Terraform crashes when using data source aws_ami #8786
Comments
|
@moritzheiber hi there! Sorry about this! Would you kindly provide decrypted logs? Not every person who works on the Terraform is HashiCorp employee, thus has no access to the private key, which hiders any attempt on troubleshooting the issue. Thank you in advance. |
|
I'm happy to send the encrypted logs to anyone who's willing to tender their public keys to me. Unfortunately, contractual obligations prevent me from posting the respective information in the open, sorry :( |
|
If this presents a challenge in resolving this bug I'll try to reproduce it with a stack unassociated with the one from the initial report. However, that might not be solving the use case I reported this with initially. |
|
@moritzheiber hello there! Have you been able to make any progress with allowing us to see the logs? Even stack trace from the original logs would be a starting point (and it does not include any sensitive information, etc.). |
|
@moritzheiber if you are able, I think the most helpful part to share would be the main headline from the Go error message and ideally at least a couple lines out of the stack trace that follows it. That part should include only information that is part of the public Terraform binary and not anything sensitive about your configuration, and would give us a pointer to what section of code is crashing in order to theorize about what might be causing it. If you're not sure what part of the log output I'm talking about, take a look at what I fished out of the debug log in #6441; it'll likely be a line starting with |
|
I've "renegotiated" (believe me, if it were for me I would've posted the plaintext output log ages ago) and was able to convince the stakeholders to paste the panic output: Also, I'll try to get a redacted version of the debug/crash log posted here. The trace output above was generated using Terraform 0.7.4. |
|
This is 100% reproducible by taking the AMI naming convention posted at the beginning of this ticket and applying a simple regex. The part of the configuration for the data source is: The corresponding packer pattern would be: {
"builders": [
{
"type": "amazon-ebs",
"region": "eu-central-1",
"source_ami": "ami-f955a096",
"instance_type": "t2.micro",
"ssh_username": "ec2-user",
"ami_name": "our-ami {{isotime \"2006-01-02T15_04_05\"}}",
"iam_instance_profile": "our_service"
}
]
}The resulting AMI image's name would be (for today): |
|
@moritzheiber hi there! I REALLY appreciate this. I also understand your pain, as I work for an Enterprise myself, thus the pain you had to go through to get this is really appreciated. |
|
@moritzheiber thanks to the panic and other data you have provided, I was able to narrow the issue to the following Amazon Machine Image (AMI) which seem not to have a name set. I am not entirely sure if this is even possible (probably a bug?) to achieve in EC2. The following is the image metadata which causes Terraform to panic with nil pointer dereference: Basically, since you are using a regular expression to narrow the results, the following loop gets executed to walk all the images available and match against the expression: data_source_aws_ami.go#L240-L245 When the image with ID I will provide a fix shortly. |
|
Oh, so the function iterates over all available AMIs, not just the one created by/belonging to our account? That explains it. I reckon a way of limiting the pool of AMI ids to walk through would be convenient, if it doesn't exist already (i.e. Good find. |
|
I have an addendum: I've run query for the account ID
|
|
@moritzheiber hi there! You could try to use your Amazon account ID with the |
|
@moritzheiber hi here! I was wondering whether you were able to apply the |
|
I merged @kwilczynski's patch in #9033, so this issue should be resolved in the next release of Terraform. As the documentation page says...
...it's suggested to use With the simple pattern that was posted earlier, I believe a filter {
name = "name"
values = ["our-ami*"]
}...though best to also constrain with the With all of that said, I'm going to close this now since I think #9033 took care of this. If there's more here then do feel free to reopen. Thanks again for the bug report, and thanks to @kwilczynski for the investigation and the fix! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
I'm getting consistent crashes when trying to use the
aws_amidata source. Configuration is linked below.Terraform Version
Terraform v0.7.3 (UPDATED: Also happening on 0.7.4)
Affected Resource(s)
aws.data.aws_amiTerraform Configuration Files
Encrypted with the public key corresponding to
51852D87348FFC4C:https://gist.github.com/moritzheiber/51bec104f5fcad898deda6e1197415bb
Debug Output/Panic Output
Encrypted with the public key corresponding to
51852D87348FFC4C:https://gist.github.com/moritzheiber/ac2862637b306655b06eb1426f13fbfa
Expected Behavior
The
aws_amidata source is providing me with the latest AMI ID corresponding to the regex'consul-base-ami\\ *'.Actual Behavior
The terraform process is crashing.
Steps to Reproduce
terraform planImportant Factoids
The AMI IDs are formed after the following Packer pattern:
default-consul-ami {{isotime \"2006-01-02T15_04_05\"}}.References
Might be related to #7910
The text was updated successfully, but these errors were encountered: