I ran terraform import for one SQL server & one SQL database. While running the terraform plan I see message 2 to change. But I am not able to find the change in the below plan. It's not showing any null value.
I am not sure what is the change to be in effect.
Here is the information about the terraform plan:
# azurerm_sql_database.sqldb[0m will be updated in-place[0m[0m
2020-12-24T16:01:39.1426150Z [0m [33m~[0m[0m resource "azurerm_sql_database" "sqldb" {
2020-12-24T16:01:39.1426881Z [1m[0mcollation[0m[0m = "SQL_Latin1_General_CP1_CI_AS"
2020-12-24T16:01:39.1427865Z [32m+[0m [0m[1m[0mcreate_mode[0m[0m = "Default"
2020-12-24T16:01:39.1428801Z [1m[0mcreation_date[0m[0m = "2020-07-06T15:20:16.947Z"
2020-12-24T16:01:39.1429581Z [1m[0mdefault_secondary_location[0m[0m = "East US"
2020-12-24T16:01:39.1430271Z [1m[0medition[0m[0m = "GeneralPurpose"
2020-12-24T16:01:39.1474446Z [1m[0mextended_auditing_policy[0m[0m = [
2020-12-24T16:01:39.1481428Z {
2020-12-24T16:01:39.1482165Z retention_in_days = 0
2020-12-24T16:01:39.1483057Z storage_account_access_key = ""
2020-12-24T16:01:39.1483679Z storage_account_access_key_is_secondary = false
2020-12-24T16:01:39.1484293Z storage_endpoint = ""
2020-12-24T16:01:39.1486841Z },
2020-12-24T16:01:39.1487323Z ]
2020-12-24T16:01:39.1488663Z [1m[0mid[0m[0m = "/subscriptions/78bc4018-84c1-4906-94c9-c1d5b84cc907/resourceGroups/rg-us-wus-dev-1/providers/Microsoft.Sql/servers/sql-us-wus-dev/databases/sqldb-us-wus-dev"
2020-12-24T16:01:39.1491489Z [1m[0mlocation[0m[0m = "westus"
2020-12-24T16:01:39.1492160Z [1m[0mmax_size_bytes[0m[0m = "34359738368"
2020-12-24T16:01:39.1492790Z [1m[0mname[0m[0m = "sqldb-us-wus-dev"
2020-12-24T16:01:39.1493436Z [1m[0mread_scale[0m[0m = false
2020-12-24T16:01:39.1494194Z [1m[0mrequested_service_objective_id[0m[0m = "f21733ad-9b9b-4d4e-a4fa-94a133c41718"
2020-12-24T16:01:39.1495057Z [1m[0mrequested_service_objective_name[0m[0m = "GP_Gen5_2"
2020-12-24T16:01:39.1495733Z [1m[0mresource_group_name[0m[0m = "rg-us-wus-dev-1"
2020-12-24T16:01:39.1496437Z [1m[0mserver_name[0m[0m = "sql-us-wus-dev"
2020-12-24T16:01:39.1497190Z [1m[0mtags[0m[0m = {}
2020-12-24T16:01:39.1497905Z [1m[0mzone_redundant[0m[0m = false
2020-12-24T16:01:39.1498494Z
2020-12-24T16:01:39.1498890Z threat_detection_policy {
2020-12-24T16:01:39.1499416Z [1m[0mdisabled_alerts[0m[0m = []
2020-12-24T16:01:39.1500074Z [1m[0memail_account_admins[0m[0m = "Disabled"
2020-12-24T16:01:39.1500670Z [1m[0memail_addresses[0m[0m = []
2020-12-24T16:01:39.1501143Z [1m[0mretention_days[0m[0m = 0
2020-12-24T16:01:39.1501574Z [1m[0mstate[0m[0m = "Disabled"
2020-12-24T16:01:39.1502069Z [1m[0muse_server_default[0m[0m = "Disabled"
2020-12-24T16:01:39.1502411Z }
2020-12-24T16:01:39.1502594Z
2020-12-24T16:01:39.1502851Z timeouts {}
2020-12-24T16:01:39.1503112Z }
2020-12-24T16:01:39.1503279Z
2020-12-24T16:01:39.1503637Z [1m # azurerm_sql_server.sqlserver[0m will be updated in-place[0m[0m
2020-12-24T16:01:39.1504503Z [0m [33m~[0m[0m resource "azurerm_sql_server" "sqlserver" {
2020-12-24T16:01:39.1504979Z [1m[0madministrator_login[0m[0m = "sqladmin"
2020-12-24T16:01:39.1505483Z [32m+[0m [0m[1m[0madministrator_login_password[0m[0m = (sensitive value)
2020-12-24T16:01:39.1506007Z [1m[0mconnection_policy[0m[0m = "Default"
2020-12-24T16:01:39.1506451Z [1m[0mextended_auditing_policy[0m[0m = [
2020-12-24T16:01:39.1506802Z {
2020-12-24T16:01:39.1507156Z retention_in_days = 0
2020-12-24T16:01:39.1507611Z storage_account_access_key = ""
2020-12-24T16:01:39.1508130Z storage_account_access_key_is_secondary = false
2020-12-24T16:01:39.1508695Z storage_endpoint = "https://stuxxwusdev.blob.core.windows.net/"
2020-12-24T16:01:39.1509179Z },
2020-12-24T16:01:39.1509442Z ]
2020-12-24T16:01:39.1510082Z [1m[0mfully_qualified_domain_name[0m[0m = "sql-us-wus-dev.database.windows.net"
2020-12-24T16:01:39.1511114Z [1m[0mid[0m[0m = "/subscriptions/78bc4018-84c1-4906-94c9-c1d5b84cc907/resourceGroups/rg-us-wus-dev-1/providers/Microsoft.Sql/servers/sql-us-wus-dev"
2020-12-24T16:01:39.1511895Z [1m[0mlocation[0m[0m = "westus"
2020-12-24T16:01:39.1512415Z [1m[0mname[0m[0m = "sql-us-wus-dev"
2020-12-24T16:01:39.1512991Z [1m[0mresource_group_name[0m[0m = "wus-dev"
2020-12-24T16:01:39.1513500Z [1m[0mtags[0m[0m = {}
2020-12-24T16:01:39.1514036Z [1m[0mversion[0m[0m = "12.0"
2020-12-24T16:01:39.1514327Z
2020-12-24T16:01:39.1514602Z timeouts {}
2020-12-24T16:01:39.1514890Z }
There are terraform plan symbol meanings, refer to this.
+ create
- destroy
-/+ replace (destroy and then create, or vice-versa if create-before-destroy is used)
~ update in-place i.e. change without destroying
<= read
You can check the ~ mark line to check that the specific attributes will be updated in place.
For example, it will update the retention_in_days from 6 to 0 in the terraform template code.
Please let me know if you still have any questions.
Related
I am trying to create an Azure VM image using packer. My packer template looks like this
variable "version" {
type = string
default = "1.0.0"
}
variable "created_by" {
type = string
}
source "azure-arm" "development_subscription" {
azure_tags = {
CreatedBy = var.created_by
CreatedDate = formatdate("DD/MM/YYYY hh:mm:ss",timestamp())
}
image_offer = "WindowsServer"
image_publisher = "MicrosoftWindowsServer"
image_sku = "2022-datacenter-g2"
managed_image_name = "MyImage_${var.version}"
managed_image_resource_group_name = "Some-RG"
os_type = "Windows"
location = "ukwest"
# client_id = var.client_id
# client_secret = var.client_secret
subscription_id = "e8204745-e84f-4b2e-9e6f-545656fe0922"
vm_size = "Standard_D2s_v3"
winrm_insecure = true
winrm_timeout = "20m"
winrm_use_ssl = true
winrm_username = "packer"
}
However I keep on getting:
==> azure-arm.development_subscription: Waiting for WinRM to become available...
==> azure-arm.development_subscription: Timeout waiting for WinRM.
Other resources I've found online imply I should try increasing the timeout, but this VM doesn't seem likely to take longer than a few seconds to boot. Do I need to do something to disable the system firewall?
I was missing tenant_id. Once I added that, everything worked fine.
I tried your code it also got stuck while connecting to winRM and timed out waiting for the same .
The Major issue I found in your code is that you have not added a communicator ="WinRM" . So ,For that reason the WinRM port doesn't get open and you are not able to connect through it.
So, I added the same as solution in the below code :
variable "version" {
type = string
default = "1.0.0"
}
variable "created_by" {
type = string
default = "ajay"
}
variable "client_secret" {
default = "XXXXXXXXXXXXXXXXXXXXXXXX"
}
variable "client_id" {
default = "XXXXXXXXXXXXXXXXXXXXXXXXXX"
}
source "azure-arm" "development_subscription" {
azure_tags = {
CreatedBy = var.created_by
CreatedDate = formatdate("DD/MM/YYYY hh:mm:ss", timestamp())
}
image_offer = "WindowsServer"
image_publisher = "MicrosoftWindowsServer"
image_sku = "2022-datacenter-g2"
managed_image_name = "MyImage_${var.version}"
managed_image_resource_group_name = "ansumantest"
os_type = "Windows"
location = "ukwest"
client_id = var.client_id
client_secret = var.client_secret
subscription_id = "XXXXXXXXXXXXXXXXXXXX"
vm_size = "Standard_D2s_v3"
communicator = "winrm"
winrm_insecure = true
winrm_timeout = "20m"
winrm_use_ssl = true
winrm_username = "packer"
}
build {
name = "learn-packer"
sources = [
"source.azure-arm.development_subscription"
]
}
Output:
I have a resource task which gives the next output:
aws_eks_node_group.managed_workers["es"]:
resource "aws_eks_node_group" "managed_workers" {
ami_type = "AL2_x86_64"
arn = "arn:aws:eks:eu-west-1:xxxxx:nodegroup/EKS/EKS_-nodegroup-CI-es/b2be06b7-e5fe-b346-0e29-ec3f459f7b2c"
capacity_type = "ON_DEMAND"
cluster_name = "EKS_CLuster"
disk_size = 20
id = "EKS:EKS_-API-nodegroup-CI-es"
instance_types = [
"m5.xlarge",
]
labels = {
"autoscalergroup" = "pool"
"lifecycle" = "OnDemand"
}
node_group_name = "worker-node-nodegroup-1"
node_role_arn = "arn:aws:iam::xxxxx:role/EKS_workernode"
release_version = "1.18.9-20210722"
resources = [
{
autoscaling_groups = [
{
name = "eks-xxx-xxx-xx"
},
]
remote_access_security_group_id = "sg-xxxx"
},
]
I'm trying to use the autoscaling_groups.name on this way:
resource "aws_autoscaling_group_tag" "nodetags" {
for_each = aws_eks_node_group.managed_workers
autoscaling_group_name = each.value.resources.autoscaling_groups.name
But I'm not able to access to resources.autoscaling_groups.name with success.. Someone know how to access to this data?
Thanks
resources and autoscaling_groups are both lists.
Use each.value.resources[0].autoscaling_groups[0].name
I’m getting the error below, from command AWS_PROFILE=myprofile AWS_REGION=sa-east-1 terraform apply -target=module.saopaulo_service_dev_kubernetes.
Error authorizing security group rule type ingress: InvalidGroup.NotFound: The security group ‘sg-something’ does not exist
The target I'm applying is as below.
module "saopaulo_service_dev_kubernetes" {
source = "./modules/regional-kubernetes"
region_code = "saopaulo"
vpc_name = "main"
env = "dev"
cluster_prefix = "service"
instance_type = "m5.2xlarge"
providers = {
aws = aws.saopaulo
}
}
The source file is as below. I didn't add all the files, as there are too many, but just attached the eks module (terraform-aws-modules/eks/aws) I use to create my module.
data "aws_eks_cluster" "cluster" {
name = module.eks.cluster_id
}
data "aws_eks_cluster_auth" "cluster" {
name = module.eks.cluster_id
}
provider "kubernetes" {
host = data.aws_eks_cluster.cluster.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
token = data.aws_eks_cluster_auth.cluster.token
load_config_file = false
version = "~> 1.9"
}
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "12.2.0" # Version Pinning
cluster_name = local.cluster_name
cluster_version = local.cluster_version
vpc_id = local.vpc_id
subnets = local.private_subnets
cluster_enabled_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
worker_additional_security_group_ids = [aws_security_group.nodeport.id, data.aws_security_group.common_eks_sg.id]
wait_for_cluster_cmd = "for i in `seq 1 60`; do curl -k -s $ENDPOINT/healthz >/dev/null && exit 0 || true; sleep 5; done; echo TIMEOUT && exit 1"
worker_groups = concat([{
instance_type = "t3.micro"
asg_min_size = "1"
asg_max_size = var.asg_max_size
key_name = "shared-backdoor"
kubelet_extra_args = join(" ", [
"--node-labels=app=nodeport",
"--register-with-taints=dedicated=nodeport:NoSchedule"
])
pre_userdata = file("${path.module}/pre_userdata.sh")
tags = concat([for k, v in local.common_tags : {
key = k
value = v
propagate_at_launch = "true"
}], [{
key = "Role"
value = "nodeport"
propagate_at_launch = "true"
}])
}], local.worker_group)
map_users = local.allow_user
# map_roles = local.allow_roles[var.env]
}
I have security group named sg-something in sa-east-1 region, and have also checked that I’m running terraform apply on correct region by checking
data "aws_region" "current" {}
output my_region {
value = data.aws_region.current.name
}
Any suggestions?
i am using terraform and i don't get the right parameters to create my glue jobs.
As i am not a terraform pro (i begin), i wonder how it works.
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_job#glue_version
I have not the good updates on my glue job resource using those parameters:
resource "aws_glue_job" "job_name" {
name = "job_name"
description = "job-desc"
role_arn = "${aws_iam_role.service-name.arn}"
max_capacity = 2
max_retries = 1
timeout = 60
command {
script_location = "s3://my_bucket"
python_version = "3"
}
default_arguments = {
"--job-language" = "python"
"--ENV" = "env"
"--spark-event-logs-path" = "s3://my_bucket"
"--job-bookmark-option" = "job-bookmark-enable"
"--glue_version" = "2.0"
"--worker_type" = "G.1X"
"--enable-spark-ui" = "true"
}
execution_property {
max_concurrent_runs = 1
}
}
Idon't know where and how put those params. Could you please help me ?
"--glue_version" = "2.0"
"--worker_type" = "G.1X"
Regards.
The glue_version and worker_type arguments go on the same level as the default_arguments block, not inside of it.
Once you move them out, your resource block may look like this:
resource "aws_glue_job" "job_name" {
name = "job_name"
description = "job-desc"
role_arn = "${aws_iam_role.service-name.arn}"
max_capacity = 2
max_retries = 1
timeout = 60
glue_version = "2.0"
worker_type = "G.1X"
command {
script_location = "s3://my_bucket"
python_version = "3"
}
default_arguments = {
"--job-language" = "python"
"--ENV" = "env"
"--spark-event-logs-path" = "s3://my_bucket"
"--job-bookmark-option" = "job-bookmark-enable"
"--enable-spark-ui" = "true"
}
execution_property {
max_concurrent_runs = 1
}
}
EDIT
The version you are using, 2.30.0 doesn't support these arguments for the aws_glue_job resource.
The glue_version argument was not added until version 2.34.0 of the AWS Provider.
The worker_type argument was not added until version 2.39.0.
You will need to update the provider to support these arguments.
I am trying to set the IP restrictions block in my Azure App Service App
When performing the Terraform plan or apply, I receive the following error:
Error: azurerm_app_service.app-service-1: : invalid or unknown key: ip_restriction
I used ip_restriction per Terraform Documentation for App Service (Web Apps) Resources
Here is the AppService deployment code i am using:
resource "azurerm_app_service" "app-service-1" {
name = "${var.app_service_1}"
location = "${data.azurerm_resource_group.core-rg.location}"
resource_group_name = "${data.azurerm_resource_group.core-rg.name}"
app_service_plan_id = "${data.azurerm_app_service_plan.app-service-plan-1.id}"
https_only = "True"
enabled = "True"
client_affinity_enabled = "True"
site_config {
always_on = "True"
#default_documents = ""
dotnet_framework_version = "v4.0"
#http2_enabled = ""
#ip_restriction = ""
#java_version = ""
#java_container = ""
#java_container_version = ""
managed_pipeline_mode = "Integrated"
min_tls_version = "1.2"
#php_version = ""
#python_version = ""
remote_debugging_enabled = "False"
#remote_debugging_version = ""
scm_type = "None"
use_32_bit_worker_process = "False"
websockets_enabled = "True"
#ftps_state = ""
}
app_settings {
"KeyVaultURI" = ""
"WEBSITE_NODE_DEFAULT_VERSION" = "6.9.1"
}
ip_restriction {
"ip_address" = ""
}
Thank you
#jamies answer is unfortunately incorrect IP_restriction is not a list taking one or more but a repeatable block.
#gvazzana is the correct format.
However, there is a trap.. that will cause the error you are seeing.
In Tf we are used to typing IP address's in full CIDR format eg 10.23.97.201/23 or 192.68.50.0/24, the azure portal for this section even displays them like this.
But for this particular block, in terraform, you have to do them old school. eg:
site_config {
# For a single IP address
ip_restriction {
ip_address = "81.145.174.78"
}
ip_restriction {
# For an address range
ip_address = "10.240.101.0"
subnet_mask = "255.255.255.0"
}
}
This is of course a pain if you have a long list of address's and ranges.
Now that terraform version 0.12.0 is upon us we should be able to take advantage of the new dynamic block styles and cidrhost and cidrmask functions in order to simplify things.
eg:
dynamic "ip_restriction" {
for_each = var.ip_address_list
content {
ip_address = cidrhost(ip_restriction.value,0)
subnet_mask = cidrmask(ip_restriction.value)
}
}
tested with
Terraform v0.12.13
For those interested, here is the method to use ipRestrictions in Terraform
ip Restrictions is part of the Site_Config {}
See how to use below:
AppService.tf:
resource "azurerm_app_service" "app-service-1" {
name = "${var.app_service_1}"
location = "${data.azurerm_resource_group.core-rg.location}"
resource_group_name = "${data.azurerm_resource_group.core-rg.name}"
app_service_plan_id = "${data.azurerm_app_service_plan.app-service-plan-1.id}"
https_only = "True"
enabled = "True"
client_affinity_enabled = "True"
site_config {
always_on = "True"
#default_documents = ""
dotnet_framework_version = "v4.0"
#http2_enabled = ""
#ip_restriction = ""
#java_version = ""
#java_container = ""
#java_container_version = ""
managed_pipeline_mode = "Integrated"
min_tls_version = "1.2"
#php_version = ""
#python_version = ""
remote_debugging_enabled = "False"
#remote_debugging_version = ""
scm_type = "None"
use_32_bit_worker_process = "False"
websockets_enabled = "True"
#ftps_state = ""
ip_restriction {
ip_address = "${var.ip_address_1}"
}
ip_restriction {
ip_address = "${var.ip_address_2}"
}
ip_restriction {
ip_address = "${var.ip_address_3}"
}
}
app_settings {
"KeyVaultURI" = ""
"WEBSITE_NODE_DEFAULT_VERSION" = "6.9.1"
}
}
So you are running into a syntax error. The documentation can be confusing to read as I have learned over the last year. If you read the section on ip_restriction it says that it takes one or more. This means that it expects an array.
There is also a section of the documentation that tells you that it inside the array it expects an object that has the properties of ip_address and subnet_mask. That is here
So to fix your issue you need the following for ip_restriction.
ip_restriction = [
{
ip_address = "10.0.0.0"
}
]
Hope this helps.