Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EIP association issues with lifecycle create_before_destroy #6758

Closed
zyounker opened this issue May 19, 2016 · 8 comments · Fixed by #9056
Closed

EIP association issues with lifecycle create_before_destroy #6758

zyounker opened this issue May 19, 2016 · 8 comments · Fixed by #9056

Comments

@zyounker
Copy link

zyounker commented May 19, 2016

using Terraform v0.6.16 and having issues with EIP associations when used with lifecycle create_before_destroy

Here is the basic config:

resource "aws_eip" "eip" {
    count = "${var.node_count}"
    vpc = true
    lifecycle {
        create_before_destroy = "true"
    }
}

resource "aws_eip_association" "eip_assoc" {
    count = "${var.node_count}"
    instance_id = "${element(aws_instance.mysql.*.id, count.index)}"
    allocation_id = "${element(aws_eip.eip.*.id, count.index)}"
    lifecycle {
        create_before_destroy = "true"
    }
}

resource "aws_instance" "mysql" {
    count = "${var.node_count}"
    availability_zone = "${element(split(",", var.availability_zones), count.index)}"
    ami = "${element(split(",", var.ami_id), count.index)}"
    instance_type = "${var.instance_type}"
    vpc_security_group_ids = ["${aws_security_group.mysql.id}"]
    subnet_id = "${element(split(",", var.subnet_id), count.index)}"
    key_name = "${var.key_name}"

    lifecycle {
        create_before_destroy = "true"
    }
}

We are seeing the following error:

module.mysql.aws_instance.mysql: Creation complete
module.mysql.aws_eip_association.eip_assoc: Creating...
  allocation_id:        "" => "eipalloc-da1561be"
  instance_id:          "" => "i-622ef9a4"
  network_interface_id: "" => "<computed>"
  private_ip_address:   "" => "<computed>"
  public_ip:            "" => "<computed>"
module.mysql.aws_eip_association.eip_assoc: Creation complete
module.mysql.aws_eip_association.eip_assoc: Destroying...
Error applying plan:

1 error(s) occurred:

* aws_eip_association.eip_assoc: Error deleting Elastic IP association: InvalidAssociationID.NotFound: The association ID 'eipassoc-1c60627a' does not exist
    status code: 400, request id: 80950320-431a-47a7-877e-bc202c7b82f3

it seems it loses track of the eip association because it associates it and then tries to destroy the old association. At this point terraform state is completely broken. It is unable to refresh or do anything, displaying the following error:

* aws_eip_association.eip_assoc: Unable to find EIP Association: eipassoc-1c60627a

@zyounker
Copy link
Author

zyounker commented May 19, 2016

Quick update here. I was able to get this working by removing the aws_eip_association and doing the association directly in aws_eip:

resource "aws_eip" "eip" {
    count = "${var.node_count}"
    vpc = true
    instance = "${element(aws_instance.mysql.*.id, count.index)}"
    associate_with_private_ip = "${element(aws_instance.mysql.*.private_ip, count.index)}"

    lifecycle {
        create_before_destroy = "true"
    }
}

resource "aws_instance" "mysql" {
    count = "${var.node_count}"
    availability_zone = "${element(split(",", var.availability_zones), count.index)}"
    ami = "${element(split(",", var.ami_id), count.index)}"
    instance_type = "${var.instance_type}"
    vpc_security_group_ids = ["${aws_security_group.mysql.id}"]
    subnet_id = "${element(split(",", var.subnet_id), count.index)}"
    key_name = "${var.key_name}"

    lifecycle {
        create_before_destroy = "true"
    }
}

Still think original config is valid and should probably allow a soft fail when it loses its association. This would allow it to still succeed when an association is lost.

For now the workaround is fine for me, but i was planing to move EIP creation out of this module and only perform the association.

@Charg
Copy link
Contributor

Charg commented Jun 2, 2016

I'm facing a similar issue. aws_eip_association needs some lifecycle logic added to it. Currently, I have already created the EIP resources and mapped them to the aws_eip_association resource. I want to be able to rebuild my aws_instance using the create_before_destroy and keep my EIP association until the new instance comes up.

My config is simple:

resource "aws_eip_association" "eip-assoc-1" {
  instance_id = "${aws_instance.redirect-service-1.id}"
  allocation_id = "eipalloc-somethang"
  lifecycle {
    create_before_destroy = "true"
  }
}

resource "aws_instance" "redirect-service-1" {
  instance_type = "t2.micro"
  ami = "${var.aws_ami}"
  key_name = "${var.key_name}"

  # Public Subnet
  subnet_id = "subnet-98334db2"

  # Our Security group to allow HTTP(S) and SSH access
  vpc_security_group_ids = ["${aws_security_group.redirect-service-sg.id}"]

  lifecycle {
    create_before_destroy = "true"
  }
}

@aviflax
Copy link

aviflax commented Jun 30, 2016

Any chance of this getting addressed? It seems like a valid use case, and the current implementation can lead to a Terraform state being totally broken/unusable (I’m currently dealing with this).

@cobrien71
Copy link

Same here utilizing Terraform v0.7.2 as well.
Seems like the EIP does initially get associated but the error message is noted (* aws_eip_association.eip_assoc: Unable to find EIP Association: eipassoc-xxxxxx) and any other terraform plan/apply will bark and not allow to be attempted.

@stack72
Copy link
Contributor

stack72 commented Sep 26, 2016

Hi all

Apologies this is causing issues for you. I have just managed to fix this error up - I am currently running tests and will submit a PR. It will be released as part of Terraform 0.7.5

Sorry it has taken so long to get to the error!

Paul

@stack72 stack72 self-assigned this Sep 26, 2016
stack72 added a commit that referenced this issue Sep 26, 2016
Fixes #6758

We used to throw an error when this was the case - we should refresh
from state so the association can be recreated

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEIPAssociation_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/26 16:42:37 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEIPAssociation_ -timeout 120m
=== RUN   TestAccAWSEIPAssociation_basic
--- PASS: TestAccAWSEIPAssociation_basic (272.92s)
=== RUN   TestAccAWSEIPAssociation_disappears
--- PASS: TestAccAWSEIPAssociation_disappears (119.62s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws392.559s
```
@bizmate
Copy link

bizmate commented Sep 14, 2017

Strange i m still getting this on v 0.10.3

$ terraform destroy -force -target=aws_instance.biz_gocd_agent

and i get

aws_eip_association.eip_assoc: Error deleting Elastic IP association: InvalidAssociationID.NotFound: The association ID 'eipassoc-48d1bd7c' does not exist status code: 400, request id: dbd9ce3d-58e2-41ec-a627-c4d8d8815b4e

@anlauren
Copy link

anlauren commented Oct 9, 2017

Hi on Terraform v0.10.7,
I don't know if it is a problem in my flow, or my config but I have te feeling that I have a issue that is linked to that:
I have two aws that I want to be alternatively under the one IP, for that I use two associations and I alternatively target one of them:

Config:

resource "aws_eip_association" "eip_assoc_XXX" {
	instance_id   = "${aws_instance.XXX.id}"
	allocation_id = "${aws_eip.XXX-ip.id}"
}

resource "aws_eip_association" "eip_assoc_XXX2" {
	instance_id   = "${aws_instance.XXX.id}"
	allocation_id = "${aws_eip.XXX-ip.id}"
}
resource "aws_instance" "XXX" {
        ami = "ami-af0fc0c0"
	instance_type = "t2.small"
}
resource "aws_instance" "XXX2" {
        ami = "ami-af0fc0c0"
	instance_type = "t2.small"
}

Actions:

#bring up the first instance
terraform apply -target=aws_instance.XXX
terraform apply -target=aws_eip_association.eip_assoc_XXX

#bring up the second instance
terraform apply -target=aws_instance.XXX2

#switch the IP
terraform apply -target=aws_eip_association.eip_assoc_XXX2

#destroy the previous instance
terraform apply destroy -target=aws_eip_association.eip_assoc_XXX

-->  Error deleting Elastic IP association: InvalidAssociationID.NotFound: The association ID 'eipassoc-14ea973a' does not exist

Problem:

When allocating the ip under aws_eip_association.eip_assoc_XXX2, it doesn't record the aws_eip_association.eip_assoc_XXX one as been deleted. Hence when I destroy the XXX instance, it doesn't find the aws_eip_association.eip_assoc_XXX and breaks.

Hope that is clear enough...

@ghost
Copy link

ghost commented Apr 7, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 7, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

7 participants