#terragrunt (2019-10)
Terragrunt discussions
Archive: https://archive.sweetops.com/terragrunt/
2019-10-06
Hi guys
Is there anyway I can use terragrunt.hcl with a module that contains a module inside it ?
for example:
In the terragrunt.hcl
terraform_version_constraint = "<0.12"
include {
path = find_in_parent_folders()
}
terraform {
source = "git::<ssh://xxx/custom_ecs_cluster.git?ref=terraform_0.11>"
}
inputs = {
name = "xxx"
profile = "xxx"
region = "xxx"
}
The module custom_ecs_cluster main.tf’s content:
module "aws_ecs_cluster" {
source = "git::<ssh://xxx:aws-ecs-cluster.git?ref=terraform_0.11>"
we do this all the time. hasn’t been anything special to it. it just works…
also, does anyone know how to transfer output of other dependency as list value ? as I declare the output in the module and testing with showing output successfully.But when running the terragrunt apply. it keep show the error as “ Underlying error: invalid primitive type name “list” example:
dependency "vpc" {
config_path = "../vpc"
}
terraform_version_constraint = "<0.12"
include {
path = find_in_parent_folders()
}
terraform {
source = "git::<ssh://[email protected]/redcrane/sandbox/terraform-modules/linux-bastion.git?ref=staging>"
}
inputs = {
profile = "xxx-sg1"
region = "ap-southeast-1"
name = "xxx"
environment = "staging"
number_hosts = "1"
instance_type = "t2.micro"
key_name = "xxx-staging"
security_groups [dependency.vpc.outputs.sg_id] <== this part is that allowed ? Or is there anyway that I can parse the output as list value to this
}
2019-10-07
You can use functions like list() or element() inside of inputs to modify as what you want from the outputs.
hi @antonbabenko, thank for verification. Can you express more detail how to achieve that result ? Below is detail of my case:
- output.tf in vpc module ``` output “internal_ssh_security_group_id”{ value = “${aws_security_group.internal_ssh.id}” }
output “external_ssh_security_group_id”{ value = “${aws_security_group.external_ssh.id}” }
Here is working example in other input declare with the actual sg-id get from aws console:
inputs = { profile = “xxx-sg1” region = “ap-southeast-1” name = “xxx” environment = “staging” number_hosts = “1” instance_type = “t2.micro” key_name = “xxx-staging” security_groups = [“sg-id-xxx”,”sg-id-xxyy”]
I want the security_groups receive value from those 2 above output in vpc module, which means it make as a list
dependency “vpc” { config_path = “../vpc” } terraform_version_constraint = “<0.12” include { path = find_in_parent_folders() }
terraform { source = “git::<ssh://[email protected]/redcrane/sandbox/terraform-modules/linux-bastion.git?ref=staging>” }
inputs = { profile = “xxx-sg1” region = “ap-southeast-1” name = “xxx” environment = “staging” number_hosts = “1” instance_type = “t2.micro” key_name = “xxx-staging” security_groups = [“dependency.vpc.outputs.external_ssh”, “dependency.vpc.outputs.external_ssh” ] } ```
Remove double quotes from the values - dependency.vpc.outputs.external_ssh
hi @antonbabenko
I tried as you suggest
but when run with terragrunt init –terragrunt-source-update
It show error: Underlying error: invalid primitive type name “list”
here is what I declare in module’s variable.tf :
variable "sg" {
type = "list"
default = []
}
And here is in terragrunt.hcl:
inputs ={
.
.
.
sg =[dependency.vpc.outputs.internal_ssh_security_group_id,dependency.vpc.outputs.external_ssh_security_group_id]
outputs in module:
output "internal_ssh_security_group_id"{
value = "${aws_security_group.internal_ssh.id}"
}
output "external_ssh_security_group_id"{
value = "${aws_security_group.external_ssh.id}"
}
here is the result when running terraform out -json in .cacheterrafrom in ../vpc:
"external_ssh_security_group_id": {
"sensitive": false,
"type": "string",
"value": "sg-0bdebf4a204c92cda"
},
"internal_ssh_security_group_id": {
"sensitive": false,
"type": "string",
"value": "sg-02a7ed268ef320cbb"
},
Underlying error: invalid primitive type name "list" - is the problem. Terragrunt passes values correctly it seems. What versions of terraform and terragrunt are you using? Can it be that terragrunt does not work with your older version of terraform?
well I use Tf ver 0.11 due to requirement, and I use terragrunt version v0.19.27 with terraform constraint.
terraform_version_constraint = “<0.12”
2019-10-08
2019-10-18
Hi Guys, Should this create tags for backend resoruces (dynamodb and s3)? s3 and dynamodb are created with terragrunt, but without tags
Possibly a dumb question: I import aws resources that were manually created into terraform configs, and generally have gotten decent at it. (It helps that the latest terraform state show prints things out in hcl format.) The concept of importing things into terragrunt seems nearly impossible to get right. Would I be off base for settling on this:
- New resources: use terragrunt and terraform modules for all new resources.
- Existing resources: use straight terraform when need to import existing infrastructure.
- New resources: terragrunt is acceptable when work flow is to create and destroy resources but without service disruption.
2019-10-23
I’ve started to test out terragrunt to separate my terraform modules from my configuration-data and really like it so far but I have one thing I can’t figure out.
I have one repo with only folders and terragrunt.hcl files, looks similar to this:
DEV
- terragrunt.hcl <--- "root" config file only to be inherited by children
- RG
- terragrunt.hcl <--- child config that uses generic module "RG" as source
- Compute
- terragrunt.hcl <--- child config that uses generic module "Compute" as source
- Network
- terragrint.hcl <--- child config that uses generic module "Network" as source
PROD
- terragrunt.hcl <--- "root" config file only to be inherited by children
- RG
- terragrunt.hcl <--- child config that uses generic module "RG" as source
- Compute
- terragrunt.hcl <--- child config that uses generic module "Compute" as source
- Network
- terragrint.hcl <--- child config that uses generic module "Network" as source
I’m configuring remote state in each root config (this works great!)
Now I want to send different config for the provider in DEV vs PROD.
I’m using the azurerm provider and I want to set the subscription_id parameter per environment.
Each generic module has a provider config in main.tf that looks like this:
provider "azurerm" {
version = ">= 1.1.0"
}
The azurerm provider has a parameter called subscription_id
Is there a way I can configure subscription_id for the provider in each “root” configuration file? I’ve tried to add an input block to my root file like this:
inputs = {
subscription_id = "dc15404b-802b-4e2e-a22a-c772807b1c1d"
}
but it seems to have no effect.
Is this possible? Am I doing it wrong? Do I have to use a hook instead?
(Sorry for the multiple edits, apparently I suck at Slack)
Not sure if this is the place to ask or if I should open an Issue on github
I’ve used hooks for this type of workflow, keeping the provider .tf config in a parent directory and copying the provider config into the terragrunt working dir on the fly. I’m on my phone right now so can’t get you an example easily. Maybe @antonbabenko has something handy he can share…
Actually, we had a convo about this in this channel not long ago… start reading from here… https://sweetops.slack.com/archives/CDMJ4BBR8/p1567775756001800
I don’t have possibility to help more (traveling now), but you can use env variables to set subscription ids based on folder you run terrafgrunt at (eg, using direnv).
Either using ARM_SUBSCRIPTION_ID (or how azure provider expects it) or using TF_VAR_foobar and use $var.foobar in provider block. And, as @loren said, I also rely on hooks to copy that one from central place. Unfortunately, thee is still an open issue 785.
@simon.wahlin I agree with setting/requiring any per-env required ENV vars to be set before running terragrunt.
And then employing it like this (ymmv):
provider "azurerm" {
version = ">= 1.1.0"
subscription_id = get_env("ARM_SUBSCRIPTION_ID", "ARM_SUBSCRIPTION_ID is required")
}
Thanks for the pointers! I’ll read up on the previous conversation and issue 785! I was hoping there was a similar solution for provider as there are for remote-state where I could have an empty provider block in my module that would be merged/overwritten with whats in the .hcl
2019-10-24
Hello everybody, I have a question : Have you ever used the inputs in Terragrunt from dependencies with a list ?
I feel that this form : dependency.mydependency.outputs.mylist[0] does not work
Hi Valentin, we met that issue before. And it’s very trouble to achieve that. Unless terragrunt comes up with the new advance feature. For now, to pass output, we use mostly :
- data source
- remote tfstate
2019-10-25
Hi Phuc, thanks for your reply. I found the issue, the form dependency.mydependency.outputs.mylist[0] is working. The issue was the output format of my modules [data.myoutput] to data.myoutput fix this issue.