by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Chris Johnson
    @chrisjohnson
    Keeping up to date seems to be a requirement, depending on how much emphasis on backwards-compatibility they place
    awright424
    @awright424
    fixing these errors that I am getting using the latest terraform may be the best thing. it did pull in newer aws provider
    awright424
    @awright424
    fixed the errors I saw. got this Failed to instantiate provider "ansible" to obtain schema: Incompatible API version with plugin. Plugin version: 4, Client versions: [5]
    awright424
    @awright424
    fixed that error. working through the others now
    Chris Johnson
    @chrisjohnson
    Oh are you setting TF_LOG=debug ?
    That will make your providers print a lot more helpful output about what's going wrong behind the scenes
    njdevils9
    @njdevils9
    Hello everyone. How can I properly create an IAM role in AWS using Terraform v.12 and create a Trusted Entity attached to my role. The trusted entity I want is is another AWS account. I've tried doing an inline policy and a data "aws_iam_policy_document" but both result in invalid principals errors. Any help would be greatly appreciated
    njdevils9
    @njdevils9
    in GovCloud ^
    Justin Georgeson
    @jghal_gitlab
    After sharing AMIs to another account with aws_ami_launch_permission, what is the recommended way to copy the tags to that shared AMI?
    Greg Swallow
    @gswallow
    has there been a recent terraform cloud upgrade?
    r33drichards
    @r33drichards

    I'm attempting to deploy an ecs cluster with the following config.

    resource "aws_cloudwatch_log_group" "saleor-backend" {
      name = var.saleor_awslogs_group_name
    }
    
    
    data "template_file" "myapp-task-definition-template" {
      template = file("template/app.json")
      vars = {
        repository_url           = replace(aws_ecr_repository.saleor_ecr.repository_url, "https://", "")
        image_tag                = var.commit_ref
        debug                    = var.debug
        allowed_client_hosts     = var.allowed_client_hosts
        allowed_hosts            = var.allowed_hosts
        default_from_email       = var.default_from_email
        email_url                = var.email_url
        aws_access_key_id        = var.aws_access_key_id
        aws_secret_access_key    = var.aws_secret_access_key
        aws_media_bucket_name    = var.media_bucket_name
        aws_media_custom_domain  = var.media_domain
        aws_storage_bucket_name  = var.static_bucket_name
        aws_static_custom_domain = var.static_domain
        awslogs-group            = var.saleor_awslogs_group_name
        awslogs-region           = var.aws_region
        awslogs-stream-prefix    = var.saleor_awslogs_stream_prefix
      }
    }
    
    resource "aws_ecs_task_definition" "myapp-task-definition" {
      family                = "myapp"
      container_definitions = data.template_file.myapp-task-definition-template.rendered
    }
    
    resource "aws_elb" "myapp-elb" {
      name = "myapp-elb"
    
      listener {
        instance_port     = 80
        instance_protocol = "http"
        lb_port           = 80
        lb_protocol       = "http"
      }
    
      health_check {
        healthy_threshold   = 3
        unhealthy_threshold = 3
        timeout             = 30
        target              = "http:80/health/"
        interval            = 60
      }
    
      cross_zone_load_balancing   = true
      idle_timeout                = 400
      connection_draining         = true
      connection_draining_timeout = 400
    
      subnets         = [aws_subnet.main-public-1.id, aws_subnet.main-public-2.id]
      security_groups = [aws_security_group.myapp-elb-securitygroup.id]
    
      tags = {
        name = "myapp-elb"
      }
    }
    
    resource "aws_ecs_service" "myapp-service" {
      name            = "myapp"
      cluster         = aws_ecs_cluster.saleor-cluster.id
      task_definition = aws_ecs_task_definition.myapp-task-definition.arn
      desired_count   = 1
      iam_role        = aws_iam_role.ecs-service-role.arn
      depends_on      = [aws_iam_policy_attachment.ecs-service-attach1]
    
      load_balancer {
        elb_name       = aws_elb.myapp-elb.name
        container_name = "myapp"
        container_port = 80
      }
    }
    
    # cluster
    resource "aws_ecs_cluster" "saleor-cluster" {
      name = "saleor-cluster"
    }
    
    resource "aws_launch_configuration" "ecs-saleor-django-launchconfig" {
      name_prefix          = "ecs-launchconfig"
      image_id             = var.ecs_amis[var.aws_region]
      instance_type        = var.ecs_instance_type
      # key_name             = aws_key_pair.mykeypair.key_name
      iam_instance_profile = aws_iam_instance_profile.ecs-ec2-role.id
      security_groups      = [aws_security_group.ecs-securitygroup.id]
      user_data            = "#!/bin/bash\necho 'ecs_cluster=saleor-cluster' > /etc/ecs/ecs.config\nstart ecs"
      lifecycle {
        create_before_destroy = true
      }
    }
    
    resource "aws_autoscaling_group" "ecs-saleor-django-autoscaling" {
      name                 = "ecs-saleor-django-autoscaling"
      vpc_zone_identifier  = [aws_subnet.main-public-1.id, aws_subnet.main-public-2.id]
      launch_configuration = aws_launch_configuration.ecs-saleor-django-launchconfig.name
      min_size             = 1
      max_size             = 1
      tag {
        key                 = "name"
        value               = "ecs-ec2-container"
        propagate_at_launch = true
      }
    }

    and i have a service in saleor-cluster but my container instance is running in the default cluster. Is there something that I'm doing wrong?
    https://i.imgur.com/SOo0W8r.png

    Timo Goosen
    @timogoosen
    @r33drichards what happens if you do a terraform plan?
    Try hardcoding the cluster id
    SoundaryaChinnu144
    @SoundaryaChinnu144
    hi team,
    Need small clarification here.
    once we create a VM with terraform
    is it possible to resize /update the VM config ?
    Paul Rudin
    @PaulRudin
    just trying out terraform 0.13, I've read the docs, but I can't get a local provider binary be found, I had no problem with just dropping it in the working directory with 0.12 - is there a minimal working example for how this could work?
    tbugfinder
    @tbugfinder
    Did you update the required_providers section?
    gowthamakanthan
    @gowthamakanthan
    Team, Any suggestion about the below error?
    The refreshed state will be used to calculate this plan, but will not be
    persisted to local or remote state storage.
    
    
    Error: Incorrect attribute value type
    
      on ../../modules/generic-vm/provider.tf line 3, in provider "vsphere":
       3:   user                 = var.vsphere_user
        |----------------
        | var.vsphere_user is object with no attributes
    
    Inappropriate value for attribute "user": string required.
    
    
    Error: Incorrect attribute value type
    
      on ../../modules/generic-vm/provider.tf line 4, in provider "vsphere":
       4:   password             = var.vsphere_password
        |----------------
        | var.vsphere_password is object with no attributes
    
    Inappropriate value for attribute "password": string required.
    
    
    Error: Incorrect attribute value type
    
      on ../../modules/generic-vm/provider.tf line 5, in provider "vsphere":
       5:   vsphere_server       = var.vsphere_server
        |----------------
        | var.vsphere_server is object with no attributes
    
    Inappropriate value for attribute "vsphere_server": string required.

    The provider config is looks like below

    provider "vsphere" {
      version              = "~> 1.10"
      user                 = var.vsphere_user
      password             = var.vsphere_password
      vsphere_server       = var.vsphere_server
      allow_unverified_ssl = true
    }

    And in the variable file

    variable "vsphere_user" {
      default = {}
    }
    variable "vsphere_password" {
      default = {}
    }
    Am trying to make a module for generic vm creations
    tbugfinder
    @tbugfinder
    Try setting an empty string or null.
    gowthamakanthan
    @gowthamakanthan
    Have tried setting empty string (default = “” ) or null (default = “null”) and then provided the values while calling the modules but getting Cannot complete login due to an incorrect user name or password. error.
    Karthikeyan
    @karthikeayan
    you need to check your credentials
    gowthamakanthan
    @gowthamakanthan
    The credentials are working fine when using without modules.
    tbugfinder
    @tbugfinder
    are you using same default without modules?
    gowthamakanthan
    @gowthamakanthan
    No. When am trying without modules am using variables without default.
    variable "vsphere_user" {} variable "vsphere_password" {}
    Michael Fellinger
    @manveru
    Is there any way to debug this? I have no clue what possibly could require such an argument:
    Error: Missing required argument
    
    The argument "server_url" is required, but was not set.
    
    Releasing state lock. This may take a few moments...
    Michael Fellinger
    @manveru
    hmm, strace says it's trying to run the acme provider, even though it's never mentioned in my config...
    must've somehow switched up workspaces...
    gowthamakanthan
    @gowthamakanthan
    @tbugfinder @karthikeayan Thanks for validating folks, The issue has been fixed by moving the provider config from the root module to the child module.
    Carlo Cancellieri
    @ccancellieri
    Hi guys, nice to meet you all, I'm new :)
    I'm provisioning a gcp compute instance with an tls_private_key and ssh_key into the metadata to use the file provisioner and now I've the file on the compute instance, which is the best way to remove the metadata without recreating the compute instance?
    possibly destroying also the tls_private_key resource
    Can I leverage on triggers?
    Currently I've to explicitly call "terraform destroy " on the tls_private_key ... in this case the metadata will contain a not usable public ssk key but it's still dirty...
    Will Yardley
    @wyardley
    x-posting from #terraform - anyone have any ideas about this one? hashicorp/terraform#25849
    Ruby
    @ruby232_gitlab

    Error "x509: certificate signed by unknown authority" when executing the command "terraform apply" with docker.
    I have a terraform project running with docker, with a "docker-compose.yml" with the following content:

    version: "3.1"
    services:
      dev:
        image: hashicorp/terraform:0.13.0
        working_dir: /workspace
        volumes:
          - .:/workspace
        env_file:
          - dev/vars.env

    A "main.tf" file with the following content:

    terraform {
      required_providers {
        k8s = {
          source  = "banzaicloud/k8s"
          version = "0.8.2"
        }
      }
      required_version = ">= 0.13"
    }
    provider "k8s" {
      config_path = var.kubeconfig_path
    }
    resource "k8s_manifest" "ingressroute" {
      provider = k8s
      content   = data.template_file.ingressroute.rendered
      namespace = var.namespace
    }

    When executing the command "terraform apply" it throws the error:

    Error: Post "https://my-rancher.com/k8s/clusters/r-3gw5q/api/v1/namespaces/test/configmaps": x509: certificate signed by unknown authority

    That same configuration works on the host

    What I have tried:

    1. Add the "ca-certificates" package to the official image and run the "update-ca-certificates" command.
    2. Create your own image with Ubuntu.
    3. Copy my "ca-certificates.crt" to "/ etc / ssl / certs /"
      4 Verify the certificate in my configuration with OpenSSL
    Kevin
    @kevinglasson
    Is this an appropriate place to ask about cdktf? I am trying to import a third party module but can't find any reference to how to do it anywhere
    Kevin
    @kevinglasson
    Looks like it's not possible yet, you can only use the terraform registry hashicorp/terraform-cdk#16
    tbugfinder
    @tbugfinder
    Hi @ruby232_gitlab you might have to install custom certificates within the container.
    Stepan Chatalyan
    @stepan-passnfly
    hi all, I'm creating a elastic beanstalk app and env, I would like to enable the mertrics collection for the autoscaling group that were created by the EB env, I tried to declare it and import it, but it's deleting me the tags and I need to explicity define the min/max for the ASG... someone had previous problem like this?
    Simon Baier
    @sbaier1

    Hey, i have a general question regarding aws_s3_bucket_object objects created via for_each. So i have this object:

    resource "aws_s3_bucket_object" "objects" {
      bucket = var.object_store_name
      key = "base-path/${each.value}"
      source = each.key
      etag = filemd5(each.key)
    
      for_each = local.local.files_aws
    }

    Now i'd like to trigger a null resource based on the etag of these objects, by getting the etag field as a list and joining it into a string. When using the same for_each syntax with a openstack swift resource declaration, i can run values(swift_type.objects).etag, but for S3, this will yield a aws_s3_bucket_object.objects is object with 62 attributes error, presumably because in the tfstate the object is just of type aws_s3_bucket_object while for the openstack provider this will yield a map object. Is this a bug?

    How can i get the field of my s3 objects?

    Halil Burak Cetinkaya
    @halil-burak
    Hi All,
    Is it possible to pass sql files instead of string queries in BigQuery tables and BigQuery jobs?
    Greg Swallow
    @gswallow
    Hey all! Is it possible to create dynamically named outputs with a for or a for_each expression in terraform?
    Chris Johnson
    @chrisjohnson
    Just output a map
    Greg Swallow
    @gswallow
    I need to output strings.
    That's ok, though. I've moved on.
    Chris Johnson
    @chrisjohnson
    Right, a map of strings
    Will Yardley
    @wyardley
    anyone have a rough idea of how long it'll be for 0.13.1 to drop?
    Ruby
    @ruby232_gitlab
    @tbugfinder The certificates are given to me by Traefik automatically from Let's Encrypt, what should I install?
    tbugfinder
    @tbugfinder
    @ruby232_gitlab Let's encrypt CA certificates then.
    Ruby
    @ruby232_gitlab

    @tbugfinder
    Thanks for answering, run the following commands.

    cd /usr/share/ca-certificates
    mkdir letsencrypt.org
    cd letsencrypt.org/
    wget "https://letsencrypt.org/certs/isrgrootx1.pem"
    update-ca-certificates

    And still the same problem, I suspect terraform has problems with certificates from letsencrypt.org.

    tbugfinder
    @tbugfinder
    Could you verify if the CA was added to one of those files?