Closed kunisen closed 2 years ago
@kunisen , I was able to use terraform-provider-ec/examples/deployment/deployment.tf
from master
branch as-is (actually I've modified the deployment name) and providing my api key via the environment variable. Once I applied it using terraform apply
, the deployment was created in ESS.
I've installed the provider via the source code.
Can you please try to reproduce it? Did I miss something?
Thanks @dimuon
Here's the test result of 0.4.1 (latest release ver). As you can see, it is not working. I am testing the master (0.5.0) and will update later.
I redacted the EC_API_KEY.
https://cloud.elastic.co/deployments/9c03945101d48d2a274141d316d8ab2d/activity/elasticsearch
Here's the test result of master (0.5.0) As you can see, it is not working too.
I redacted the EC_API_KEY.
https://cloud.elastic.co/deployments/4168f52b9614b86b991228c4be3fe0e4
@dimuon
Per https://github.com/elastic/terraform-provider-ec/issues/406#issuecomment-1122856572,
Once I applied it using
terraform apply
, the deployment was created in ESS.
The deployment can be created, but the plan failed eventually, turning out there's no ES instance that got created. Based on the context, I think I didn't mention the situation clearly enough. I will modify the title to make it clearer.
@kunisen , thank you for the prompt answer.
It looks like there is a problem with the provided AWS Access Key Id. Please see the attached snapshot of the activity log for deployment 9c03945101d48d2a274141d316d8ab2d:
The same error (amazon_s3_exception: The AWS Access Key Id you provided does not exist in our records
) occurred for deployment 4168f52b9614b86b991228c4be3fe0e4.
Thanks! @dimuon
It looks like there is a problem with the provided AWS Access Key Id. Please see the attached snapshot of the activity log for deployment 9c03945101d48d2a274141d316d8ab2d: The same error (
amazon_s3_exception: The AWS Access Key Id you provided does not exist in our records
) occurred for deployment 4168f52b9614b86b991228c4be3fe0e4.
Yeah, I am aware of this error message.
But as you can see in my original topic, if I change the region + hw profile id to i.e the following, it works fine.
region = "gcp-europe-west3"
deployment_template_id = "gcp-storage-optimized"
That said, my understanding is:
deployment.tf
to create a brand new deployment.So it's really strange because I think I shouldn't hit this error at the first stage.
(I am a support engineer working at Elastic, I think I shouldn't hit any permission related blockers too)
May I have your thoughts on this please? 🙏 Thanks again!
@kunisen , I think that the fact that you managed to create a new deployment using a GCP region is aligned with the AWS access key ID error that prevents you from creating the same deployment in an AWS region.
May I kindly ask you to check your access to AWS? E.g. following this article - https://aws.amazon.com/premiumsupport/knowledge-center/s3-access-key-error/.
Thanks @dimuon
This is the result of getting AWS CLI
.
kuni@skymac ~ % aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****************xxxx shared-credentials-file
secret_key ****************xxxx shared-credentials-file
region ap-northeast-1 config-file ~/.aws/config
kuni@skymac ~ % aws sts get-caller-identity
An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.
I think I probably figured out what I did wrongly here.
aws configure
.I will try removing that preset credentials and try again deploying the cluster.
(Currently, I am struggling with finding a good way to delete them from my aws configure
🤦 )
Just in case, I also tested it via UI. I found the below facts:
Now I am almost sure enough it's not a terraform issue but it's a cloud issue itself, as terraform behaves same as UI. I will discuss it within the cloud team.
But before that, may I ask your double check that, do you know if it's us-east-1
region has some where to refer to pre-configured aws s3 bucket credentials (i.e. via aws configure command)?
I checked chrome developer tools
curl 'https://cloud.elastic.co/api/v1/deployments?validate_only=false' \
-H 'Accept: application/json' \
-H 'Accept-Language: en-US,en;q=0.9,zh;q=0.8' \
-H 'Connection: keep-alive' \
-H 'Content-Type: application/json' \
-H 'Cookie: xxx' \
-H 'DNT: 1' \
-H 'Origin: https://cloud.elastic.co' \
-H 'Referer: https://cloud.elastic.co/deployments/create' \
-H 'Sec-Fetch-Dest: empty' \
-H 'Sec-Fetch-Mode: cors' \
-H 'Sec-Fetch-Site: same-origin' \
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36' \
-H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="101", "Google Chrome";v="101"' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'sec-ch-ua-platform: "macOS"' \
-H 'traceparent: 00-3d2bf3d74322ddf55d26da10074d0d24-f49df3cbdd0b6689-01' \
--data-raw '{"resources":{"integrations_server":[],"elasticsearch":[{"region":"us-east-1","settings":{"dedicated_masters_threshold":6},"plan":{"autoscaling_enabled":false,"cluster_topology":[{"zone_count":1,"elasticsearch":{"node_attributes":{"data":"hot"},"enabled_built_in_plugins":[]},"instance_configuration_id":"aws.es.datahot.i3","node_roles":["master","ingest","transform","data_hot","remote_cluster_client","data_content"],"id":"hot_content","size":{"value":4096,"resource":"memory"}},{"zone_count":2,"elasticsearch":{"node_attributes":{"data":"warm"},"enabled_built_in_plugins":[]},"instance_configuration_id":"aws.es.datawarm.d3","node_roles":["data_warm","remote_cluster_client"],"id":"warm","size":{"resource":"memory","value":0}},{"zone_count":1,"elasticsearch":{"node_attributes":{"data":"cold"},"enabled_built_in_plugins":[]},"instance_configuration_id":"aws.es.datacold.d3","node_roles":["data_cold","remote_cluster_client"],"id":"cold","size":{"resource":"memory","value":0}},{"zone_count":1,"elasticsearch":{"node_attributes":{"data":"frozen"},"enabled_built_in_plugins":[]},"instance_configuration_id":"aws.es.datafrozen.i3en","node_roles":["data_frozen"],"id":"frozen","size":{"resource":"memory","value":0}},{"zone_count":3,"instance_configuration_id":"aws.es.master.c5d","node_roles":["master","remote_cluster_client"],"id":"master","size":{"resource":"memory","value":0},"elasticsearch":{"enabled_built_in_plugins":[]}},{"zone_count":2,"instance_configuration_id":"aws.es.coordinating.m5d","node_roles":["ingest","remote_cluster_client"],"id":"coordinating","size":{"resource":"memory","value":0},"elasticsearch":{"enabled_built_in_plugins":[]}},{"zone_count":1,"instance_configuration_id":"aws.es.ml.m5d","node_roles":["ml","remote_cluster_client"],"id":"ml","size":{"resource":"memory","value":0},"elasticsearch":{"enabled_built_in_plugins":[]}}],"elasticsearch":{"version":"8.2.0"},"deployment_template":{"id":"aws-storage-optimized"}},"ref_id":"main-elasticsearch"}],"enterprise_search":[],"kibana":[{"elasticsearch_cluster_ref_id":"main-elasticsearch","region":"us-east-1","plan":{"cluster_topology":[{"instance_configuration_id":"aws.kibana.c5d","zone_count":1,"size":{"resource":"memory","value":1024}}],"kibana":{"version":"8.2.0"}},"ref_id":"main-kibana"}]},"name":"My deployment","metadata":{"system_owned":false}}' \
--compressed
which the request body:
But I don't see anywhere refering to access_key
or secret_key
...
Those keys are managed by Cloud. This is likely an issue with your account rather than the Terraform provider. I'd check with control plane.
Thanks @tobio for the comment! I am also having the same feeling for this. No Urgent at all because it seems it’s only the issue with me and I don’t really have to create deployments in us-east-1 unless for testing purposes like this.
I will dig a bit further and check with other support folks to see if they can reproduce. But for now, since it’s not related to terraform, I’d close the case.
thank you team! 🙇♂️
Readiness Checklist
Expected Behavior
Deployment with the name
my_example_deployment
CAN be created.Current Behavior
Deployment with the name
my_example_deployment
CAN NOT be created properly.[1]
Got
The snapshot repository could not be found. Check that the repository is accessible and try again.
error and couldn't create deployment.[2]
I tested and found one good pair to use:
But still hit APM check error:
RCA
About [1]
This is probably because we no longer have
aws-io-optimized-v2
deployment teamplate inus-east-1
region. https://www.elastic.co/guide/en/cloud/current/ec-regions-templates-instances.htmlAbout [2]
This is probably because we now use 1GB for APM minimum size. https://www.elastic.co/pricing/faq
Terraform definition
The default config setting.
Steps to Reproduce
Solution
As mentioned above, to make a good deployment, I needed to
Comment
I think this may not provide a great user experience. Please let me know if my above understanding is wrong, and appreciate if we could help maintain the config so that we could create good instances by default.