Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DuplicateListener when creating ELB with new certificate #4880

Closed
saliceti opened this issue Jan 28, 2016 · 4 comments
Closed

DuplicateListener when creating ELB with new certificate #4880

saliceti opened this issue Jan 28, 2016 · 4 comments
Labels
bug provider/aws waiting-response An issue/pull request is waiting for a response from the community

Comments

@saliceti
Copy link
Contributor

This is happening on Terraform 0.6.9.

When uploading a new certificate to IAM and creating a new ELB using this certificate in a listener, terraform fails with the error:

* aws_elb.concourse: Failure adding new or updated ELB listeners: DuplicateListener: A listener already exists for colin-cert-concourse with LoadBalancerPort 443, but with a different InstancePort, Protocol, or SSLCertificateId
status code: 400, request id: 3a2ed326-c5ce-11e5-9f46-a5c7d320375f

Code:

resource "aws_iam_server_certificate" "ELB name" {
  name = "ELB name"
  certificate_body = "${file("concourse.crt")}"
  private_key = "${file("concourse.key")}"

#  provisioner "local-exec" {
#    command = "sleep 10"
#  }
}

resource "aws_elb" "concourse" {
  name            = "${var.env}-concourse"
  subnets         = ["${split(",", var.infra_subnet_ids)}"]
  security_groups = ["${aws_security_group.concourse-elb.id}"]

  health_check {
    target              = "TCP:8080"
    interval            = 5
    timeout             = 2
    healthy_threshold   = 2
    unhealthy_threshold = 2
  }

  listener {
    instance_port       = 8080
    instance_protocol   = "tcp"
    lb_port             = 443
    lb_protocol         = "ssl"
    ssl_certificate_id  = "${aws_iam_server_certificate.concourse.arn}"
  }

  tags {
    Name = "${var.env}-concourse-elb"
  }
}

It looks like a race condition because it succeeds consistently if I add the above sleep in the local provisioner. It also works every time when I use TF_LOG trace or debug (which I assume makes terraform slightly slower).
@catsby
Copy link
Contributor

catsby commented Jan 28, 2016

Hey @saliceti – I believe I fixed this with a retry in #4825 , are you able to build from master or try out the new Terraform v0.6.10?

Let me know!

@catsby catsby added bug waiting-response An issue/pull request is waiting for a response from the community provider/aws labels Jan 28, 2016
saliceti added a commit to alphagov/paas-cf that referenced this issue Jan 28, 2016
@saliceti
Avoid new cert / ELB error
f46ff52 
There is a race condition in Terraform when it creates an ELB with a newly created certificate:

```
* aws_elb.concourse: Failure adding new or updated ELB listeners: DuplicateListener: A listener already exists for colin-cert-concourse with LoadBalancerPort 443, but with a different InstancePort, Protocol, or SSLCertificateId
status code: 400, request id: 3a2ed326-c5ce-11e5-9f46-a5c7d320375f
```
Here we add a sleep to give time to the IAM certificate to propagate.
An issue was raised: hashicorp/terraform#4880
@saliceti saliceti mentioned this issue Jan 28, 2016
Merged
@saliceti
Copy link
Contributor Author

I've tested successfully twice with 0.6.10. I think you can close the issue.
Thanks!

dcarley pushed a commit to alphagov/paas-docker-terraform that referenced this issue Jan 29, 2016
@saliceti @dcarley
Bump terraform version to 0.6.10
2dfe083 
This includes a fix for the `DuplicateListener` problem describe in
hashicorp/terraform#4880 and worked around in alphagov/paas-cf@f46ff52

Colin has confirmed that this now works without the `sleep 10`.

I don't believe we are affected by any of the backwards incompatibility
items listed in the CHANGELOG:

- https://github.com/hashicorp/terraform/blob/v0.6.10/CHANGELOG.md#0610-january-27-2016
@dcarley dcarley mentioned this issue Jan 29, 2016
Merged
@catsby
Copy link
Contributor

catsby commented Feb 12, 2016

Awesome, thank you for getting back @saliceti (sorry it took me 2 weeks to reply 😦)

@catsby catsby closed this as completed Feb 12, 2016
@ghost
Copy link

ghost commented Apr 28, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 28, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug provider/aws waiting-response An issue/pull request is waiting for a response from the community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@catsby @saliceti