#terragrunt (2020-09)
Terragrunt discussions
Archive: https://archive.sweetops.com/terragrunt/
2020-09-08
hey all, ive been working with terragrunt for a while now.. just moving some automation into a jenkinsfile job to deploy from a jenkins… however getting errors when pulling for remote private repo, has anyone implemented this ? example source and error below:
terraform {
source = "git::<ssh://[email protected]/company/paas-multi-terraform-library.git//gcp/network/subnet>"
}
error
error downloading '<ssh://[email protected]/company/paas-multi-terraform-library.git>': /usr/bin/git exited with 128: Cloning into '/home/jenkins/agent/workspace/kinsfile-test_MSP-273-ci-jenkins/non-prod/amer/us-west1/mgmt/compute/dev_private_gke_cluster/.terragrunt-cache/h4cvKw_rhACL9f2Geh59b-KBmeI/6D1EtXnNY27AvhFueqKBaj4w-Gk'...
Warning: Permanently added the RSA host key for IP address '18.205.93.2' to the list of known hosts.
[email protected]: Permission denied (publickey).
i have loaded the ssh key and other commands work, the key is also working locally
jenkinsfile extract:
withCredentials([sshUserPrivateKey(credentialsId: 'company_bb', keyFileVariable: 'identity')]) {
sh ("eval `ssh-agent -s` && ssh-add ${identity} && ssh-add -L")
sh("ssh -T -oStrictHostKeyChecking=no [email protected] || true")
sh("cd non-prod/amer/us-west1/mgmt/compute/dev_private_gke_cluster/ && terragrunt apply --terragrunt-non-interactive --terragrunt-debug")
}
any working examples or if anyone spots any glaring problems any support would be great
2020-09-09
not pretty, but I have the required outcome using the below:
sh("eval `ssh-agent -s` && ssh-add ${identity} && cd non-prod/amer/us-west1/mgmt/compute/dev_private_gke_cluster/ && terragrunt apply --auto-approve --terragrunt-non-interactive")
could format it like this as well:
sh """
command 1
command 2
command 3
etc
"""
thanks @Sam Holton, I will be adding it to a shared library, plan to improve the formatting there
Yeah, your initial sh() step was in a sub shell and then lost for subsequent calls. We’ve gotten around this with some git config and using PATs over HTTPS, so no ssh keys needed.
the plan-all/apply-all are very useful, but is there a way to only plan-some/apply-some with a list of modules to run?
Or, getting to my real use case, is there a way to run a module that has dependency blocks on other modules while specifying --terragrunt-source?
Don’t use ACTION-all commands IMO, they aren’t production safe. stdin/stdout all get munged, there is little way to control what exactly to target and the current implementation is broken if you want to save the plan to a planfile and pas that to your apply, which you should be doing.
fair enough
But is there a way to run a single module with input from dependencies against local source?
Not AFAIK. –terragrunt-source is used essentially for the terraform init -from-module step for where to pull in the initial top level module, it won’t overrite your other sources in there to also point to local modules.
2020-09-11
I’m attemping to use a dependency output in a locals block like so:
locals {
thing2 = do_stuff(dependency.another_module.outputs.thing)
}
dependency "another_module" {
config_path = "../another-module"
}
inputs = {
thing = local.thing2
}
But I’m getting the error :
[terragrunt] 2020/09/11 13:10:37 Not all locals could be evaluated:
[terragrunt] 2020/09/11 13:10:37 - thing2
[terragrunt] 2020/09/11 13:10:37 Could not evaluate all locals in block.
Can you not use dependencies in local blocks?
because locals are evaluated before dependency blocks, you can not bind outputs from dependency into locals. On the other hand, for the same reason, you can use locals in the dependency blocks.
https://terragrunt.gruntwork.io/docs/getting-started/configuration/#configuration-parsing-order
2020-09-14
hi, new to terragrunt. I am trying to set an env variable (AWS_PROFILE) as part of before_hook. I am trying this with the hope that the cmd is run in the same shell session as the terraform cmd will be run but now i think that’s not how the hooks work. Any suggestions on how i can have the AWS_PROFILE set for the terraform cmds automatically by terragrunt?
Set it before hand in the terminal you are running terragrunt
@Sam Holton that’s what i am trying to avoid
Have you looked at using aws-vault?
You can use aws-vault exec or mix it with the awscli credential_process option
2020-09-15
2020-09-17
i’m new to terragrunt and i’ve hit a snag that is difficult to solve since the online documentations is for the newester version. anyone still stuck on old versions of terragrunt in here?
i’m stuck on v0.18.7 and i wanted to read in another config file with read_terragrunt_config() but that seems to be a newer addition.
what i really want is to have a file somewhere in the parent folder path with a list of variables containing versions, that i can then reference in the terragrunt files like
terraform {
source = "[email protected]:org/module?ref=${version_from_var}"
...
}
any suggestions for workarounds or solutions that wil work with terragrunt 0.18?
@Mads Hvelplund Am using read_terragrunt_config() for exactly this. Can you upgrade Terragrunt?
nope. i’m told by the ops guys that 0.18.7 is the last version that works with terraform 11
Ah indeed, if you are TF 11 you are stuck.
Given TF 14 is alpha, may want to tackle that before a big infra refactor into Terragrunt
let’s just say that a government minister called out the project in the media for being late. now seems like the wrong time to upgrade everything
lol, what GOV? (used to work for GOV.UK)
I’m assuming what you have works and Terragrunt was a refactor to DRY up the code a little?
terragrunt is a left over from when terraform 11 was cool. everything is actually being migrated to terraform 13, but there is a lot of code so it won’t happen overnight just because i’m too lazy to hard code 50 git tags
heh, sounds like stuck tbh
You could look at the read_terragrunt_config() PR and re implement in a fork of 0.18 and use that?
that would be sprinkling parsley on a roadkill
Does the file with versions have any fancy HCL specific logic in it? If not, you could make that file JSON or YAML and then read in the file and decode it using older functions
i’m pretty sure you can use the latest terragrunt, you just have to set terraform_version_constraint = ">= 0.11" in your terragrunt config… https://terragrunt.gruntwork.io/docs/reference/config-blocks-and-attributes/#terraform_version_constraint
we were doing that for quite a while, as part of our own upgrade path
Ah, nice, I thought they’d done a hard cut off
they did, and then someone contributed the version_constraint argument, since there wasn’t really a technical reason for the restriction, more just a limitation of how they’re testing