Fix OpenStack Terraform group_vars_path handling

[pushpak-23]

/kind bug

What this PR does / why we need it:

Fixes an issue in the OpenStack Terraform provider where local-exec provisioners writing no_floating.yml fail when Terraform is executed using terraform -chdir.

The current implementation writes:

> ${var.group_vars_path}/no_floating.yml

with the default:

group_vars_path = "./group_vars"

When Terraform is run from contrib/terraform/openstack using -chdir, the relative path resolves from the Terraform working directory instead of the inventory directory, causing:

cannot create ./group_vars/no_floating.yml: Directory nonexistent

This PR makes the behavior safer by:

1. Adding mkdir -p ${var.group_vars_path} before all sed commands that generate no_floating.yml
2. Improving the group_vars_path variable description to clarify that absolute paths are recommended because relative paths may fail with terraform -chdir

This prevents failures during bastion and node creation and makes the OpenStack Terraform workflow more reliable.

Which issue(s) this PR fixes:

Fixes #13201

Special notes for your reviewer:

Issue was reproduced while deploying Kubespray on OpenStack with an existing Neutron network and no-floating-IP worker nodes.

Terraform failed during bastion creation because group_vars/no_floating.yml could not be created even though the inventory directory contained group_vars/.

Root cause was relative path resolution under terraform -chdir.

Does this PR introduce a user-facing change?:

Fixed OpenStack Terraform deployment failure where `no_floating.yml` generation could fail when using `terraform -chdir` due to relative `group_vars_path` resolution. The local-exec provisioner now ensures the directory exists before writing the file, and variable documentation now recommends using absolute paths.

[linux-foundation-easycla]

• ✅ login: pushpak-23 / name: Pushpak Ithule (087ddf7)
• ✅ login: pushpak-23 / name: Pushpak-23 (9c3d4aa)
• ❌ - login: @Copilot / name: Copilot . The commit (087ddf7) is not authorized under a signed CLA. Please click here to be authorized. For further assistance with EasyCLA, please submit a support request ticket.

[k8s-ci-robot]

Welcome @pushpak-23!

It looks like this is your first PR to kubernetes-sigs/kubespray 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/kubespray has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @pushpak-23. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: pushpak-23
Once this PR has been reviewed and has the lgtm label, please assign mzaian for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Copilot]

Pull request overview

Fixes OpenStack Terraform inventory group_vars_path handling so no_floating.yml generation is less likely to fail when Terraform is executed with terraform -chdir, improving reliability of deployments involving bastions and/or nodes without floating IPs.

Changes:

• Update group_vars_path variable description to recommend using an absolute path when using terraform -chdir.
• Pre-create ${var.group_vars_path} via mkdir -p before writing no_floating.yml in local-exec provisioners.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
contrib/terraform/openstack/variables.tf	Clarifies intended usage of group_vars_path under terraform -chdir.
contrib/terraform/openstack/modules/compute/main.tf	Ensures the target directory exists before writing no_floating.yml during instance provisioning.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

local-exec is interpolating ${var.group_vars_path} unquoted in both mkdir and the output redirection. If the path contains spaces or shell metacharacters (or starts with -), this can break the command or be unsafe. Quote the path (and consider mkdir -p -- ...) so directory creation and the > .../no_floating.yml target are robust.

Suggested change

	command = "mkdir -p ${var.group_vars_path} && sed -e s/USER/${var.ssh_user}/ -e s/BASTION_ADDRESS/${var.bastion_fips[0]}/ ${path.module}/ansible_bastion_template.txt > ${var.group_vars_path}/no_floating.yml"
	command = "mkdir -p -- \"${var.group_vars_path}\" && sed -e s/USER/${var.ssh_user}/ -e s/BASTION_ADDRESS/${var.bastion_fips[0]}/ ${path.module}/ansible_bastion_template.txt > \"${var.group_vars_path}/no_floating.yml\""

[Copilot]

With mkdir -p ${var.group_vars_path} added, a relative group_vars_path under terraform -chdir will now silently create a new ./group_vars directory under the Terraform config directory and write no_floating.yml there, rather than failing fast. That can mask misconfiguration and later cause Ansible to miss the intended inventory/$CLUSTER/group_vars/no_floating.yml. Consider either (a) enforcing an absolute path via variable validation or (b) making the docs explicitly call out that relative paths are resolved relative to the -chdir working directory and may write files into the Terraform module directory.

[yankay]

/ok-to-test