Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

terraform bug inverts boolean logic when extra_groups are defined #10763

Closed
rptaylor opened this issue Jan 3, 2024 · 2 comments · Fixed by #10764
Closed

terraform bug inverts boolean logic when extra_groups are defined #10763

rptaylor opened this issue Jan 3, 2024 · 2 comments · Fixed by #10764
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@rptaylor
Copy link
Contributor

rptaylor commented Jan 3, 2024
edited
Loading

I have

k8s_nodes = {
  b01 = {
    "az" = "Compute"
    "flavor" = "64a48dcb-1469-469d-b0f2-d00f6ca43707"
    "floating_ip" = false
  },
  b02 = {
    "az" = "Compute" 
    "flavor" = "64a48dcb-1469-469d-b0f2-d00f6ca43707"
    "floating_ip" = false
  },
  v01 = { # vGPU 
    "az" = "nova"
    "flavor" = "39d3041a-ace2-4166-9133-d78fe00190a9"
    "floating_ip" = false
    "extra_groups" = "gpu_node"  # New line recently added
  } 
}

This worked fine until I recently added the "extra_groups" = "gpu_node" line (feature from https://github.com/kubernetes-sigs/kubespray/pull/9211/files). This should just add "gpu_node" to kubespray_groups of one node. However when I terraform apply, it tries to remove the "no_floating" group from all nodes, even though floating_ip is still false!

Terraform will perform the following actions:

  # module.compute.openstack_compute_instance_v2.k8s_nodes["b01"] will be updated in-place
  ~ resource "openstack_compute_instance_v2" "k8s_nodes" {
        id                  = "c8d647bb-565a-44b4-ae78-bd6b0d5affb9"
      ~ metadata            = {
          ~ "kubespray_groups" = "kube_node,k8s_cluster,no_floating," -> "kube_node,k8s_cluster,,"
            # (3 unchanged elements hidden)
        }
    }
  # module.compute.openstack_compute_instance_v2.k8s_nodes["b02"] will be updated in-place
  ~ resource "openstack_compute_instance_v2" "k8s_nodes" {
        id                  = "037dac0d-a137-42f6-bd35-ef97cba0f5e3"
      ~ metadata            = {
          ~ "kubespray_groups" = "kube_node,k8s_cluster,no_floating," -> "kube_node,k8s_cluster,,"
            # (3 unchanged elements hidden)
        }
    }
  # module.compute.openstack_compute_instance_v2.k8s_nodes["v01"] will be updated in-place
  ~ resource "openstack_compute_instance_v2" "k8s_nodes" {
        id                  = "254f01e0-657d-483c-9197-30b4e8382822"
      ~ metadata            = {
          ~ "kubespray_groups" = "kube_node,k8s_cluster,no_floating," -> "kube_node,k8s_cluster,,gpu_node"
            # (3 unchanged elements hidden)
        }
    }
Plan: 0 to add, 3 to change, 0 to destroy.

I've spent hours trying to reproduce this potential Terraform bug in a simpler/independent environment than Kubespray but have not been able to :(
I tried Terraform versions 1.3.9, 1.4.7 and 1.6.6.
I tried .terraform/providers/registry.terraform.io/terraform-provider-openstack/openstack/1.48.0 and also did terraform init -upgrade , upgrading the openstack provider version to 1.53.0.
I tried creating openstack compute instances in a Terraform module using for_each and the same variable definitions and metadata definition

  metadata = {
    kubespray_groups = "kube_node,k8s_cluster,%{if each.value.floating_ip == false}no_floating,%{endif}${var.supplementary_node_groups},${try(each.value.extra_groups, "")}"
  }

but still could not reproduce it. There must be some extra complications in the Kubespray Terraform environment triggering this issue.

I did however try modifying the code to

    kubespray_groups = "kube_node,k8s_cluster,%{if each.value.floating_ip == false}no_floating,%{else}FLOATING,%{endif}${var.supplementary_node_groups},${try(each.value.extra_groups, "")}"

which resulted in "FLOATING" being added, confirming that if each.value.floating_ip == false was evaluating to the opposite of what it should be!

I also tried removing the "extra_groups" = "gpu_node" line and confirmed that this causes the bug to go away again, and the no_floating group comes back.

Environment:

  • Cloud provider or hardware configuration:
    Openstack

Kubespray version (commit) (git rev-parse --short HEAD):
7b936bc80
@rptaylor rptaylor added the kind/bug Categorizes issue or PR as related to a bug. label Jan 3, 2024
@rptaylor
Copy link
Contributor Author

rptaylor commented Jan 3, 2024

related to #9211

@rptaylor rptaylor mentioned this issue Jan 3, 2024
Merged
@rptaylor
Copy link
Contributor Author

rptaylor commented Jan 3, 2024

The output of the terraform provider upgrade, after which the bug was still present:

$ terraform init -upgrade

Initializing the backend...
Upgrading modules...
- compute in modules/compute
- ips in modules/ips
- network in modules/network

Initializing provider plugins...
- Finding latest version of hashicorp/template...
- Finding latest version of hashicorp/null...
- Finding terraform-provider-openstack/openstack versions matching "~> 1.17"...
- Using previously-installed hashicorp/template v2.2.0
- Installing hashicorp/null v3.2.2...
- Installed hashicorp/null v3.2.2 (signed by HashiCorp)
- Installing terraform-provider-openstack/openstack v1.53.0...
- Installed terraform-provider-openstack/openstack v1.53.0 (self-signed, key ID 4F80527A391BEFD2)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

workaround for terraform bug related to no_floating and extra_groups rptaylor/kubespray
1 participant
@rptaylor