#terragrunt (2020-09)

terragrunt

Terragrunt discussions Archive: https://archive.sweetops.com/terragrunt/

2020-09-17

Mads Hvelplund avatar
Mads Hvelplund

i’m new to terragrunt and i’ve hit a snag that is difficult to solve since the online documentations is for the newester version. anyone still stuck on old versions of terragrunt in here?

i’m stuck on v0.18.7 and i wanted to read in another config file with read_terragrunt_config() but that seems to be a newer addition.

what i really want is to have a file somewhere in the parent folder path with a list of variables containing versions, that i can then reference in the terragrunt files like

terraform {
  source = "[email protected]:org/module?ref=${version_from_var}"
  ...
}

any suggestions for workarounds or solutions that wil work with terragrunt 0.18?

Built-in functions

Terragrunt allows you to use built-in functions anywhere in terragrunt.hcl, just like Terraform.

joshmyers avatar
joshmyers

@Mads Hvelplund Am using read_terragrunt_config() for exactly this. Can you upgrade Terragrunt?

Mads Hvelplund avatar
Mads Hvelplund

nope. i’m told by the ops guys that 0.18.7 is the last version that works with terraform 11

joshmyers avatar
joshmyers

Ah indeed, if you are TF 11 you are stuck.

joshmyers avatar
joshmyers

Given TF 14 is alpha, may want to tackle that before a big infra refactor into Terragrunt

Mads Hvelplund avatar
Mads Hvelplund

let’s just say that a government minister called out the project in the media for being late. now seems like the wrong time to upgrade everything

joshmyers avatar
joshmyers

lol, what GOV? (used to work for GOV.UK)

joshmyers avatar
joshmyers

I’m assuming what you have works and Terragrunt was a refactor to DRY up the code a little?

Mads Hvelplund avatar
Mads Hvelplund

terragrunt is a left over from when terraform 11 was cool. everything is actually being migrated to terraform 13, but there is a lot of code so it won’t happen overnight just because i’m too lazy to hard code 50 git tags

joshmyers avatar
joshmyers

heh, sounds like stuck tbh

joshmyers avatar
joshmyers

You could look at the read_terragrunt_config() PR and re implement in a fork of 0.18 and use that?

Mads Hvelplund avatar
Mads Hvelplund

that would be sprinkling parsley on a roadkill

joshmyers avatar
joshmyers

Polishing a turd?

:--1:1
David avatar
David

Does the file with versions have any fancy HCL specific logic in it? If not, you could make that file JSON or YAML and then read in the file and decode it using older functions

:--1:1
loren avatar
loren

i’m pretty sure you can use the latest terragrunt, you just have to set terraform_version_constraint = ">= 0.11" in your terragrunt config… https://terragrunt.gruntwork.io/docs/reference/config-blocks-and-attributes/#terraform_version_constraint

Configuration Blocks and Attributes

Learn about all the blocks and attributes supported in the terragrunt configuration file.

loren avatar
loren

we were doing that for quite a while, as part of our own upgrade path

joshmyers avatar
joshmyers

Ah, nice, I thought they’d done a hard cut off

loren avatar
loren

they did, and then someone contributed the version_constraint argument, since there wasn’t really a technical reason for the restriction, more just a limitation of how they’re testing

:--1:2

2020-09-15

2020-09-14

ninja avatar
ninja

hi, new to terragrunt. I am trying to set an env variable (AWS_PROFILE) as part of before_hook. I am trying this with the hope that the cmd is run in the same shell session as the terraform cmd will be run but now i think that’s not how the hooks work. Any suggestions on how i can have the AWS_PROFILE set for the terraform cmds automatically by terragrunt?

Sam Holton avatar
Sam Holton

Set it before hand in the terminal you are running terragrunt

ninja avatar
ninja

@Sam Holton that’s what i am trying to avoid

Joe Niland avatar
Joe Niland

Have you looked at using aws-vault?

You can use aws-vault exec or mix it with the awscli credential_process option

2020-09-11

Abel Luck avatar
Abel Luck

I’m attemping to use a dependency output in a locals block like so:

locals {

  thing2 = do_stuff(dependency.another_module.outputs.thing)
}

dependency "another_module" {
  config_path = "../another-module"
}

inputs = {
  thing = local.thing2
  
}

But I’m getting the error :

[terragrunt] 2020/09/11 13:10:37 Not all locals could be evaluated:
[terragrunt] 2020/09/11 13:10:37 	- thing2
[terragrunt] 2020/09/11 13:10:37 Could not evaluate all locals in block.

Can you not use dependencies in local blocks?

loren avatar
loren


because locals are evaluated before dependency blocks, you can not bind outputs from dependency into locals. On the other hand, for the same reason, you can use locals in the dependency blocks.

https://terragrunt.gruntwork.io/docs/getting-started/configuration/#configuration-parsing-order

Configuration

Learn how to configure Terragrunt.

1

2020-09-09

jason einon avatar
jason einon

not pretty, but I have the required outcome using the below:

sh("eval `ssh-agent -s` && ssh-add ${identity} && cd non-prod/amer/us-west1/mgmt/compute/dev_private_gke_cluster/ && terragrunt apply --auto-approve --terragrunt-non-interactive")
Sam Holton avatar
Sam Holton

could format it like this as well:

sh """
command 1
command 2
command 3
etc
"""
jason einon avatar
jason einon

thanks @Sam Holton, I will be adding it to a shared library, plan to improve the formatting there

joshmyers avatar
joshmyers

Yeah, your initial sh() step was in a sub shell and then lost for subsequent calls. We’ve gotten around this with some git config and using PATs over HTTPS, so no ssh keys needed.

Abel Luck avatar
Abel Luck

the plan-all/apply-all are very useful, but is there a way to only plan-some/apply-some with a list of modules to run?

Abel Luck avatar
Abel Luck

Or, getting to my real use case, is there a way to run a module that has dependency blocks on other modules while specifying --terragrunt-source?

joshmyers avatar
joshmyers

Don’t use ACTION-all commands IMO, they aren’t production safe. stdin/stdout all get munged, there is little way to control what exactly to target and the current implementation is broken if you want to save the plan to a planfile and pas that to your apply, which you should be doing.

Abel Luck avatar
Abel Luck

fair enough

Abel Luck avatar
Abel Luck

But is there a way to run a single module with input from dependencies against local source?

joshmyers avatar
joshmyers

Not AFAIK. –terragrunt-source is used essentially for the terraform init -from-module step for where to pull in the initial top level module, it won’t overrite your other sources in there to also point to local modules.

2020-09-08

jason einon avatar
jason einon

hey all, ive been working with terragrunt for a while now.. just moving some automation into a jenkinsfile job to deploy from a jenkins… however getting errors when pulling for remote private repo, has anyone implemented this ? example source and error below:

terraform {
  source = "git::<ssh://[email protected]/company/paas-multi-terraform-library.git//gcp/network/subnet>"
} 

error

error downloading '<ssh://[email protected]/company/paas-multi-terraform-library.git>': /usr/bin/git exited with 128: Cloning into '/home/jenkins/agent/workspace/kinsfile-test_MSP-273-ci-jenkins/non-prod/amer/us-west1/mgmt/compute/dev_private_gke_cluster/.terragrunt-cache/h4cvKw_rhACL9f2Geh59b-KBmeI/6D1EtXnNY27AvhFueqKBaj4w-Gk'...
Warning: Permanently added the RSA host key for IP address '18.205.93.2' to the list of known hosts.
[[email protected]](mailto:[email protected]\.org): Permission denied (publickey).
jason einon avatar
jason einon

i have loaded the ssh key and other commands work, the key is also working locally

jason einon avatar
jason einon

jenkinsfile extract:

withCredentials([sshUserPrivateKey(credentialsId: 'company_bb', keyFileVariable: 'identity')]) {
              sh ("eval `ssh-agent -s` && ssh-add ${identity} && ssh-add -L")
              sh("ssh -T -oStrictHostKeyChecking=no [[email protected]](mailto:[email protected]\.org) || true")
              sh("cd non-prod/amer/us-west1/mgmt/compute/dev_private_gke_cluster/ && terragrunt apply --terragrunt-non-interactive --terragrunt-debug")
  
            }
jason einon avatar
jason einon

any working examples or if anyone spots any glaring problems any support would be great

    keyboard_arrow_up