Closed stefancocora closed 9 years ago
By parsing the terraform issues in github much more carefully I can see that there are many examples of module-to-module or module-to-resource dependency bugs.
I think in general dependency graphs that involve a module are not working at this time in terraform 0.4.2
or in terraform 0.5 master
Here are just a few issues related to dependency resolution either on create or on destroy:
https://github.com/hashicorp/terraform/issues/1472 https://github.com/hashicorp/terraform/issues/1582 https://github.com/hashicorp/terraform/issues/1637
I can also confirm that when I'm writing all resources in the same file , in the same main.tf
without any modules whatsoever, then dependency resolution works both for create and destroy operations.
/edit - added more context to the story :)
terraform 0.5.0
fixes this issue #1669
as can be seen from the below destroy output.
That means that module-to-resource and module-to-module dependency works now so I can start using modules again !
Thank you !
terraform version
Terraform v0.5.0
...
./tf.sh destroynow
here is the destroy plan that terraform will carry out
Refreshing Terraform state prior to plan...
module.vpc.aws_route53_zone.main: Refreshing state... (ID: Z3J1VRBHCBXAKV)
module.vpc.aws_vpc.main: Refreshing state... (ID: vpc-13cd7b76)
module.vpc.aws_internet_gateway.igw: Refreshing state... (ID: igw-56875333)
module.sg_web.aws_security_group.main_security_group: Refreshing state... (ID: sg-63bfe506)
module.vpc.aws_route_table.publicnet: Refreshing state... (ID: rtb-e460e081)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed.
Your plan was also saved to the path below. Call the "apply" subcommand
with this plan file and Terraform will exactly execute this execution
plan.
Path: plan.tf
- module.vpc.aws_internet_gateway.igw
- module.vpc.aws_route53_zone.main
- module.vpc.aws_route_table.publicnet
- module.vpc.aws_vpc.main
- module.sg_web.aws_security_group.main_security_group
destroying infrastructure
aws_route_table.publicnet: Destroying...
aws_route53_zone.main: Destroying...
aws_security_group.main_security_group: Destroying...
aws_route_table.publicnet: Destruction complete
aws_internet_gateway.igw: Destroying...
aws_route53_zone.main: Destruction complete
aws_security_group.main_security_group: Destruction complete
aws_internet_gateway.igw: Destruction complete
aws_vpc.main: Destroying...
aws_vpc.main: Destruction complete
Apply complete! Resources: 0 added, 0 changed, 5 destroyed.
Outputs:
account = opsvpc
region = eu-west-1
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Hi guys ! Amazing work on terraform , please keep it up ( use steroids , whathever it takes ... ) ;) It is absolutely amazing to see this project progressing so fast !
I've downloaded version 0.4.2 and have started using it.
I've encountered a dependency bug.
Short intro about the bug: I have in terraform for the AWS provider:
On create everything proceeds ok and the resources get created. On destroy however terraform doesn't delete the security group before the VPC ending up in an Error state If I delete, manually through the AWS UI the Sec Group, then terraform can finish the destroy operation without issues and will remove the remaining resources ( VPC )
I've tested terraform 0.4.2 and terraform master and both have this bug.
The Sec Group declares a dependency on the vpc_id, terraform should be able to figure out, on destroy, to delete the SG first before the VPC. I've also added
I've added the code in a github repo: https://github.com/stefancocora/tf_sg_deps_bug
Here goes the verbose bug output:
File structure
tree
main.tf of the root module
relevant section of main.tf of the sec group
Create operation
plan
apply
destroy operation that fails
complete destroy operation with a plan step
running the destroy operation again shows you the remaining resources
User deletes the Sec Group in the AWS UI
the destroy operation succedes