Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

capture output of provisioners into variables #610

Closed
piavlo opened this issue Nov 27, 2014 · 55 comments
Closed

capture output of provisioners into variables #610

piavlo opened this issue Nov 27, 2014 · 55 comments

Comments

@piavlo
Copy link

piavlo commented Nov 27, 2014

so that they could be referenced in other TF resources

@mitchellh
Copy link
Contributor

Interesting idea... and completely possible. I think we need an overhaul of the state a bit to better support longform text to support this. We plan on making this change at some point. I'll tag this for now.

@lalloni
Copy link
Contributor

lalloni commented Mar 12, 2015

+1!

We're needing this feature right now for creating and sharing cluster discovery tokens.

@lalloni
Copy link
Contributor

lalloni commented Mar 12, 2015

Here's how it's used in Ansible.

@yruss972
Copy link

yruss972 commented Aug 1, 2016

+1

@supernomad
Copy link

So I just ran into the need for this as well, want to save the output from an inline script call and have it available after its been created.

@james-gonzalez
Copy link

I second @supernomad. We are currently taking the state, parsing it into an ini file and then querying it that way into variables (via the Ansible lookup function). It would be great if this could be made easier.

@timothy-spencer
Copy link

I would love something like this as well. I've got a fair number of things that create accounts or keys or whatever on an instance that I'd love to be able to capture and then stick into other instances. I know this is probably tricky, but man, it would be cool to remove these manual steps from the process. :-)

@tomwganem
Copy link

I use terraform to stand up mesos clusters with a newly provisioned vault instance that has a randomly generated set of passwords for that cluster. In addition, I generate access tokens for our internal deployment tools and our devops engineers to access these secrets when they need them. I would like to be able to save these access tokens to our permanent on-premise vault installation. If terraform provided me a way to capture output from a provisioner, I would be able to do that.

@maus-
Copy link

maus- commented Mar 15, 2017

+1

@drpaneas
Copy link

+1 I need this functionality also.

@deepblue-phoenix
Copy link

+1 this would be great

@anasinnyk
Copy link

+1 it's block my swarm cluster. I have a token in master node and I need it randomly token from provisioner to use for include different nodes to cluster.

@holms
Copy link

holms commented Jul 22, 2017

Any status on this? Why such a basic feature still not implemented? How can I join slaves of cluster if I can't memorize token...?

@smastrorocco
Copy link

+1 helpful with AWS provider as well to fetch EC2 Windows password and pass to communicator

@zarbis
Copy link

zarbis commented Nov 9, 2017

Interested in this also, mainly to register cluster join tokens.

@rmihael
Copy link

rmihael commented Jan 17, 2018

It is a roadblock for many different scenarios. Is there any workaround to get command's output as a variable?

@matti
Copy link

matti commented Feb 13, 2018

Meanwhile I did this that works for me in my use case: https://github.com/matti/terraform-shell-resource

@aldoborrero
Copy link

Yeah, I see this as very useful feature to have as some commented for creating Docker Swarms or other valid use cases...

@apparentlymart apparentlymart added config and removed core labels Aug 1, 2018
@dmitrypol
Copy link

+1

1 similar comment
@ravidbro
Copy link

+1

@bazmera
Copy link

bazmera commented Feb 26, 2019

It would be a useful feature. Would solve so many roadblocks.

@mdeggies
Copy link
Member

mdeggies commented Mar 7, 2019

+1

1 similar comment
@julianfrank
Copy link

+1

@sachinar
Copy link

+1

@matti
Copy link

matti commented Feb 29, 2020

I'm still actively developing https://github.com/matti/terraform-shell-resource module, the number of issues and github stars etc clearly shows that there is a massive demand for this one.

while my module works pretty well now after 0.12, having this in terraform would be super good.

@ska-ops
Copy link

ska-ops commented Mar 11, 2020

+1

1 similar comment
@MaxPeal
Copy link

MaxPeal commented Apr 6, 2020

+1

@countcain
Copy link

+1

@boredabdel
Copy link

@matti is it possible to use your module to run bash files ?

@matti
Copy link

matti commented May 11, 2020

@boredabdel why not?

@boredabdel
Copy link

I'm wondering if it's possible ! and if you could provide an example it would great !

Thanks

@matti
Copy link

matti commented May 11, 2020

just call the script as the command and you are good

@openscript
Copy link

Without this feature it makes it unnecessarily complicated to join worker nodes to a Docker swarm.

@githanium
Copy link

+1

1 similar comment
@anandsuresh
Copy link

+1

@lejluff
Copy link

lejluff commented Nov 8, 2021

+1 Is there still traction on this? This has been open for a very long time.

I'm still actively developing https://github.com/matti/terraform-shell-resource module, the number of issues and github stars etc clearly shows that there is a massive demand for this one.

while my module works pretty well now after 0.12, having this in terraform would be super good.

This resource does a local exec and I need a remote exec to capture the outputs from bash script on remote ec2
.

@ifaizan
Copy link

ifaizan commented Dec 18, 2021

+1 on this. This would make life a lot easier

@avifreege
Copy link

+1 , will be very helpful for adding self_managed_node_groups with the EKS module V18.

@matti
Copy link

matti commented Mar 6, 2022

my original workarounds are now archived, please see https://github.com/Invicton-Labs/terraform-external-shell-resource and https://github.com/Invicton-Labs/terraform-external-shell-data

@tanvp112
Copy link

@ginjo
Copy link

ginjo commented May 28, 2022

@matti , been using your shell-resource for several years to deploy swarm clusters, and it works like a charm. I'll migrate over to the Inviction-labs code now - so happy this functionality still exists. Thanks for all your work!

@matti
Copy link

matti commented May 28, 2022

@ginjo thank you!

@byteknacker
Copy link

I also need this feature to get the service secret token of Gitlab's Admin Service Account. I need it to be a terraform output to pass it over to the GItlab CI/CD variables and use it later for another job. Please put this on priority for the next releases as it is a much requested feature.

@jaehyeon-kim
Copy link

I need this feature to create a manage endpoint of emr container and capture the output.

@apparentlymart
Copy link
Contributor

Hi all! Sorry for the long silence here.

This issue has languished because at this point provisioners are essentially a legacy system in Terraform, and we aren't planning to make any further significant changes to their design. We consider provisioners to be a last resort, and would recommend using providers instead whereever possible.

A create-time provisioner is functionally equivalent to a resource type which takes an action during its "create" step, and a destroy-time provisioner is functionally equivalent to a resource type which takes an action during its "destroy step.

Resource types already have the capability to export arbitrary data from their create actions, and so the best path forward to meet the use-case this issue is representing is to use a provider which has a resource type which takes the action you want to take during its create step and returns the data you need. Modern Terraform supports third-party providers, so there are various providers dealing with variants of this problem and anyone is empowered to write a new one.

One example community provider that can potentially take a similar role as the local-exec provisioner would be scottwinkler/shell. I've not made extensive use of it myself so I can't promise it will solve all problems, but according to its documentation it allows declaring an arbitrary shell script to run during each of the resource instance lifecycle steps, and its documentation suggests that it returns the output of the scripts being run.

I also see loafoe/ssh, which looks promising as a resource-type-based replacement for the remote-exec and file provisioners if you are using them to interact with SSH servers. I've not tried this one at all so I cannot vouch for its behavior, but its documentation describes functionality both for uploading files and for executing arbitrary commands over SSH.

I don't yet see a community provider in the registry for WinRM, so that does remain one situation where the remote-exec and file provisioners may be the best option for now. The WinRM-based provisioning process has always been a bit of a hack -- WinRM doesn't really have capabilities matching SSH, so Terraform's support for it is just a collection of workarounds. Given that, I expect that a hypothetical WinRM provider could be better tailored to the WinRM protocol's capabilities rather than Terraform's current strategy of just trying to pretend it's like SSH. Modern Windows also has an OpenSSH server available, so the need for WinRM is diminished.

With all of that said, I'm going to close this issue to represent that we're unlikely to prioritize any significant architectural changes related to provisioners. Instead, we intend to focus on the ecosystem of providers and on the resource instance change lifecycle, which is largely a superset of the capabililties of Terraform's protocol for provisioner plugins.

Thanks for this feature request, and sorry for the long silence!

@apparentlymart apparentlymart closed this as not planned Won't fix, can't repro, duplicate, stale Aug 30, 2022
@matti
Copy link

matti commented Aug 30, 2022

the mentioned scottwinkler/terraform-provider-shell#88

forces scripts to output json...

@lorengordon
Copy link
Contributor

It would truly be nice if the terraform team would talk to the packer team, and support the same set of provisioner options.

@lorengordon
Copy link
Contributor

lorengordon commented Sep 1, 2022

The main feature of provisioners that I truly appreciate is that output is streamed back to the user. When I'm running a script on a remote instance, that is invaluable. Providers do not seem to do that? Which makes troubleshooting waaaaay hard. Anyone know if any of the provider-based options actually do stream at least stderr back to the user?

@github-actions
Copy link
Contributor

github-actions bot commented Oct 2, 2022

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 2, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests