I am trying to stage software installation into one Command and then testing the software into another Command, however the installation command keeps getting re-run because of a spurios diff where connection is getting un-secreted?
Try to run pulumi up twice. Expect no changes on the second run.
Example
name: imds-v2
runtime: yaml
description: Test the ability of pulumi-aws to authenticate on an EC2 instance with IMDSv2 enabled
backend:
url: file://./pulumi-state
config:
pulumi:tags:
value:
pulumi:template: aws-yaml
variables:
ec2ami:
fn::invoke:
function: aws:ec2:getAmi
arguments:
filters:
- name: name
values: ["amzn2-ami-hvm-*-x86_64-*"]
owners:
- amazon
mostRecent: true
return: id
resources:
segroup:
type: aws:ec2:SecurityGroup
properties:
ingress:
- protocol: tcp
fromPort: 80
toPort: 80
cidrBlocks: ["0.0.0.0/0"]
- protocol: tcp
fromPort: 22
toPort: 22
cidrBlocks: ["0.0.0.0/0"]
egress:
- fromPort: 0
toPort: 0
protocol: '-1'
cidrBlocks:
- 0.0.0.0/0
ipv6CidrBlocks:
- ::/0
priv-key:
type: tls:PrivateKey
properties:
algorithm: RSA
rsaBits: 2048
key-pair:
type: aws:ec2/keyPair:KeyPair
properties:
publicKey: ${priv-key.publicKeyOpenssh}
inst:
type: aws:ec2/instance:Instance
properties:
ami: ${ec2ami}
instanceType: t2.medium
keyName: ${key-pair.keyName}
metadataOptions:
httpTokens: required
httpEndpoint: enabled
httpPutResponseHopLimit: 1
vpcSecurityGroupIds:
- ${segroup}
userData: |
#!/bin/bash
# Reconfigure SSHD
cat /etc/ssh/ssh_config >/tmp/sshd_config
echo "AcceptEnv PULUMI_COMMAND_STDOUT" >> /tmp/sshd_config
echo "AcceptEnv PULUMI_COMMAND_STDERR" >> /tmp/sshd_config
sudo cp /tmp/sshd_config /etc/ssh/sshd_config || echo "FAILED to set sshd_config"
rm /tmp/sshd_config
# sudo systemctl restart sshd.service
file-copy:
type: command:remote:CopyFile
properties:
connection:
host: ${inst.publicIp}
user: ec2-user # The default user for Amazon Linux AMI
privateKey: ${priv-key.privateKeyOpenssh}
localPath: ./Pulumi.yaml
remotePath: "/tmp/Pulumi.yaml"
install-cmd:
type: command:remote:Command
properties:
create: |
echo "===="
# Upgrade from AWS CLI v1 to AWS CLI v2
sudo yum remove awscli
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
echo "====="
# Install Pulumi
curl -fsSL https://get.pulumi.com | sh
export PATH="/home/ec2-user/.pulumi/bin:$PATH"
echo "======"
pulumi version
echo "======"
aws --version
echo "======"
connection:
host: ${inst.publicIp}
user: ec2-user # The default user for Amazon Linux AMI
privateKey: ${priv-key.privateKeyOpenssh}
options:
dependsOn:
- ${file-copy}
init-cmd:
type: command:remote:Command
properties:
create: |
echo "+++++"
aws --version
aws s3 ls
echo "+++++"
cd /tmp
mkdir ./pulumi-state
export PULUMI_CONFIG_PASSPHRASE=123456
pulumi stack init dev
pulumi stack select dev
pulumi config set aws:skipMetadataApiCheck false
pulumi config
pulumi preview
# SSH connection details to the remote machine
connection:
host: ${inst.publicIp}
user: ec2-user # The default user for Amazon Linux AMI
privateKey: ${priv-key.privateKeyOpenssh}
options:
dependsOn:
- ${install-cmd}
outputs:
instanceId: ${inst.id}
publicIp: ${inst.publicIp}
installOut: ${install-cmd.stdout}
commandOut: ${init-cmd.stdout}
Output of pulumi about
CLI
Version 3.111.1
Go Version go1.22.1
Go Compiler gc
Plugins
NAME VERSION
aws unknown
command unknown
tls unknown
yaml unknown
Host
OS darwin
Version 14.4.1
Arch arm64
This project is written in yaml
Current Stack: organization/imds-v2/dev
TYPE URN
pulumi:pulumi:Stack urn:pulumi:dev::imds-v2::pulumi:pulumi:Stack::imds-v2-dev
pulumi:providers:aws urn:pulumi:dev::imds-v2::pulumi:providers:aws::default
pulumi:providers:tls urn:pulumi:dev::imds-v2::pulumi:providers:tls::default
tls:index/privateKey:PrivateKey urn:pulumi:dev::imds-v2::tls:index/privateKey:PrivateKey::priv-key
aws:ec2/keyPair:KeyPair urn:pulumi:dev::imds-v2::aws:ec2/keyPair:KeyPair::key-pair
aws:ec2/securityGroup:SecurityGroup urn:pulumi:dev::imds-v2::aws:ec2/securityGroup:SecurityGroup::segroup
aws:ec2/instance:Instance urn:pulumi:dev::imds-v2::aws:ec2/instance:Instance::inst
pulumi:providers:command urn:pulumi:dev::imds-v2::pulumi:providers:command::default
command:remote:CopyFile urn:pulumi:dev::imds-v2::command:remote:CopyFile::file-copy
command:remote:Command urn:pulumi:dev::imds-v2::command:remote:Command::install-cmd
Found no pending operations associated with dev
Backend
Name anton-mbp-m3.local
URL file://./pulumi-state
User anton
Organizations
Token type personal
No dependencies found
Pulumi locates its logs in /var/folders/gd/3ncjb1lj5ljgk8xl5ssn_gvc0000gn/T/com.apple.shortcuts.mac-helper// by default
Additional context
N/A
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
What happened?
I am trying to stage software installation into one Command and then testing the software into another Command, however the installation command keeps getting re-run because of a spurios diff where connection is getting un-secreted?
Try to run
pulumi up
twice. Expect no changes on the second run.Example
Output of
pulumi about
Additional context
N/A
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).