terraform-provider-ignition icon indicating copy to clipboard operation
terraform-provider-ignition copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

ignition_config creation fails if the files section contains both static and dynamic content files

Open IvanovOleg opened this issue 5 years ago • 11 comments

Terraform Version

Terraform v0.12.1

Affected Resource(s)

Please list the resources as a list, for example:

  • ignition_config

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

resource "tls_private_key" "ca" {
  algorithm = "${var.tls_algorithm}"
}

data "ignition_file" "sysctl-net-core" {
  filesystem = "root"
  path       = "/etc/sysctl.d/nc.conf"
  mode       = 420

  content {
    content = "net.core.somaxconn = 512"
  }
}

data "ignition_file" "ca-key" {
  filesystem = "root"
  path       = "${var.tls_directory}/ca-key.pem"
  mode       = 493

  content {
    content = "${tls_private_key.ca.private_key_pem}"
  }
}

data "ignition_config" "main" {
  files = [
    "${data.ignition_file.sysctl-net-core.id}",
    "${data.ignition_file.ca-key.id}",
  ]
}


tls_directory             = "/etc/ssl/certs/kubernetes"
tls_algorithm             = "RSA"
tls_validity_period_hours = 26280
etcd_disk_lun_number      = 1

variable "tls_algorithm" {}
variable "tls_validity_period_hours" {}
variable "etcd_disk_lun_number" {}
variable "tls_directory" {}

Expected Behavior

Ignition config is created.

Actual Behavior

data.ignition_file.sysctl-net-core: Refreshing state...

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # data.ignition_config.main will be read during apply
  # (config refers to values not yet known)
 <= data "ignition_config" "main"  {
      + files    = [
          + "84c1889315f23264eb059f6a0dea5b0c3c3c362bc274c33c249b640e4700c4f0",
          + (known after apply),
        ]
      + id       = (known after apply)
      + rendered = (known after apply)
    }

  # data.ignition_file.ca-key will be read during apply
  # (config refers to values not yet known)
 <= data "ignition_file" "ca-key"  {
      + filesystem = "root"
      + id         = (known after apply)
      + mode       = 493
      + path       = "/etc/ssl/certs/kubernetes/ca-key.pem"

      + content {
          + content = (known after apply)
        }
    }

  # tls_private_key.ca will be created
  + resource "tls_private_key" "ca" {
      + algorithm                  = "RSA"
      + ecdsa_curve                = "P224"
      + id                         = (known after apply)
      + private_key_pem            = (known after apply)
      + public_key_fingerprint_md5 = (known after apply)
      + public_key_openssh         = (known after apply)
      + public_key_pem             = (known after apply)
      + rsa_bits                   = 2048
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

tls_private_key.ca: Creating...
tls_private_key.ca: Creation complete after 0s [id=7bcfe6bcf6ac7e5db31e29fd75615c6512ff20ee]
data.ignition_file.ca-key: Refreshing state...
data.ignition_config.main: Refreshing state...

Error: invalid file "84c1889315f23264eb059f6a0dea5b0c3c3c362bc274c33c249b640e4700c4f0", unknown file id

  on ignition.tf line 21, in data "ignition_config" "main":
  21: data "ignition_config" "main" {

Debug Output

2019/06/19 22:35:36 [TRACE] EvalReadData: working on data.ignition_config.main
2019/06/19 22:35:36 [TRACE] GetResourceInstance: data.ignition_file.sysctl-net-core is a single instance
2019/06/19 22:35:36 [TRACE] GetResourceInstance: data.ignition_file.ca-key is a single instance
2019/06/19 22:35:36 [TRACE] Re-validating config for data.ignition_config.main
2019/06/19 22:35:36 [TRACE] GRPCProvider: ValidateDataSourceConfig
2019/06/19 22:35:36 [TRACE] EvalReadData: data.ignition_config.main configuration is complete, so reading from provider
2019/06/19 22:35:36 [TRACE] GRPCProvider: ReadDataSource
2019/06/19 22:35:36 [ERROR] <root>: eval: *terraform.EvalReadData, err: invalid file "84c1889315f23264eb059f6a0dea5b0c3c3c362bc274c33c249b640e4700c4f0", unknown file id
2019/06/19 22:35:36 [ERROR] <root>: eval: *terraform.EvalSequence, err: invalid file "84c1889315f23264eb059f6a0dea5b0c3c3c362bc274c33c249b640e4700c4f0", unknown file id
2019/06/19 22:35:36 [TRACE] [walkApply] Exiting eval tree: data.ignition_config.main
2019/06/19 22:35:36 [TRACE] vertex "data.ignition_config.main": visit complete
2019/06/19 22:35:36 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping
2019/06/19 22:35:36 [TRACE] dag/walk: upstream of "provider.ignition (close)" errored, so skipping
2019/06/19 22:35:36 [TRACE] dag/walk: upstream of "root" errored, so skipping
2019/06/19 22:35:36 [TRACE] statemgr.Filesystem: no original state snapshot to back up
data2019/06/19 22:35:36 [TRACE] statemgr.Filesystem: state has changed since last snapshot, so incrementing serial to 3
.2019/06/19 22:35:36 [TRACE] statemgr.Filesystem: writing snapshot at terraform.tfstate
ignition_config.main: Refreshing state...
2019/06/19 22:35:36 [TRACE] statemgr.Filesystem: removing lock metadata file .terraform.tfstate.lock.info

Important Factoids

If the files section of the ignition_config contains references on both static content files and dynamic content files, ignition_config fails. Second execution of the apply command works. If I comment static content or dynamic content file references separately, it works. Looks like ignition_config doesn't resolve dependencies correctly.

IvanovOleg avatar May 29 '19 14:05 IvanovOleg