search

gravitational / teleport-plugins

Set of plugins for Teleport
Apache License 2.0
81 stars 82 forks source link

Teleport provider v6.2.7 only works in glibc environment #277

Closed medains closed 1 month ago

medains commented 2 years ago

Description

What happened: Teleport Terraform provider does not work in default terraform docker image (aloine).

What you expected to happen: Teleport terraform provider to work in x86_64 environments, including docker images.

Reproduction Steps

As minimally and precisely as possible, describe step-by-step how to reproduce the problem.

With a simple main.tf

provider "teleport" {} 
resource "teleport_role" "test" {}
terraform {
  required_providers {
    teleport = {
      source = "gravitational.com/teleport/teleport"
    }
  }
  required_version = ">= 1.0.0"
}
  1. docker run -i -t --entrypoint /bin/sh hashicorp/terraform:latest
  2. Install teleport terraform provider
  3. terraform init
  4. terraform plan

Actual Output

╷
│ Error: Could not load plugin
│ 
│ 
│ Plugin reinitialization required. Please run "terraform init".
│ 
│ Plugins are external binaries that Terraform uses to access and manipulate
│ resources. The configuration provided requires plugins which can't be located,
│ don't satisfy the version constraints, or are otherwise incompatible.
│ 
│ Terraform automatically discovers provider requirements from your
│ configuration, including providers used in child modules. To see the
│ requirements and constraints, run "terraform providers".
│ 
│ failed to instantiate provider "gravitational.com/teleport/teleport" to obtain schema: fork/exec
│ .terraform/providers/gravitational.com/teleport/teleport/6.2.7/linux_amd64/terraform-provider-teleport_v6.2.7: no such file or directory
│ 
╵

Resolution

Follow the pattern of most terraform provider plugins by statically linking libraries.

Workaround

Install libc6_compat in alpine environments

gz#3186

ari-becker commented 2 years ago

Ran into this issue as well on NixOS because the binary isn't fully statically linked.

ari-becker commented 2 years ago

Including my current shell.nix to work around this in NixOS:

let
  nixpkgs = import (
    let
      version = "5c7023e5f051e1f534c5bbac50f0d18320823b28";
    in builtins.fetchTarball {
      name   = "nixpkgs-${version}";
      url    = "https://github.com/NixOS/nixpkgs/archive/${version}.tar.gz";
      sha256 = "0v46qrjraamhxcf741z7k7fjpkgk2a3i3kjsa9q0jq18vcb2hwgn";
    }
  ) {};

  kernel = if nixpkgs.stdenv.isDarwin
           then "darwin"
           else "linux";

  terraform-provider-teleport-version = "6.2.7";

  terraform-provider-teleport =
    nixpkgs.buildGoModule rec {
      pname = "terraform-provider-teleport";
      version = "${terraform-provider-teleport-version}";

      src = nixpkgs.fetchFromGitHub {
        owner = "gravitational";
        repo = "teleport-plugins";
        rev = "${pname}-v${version}";
        sha256 = "12c39fgacslnsw6wqnywk2jz987icwvbr34zikrrj7m969iffrj1";
      };

      vendorSha256 = null;

      modRoot = "terraform";

      installPhase = ''
        runHook preInstall
        mkdir -p $out/bin
        cp $GOPATH/bin/terraform $out/bin/terraform-provider-teleport
        runHook postInstall
      '';
    };

in nixpkgs.mkShell {
  nativeBuildInputs = with nixpkgs; [
    bashInteractive
    terraform_1_0_0
  ];

  shellHook = ''
      rm -rf $HOME/.terraform.d/plugins/gravitational.com/teleport/teleport
      mkdir -p $HOME/.terraform.d/plugins/gravitational.com/teleport/teleport/${terraform-provider-teleport-version}/${kernel}_amd64
      ln -s ${terraform-provider-teleport}/bin/terraform-provider-teleport $HOME/.terraform.d/plugins/gravitational.com/teleport/teleport/${terraform-provider-teleport-version}/${kernel}_amd64/terraform-provider-teleport
    '';
}
marcoandredinis commented 2 years ago

CGO was disabled here https://github.com/gravitational/teleport-plugins/pull/491

Assuming you are using a recent version, the provider should now work in both alpine and NixOS environments