Open Kardi5 opened 3 years ago
Hi @Kardi5. I'm unable to reproduce this issue, and the additional details you describe around using Ansible make it difficult to understand what the problem could be here.
Here's what I did:
Create a simple Terraform config:
terraform {
backend "consul" {
path = "27952"
}
}
resource "null_resource" "none" {
}
terraform init
and terraform apply -auto-approve
terraform init
and terraform apply
, see that there are no changes(There should be no difference here between any of the remote state backends, and I don't have any easy way to set up an Azure Storage Container backend.)
Are you able to adjust these simple reproduction steps to show the issue you're seeing? Removing as many of the complex details as possible would help us find the root problem here, so please try using Terraform directly instead of via Ansible.
Hi @alisdair,
thanks for the fast response and for your time.
I ran the commands (TF init, plan and apply based on plan) and could also not reproduce the issue.
Looking at the Ansible module code the following was happening:
So the Ansible Terraform module was checking if TF plan reported a pending change and based on that either ran or did not run the TF apply command.
References: https://github.com/ansible/ansible/blob/stable-2.9/lib/ansible/modules/cloud/misc/terraform.py#L259 https://github.com/ansible/ansible/blob/stable-2.9/lib/ansible/modules/cloud/misc/terraform.py#L358 to 363
Maybe "meta-changes" could also be counted as changes? I also see the problems with this idea: TF plan command shows "no changes" (to the infra) but return code being "2" indicates changes. Maybe some kind of "upgrade-change necessary" notification?
Ah, I see! That explanation for this situation makes sense now, thanks for figuring that out.
It's not immediately obvious to me how to implement your suggestion to indicate that a state version upgrade is pending, but I've marked this issue as an enhancement request so that we can investigate that if there's more support for this idea. I also retitled the issue to make it easier to find. Thanks again for the report!
Terraform Version
Terraform Configuration Files
Independent from used configuration files
Debug Output
--
Crash Output
--
Expected Behavior
When upgrading from Terraform 0.12.26 to Terraform 0.13.6 following the guide at https://www.terraform.io/upgrade-guides/0-13.html the remote state file should be updated to include the new provider references. (Atleast I interpreted it that way, but maybe this only works with local states but not for remote states?)
Actual Behavior
The remote Terraform state was not changed (eg. still showing
terraform_version
as 0.12 and the provider still being in the 0.12.x format) after runningterraform apply
with the upgraded modules and newest providers. I can see that the remote state is being used by TF because a lease for the Azure Container file is aquired during apply and the modification date changes (though nothing changes in the file).This results in an error when trying to run Terraform 0.14.7
I thought the state would update, as the guide says:
I think
terraform state replace-provider registry.terraform.io/-/azurerm hashicorp/azurerm
would do what I want but this would require manually downloading and uploading/replacing a lot of states over multiple subscriptions.Steps to Reproduce
terraform init
(Run through Ansible)terraform apply
(Run through Ansible)Additional Context
In this system Terraform is called from Ansible (Ansible Terraform Module: https://docs.ansible.com/ansible/2.9/modules/terraform_module.html) which feeds Terraform the necessary variables for the configuration files via variable files in JSON format. Ansible also sets the following variables as env vars: ARM_CLIENT_ID, ARM_CLIENT_SECRET, ARM_SUBSCRIPTION_ID and ARM_TENANT_ID aswell as the backend config via Storage Account, Resource Group and Container Name.
TF_CLI_ARGS_init
ist set to-reconfigure -upgrade
and force_init to true (Ansible TF Module)References