Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terraform stuck local-exec provisioner which used as module and calls second time #22207

Open
KursLabIgor opened this issue Jul 25, 2019 · 1 comment
Open

Terraform stuck local-exec provisioner which used as module and calls second time #22207

KursLabIgor opened this issue Jul 25, 2019 · 1 comment
Labels
provisioner/local-exec

Comments

@KursLabIgor
Copy link

Terraform Version

+ provider.archive v1.2.2
+ provider.aws v1.60.0
+ provider.cloudflare v1.16.1
+ provider.github v2.2.0
+ provider.local v1.3.0
+ provider.null v2.1.2
+ provider.postgresql v1.1.0
+ provider.random v2.1.2
+ provider.template v2.1.2

Terraform Configuration Files

provider "postgresql" {
  host            = "${var.db_host}"
  port            = "${var.db_port}"
  database        = "${var.db_name}"
  username        = "${var.rds_master_user}"
  password        = "${var.rds_master_pass}"
  sslmode         = "require"
  connect_timeout = 20
  superuser       = false
}

resource "postgresql_role" "readonly_role" {
  name           = "${var.rds_readonly_user}"
  login          = true
  password       = "${var.rds_readonly_user_pass}"
  skip_reassign_owned = true
  skip_drop_role = true

}
resource "postgresql_role" "readwrite_role" {
  name           = "${var.rds_readwrite_user}"
  login          = true
  password       = "${var.rds_readwrite_user_pass}"
  skip_reassign_owned = true
  skip_drop_role = true

}
resource postgresql_grant "grant_readonly" {
  database    = "${var.db_name}"
  role        = "${postgresql_role.readonly_role.name}"
  schema      = "public"
  object_type = "table"
  privileges  = ["SELECT"]

}
resource postgresql_grant "grant_readwrite" {
  database    = "${var.db_name}"
  role        = "${postgresql_role.readwrite_role.name}"
  schema      = "public"
  object_type = "table"
  privileges  = ["ALL"]
}
data "template_file" "permissions_data_file" {
  template = "${file("${path.module}/permissions.sh.tpl")}"
  vars {
    PGPASSWORD = "${var.rds_master_pass}"
    read_only_role = "${postgresql_role.readonly_role.name}"
    read_write_role = "${postgresql_role.readwrite_role.name}"
  }
}
resource "null_resource" "db_setup" {

  provisioner "local-exec" {

    command = "psql -h ${var.db_host} -p ${var.db_port} -U \"${var.rds_master_user}\" -d ${var.db_name} -c \"${data.template_file.permissions_data_file.rendered}\" -c \"\\q\""
  }
  depends_on = ["postgresql_role.readwrite_role", "postgresql_role.readonly_role"]
}

Template File permissions.sh.tpl:

GRANT USAGE ON SCHEMA public TO ${read_only_role};
GRANT SELECT  ON ALL TABLES    IN SCHEMA public TO ${read_only_role};
GRANT SELECT  ON ALL SEQUENCES IN SCHEMA public TO ${read_only_role};
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO ${read_only_role};
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO ${read_only_role};
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON SEQUENCES TO ${read_only_role};
GRANT ${read_only_role} TO ${read_write_role};
GRANT UPDATE, DELETE, INSERT, REFERENCES, TRIGGER ON ALL TABLES IN SCHEMA public TO ${read_write_role};
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT UPDATE, DELETE, INSERT, REFERENCES, TRIGGER ON TABLES TO ${read_write_role};

Debug Output

module.rds2_roles.null_resource.db_setup: Still creating... (1m30s elapsed)
2019/07/25 16:11:07 [TRACE] dag/walk: vertex "provisioner.local-exec (close)", waiting for: "module.rds2_roles.null_resource.db_setup"
2019/07/25 16:11:07 [TRACE] dag/walk: vertex "provider.null (close)", waiting for: "module.rds2_roles.null_resource.db_setup"
2019/07/25 16:11:09 [TRACE] dag/walk: vertex "root", waiting for: "meta.count-boundary (count boundary fixup)"
2019/07/25 16:11:09 [TRACE] dag/walk: vertex "meta.count-boundary (count boundary fixup)", waiting for: "module.rds2_roles.null_resource.db_setup"
2019/07/25 16:11:12 [TRACE] dag/walk: vertex "provider.null (close)", waiting for: "module.rds2_roles.null_resource.db_setup"
2019/07/25 16:11:12 [TRACE] dag/walk: vertex "provisioner.local-exec (close)", waiting for: "module.rds2_roles.null_resource.db_setup"
2019/07/25 16:11:14 [TRACE] dag/walk: vertex "root", waiting for: "meta.count-boundary (count boundary fixup)"
2019/07/25 16:11:14 [TRACE] dag/walk: vertex "meta.count-boundary (count boundary fixup)", waiting for: "module.rds2_roles.null_resource.db_setup"

Crash Output

No crash

Expected Behavior

Terraform should perform all local-exec provisioners.

Actual Behavior

module.rds1_roles.null_resource.db_setup: Creation complete after 1s (ID: 1803057760686190652)
module.rds2_roles.null_resource.db_setup: Still creating... (1m30s elapsed)
And doesnt finish at least after 20m
So The first null_resource seems like works normal, but second run of same module with different db stucks.

Steps to Reproduce

Additional Context

Locally same file works fine without errors.
@mcascone
Copy link

Sounds like #22722 and #22343

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
provisioner/local-exec
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@KursLabIgor @mcascone @teamterraform