Closed ricardobranco777 closed 2 years ago
@ricardobranco777 You might have a use case that is not yet implemented by the code. Are you really trying to (re)use an existing key (not deployed via terraform) or are these some leftovers from an earlier deployment?
The terraform code is quite simple. It just tries to create a key named ${local.deployment_name} - terraform
... In your case qashapopenqa - terraform
... And the AWS API itself than complains about an existing resource.
infrastructure.tf
58 │ # AWS key pair
59 │ resource "aws_key_pair" "key-pair" {
60 │ key_name = "${local.deployment_name} - terraform"
61 │ public_key = module.common_variables.configuration["public_key"]
62 │ }
A possible new feature could be supplying an existing aws_key_pair
in terraform.tfvars
. Which would than overrule public_key
which is used to generate aws_key_pair
at the moment. ... but private_key
would still be needed to connect via ssh... So I do not see much potential in the new feature.
@ricardobranco777 You might have a use case that is not yet implemented by the code. Are you really trying to (re)use an existing key (not deployed via terraform) or are these some leftovers from an earlier deployment?
It's a leftover from an earlier deployment and IIRC terraform destroy
didn't destroy it or it's not supposed to:
From the official documentation:
The AWS API does not include the public key in the response, so terraform apply will attempt to replace the key pair. There is currently no supported workaround for this limitation.
-o-
A possible new feature could be supplying an existing
aws_key_pair
interraform.tfvars
. Which would than overrulepublic_key
which is used to generateaws_key_pair
at the moment. ... butprivate_key
would still be needed to connect via ssh... So I do not see much potential in the new feature.
Anything that could help us do QA will be greatly appreciated.
@ricardobranco777
It's a leftover from an earlier deployment and IIRC
terraform destroy
didn't destroy it or it's not supposed to:
I cannot confirm that terraform destroy
does not delete the aws_key_pair
resource. It is gone after a terraform destroy
in my tests in develop
.
So... whatever you use as a cleanup routine (e.g. for failed terraform runs) might have to be adapted. This is just how terraform works, if it finds something that is not supposed to be there, it will throw these errors.
The possible new feature I described above is not something that will help you here... Even if you could reuse an existing public key from AWS, you would still need the private key (which you might not have anymore).
As written above, I could not reproduce this as an issue. Cleanup routines might need to be adapted in your use case.
Used cloud platform AWS
Used SLES4SAP version SLES15SP4-Beta3
Used client machine OS QEMU VM with SLE 15-SP2: https://openqa.suse.de/tests/8028533/asset/hdd/publiccloud_tools_0023.qcow2
Expected behaviour vs observed behaviour
With the
develop
branch:Error: Error import KeyPair: InvalidKeyPair.Duplicate: The keypair 'qashapopenqa - terraform' already exists.
https://openqa.suse.de/tests/8042856/logfile?filename=serial_terminal.txt
With the
7.2.1
branch:https://openqa.suse.de/tests/8028648/logfile?filename=serial_terminal.txt
How to reproduce
aws
folderterraform.tfvars
fileUsed terraform.tfvars
Logs
https://openqa.suse.de/tests/8042856/logfile?filename=serial_terminal.txt