search

GoogleCloudPlatform / terraform-google-nat-gateway

Modular NAT Gateway on Google Compute Engine for Terraform.
Apache License 2.0
156 stars 131 forks source link

metadata.startup-script (Forces new resource) #109

Open RafiGreenberg opened 5 years ago

RafiGreenberg commented 5 years ago

On release 1.2.2 (and also tested downgrading to 1.2.1 and 1.2.0), I'm getting "forces new resource" for multiple resources when attempting to plan/apply:

  ~ module.nat.module.nat-gateway.google_compute_instance_group_manager.default
      instance_template:                                                            "https://www.googleapis.com/compute/v1/projects/myproject/global/instanceTemplates/default-20180925221106651400000001" => "${google_compute_instance_template.default.self_link}"

-/+ module.nat.module.nat-gateway.google_compute_instance_template.default (new resource required)
      id:                                                                           "default-20180925221106651400000001" => <computed> (forces new resource)
      can_ip_forward:                                                               "true" => "true"
      disk.#:                                                                       "1" => "1"
      disk.0.auto_delete:                                                           "true" => "true"
      disk.0.boot:                                                                  "true" => "true"
      disk.0.device_name:                                                           "persistent-disk-0" => <computed>
      disk.0.disk_size_gb:                                                          "0" => "0"
      disk.0.disk_type:                                                             "pd-ssd" => "pd-ssd"
      disk.0.interface:                                                             "SCSI" => <computed>
      disk.0.mode:                                                                  "READ_WRITE" => <computed>
      disk.0.source_image:                                                          "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
      disk.0.type:                                                                  "PERSISTENT" => "PERSISTENT"
      machine_type:                                                                 "n1-standard-1" => "n1-standard-1"
      metadata.%:                                                                   "2" => "2"
      metadata.startup-script:                                                      "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n  apt-get install -y squid3\n\n  cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n  systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n  apt-get install -y squid3\n\n  cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n  systemctl reload squid\nfi\n" (forces new resource)
      metadata.tf_depends_id:                                                       "" => ""
      metadata_fingerprint:                                                         "kBjcDO5Kgd8=" => <computed>
      name:                                                                         "default-20180925221106651400000001" => <computed>
      name_prefix:                                                                  "default-" => "default-"
      network_interface.#:                                                          "1" => "1"
      network_interface.0.access_config.#:                                          "1" => "1"
      network_interface.0.access_config.0.assigned_nat_ip:                          "xxx.xxx.xxx.xxx" => <computed>
      network_interface.0.access_config.0.nat_ip:                                   "xxx.xxx.xxx.xxx" => "xxx.xxx.xxx.xxx"
      network_interface.0.access_config.0.network_tier:                             "PREMIUM" => <computed>
      network_interface.0.address:                                                  "" => <computed>
      network_interface.0.network_ip:                                               "" => <computed>
      network_interface.0.subnetwork:                                               "https://www.googleapis.com/compute/v1/projects/myproject/regions/us-west1/subnetworks/prod" => "prod"
      network_interface.0.subnetwork_project:                                       "myproject" => <computed>
      project:                                                                      "myproject" => <computed>
      region:                                                                       "us-west1" => "us-west1"
      scheduling.#:                                                                 "1" => <computed>
      self_link:                                                                    "https://www.googleapis.com/compute/beta/projects/myproject/global/instanceTemplates/default-20180925221106651400000001" => <computed>
      service_account.#:                                                            "1" => "1"
      service_account.0.email:                                                      "default" => "default"
      service_account.0.scopes.#:                                                   "4" => "4"
      service_account.0.scopes.1693978638:                                          "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
      service_account.0.scopes.172152165:                                           "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
      service_account.0.scopes.299962681:                                           "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
      service_account.0.scopes.4177124133:                                          "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
      tags.#:                                                                       "3" => "3"
      tags.2279103039:                                                              "inst-nat-us-west1" => "inst-nat-us-west1"
      tags.2542268873:                                                              "allow-ssh" => "allow-ssh"
      tags.288316778:                                                               "inst-nat-us-west1-b" => "inst-nat-us-west1-b"
      tags_fingerprint:                                                             "" => <computed>

-/+ module.nat.module.nat-gateway.null_resource.dummy_dependency (new resource required)
      id:                                                                           "4676644208608483123" => <computed> (forces new resource)
      triggers.%:                                                                   "1" => <computed> (forces new resource)
      triggers.instance_template:                                                   "https://www.googleapis.com/compute/beta/projects/myproject/global/instanceTemplates/default-20180925221106651400000001" => "" (forces new resource)

Terraform v0.11.11

rsicart commented 5 years ago

Same problem here.

I see that between last terraform plan and current terraform plan, versions for template and null providers have increased from 1.0.0 to 2.0.0:

diff -u terraform_plan_head_last.txt terraform_plan_head_current.txt                                                                                   1 ↵
--- terraform_plan_head_last.txt        2019-01-28 12:09:42.696464906 +0100
+++ terraform_plan_head_current.txt     2019-01-28 12:09:15.448195800 +0100
@@ -20,8 +20,8 @@
 - Checking for available provider plugins on https://releases.hashicorp.com...
 - Downloading plugin for provider "google" (1.20.0)...
 - Downloading plugin for provider "vault" (1.4.1)...
-- Downloading plugin for provider "template" (1.0.0)...
-- Downloading plugin for provider "null" (1.0.0)...
+- Downloading plugin for provider "null" (2.0.0)...
+- Downloading plugin for provider "template" (2.0.0)...

 The following providers do not have any version constraints in configuration,
 so the latest version was installed.
@@ -32,6 +32,6 @@
 suggested below.

 * provider.google: version = "~> 1.20"
-* provider.null: version = "~> 1.0"
-* provider.template: version = "~> 1.0"
+* provider.null: version = "~> 2.0"
+* provider.template: version = "~> 2.0"
 * provider.vault: version = "~> 1.4"

I also see that the old init script is different from new init script, but I'm not sure if that's the root cause:

diff -u init_script_{old,new}.sh                                                                                                                     127 ↵
--- init_script_old.sh  2019-01-28 12:03:51.893538189 +0100
+++ init_script_new.sh  2019-01-28 12:04:03.301610886 +0100
@@ -15,7 +15,7 @@

 ENABLE_SQUID="false"

-if [[ "$ENABLE_SQUID" == "true" ]]; then
+if [[ "$$ENABLE_SQUID" == "true" ]]; then
   apt-get install -y squid3

   cat - > /etc/squid/squid.conf <<'EOM'

How can we resolve the problem ?