Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

resource/aws_instance: Retry IAM instance profile (re)association for eventual consistency on update #3055

Merged
merged 2 commits into from
Jan 18, 2018
Merged

resource/aws_instance: Retry IAM instance profile (re)association for eventual consistency on update #3055

merged 2 commits into from
Jan 18, 2018

Conversation

bflad
Copy link
Contributor

@bflad bflad commented Jan 18, 2018
edited
Loading

Closes #838

Adjusting the existing test for adding aws_instance.iam_instance_profile after instance creation by simultaneously creating the aws_iam_instance_profile instead generates the error reported:

make testacc TEST=./aws TESTARGS='-run=TestAccAWSInstance_instanceProfileChange'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAWSInstance_instanceProfileChange -timeout 120m
=== RUN   TestAccAWSInstance_instanceProfileChange
--- FAIL: TestAccAWSInstance_instanceProfileChange (128.36s)
	testing.go:513: Step 1 error: Error applying: 1 error(s) occurred:

		* aws_instance.foo: 1 error(s) occurred:

		* aws_instance.foo: InvalidParameterValue: Value (test-kg7zd) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name
			status code: 400, request id: a753eb1d-bc9e-4e3e-9ad6-c6bac7968f6d
FAIL
exit status 1
FAIL	github.com/terraform-providers/terraform-provider-aws/aws	128.410s
make: *** [testacc] Error 1

After code update (I'll replace with full results shortly):

# locally
make testacc TEST=./aws TESTARGS='-run=TestAccAWSInstance_instanceProfileChange'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAWSInstance_instanceProfileChange -timeout 120m
=== RUN   TestAccAWSInstance_instanceProfileChange
--- PASS: TestAccAWSInstance_instanceProfileChange (144.92s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	144.971s
# TC (failure unrelated)
=== RUN   TestAccAWSInstance_importInEc2Classic
--- SKIP: TestAccAWSInstance_importInEc2Classic (1.77s)
=== RUN   TestAccAWSInstanceDataSource_keyPair
--- PASS: TestAccAWSInstanceDataSource_keyPair (101.02s)
=== RUN   TestAccAWSInstanceDataSource_gp2IopsDevice
--- PASS: TestAccAWSInstanceDataSource_gp2IopsDevice (147.80s)
=== RUN   TestAccAWSInstanceDataSource_AzUserData
--- PASS: TestAccAWSInstanceDataSource_AzUserData (159.59s)
=== RUN   TestAccAWSInstance_GP2WithIopsValue
--- PASS: TestAccAWSInstance_GP2WithIopsValue (186.40s)
=== RUN   TestAccAWSInstanceDataSource_SecurityGroups
--- FAIL: TestAccAWSInstanceDataSource_SecurityGroups (198.42s)
	testing.go:513: Step 0 error: Check failed: Check 3/5 error: data.aws_instance.foo: Attribute 'vpc_security_group_ids.#' expected "0", got "1"
=== RUN   TestAccAWSInstanceDataSource_VPC
--- PASS: TestAccAWSInstanceDataSource_VPC (203.38s)
=== RUN   TestAccAWSInstance_blockDevices
--- PASS: TestAccAWSInstance_blockDevices (112.79s)
=== RUN   TestAccAWSInstanceDataSource_rootInstanceStore
--- PASS: TestAccAWSInstanceDataSource_rootInstanceStore (216.17s)
=== RUN   TestAccAWSInstance_GP2IopsDevice
--- PASS: TestAccAWSInstance_GP2IopsDevice (229.55s)
=== RUN   TestAccAWSInstanceDataSource_tags
--- PASS: TestAccAWSInstanceDataSource_tags (240.79s)
=== RUN   TestAccAWSInstance_ipv6AddressCountAndSingleAddressCausesError
--- PASS: TestAccAWSInstance_ipv6AddressCountAndSingleAddressCausesError (11.26s)
=== RUN   TestAccAWSInstance_importInDefaultVpc
--- PASS: TestAccAWSInstance_importInDefaultVpc (243.61s)
=== RUN   TestAccAWSInstanceDataSource_blockDevices
--- PASS: TestAccAWSInstanceDataSource_blockDevices (244.99s)
=== RUN   TestAccAWSInstance_userDataBase64
--- PASS: TestAccAWSInstance_userDataBase64 (294.39s)
=== RUN   TestAccAWSInstanceDataSource_VPCSecurityGroups
--- PASS: TestAccAWSInstanceDataSource_VPCSecurityGroups (322.24s)
=== RUN   TestAccAWSInstancesDataSource_basic
--- PASS: TestAccAWSInstancesDataSource_basic (373.74s)
=== RUN   TestAccAWSInstanceDataSource_basic
--- PASS: TestAccAWSInstanceDataSource_basic (375.88s)
=== RUN   TestAccAWSInstance_basic
--- PASS: TestAccAWSInstance_basic (401.58s)
=== RUN   TestAccAWSInstanceDataSource_PlacementGroup
--- PASS: TestAccAWSInstanceDataSource_PlacementGroup (410.32s)
=== RUN   TestAccAWSInstance_rootInstanceStore
--- PASS: TestAccAWSInstance_rootInstanceStore (262.81s)
=== RUN   TestAccAWSInstance_noAMIEphemeralDevices
--- PASS: TestAccAWSInstance_noAMIEphemeralDevices (275.77s)
=== RUN   TestAccAWSInstance_placementGroup
--- PASS: TestAccAWSInstance_placementGroup (249.71s)
=== RUN   TestAccAWSInstance_NetworkInstanceSecurityGroups
--- PASS: TestAccAWSInstance_NetworkInstanceSecurityGroups (225.38s)
=== RUN   TestAccAWSInstancesDataSource_tags
--- PASS: TestAccAWSInstancesDataSource_tags (481.43s)
=== RUN   TestAccAWSInstance_vpc
--- PASS: TestAccAWSInstance_vpc (310.98s)
=== RUN   TestAccAWSInstance_ipv6_supportAddressCount
--- PASS: TestAccAWSInstance_ipv6_supportAddressCount (306.08s)
=== RUN   TestAccAWSInstance_keyPairCheck
--- PASS: TestAccAWSInstance_keyPairCheck (94.62s)
=== RUN   TestAccAWSInstance_withIamInstanceProfile
--- PASS: TestAccAWSInstance_withIamInstanceProfile (159.68s)
=== RUN   TestAccAWSInstance_NetworkInstanceVPCSecurityGroupIDs
--- PASS: TestAccAWSInstance_NetworkInstanceVPCSecurityGroupIDs (320.27s)
=== RUN   TestAccAWSInstance_sourceDestCheck
--- PASS: TestAccAWSInstance_sourceDestCheck (411.29s)
=== RUN   TestAccAWSInstance_rootBlockDeviceMismatch
--- PASS: TestAccAWSInstance_rootBlockDeviceMismatch (136.56s)
=== RUN   TestAccAWSInstance_privateIP
--- PASS: TestAccAWSInstance_privateIP (220.23s)
=== RUN   TestAccAWSInstance_tags
--- PASS: TestAccAWSInstance_tags (364.20s)
=== RUN   TestAccAWSInstance_instanceProfileChange
--- PASS: TestAccAWSInstance_instanceProfileChange (285.09s)
=== RUN   TestAccAWSInstance_associatePublicIPAndPrivateIP
--- PASS: TestAccAWSInstance_associatePublicIPAndPrivateIP (300.37s)
=== RUN   TestAccAWSInstance_multipleRegions
--- PASS: TestAccAWSInstance_multipleRegions (503.82s)
=== RUN   TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck
--- PASS: TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck (222.50s)
=== RUN   TestAccAWSInstance_associatePublic_defaultPrivate
--- PASS: TestAccAWSInstance_associatePublic_defaultPrivate (193.05s)
=== RUN   TestAccAWSInstance_associatePublic_explicitPublic
--- PASS: TestAccAWSInstance_associatePublic_explicitPublic (158.24s)
=== RUN   TestAccAWSInstanceDataSource_privateIP
--- PASS: TestAccAWSInstanceDataSource_privateIP (789.92s)
=== RUN   TestAccAWSInstance_primaryNetworkInterface
--- PASS: TestAccAWSInstance_primaryNetworkInterface (276.56s)
=== RUN   TestAccAWSInstance_forceNewAndTagsDrift
--- PASS: TestAccAWSInstance_forceNewAndTagsDrift (325.26s)
=== RUN   TestAccAWSInstance_disableApiTermination
--- PASS: TestAccAWSInstance_disableApiTermination (611.15s)
=== RUN   TestAccAWSInstance_associatePublic_overridePublic
--- PASS: TestAccAWSInstance_associatePublic_overridePublic (157.23s)
=== RUN   TestAccAWSInstance_associatePublic_defaultPublic
--- PASS: TestAccAWSInstance_associatePublic_defaultPublic (216.99s)
=== RUN   TestAccAWSInstance_associatePublic_explicitPrivate
--- PASS: TestAccAWSInstance_associatePublic_explicitPrivate (189.76s)
=== RUN   TestAccAWSInstance_changeInstanceType
--- PASS: TestAccAWSInstance_changeInstanceType (340.71s)
=== RUN   TestAccAWSInstance_volumeTags
--- PASS: TestAccAWSInstance_volumeTags (511.13s)
=== RUN   TestAccAWSInstance_ipv6_supportAddressCountWithIpv4
--- PASS: TestAccAWSInstance_ipv6_supportAddressCountWithIpv4 (602.57s)
=== RUN   TestAccAWSInstance_importBasic
--- PASS: TestAccAWSInstance_importBasic (892.13s)
=== RUN   TestAccAWSInstance_addSecondaryInterface
--- PASS: TestAccAWSInstance_addSecondaryInterface (404.71s)
=== RUN   TestAccAWSInstance_volumeTagsComputed
--- PASS: TestAccAWSInstance_volumeTagsComputed (572.92s)
=== RUN   TestAccAWSInstance_associatePublic_overridePrivate
--- PASS: TestAccAWSInstance_associatePublic_overridePrivate (307.70s)
=== RUN   TestAccAWSInstance_addSecurityGroupNetworkInterface
--- PASS: TestAccAWSInstance_addSecurityGroupNetworkInterface (709.20s)

@bflad bflad added bug Addresses a defect in current functionality. service/ec2 Issues and PRs that pertain to the ec2 service. labels Jan 18, 2018
radeksimko
radeksimko approved these changes Jan 18, 2018
View reviewed changes
Copy link
Member

@radeksimko radeksimko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally 👌 - just one question - can't we start with lower timeout, say 1 minute and raise it if it turns out to be necessary?

@bflad
resource/aws_instance: Lower IAM instance profile retry timeout from …
6ca1a85 
…2 minutes to 1 minute initially

Generally we would prefer to surface actual IAM issues (bad profile, etc.) sooner rather than later.
@bflad bflad added this to the v1.7.1 milestone Jan 18, 2018
@bflad
Copy link
Contributor Author

bflad commented Jan 18, 2018

Lowered the timeouts to 1 minute to follow our normal practice of preferring to bubble up actual issues sooner rather than later (since EC2 doesn't differentiate between missing vs actually bad here). Can always adjust later if eventual consistency here is really bad (its currently only 30 seconds on instance creation, so we're probably okay). 👍

@bflad bflad merged commit e88ab8e into master Jan 18, 2018
@bflad bflad deleted the b-aws_instance-instance-profile-update-retries branch January 18, 2018 17:12
bflad added a commit that referenced this pull request Jan 18, 2018
@bflad
Update CHANGELOG for #3055
fae04df
@bflad
Copy link
Contributor Author

bflad commented Jan 22, 2018

This has been released in terraform-provider-aws version 1.7.1. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@bflad bflad mentioned this pull request Jan 27, 2018
Closed
@jmcarp jmcarp mentioned this pull request Feb 25, 2018
Closed
drewsonne pushed a commit to drewsonne/terraform-provider-aws that referenced this pull request Mar 3, 2018
@bflad @drewsonne
Update CHANGELOG for hashicorp#3055
3281497
amenonsen added a commit to 2ndQuadrant/ansible that referenced this pull request Jul 15, 2018
@amenonsen
Retry EC2 run_instances on "Invalid IAM Instance Profile name" errors
3953fec 
Instance creation could fail with an error like this if the IAM instance
profile for the instance was created a short time before run_instances,
and had not yet propagated (which happened nearly every time on fast
networks):

    "Instance creation failed => InvalidParameterValue: Value
    (xxx_profile) for parameter iamInstanceProfile.name is invalid.
    Invalid IAM Instance Profile name"

We modify ec2.py to use an "EC2Retry" wrapper that inherits from
CloudRetry and wraps run_instances, detects the InvalidParameterValue
exception with the 'iamInstanceProfile.name is invalid' message, and
retries that request a few times.

Incidentally, terraform has the same problem and used the same fix,
right up to using string matching on the error message to figure out
whether it's the right error or not:

hashicorp/terraform-provider-aws#3055
amenonsen added a commit to 2ndQuadrant/ansible that referenced this pull request Jan 30, 2020
@amenonsen
Retry EC2 run_instances on "Invalid IAM Instance Profile name" errors
d15f8e8 
Instance creation could fail with an error like this if the IAM instance
profile for the instance was created a short time before run_instances,
and had not yet propagated (which happened nearly every time on fast
networks):

    "Instance creation failed => InvalidParameterValue: Value
    (xxx_profile) for parameter iamInstanceProfile.name is invalid.
    Invalid IAM Instance Profile name"

We modify ec2.py to use an "EC2Retry" wrapper that inherits from
CloudRetry and wraps run_instances, detects the InvalidParameterValue
exception with the 'iamInstanceProfile.name is invalid' message, and
retries that request a few times.

Incidentally, terraform has the same problem and used the same fix,
right up to using string matching on the error message to figure out
whether it's the right error or not:

hashicorp/terraform-provider-aws#3055
@ghost
Copy link

ghost commented Apr 8, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 8, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@radeksimko radeksimko radeksimko approved these changes

Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/ec2 Issues and PRs that pertain to the ec2 service.
Projects
None yet
Milestone
v1.7.1
Development

Successfully merging this pull request may close these issues.

IAM instance profile not created fast enough to modify EC2 instance
2 participants
@bflad @radeksimko