LDAPS_PORT             = local.ldap_server.secure_port
+    CONTAINER_IMAGE = "docker.io/osixia/openldap:${local.ldap_server.version}"
+    CONTAINER_NAME  = "openldap"
+    CONTAINER_PORTS = "${local.ldap_server.port},${local.ldap_server.secure_port}"
+    CONTAINER_ENVS  = "LDAP_ORGANISATION=${local.ldap_server.org},LDAP_DOMAIN=${local.ldap_server.domain},LDAP_ADMIN_PASSWORD=${local.ldap_server.admin_pw}"
   }
 
-  scripts = [abspath("${path.module}/scripts/set-up-openldap.sh")]
-
   transport = {
     ssh = {
       host = local.ldap_server.host.public_ip
     }
   }
 }
 
-# Creating KMIP Server
+# Creating KMIP Server using generic container script
 resource "enos_remote_exec" "create_kmip" {
   depends_on = [module.install_packages]
 
+  inline = [
+    "mkdir -p /tmp/kmip_temp"
+  ]
+
+  scripts = [abspath("${path.module}/scripts/start-container.sh")]
+
   environment = {
-    VAULT_ADDR = var.ip_version == "6" ? var.hosts[0].ipv6 : var.hosts[0].public_ip
-    KMIP_PORT  = var.ports.kmip.port
+    CONTAINER_IMAGE   = "docker.io/percona/percona-server:8.0"
+    CONTAINER_NAME    = "kmip"
+    CONTAINER_VOLUMES = "/tmp/kmip_temp:/TEMP_DIR"
+    CONTAINER_ENVS    = "KMIP_ADDR=${local.test_server_address},MYSQL_ROOT_PASSWORD=testpassword"
+    CONTAINER_ARGS    = "--port ${var.ports.kmip.port}"
   }
 
-  scripts = [abspath("${path.module}/scripts/setup_kmip.sh")]
-
   transport = {
     ssh = {
       host = local.kmip_client.host.public_ip

@@ -0,0 +1,171 @@
+#!/usr/bin/env bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+set -e
+
+fail() {
+    echo "$1" 1>&2
+    exit 1
+}
+
+show_help() {
+    cat << EOF
+Usage: $0 --image IMAGE [OPTIONS]
+
+Required:
+  --image IMAGE         Docker image to run (e.g., osixia/openldap:latest)
+
+Optional:
+  --name NAME           Container name (default: auto-generated)
+  --port PORT[:HOST_PORT]  Port mapping (can be used multiple times)
+  --env KEY=VALUE       Environment variable (can be used multiple times)
+  --volume SRC:DEST     Volume mount (can be used multiple times)
+  --container-cmd CMD   Container command (default: sudo podman)
+  --args ARGS           Additional arguments to pass to container run command
+  --help               Show this help message
+
+Examples:
+  # Basic LDAP setup
+  $0 --image osixia/openldap:latest --port 389 --port 636 --name openldap \\
+     --env LDAP_ORGANISATION="My Org" --env LDAP_DOMAIN="example.com"
+
+  # KMIP/Percona setup
+  $0 --image percona/percona-server:8.0 --name kmip \\
+     --volume "\$(pwd)":/TEMP_DIR --env MYSQL_ROOT_PASSWORD=testpassword \\
+     --args "--port 3306"
+
+EOF
+}
+
+# Default values
+CONTAINER_CMD="sudo podman"
+NAME=""
+DOCKER_IMAGE=""
+PORTS=()
+ENVS=()
+VOLUMES=()
+ADDITIONAL_ARGS=""
+
+# Check for environment variable configuration (Terraform style)
+if [[ -n "${CONTAINER_IMAGE}" ]]; then
+    DOCKER_IMAGE="${CONTAINER_IMAGE}"
+fi
+
+if [[ -n "${CONTAINER_NAME}" ]]; then
+    NAME="${CONTAINER_NAME}"
+fi
+
+if [[ -n "${CONTAINER_PORTS}" ]]; then
+    IFS=',' read -ra PORT_ARRAY <<< "${CONTAINER_PORTS}"
+    PORTS=("${PORT_ARRAY[@]}")
+fi
+
+if [[ -n "${CONTAINER_ENVS}" ]]; then
+    IFS=',' read -ra ENV_ARRAY <<< "${CONTAINER_ENVS}"
+    ENVS=("${ENV_ARRAY[@]}")
+fi
+
+if [[ -n "${CONTAINER_VOLUMES}" ]]; then
+    IFS=',' read -ra VOL_ARRAY <<< "${CONTAINER_VOLUMES}"
+    VOLUMES=("${VOL_ARRAY[@]}")
+fi
+
+if [[ -n "${CONTAINER_ARGS}" ]]; then
+    ADDITIONAL_ARGS="${CONTAINER_ARGS}"
+fi
+
+# Parse command line arguments (these will override environment variables)
+while [[ $# -gt 0 ]]; do
+    case $1 in
+    --image)
+        DOCKER_IMAGE="$2"
+        shift 2
+        ;;
+    --name)
+        NAME="$2"
+        shift 2
+        ;;
+    --port)
+        PORTS+=("$2")
+        shift 2
+        ;;
+    --env)
+        ENVS+=("$2")
+        shift 2
+        ;;
+    --volume)
+        VOLUMES+=("$2")
+        shift 2
+        ;;
+    --container-cmd)
+        CONTAINER_CMD="$2"
+        shift 2
+        ;;
+    --args)
+        ADDITIONAL_ARGS="$2"
+        shift 2
+        ;;
+    --help | -h)
+        show_help
+        exit 0
+        ;;
+    *)
+        fail "Unknown option: $1. Use --help for usage information."
+        ;;
+  esac
+done
+
+# Validate required parameters
+[[ -z "${DOCKER_IMAGE}" ]] && fail "Docker image is required. Use --image to specify."
+
+# Generate container name if not provided
+if [[ -z "${NAME}" ]]; then
+    NAME=$(echo "${DOCKER_IMAGE}" | sed 's/.*\///' | sed 's/:.*$//')
+    echo "Using auto-generated container name: ${NAME}"
+fi
+
+# Pull the Docker image
+echo "Pulling image: ${DOCKER_IMAGE}"
+${CONTAINER_CMD} pull "${DOCKER_IMAGE}"
+
+# Build the run command
+RUN_CMD="${CONTAINER_CMD} run -d --name ${NAME}"
+
+# Add port mappings
+for port in "${PORTS[@]}"; do
+  if [[ "${port}" == *":"* ]]; then
+        # Port mapping format: host_port:container_port
+        RUN_CMD="${RUN_CMD} -p ${port}"
+  else
+        # Same port for host and container
+        RUN_CMD="${RUN_CMD} -p ${port}:${port}"
+  fi
+done
+
+# Add environment variables
+for env in "${ENVS[@]}"; do
+    RUN_CMD="${RUN_CMD} -e ${env}"
+done
+
+# Add volume mounts
+for volume in "${VOLUMES[@]}"; do
+    RUN_CMD="${RUN_CMD} --volume ${volume}"
+done
+
+# Add the image
+RUN_CMD="${RUN_CMD} ${DOCKER_IMAGE}"
+
+# Add any additional arguments
+if [[ -n "${ADDITIONAL_ARGS}" ]]; then
+    RUN_CMD="${RUN_CMD} ${ADDITIONAL_ARGS}"
+fi
+
+# Execute the run command
+echo "Starting container with command:"
+echo "${RUN_CMD}"
+echo ""
+
+eval "${RUN_CMD}"
+
+echo "${NAME} container is now running!"
@@ -15,18 +15,22 @@ fail() {
 [[ -z "${KMIP_PORT}" ]] && fail "KMIP_PORT env variable has not been set"
 
 cd ~ || fail "Failed to change directory to home"
-echo "${SERVER_CA}" > TEMP_DIR/vault-ca.pem
-echo "${CLIENT_CA}" > TEMP_DIR/client.pem
+TEMP_DIR=/tmp/kmip_temp
+mkdir -p "${TEMP_DIR}" || fail "Failed to create temporary directory"
+
+echo "${SERVER_CA}" > "${TEMP_DIR}"/vault-ca.pem
+echo "${CLIENT_CA}" > "${TEMP_DIR}"/client.pem
 
 # Extract certificate and key from client bundle
-cd TEMP_DIR
+cd "${TEMP_DIR}" || fail "Failed to change directory to ${TEMP_DIR}"
+
 # Assuming CLIENT_CA contains both cert and key, split them
 csplit -f client- client.pem '/-----BEGIN.*PRIVATE KEY-----/' '{*}'
 mv client-00 cert.pem
 mv client-01 key.pem
 
-# Connect to the Percona Docker container
-CONTAINER_CMD="sudo docker"
+# Connect to the Percona KMIP Docker container and configure it
+CONTAINER_CMD="sudo podman"
 KMIP_DOCKER_NAME="kmip"
 
 # Create MySQL data directory
@@ -38,6 +42,6 @@ ${CONTAINER_CMD} exec -d "${KMIP_DOCKER_NAME}" mysqld \
     --early-plugin-load=keyring_kmip.so \
     --keyring_kmip_server_name="${VAULT_ADDR}" \
     --keyring_kmip_server_port="${KMIP_PORT}" \
-    --keyring_kmip_client_ca=/TEMP_DIR/vault-ca.pem \
-    --keyring_kmip_client_key=/TEMP_DIR/key.pem \
-    --keyring_kmip_client_cert=/TEMP_DIR/cert.pem
+    --keyring_kmip_client_ca="${TEMP_DIR}/vault-ca.pem" \
+    --keyring_kmip_client_key="${TEMP_DIR}/key.pem" \
+    --keyring_kmip_client_cert="${TEMP_DIR}/cert.pem"