#atlantis (2021-05)

atlantis

Discuss the Atlantis (http://runatlantis.io|runatlantis.io) *Archive: * https://archive.sweetops.com/atlantis/

2021-05-28

Steve Wade (swade1987) avatar
Steve Wade (swade1987)

is anyone else experiencing Atlantis being unable to auto-merge gitlab PRs to master which the gitlab API moved to the default branch of main earlier this week?

joshmyers avatar
joshmyers

Bah, looks like you can’t use the inbuilt Atlantis policy checks if using Terragrunt. Anyone else hit this or got it working? Failing when trying to run terraform show which works when running terragrunt show

joshmyers avatar
joshmyers
{"level":"error","ts":1622220562.7195866,"caller":"terraform/terraform_client.go:277","msg":"running \"/usr/local/bin/terraform show -no-color -json /home/atlantis/.atlantis/repos/userservices/userservices-infrastructure/806/default/terraform/prod/prod/us-west-2/platform-dependencies/prod::prod::us-west-2::platform-dependencies-default.tfplan\" in \"/home/atlantis/.atlantis/repos/userservices/userservices-infrastructure/806/default/terraform/prod/prod/us-west-2/platform-dependencies\": exit status 1","json":{"repo":"userservices/userservices-infrastructure","pull":"806"},"stacktrace":"github.com/runatlantis/atlantis/server/events/terraform.(*DefaultClient).RunCommandWithVersion\n\t/home/circleci/project/server/events/terraform/terraform_client.go:277\ngithub.com/runatlantis/atlantis/server/events/runtime.(*ShowStepRunner).Run\n\t/home/circleci/project/server/events/runtime/show_step_runner.go:42\ngithub.com/runatlantis/atlantis/server/events/runtime.(*PlanTypeStepRunnerDelegate).Run\n\t/home/circleci/project/server/events/runtime/plan_type_step_runner_delegate.go:64\ngithub.com/runatlantis/atlantis/server/events/runtime.(*MinimumVersionStepRunnerDelegate).Run\n\t/home/circleci/project/server/events/runtime/minimum_version_step_runner_delegate.go:43\ngithub.com/runatlantis/atlantis/server/events.(*DefaultProjectCommandRunner).runSteps\n\t/home/circleci/project/server/events/project_command_runner.go:381\ngithub.com/runatlantis/atlantis/server/events.(*DefaultProjectCommandRunner).doPolicyCheck\n\t/home/circleci/project/server/events/project_command_runner.go:246\ngithub.com/runatlantis/atlantis/server/events.(*DefaultProjectCommandRunner).PolicyCheck\n\t/home/circleci/project/server/events/project_command_runner.go:145\ngithub.com/runatlantis/atlantis/server/events.runProjectCmds\n\t/home/circleci/project/server/events/project_command_pool_executor.go:47\ngithub.com/runatlantis/atlantis/server/events.(*PolicyCheckCommandRunner).Run\n\t/home/circleci/project/server/events/policy_check_command_runner.go:59\ngithub.com/runatlantis/atlantis/server/events.(*PlanCommandRunner).runAutoplan\n\t/home/circleci/project/server/events/plan_command_runner.go:144\ngithub.com/runatlantis/atlantis/server/events.(*PlanCommandRunner).Run\n\t/home/circleci/project/server/events/plan_command_runner.go:221\ngithub.com/runatlantis/atlantis/server/events.(*DefaultCommandRunner).RunAutoplanCommand\n\t/home/circleci/project/server/events/command_runner.go:160"}
joshmyers avatar
joshmyers
terragrunt and policy checking not working · Issue #1562 · runatlantis/atlantis attachment image

This policy set in /etc/atlantis/repos.yaml policies: owners: users: - cscott policy_sets: - name: terraform_version path: policies/terraform_version source: local appears to be failing since a ter…

2021-05-27

joshmyers avatar
joshmyers
policies:
  owners:
    users:
      - nishkrishnan
  policy_sets:
    - name: null_resource_warning
      path: <CODE_DIRECTORY>/policies/null_resource_warning
      source: local
joshmyers avatar
joshmyers

^^ Looking at the conftest/OPA stuff in Atlantis, what can source be there? Does it need to be local ?

joshmyers avatar
joshmyers

Hmm, looks like these need to be local for now…

2021-05-17

2021-05-14

Piotr Hryszko avatar
Piotr Hryszko

hey :wave: I’m trying to modify a resource that does not have support with Terraform yet - updating cognito user pool with custom email sender. I can do this with null_resource command aws cognito-idp update-user-pool --user-pool-id … . I have added awscli to atlantis image, that’s done, however what would be the best way of passing aws credentials without baking them into the image? Atlantis runs on Fargate at the moment

jose.amengual avatar
jose.amengual

instance profile

jose.amengual avatar
jose.amengual

the fargate task execution role

jose.amengual avatar
jose.amengual

add the permissions there

jose.amengual avatar
jose.amengual

if you are running TF already then you probably have the permissions

Piotr Hryszko avatar
Piotr Hryszko

I’ve been running terraform without issues however, aws cli requires credentials and profile to be configured , doesn’t it?

jose.amengual avatar
jose.amengual

no

jose.amengual avatar
jose.amengual

if it runs on an instance or task

jose.amengual avatar
jose.amengual
Using an IAM role in the AWS CLI - AWS Command Line Interface

Configure the AWS CLI to use a role defined in AWS Identity and Access Management (IAM).

jose.amengual avatar
jose.amengual
[profile marketingadmin]
role_arn = arn:aws:iam::123456789012:role/marketingadminrole
credential_source = Ec2InstanceMetadata
Piotr Hryszko avatar
Piotr Hryszko

Perfect, thank you @jose.amengual

jose.amengual avatar
jose.amengual

np

joshmyers avatar
joshmyers

This is a problem we encounter in certain places too, can’t pass Terraform cred providers down into null_resources, so turn your one liner command into a script and that script needs to assume the correct role.

2021-05-07

Steve Wade (swade1987) avatar
Steve Wade (swade1987)

does anyone know (or have ideas) how to fix atlantis (using the upstream fargate module) taking a long time when a lot of PRs are being executed from different repositories

David avatar
David

like how to debug on the server, or how to redeploy?

Steve Wade (swade1987) avatar
Steve Wade (swade1987)

at present we have quite a few PRs currently being planned/applied across a number of repos

Steve Wade (swade1987) avatar
Steve Wade (swade1987)

when this happens we find that Atlantis slows down massively

joshmyers avatar
joshmyers

Nope, don’t do that.

joshmyers avatar
joshmyers

Atlantis uses a local BoltDB, more tasks isn’t what you want.

Steve Wade (swade1987) avatar
Steve Wade (swade1987)

i thought that might be the case

joshmyers avatar
joshmyers
terraform-aws-modules/terraform-aws-atlantis attachment image

Terraform configurations for running Atlantis on AWS Fargate. Github, Gitlab and BitBucket are supported - terraform-aws-modules/terraform-aws-atlantis

joshmyers avatar
joshmyers

Beef up the Fargate task size CPU/mem

joshmyers avatar
joshmyers

Makes a big difference

Steve Wade (swade1987) avatar
Steve Wade (swade1987)

yeh makes sense

Steve Wade (swade1987) avatar
Steve Wade (swade1987)

any recommendations?

joshmyers avatar
joshmyers
    ecs_task_memory = 4096
    ecs_task_cpu    = 2048
joshmyers avatar
joshmyers

Depends how many concurrent plan/apply you expect to run, how long is a piece of string

joshmyers avatar
joshmyers

We also set ATLANTIS_PARALLEL_POOL_SIZE to 50

Steve Wade (swade1987) avatar
Steve Wade (swade1987)

what does that do?

David avatar
David

I run on a m5.2xlarge (8 vCPU, 32gb mem) EC2 instance and often have hundreds of plans run in parallel.

joshmyers avatar
joshmyers

RTFM

Steve Wade (swade1987) avatar
Steve Wade (swade1987)

i thought that only works when using workspaces?

David avatar
David

There is a difference I believe between Atlantis workspaces and Terraform workspaces, if that is what you are thinking of

Steve Wade (swade1987) avatar
Steve Wade (swade1987)

changes applied, lets see what this does to the speed, fingers crossed

pcantea avatar
pcantea

:wave: Hi all, quick question, do env vars set with the env step persist between runs? For example if I run atlantis plan which sets FOO=BAR, will $FOO be there if I run atlantis plan again?

jose.amengual avatar
jose.amengual

if they are part of the workflow yes

1

2021-05-03

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

If there is a repo level atlantis.yaml file containing directories dir1 and dir2 and a PR comes in that affects the terraform module dir3, atlantis will show a 0 / 0 approval check for the PR. This seems like a bug, no ?

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)
Atlantis plan/apply checks approve PR even if there are no directories to check · Issue #1547 · runatlantis/atlantis attachment image

The repo level atlantis.yaml for dir1 and dir2 version: 3 projects: - dir: dir1 - dir: dir2 A PR for only dir3 and I see this atlantis/apply — 0/0 projects applied successfully. atlantis/plan — 0/0…

jose.amengual avatar
jose.amengual

and if you run atlantis plan manually it says no plans?

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

it says no plans

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

oh, not sure how to run atlantis manually. ill have to check that

jose.amengual avatar
jose.amengual

weird

    keyboard_arrow_up