hashicorp-terraform/Lobby

https://www.terraform.io/

Chris Johnson

@chrisjohnson

Keeping up to date seems to be a requirement, depending on how much emphasis on backwards-compatibility they place

awright424

@awright424

fixing these errors that I am getting using the latest terraform may be the best thing. it did pull in newer aws provider

awright424

@awright424

fixed the errors I saw. got this Failed to instantiate provider "ansible" to obtain schema: Incompatible API version with plugin. Plugin version: 4, Client versions: [5]

awright424

@awright424

fixed that error. working through the others now

Chris Johnson

@chrisjohnson

Oh are you setting TF_LOG=debug ?

That will make your providers print a lot more helpful output about what's going wrong behind the scenes

njdevils9

@njdevils9

Hello everyone. How can I properly create an IAM role in AWS using Terraform v.12 and create a Trusted Entity attached to my role. The trusted entity I want is is another AWS account. I've tried doing an inline policy and a data "aws_iam_policy_document" but both result in invalid principals errors. Any help would be greatly appreciated

njdevils9

@njdevils9

in GovCloud ^

Justin Georgeson

@jghal_gitlab

After sharing AMIs to another account with aws_ami_launch_permission, what is the recommended way to copy the tags to that shared AMI?

Greg Swallow

@gswallow

has there been a recent terraform cloud upgrade?

r33drichards

@r33drichards

I'm attempting to deploy an ecs cluster with the following config.

resource "aws_cloudwatch_log_group" "saleor-backend" {
  name = var.saleor_awslogs_group_name
}


data "template_file" "myapp-task-definition-template" {
  template = file("template/app.json")
  vars = {
    repository_url           = replace(aws_ecr_repository.saleor_ecr.repository_url, "https://", "")
    image_tag                = var.commit_ref
    debug                    = var.debug
    allowed_client_hosts     = var.allowed_client_hosts
    allowed_hosts            = var.allowed_hosts
    default_from_email       = var.default_from_email
    email_url                = var.email_url
    aws_access_key_id        = var.aws_access_key_id
    aws_secret_access_key    = var.aws_secret_access_key
    aws_media_bucket_name    = var.media_bucket_name
    aws_media_custom_domain  = var.media_domain
    aws_storage_bucket_name  = var.static_bucket_name
    aws_static_custom_domain = var.static_domain
    awslogs-group            = var.saleor_awslogs_group_name
    awslogs-region           = var.aws_region
    awslogs-stream-prefix    = var.saleor_awslogs_stream_prefix
  }
}

resource "aws_ecs_task_definition" "myapp-task-definition" {
  family                = "myapp"
  container_definitions = data.template_file.myapp-task-definition-template.rendered
}

resource "aws_elb" "myapp-elb" {
  name = "myapp-elb"

  listener {
    instance_port     = 80
    instance_protocol = "http"
    lb_port           = 80
    lb_protocol       = "http"
  }

  health_check {
    healthy_threshold   = 3
    unhealthy_threshold = 3
    timeout             = 30
    target              = "http:80/health/"
    interval            = 60
  }

  cross_zone_load_balancing   = true
  idle_timeout                = 400
  connection_draining         = true
  connection_draining_timeout = 400

  subnets         = [aws_subnet.main-public-1.id, aws_subnet.main-public-2.id]
  security_groups = [aws_security_group.myapp-elb-securitygroup.id]

  tags = {
    name = "myapp-elb"
  }
}

resource "aws_ecs_service" "myapp-service" {
  name            = "myapp"
  cluster         = aws_ecs_cluster.saleor-cluster.id
  task_definition = aws_ecs_task_definition.myapp-task-definition.arn
  desired_count   = 1
  iam_role        = aws_iam_role.ecs-service-role.arn
  depends_on      = [aws_iam_policy_attachment.ecs-service-attach1]

  load_balancer {
    elb_name       = aws_elb.myapp-elb.name
    container_name = "myapp"
    container_port = 80
  }
}

# cluster
resource "aws_ecs_cluster" "saleor-cluster" {
  name = "saleor-cluster"
}

resource "aws_launch_configuration" "ecs-saleor-django-launchconfig" {
  name_prefix          = "ecs-launchconfig"
  image_id             = var.ecs_amis[var.aws_region]
  instance_type        = var.ecs_instance_type
  # key_name             = aws_key_pair.mykeypair.key_name
  iam_instance_profile = aws_iam_instance_profile.ecs-ec2-role.id
  security_groups      = [aws_security_group.ecs-securitygroup.id]
  user_data            = "#!/bin/bash\necho 'ecs_cluster=saleor-cluster' > /etc/ecs/ecs.config\nstart ecs"
  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_autoscaling_group" "ecs-saleor-django-autoscaling" {
  name                 = "ecs-saleor-django-autoscaling"
  vpc_zone_identifier  = [aws_subnet.main-public-1.id, aws_subnet.main-public-2.id]
  launch_configuration = aws_launch_configuration.ecs-saleor-django-launchconfig.name
  min_size             = 1
  max_size             = 1
  tag {
    key                 = "name"
    value               = "ecs-ec2-container"
    propagate_at_launch = true
  }
}

and i have a service in saleor-cluster but my container instance is running in the default cluster. Is there something that I'm doing wrong?
https://i.imgur.com/SOo0W8r.png

Timo Goosen

@timogoosen

@r33drichards what happens if you do a terraform plan?

Try hardcoding the cluster id

SoundaryaChinnu144

@SoundaryaChinnu144

hi team,
Need small clarification here.
once we create a VM with terraform
is it possible to resize /update the VM config ?

Paul Rudin

@PaulRudin

just trying out terraform 0.13, I've read the docs, but I can't get a local provider binary be found, I had no problem with just dropping it in the working directory with 0.12 - is there a minimal working example for how this could work?

tbugfinder

@tbugfinder

Did you update the required_providers section?

https://www.terraform.io/docs/commands/cli-config.html#provider-installation

gowthamakanthan

@gowthamakanthan

Team, Any suggestion about the below error?

The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


Error: Incorrect attribute value type

  on ../../modules/generic-vm/provider.tf line 3, in provider "vsphere":
   3:   user                 = var.vsphere_user
    |----------------
    | var.vsphere_user is object with no attributes

Inappropriate value for attribute "user": string required.


Error: Incorrect attribute value type

  on ../../modules/generic-vm/provider.tf line 4, in provider "vsphere":
   4:   password             = var.vsphere_password
    |----------------
    | var.vsphere_password is object with no attributes

Inappropriate value for attribute "password": string required.


Error: Incorrect attribute value type

  on ../../modules/generic-vm/provider.tf line 5, in provider "vsphere":
   5:   vsphere_server       = var.vsphere_server
    |----------------
    | var.vsphere_server is object with no attributes

Inappropriate value for attribute "vsphere_server": string required.

The provider config is looks like below

provider "vsphere" {
  version              = "~> 1.10"
  user                 = var.vsphere_user
  password             = var.vsphere_password
  vsphere_server       = var.vsphere_server
  allow_unverified_ssl = true
}

And in the variable file

variable "vsphere_user" {
  default = {}
}
variable "vsphere_password" {
  default = {}
}

Am trying to make a module for generic vm creations

tbugfinder

@tbugfinder

Try setting an empty string or null.

gowthamakanthan

@gowthamakanthan

Have tried setting empty string (default = “” ) or null (default = “null”) and then provided the values while calling the modules but getting Cannot complete login due to an incorrect user name or password. error.

Karthikeyan

@karthikeayan

you need to check your credentials

gowthamakanthan

@gowthamakanthan

The credentials are working fine when using without modules.

tbugfinder

@tbugfinder

are you using same default without modules?

gowthamakanthan

@gowthamakanthan

No. When am trying without modules am using variables without default.

variable "vsphere_user" {}
variable "vsphere_password" {}

Michael Fellinger

@manveru

Is there any way to debug this? I have no clue what possibly could require such an argument:

Error: Missing required argument

The argument "server_url" is required, but was not set.

Releasing state lock. This may take a few moments...

Michael Fellinger

@manveru

hmm, strace says it's trying to run the acme provider, even though it's never mentioned in my config...

must've somehow switched up workspaces...

gowthamakanthan

@gowthamakanthan

@tbugfinder @karthikeayan Thanks for validating folks, The issue has been fixed by moving the provider config from the root module to the child module.

Carlo Cancellieri

@ccancellieri

Hi guys, nice to meet you all, I'm new :)
I'm provisioning a gcp compute instance with an tls_private_key and ssh_key into the metadata to use the file provisioner and now I've the file on the compute instance, which is the best way to remove the metadata without recreating the compute instance?
possibly destroying also the tls_private_key resource
Can I leverage on triggers?
Currently I've to explicitly call "terraform destroy " on the tls_private_key ... in this case the metadata will contain a not usable public ssk key but it's still dirty...

Will Yardley

@wyardley

x-posting from #terraform - anyone have any ideas about this one? hashicorp/terraform#25849

Ruby

@ruby232_gitlab

Error "x509: certificate signed by unknown authority" when executing the command "terraform apply" with docker.
I have a terraform project running with docker, with a "docker-compose.yml" with the following content:

version: "3.1"
services:
  dev:
    image: hashicorp/terraform:0.13.0
    working_dir: /workspace
    volumes:
      - .:/workspace
    env_file:
      - dev/vars.env

A "main.tf" file with the following content:

terraform {
  required_providers {
    k8s = {
      source  = "banzaicloud/k8s"
      version = "0.8.2"
    }
  }
  required_version = ">= 0.13"
}
provider "k8s" {
  config_path = var.kubeconfig_path
}
resource "k8s_manifest" "ingressroute" {
  provider = k8s
  content   = data.template_file.ingressroute.rendered
  namespace = var.namespace
}

When executing the command "terraform apply" it throws the error:

Error: Post "https://my-rancher.com/k8s/clusters/r-3gw5q/api/v1/namespaces/test/configmaps": x509: certificate signed by unknown authority

That same configuration works on the host

What I have tried:

Add the "ca-certificates" package to the official image and run the "update-ca-certificates" command.
Create your own image with Ubuntu.
Copy my "ca-certificates.crt" to "/ etc / ssl / certs /"
4 Verify the certificate in my configuration with OpenSSL

Kevin

@kevinglasson

Is this an appropriate place to ask about cdktf? I am trying to import a third party module but can't find any reference to how to do it anywhere

Kevin

@kevinglasson

Looks like it's not possible yet, you can only use the terraform registry hashicorp/terraform-cdk#16

tbugfinder

@tbugfinder

Hi @ruby232_gitlab you might have to install custom certificates within the container.

Stepan Chatalyan

@stepan-passnfly

hi all, I'm creating a elastic beanstalk app and env, I would like to enable the mertrics collection for the autoscaling group that were created by the EB env, I tried to declare it and import it, but it's deleting me the tags and I need to explicity define the min/max for the ASG... someone had previous problem like this?

Simon Baier

@sbaier1

Hey, i have a general question regarding aws_s3_bucket_object objects created via for_each. So i have this object:

resource "aws_s3_bucket_object" "objects" {
  bucket = var.object_store_name
  key = "base-path/${each.value}"
  source = each.key
  etag = filemd5(each.key)

  for_each = local.local.files_aws
}

Now i'd like to trigger a null resource based on the etag of these objects, by getting the etag field as a list and joining it into a string. When using the same for_each syntax with a openstack swift resource declaration, i can run values(swift_type.objects).etag, but for S3, this will yield a aws_s3_bucket_object.objects is object with 62 attributes error, presumably because in the tfstate the object is just of type aws_s3_bucket_object while for the openstack provider this will yield a map object. Is this a bug?

How can i get the field of my s3 objects?

Halil Burak Cetinkaya

@halil-burak

Hi All,
Is it possible to pass sql files instead of string queries in BigQuery tables and BigQuery jobs?

Greg Swallow

@gswallow

Hey all! Is it possible to create dynamically named outputs with a for or a for_each expression in terraform?

Chris Johnson

@chrisjohnson

Just output a map

Greg Swallow

@gswallow

I need to output strings.

That's ok, though. I've moved on.

Chris Johnson

@chrisjohnson

Right, a map of strings

Will Yardley

@wyardley

anyone have a rough idea of how long it'll be for 0.13.1 to drop?

Ruby

@ruby232_gitlab

@tbugfinder The certificates are given to me by Traefik automatically from Let's Encrypt, what should I install?

tbugfinder

@tbugfinder

@ruby232_gitlab Let's encrypt CA certificates then.

Ruby

@ruby232_gitlab

@tbugfinder
Thanks for answering, run the following commands.

cd /usr/share/ca-certificates
mkdir letsencrypt.org
cd letsencrypt.org/
wget "https://letsencrypt.org/certs/isrgrootx1.pem"
update-ca-certificates

And still the same problem, I suspect terraform has problems with certificates from letsencrypt.org.

tbugfinder

@tbugfinder

Could you verify if the CA was added to one of those files?

https://golang.org/src/crypto/x509/root_linux.go?m=text

Where communities thrive

People

Repo info

Activity