#terragrunt (2019-10)

terragrunt

Terragrunt discussions Archive: https://archive.sweetops.com/terragrunt/

2019-10-28

2019-10-25

Valentin LANDEMAINE avatar
Valentin LANDEMAINE

Hi Phuc, thanks for your reply. I found the issue, the form dependency.mydependency.outputs.mylist[0] is working. The issue was the output format of my modules [data.myoutput] to data.myoutput fix this issue.

2

2019-10-24

Valentin LANDEMAINE avatar
Valentin LANDEMAINE

Hello everybody, I have a question : Have you ever used the inputs in Terragrunt from dependencies with a list ?

Valentin LANDEMAINE avatar
Valentin LANDEMAINE

I feel that this form : dependency.mydependency.outputs.mylist[0] does not work

Phuc avatar
Phuc
05:37:41 AM

Hi Valentin, we met that issue before. And it’s very trouble to achieve that. Unless terragrunt comes up with the new advance feature. For now, to pass output, we use mostly :

  • data source
  • remote tfstate

I feel that this form : dependency.mydependency.outputs.mylist[0] does not work

2019-10-23

simon.wahlin avatar
simon.wahlin

I’ve started to test out terragrunt to separate my terraform modules from my configuration-data and really like it so far but I have one thing I can’t figure out.

I have one repo with only folders and terragrunt.hcl files, looks similar to this:

DEV
- terragrunt.hcl <--- "root" config file only to be inherited by children
- RG
   - terragrunt.hcl <--- child config that uses generic module "RG" as source
- Compute
   - terragrunt.hcl <--- child config that uses generic module "Compute" as source
- Network
   - terragrint.hcl <--- child config that uses generic module "Network" as source
PROD
- terragrunt.hcl <--- "root" config file only to be inherited by children
- RG
   - terragrunt.hcl <--- child config that uses generic module "RG" as source
- Compute
   - terragrunt.hcl <--- child config that uses generic module "Compute" as source
- Network
   - terragrint.hcl <--- child config that uses generic module "Network" as source

I’m configuring remote state in each root config (this works great!)

Now I want to send different config for the provider in DEV vs PROD.

I’m using the azurerm provider and I want to set the subscription_id parameter per environment.

Each generic module has a provider config in main.tf that looks like this:

provider "azurerm" {
  version = ">= 1.1.0"
}

The azurerm provider has a parameter called subscription_id

Is there a way I can configure subscription_id for the provider in each “root” configuration file? I’ve tried to add an input block to my root file like this:

inputs = {
  subscription_id = "dc15404b-802b-4e2e-a22a-c772807b1c1d"
}

but it seems to have no effect.

Is this possible? Am I doing it wrong? Do I have to use a hook instead?

(Sorry for the multiple edits, apparently I suck at Slack)

simon.wahlin avatar
simon.wahlin

Not sure if this is the place to ask or if I should open an Issue on github

loren avatar
loren

I’ve used hooks for this type of workflow, keeping the provider .tf config in a parent directory and copying the provider config into the terragrunt working dir on the fly. I’m on my phone right now so can’t get you an example easily. Maybe @antonbabenko has something handy he can share…

loren avatar
loren

Actually, we had a convo about this in this channel not long ago… start reading from here… https://sweetops.slack.com/archives/CDMJ4BBR8/p1567775756001800

Hi guys! @loren Have you found a solution to this https://github.com/gruntwork-io/terragrunt/issues/785 ? I wonder how people are solving odd (“new”) behavior of init hooks?

antonbabenko avatar
antonbabenko

I don’t have possibility to help more (traveling now), but you can use env variables to set subscription ids based on folder you run terrafgrunt at (eg, using direnv).

antonbabenko avatar
antonbabenko

Either using ARM_SUBSCRIPTION_ID (or how azure provider expects it) or using TF_VAR_foobar and use $var.foobar in provider block. And, as @loren said, I also rely on hooks to copy that one from central place. Unfortunately, thee is still an open issue 785.

tamsky avatar
tamsky

@simon.wahlin I agree with setting/requiring any per-env required ENV vars to be set before running terragrunt. And then employing it like this (ymmv):

provider "azurerm" {
  version = ">= 1.1.0"
  subscription_id = get_env("ARM_SUBSCRIPTION_ID", "ARM_SUBSCRIPTION_ID is required")
}
simon.wahlin avatar
simon.wahlin

Thanks for the pointers! I’ll read up on the previous conversation and issue 785! I was hoping there was a similar solution for provider as there are for remote-state where I could have an empty provider block in my module that would be merged/overwritten with whats in the .hcl

loren avatar
loren

That would be awesome

1

2019-10-18

Milos Backonja avatar
Milos Backonja

Hi Guys, Should this create tags for backend resoruces (dynamodb and s3)? s3 and dynamodb are created with terragrunt, but without tags

Todd Lyons avatar
Todd Lyons

Possibly a dumb question: I import aws resources that were manually created into terraform configs, and generally have gotten decent at it. (It helps that the latest terraform state show prints things out in hcl format.) The concept of importing things into terragrunt seems nearly impossible to get right. Would I be off base for settling on this:

  1. New resources: use terragrunt and terraform modules for all new resources.
  2. Existing resources: use straight terraform when need to import existing infrastructure.
  3. New resources: terragrunt is acceptable when work flow is to create and destroy resources but without service disruption.

2019-10-08

2019-10-07

antonbabenko avatar
antonbabenko

You can use functions like list() or element() inside of inputs to modify as what you want from the outputs.

Phuc avatar

hi @antonbabenko, thank for verification. Can you express more detail how to achieve that result ? Below is detail of my case:

  • output.tf in vpc module ``` output “internal_ssh_security_group_id”{ value = “${aws_security_group.internal_ssh.id}” }

output “external_ssh_security_group_id”{ value = “${aws_security_group.external_ssh.id}” }

Here is working example in other input declare with the actual sg-id get from aws console:

inputs = { profile = “xxx-sg1” region = “ap-southeast-1” name = “xxx” environment = “staging” number_hosts = “1” instance_type = “t2.micro” key_name = “xxx-staging” security_groups = [“sg-id-xxx”,”sg-id-xxyy”]

I want the security_groups receive value from those 2 above output in vpc module, which means it make as a list

dependency “vpc” { config_path = “../vpc” } terraform_version_constraint = “<0.12” include { path = find_in_parent_folders() }

terraform { source = “git::<ssh://[email protected]/redcrane/sandbox/terraform-modules/linux-bastion.git?ref=staging>” }

inputs = { profile = “xxx-sg1” region = “ap-southeast-1” name = “xxx” environment = “staging” number_hosts = “1” instance_type = “t2.micro” key_name = “xxx-staging” security_groups = [“dependency.vpc.outputs.external_ssh”, “dependency.vpc.outputs.external_ssh” ] } ```

antonbabenko avatar
antonbabenko

Remove double quotes from the values - dependency.vpc.outputs.external_ssh

Phuc avatar

hi @antonbabenko

Phuc avatar

I tried as you suggest

Phuc avatar

but when run with terragrunt init –terragrunt-source-update

Phuc avatar

It show error: Underlying error: invalid primitive type name “list”

Phuc avatar

here is what I declare in module’s variable.tf :

variable "sg" {
  type  = "list"
  default = []
 }

And here is in terragrunt.hcl:

inputs ={
.
.
.
sg                         =[dependency.vpc.outputs.internal_ssh_security_group_id,dependency.vpc.outputs.external_ssh_security_group_id]
Phuc avatar

outputs in module:

output "internal_ssh_security_group_id"{
  value = "${aws_security_group.internal_ssh.id}"
}

output "external_ssh_security_group_id"{
  value = "${aws_security_group.external_ssh.id}"
}
Phuc avatar

here is the result when running terraform out -json in .cacheterrafrom in ../vpc:

"external_ssh_security_group_id": {
        "sensitive": false,
        "type": "string",
        "value": "sg-0bdebf4a204c92cda"
    },
    "internal_ssh_security_group_id": {
        "sensitive": false,
        "type": "string",
        "value": "sg-02a7ed268ef320cbb"
    },
antonbabenko avatar
antonbabenko

Underlying error: invalid primitive type name "list" - is the problem. Terragrunt passes values correctly it seems. What versions of terraform and terragrunt are you using? Can it be that terragrunt does not work with your older version of terraform?

Phuc avatar

well I use Tf ver 0.11 due to requirement, and I use terragrunt version v0.19.27 with terraform constraint.

Phuc avatar

terraform_version_constraint = “<0.12”

2019-10-06

Phuc avatar

Hi guys

Phuc avatar

Is there anyway I can use terragrunt.hcl with a module that contains a module inside it ?

Phuc avatar

for example:

In the terragrunt.hcl


terraform_version_constraint = "<0.12"
include {
  path = find_in_parent_folders()
}

terraform {  
  source = "git::<ssh://xxx/custom_ecs_cluster.git?ref=terraform_0.11>"
}

inputs = {
  name                          = "xxx"
  profile                       = "xxx"  
  region                        = "xxx"
}

The module custom_ecs_cluster main.tf’s content:

module "aws_ecs_cluster" {
  source = "git::<ssh://xxx:aws-ecs-cluster.git?ref=terraform_0.11>"
loren avatar
loren

we do this all the time. hasn’t been anything special to it. it just works…

Phuc avatar

also, does anyone know how to transfer output of other dependency as list value ? as I declare the output in the module and testing with showing output successfully.But when running the terragrunt apply. it keep show the error as “ Underlying error: invalid primitive type name “list” example:

dependency "vpc" {
  config_path = "../vpc"
}
terraform_version_constraint = "<0.12"
include {
  path = find_in_parent_folders()
}

terraform {  
  source = "git::<ssh://[email protected]/redcrane/sandbox/terraform-modules/linux-bastion.git?ref=staging>"
}


inputs = {
  profile                       = "xxx-sg1"  
  region                        = "ap-southeast-1"
  name                          = "xxx"
  environment             = "staging"
  number_hosts           = "1"
  instance_type            = "t2.micro"
  key_name                   = "xxx-staging"
  security_groups         [dependency.vpc.outputs.sg_id] <== this part is that allowed ? Or is there anyway that I can parse the output as list value to this   
}
    keyboard_arrow_up