hashicorp / terraform-aws-consul

A Terraform Module for how to run Consul on AWS using Terraform and Packer
Apache License 2.0
401 stars 487 forks source link

Cannot run install-consul on AWS codebuild #241

Open queglay opened 2 years ago

queglay commented 2 years ago

Describe the bug I am using codebuild in a VPC to deploy consul and other infra onto EC2 instances. However there are problems with the consul installer and yum dependencies that prevent success. All other Hashicorp products I use seem to install fine and work well (Vault, Terraform, Packer). Terragrunt is also fine.

To Reproduce Run this from buildspec.yml on AWS. The codebuild container will fail. I am using the latest AWS image - aws/codebuild/amazonlinux2-x86_64-standard:3.0

git clone --branch "v0.11.0" https://github.com/hashicorp/terraform-aws-consul.git /tmp/terraform-aws-consul
/tmp/terraform-aws-consul/modules/install-consul/install-consul --version "1.11.2"

The errors log produces:

--> Processing Dependency: openssl11-pkcs11 for package: 1:openssl11-libs-1.1.1g-12.amzn2.0.4.x86_64
--
156 | ---> Package vim-data.noarch 2:8.2.4006-1.amzn2.0.1 will be installed
157 | --> Running transaction check
158 | ---> Package nodejs.x86_64 1:16.13.2-3.el7 will be an update
159 | --> Processing Dependency: libuv >= 1:1.42.0 for package: 1:nodejs-16.13.2-3.el7.x86_64
160 | ---> Package openssl11-pkcs11.x86_64 0:0.4.10-6.amzn2.0.1 will be installed
161 | --> Finished Dependency Resolution
162 | Error: Package: 1:nodejs-16.13.2-3.el7.x86_64 (epel)
163 | Requires: libuv >= 1:1.42.0
164 | Installed: 1:libuv-1.39.0-1.amzn2.x86_64 (@amzn2-core)
165 | libuv = 1:1.39.0-1.amzn2
166 | Available: 1:libuv-1.23.2-1.amzn2.0.2.i686 (amzn2-core)
167 | libuv = 1:1.23.2-1.amzn2.0.2
168 | You could try using --skip-broken to work around the problem
169 | You could try running: rpm -Va --nofiles --nodigest

Expected behavior The install executable should be able to handle the dependencies without failure.

queglay commented 2 years ago

Submitted this PR, in similar light to the same feature toggle on install-vault: https://github.com/hashicorp/terraform-aws-consul/pull/242

Although not strictly a fix for whatever issues might exist in the AWS container config defaults for yum, this PR allows us to run:
yum update -y --skip-broken

...Because then install-consul --skip-broken will not run the contained standard yum update -y.

This provides an added advantage for reproducible image builds for users who wish to produce base images with apt/yum update before running the install-consul installer. It can improve stability over time (since apt/yum update could be different any day of the week) and reduce exposure to vulnerabilities that can be inserted without inspection.