Terraform plan: Asking variables that are not described in the README #11
Comments
|
Running terraform init under the folder examples/complete produces errors as well Terraform version is 0.11.1 (latest) |
|
Hey @ivan-pinatti! Sorry for the delay. Due to the holidays, we were a bit short staffed. @aknysh will be taking a look at this. The module is definitely functioning on |
|
@ivan-pinatti @osterman
To enable that behavior, you need to set the variable But if they fix ternaries (to short-circuit and not evaluate left and right part at the same time), we can work around the issue very easily I'm going to look at the issue in more details, but when you use |
|
We updated Please test and let us know if you have any questions. |
|
It is not working yet. Right out-of-the-box after a simple terraform init using the new_vpc_new_subnets example without any change will produce the error below It could be a simple constraint, so I downloaded the subnets module and changed the required version to After this change the terraform init started to work as expected. Then, I filled the variables in the main.tf and tried the next step, terraform plan, which started to throw the following error This wasn't suppose to happen because the provider should be inherited from the root to the module, even so I manually inserted the provider into the subnets module just to check if it was going to work or not, however, it didn't! And threw a new error I'm using the latest version, 0.11.1 . Cheers, |
|
BTW, I couldn't re-open this issue. |
|
@ivan-pinatti let me know if everything's good now. Thanks! |
|
Hi @osterman, Still not working. I only fixed the first issue, there are others that require to be investigated yet. |
|
@aknysh what's the latest? |
|
Issue 1. This becomes an issue if you place the keys into the provider like this: provider "aws" {
region = "${var.region}"
access_key = "XXXXXXXXXXXXX"
secret_key = "XXXXXXXXXXXXX"
}At the same time, the module provider "aws" {
region = "${var.region}"
}which throws the error: Two possible fixes:
Issue 2. Subnets module throwing multiple count errors: This started to happens after we separated
I'm looking into it now. A workaround could be to target Or, create the VPC and subnets in different modules, and use their attributes in This issue is different from the one where setting TF_WARN_OUTPUT_ERRORS=1 would help. This is to hide errors (generate warnings instead) when |
|
I'm testing it right now, issue 1 appears to be fixed. Issue 2 still present, I will try the workaround and think of some elegant solution, my initial thought would be to create a Makefile. |
|
We are almost there, the steps that I did so you can reproduce it:
I've created the following Makefile The first two stages, vpc and subnet, were created OK. I could see that several resources were created properly, including EFS, R53 entry, Elastic BeanStalk and so on... The ones that weren't created at all:
|
|
@ivan-pinatti thank you for testing the module and for the Makefile. Regarding CodePipeline/CodeBuild, what Jenkins repo are you deploying? variable "github_branch" {
type = "string"
default = "master"
}to variable "github_branch" {
type = "string"
default = "update-docker-add-groovy"
}Regarding Once you change the Jenkins branch and delete the pipelines, can you |
|
Keeping track: Changed
Tried again with the modifications, the outcome was: The Cloudformation stack with the description "AWS Elastic Beanstalk environment (Name: 'cp-prod-jenkins-eb-env' Id: 'e-anbgibe8xs')" stayed with the CREATE_IN_PROGRESS until the Terraform time limit was reached (20 min). The resource that was holding the creation was AWSEBInstanceLaunchWaitCondition. And the following error occured: Just to let you know, my idea is to use it with Bitbucket. For now I'm just trying to make it work as-is and later on I will start doing modifications, perhaps for better flexibility I will propose some PRs to integrate with AWS CodeCommit and check some sync solution with Github/Bitbucket. In this manner it could be easily integrated to any major Git repository. |
|
@ivan-pinatti thanks again. |
|
@aknysh sounds awesome! Thanks for your support, I really appreciate it. Meanwhile I'm analyzing your code to understand better how you guys architected the solution and how to best implement the Bitbucket new feature, please correct me if I'm wrong but we must work on the Terraform CI-CD module (https://github.com/cloudposse/terraform-aws-cicd?ref=tags/0.5.1 and I see two options;
Anyhow, I think we should open a new thread to discuss it further as it is another topic, let me hear your thoughts on this and if you already know the path to follow we can already start the issue OR create the fork. |
|
@ivan-pinatti this PR fixes the remaining issues: #16; a single phase |
|
@ivan-pinatti After all the resources get created, CodePipeline executes, builds the Docker image with Jenkins (using https://github.com/cloudposse/jenkins), stores it in the ECR repo, and then deploys it to Elastic Beanstalk.
Jenkins starts on Elastic Beanstalk.
Please test again, and let us know if any issues. We merged the test branch After you test it, let's start another thread for CodeCommit and Bitbucket integrations. Thanks |
|
@aknysh / @osterman, sorry guys but it still didn't work. I'm using the new VPC example and what I did was;
After 20 min (timeout limit) it threw the error below; It looks like the issue is related with ElasticBeanstalk health check. It couldn't validate the /login because the CodeBuild hadn't deployed and it wasn't deployed because there is a wait condition in CloudFormation from Beanstalk. My first impression that it is a circular dependency. I also could check that DataPipeline was correctly deployed this time, however, CodeBuild still wasn't. |
|
@ivan-pinatti Elastic Beanstalk environment is usually created in 3-5 minutes max with the sample Docker app, 20 minutes timeout on EB usually means something is wrong with the VPC or subnets, and we experienced it a few times when we had wrong configuration. Can you please check a few things:
Can you please destroy everything and try to plan/apply again? Thanks |
|
Yes, I disabled the NAT gateway. I had to disable it because it was trying to create one for each AZ and since I'm trying to deploy in US-EAST-1 it has 6, thus, it was reaching my EIP limit which is 5. Could we add an option to select how many AZs to use? 6 is overkill. I will re-run with NAT true and deploying into us-west-2 as default, I will let you know if it worked in a few minutes. |
|
@ivan-pinatti thanks, let us know how it went To restrict the number of subnets/NAT gateways, you can do it now without modifying any code. https://github.com/cloudposse/terraform-aws-dynamic-subnets/blob/master/private.tf#L19 So, for example, by providing just one AZ , only one public subnet, one private subnet, and one NAT gateway will be created. |
|
It worked! Important notes;
These should be highlighted in the README. I think we can consider this done now. o/ Besides, I will try to manually declare my AZs instead of using the data function and I will let you know my results so we can add it to the README too. |
|
@ivan-pinatti Regarding NAT gateways, they are mandatory because we place the EC2 servers into private subnets (which is a good practice). If we placed it into pubic subnets (for any other reasons), then NATs would not be required. https://github.com/cloudposse/terraform-aws-jenkins/blob/master/main.tf#L40 Since NATs/subnets are created in a different module ( Will close the issue for now. |
|
Thank you guys for everything @aknysh and @osterman. I just deployed into US-EAST-1 by changing two entries in the example that they were using the data source, basically I changed these lines; https://github.com/cloudposse/terraform-aws-jenkins/blob/master/examples/new_vpc_new_subnets/main.tf#L17 to Tomorrow I will try to use the slice function to have a more elegant solution and then I will do a PR in the examples with an option to choose how many AZs to use. |
|
Thanks, @ivan-pinatti! Glad we finally got all those kinks worked out. Let us know if you run into any other issues. |
|
I have found the cause of the cryptic error messages like the following: In my case, this happened while using a Terraform CodeBuild template, but it can occur with other products that make the same assumption. Terraform includes all possible settings for a template in the plan, but the optional ones have empty ( "" ) values. When the plan is converted into an AWS CLI JSON format request, all lines with "" values are omitted. This is correct behavior in 95% of the cases, but if the template includes user defined environmental variables with default empty string values like the following: which causes AWS to issue the error message: The workaround until Hashicorp can fix this problem in Terraform is to include some non-empty trigger value, like "-", that the application takes as the equivalent of empty. |
|
@rogerbrandtdev thanks for reporting what you uncovered! |
Hi,
I've just cloned the repo to test it and I'm following the doc, however, it is asking for more variables than it is described.
My steps were:
It asked for the variables mentioned in the doc but then started asking ones that are not, one of them is the private subnet as follows:
If you could update the doc and also provide a terraform.tfvars file with pre-filled variables would be easier to use and understand, I did a similar approach in smaller proportions here:
https://github.com/therefore-ca/terraform-aws-r53/blob/master/terraform.tfvars
Thanks,
The text was updated successfully, but these errors were encountered: