The change would apply and usually it would work, it just didn’t think it had worked, or something. Or if I accidentally entered a CIDR range that AWS didn’t like, like 10.0.20.0/20 instead of 10.0.16.0/20. Hard-coding it to “cidr_blocks ” or setting the type explicitly would resolve the problem. Sometimes I would track this down to having passed in a variable for a port number or range, e.g. SO MANY TIMES I had security group diffs run cleanly with “tf apply”, but then claim to be modifying themselves over and over. Like, uhhh, bisecting my diffs by commenting out half of the lines I had just added, then gradually re-adding or re-commenting out more lines until the error went away. Later on I developed more sophisticated patterns for debugging terraform. (*Obviously* in retrospect, I mean, after quite a long time poking haplessly about.) Which *obviously* means you didn’t explicitly define some inherited port as an int, so there’s a string somewhere there lurking in your tf tree. Strconv.ParseInt: parsing "": invalid syntax Or this: aws_security_group.zookeeper_sg: cannot parse '' as int: That one took me a couple hours to track down.
modules/77a846c64ead69ab51558f8c5be2cc44/main.tf: Error readingĬonfig for aws_route_table: parse error: syntax errorĪny guesses? Turned out to be a stray ‘}’ on line 105 in a different file, which HCL vim syntax highlighting thought was A-OK. Take this prime specimen: Error downloading modules: module aws_vpc: Error loading. Many of the error messages lack any context or line numbers to help you track down the problem. The best (only) way of debugging terraform was just reading really, really carefully, copy-pasting back and forth between multiple files for hours to get all the variables/outputs/interpolation correct. My kingdom for a printf, or a linter, or - dear god - the ability to step through the run and print out types & values. This is when I started tweeting sad things. SURE, I was a TF noob making noob mistakes, but I could not believe how hard it was to debug literally anything. Yo, all I wanted to do was refactor a perfectly good working config into modules for VPC, security groups, IAM roles/policies/users/groups/profiles, S3 buckets/configs/policies, autoscaling groups, policies, etc, and my entire fucking world just took a dump for a week. I did some inexcusably horrible things with variables to get the behavior I wanted.
TERRAFORMERS DEFINITION HOW TO
Has anyone ever actually used this thing? For a real thing? In production?” Many of the patterns that seemed obvious and correct to me about how to build robust AWS services were completely absent, like any concept of a subnet tier spanning availability zones. This is where I started being like … “huh. This would be nontrivial to do in two days *without* learning a new tool, so TOTAL JOY. I read a bunch of stuff and quickly spun up a VPC with public/private subnets, NAT, routes, IAM roles etc in < 2 days. Stage one: my terraform experiment started out great. (More about why later.) There is precious little evidence that TF was developed by or for anyone with experience running production systems at scale, but it’s … definitely not as actively hostile as CloudFormation, so it’s got that going for it. The orchestration space is very green, but I think Terraform is the standout option. If you want versioned infra, you basically get to choose between 1) AWS CloudFormation and its wrappers ( sparkleformation, troposphere), 2) chef-provisioner, and 3) Terraform. Because I generally respect Hashicorp and think they’re on the right path more often than not. Jesus christ, the ways my teams have bent over backwards to fake infra versioning after the fact (nagios checks running ec2 diffs, anyone?).īecause I am starting from scratch on a green field project, so I have the luxury of experimenting without screwing over existing customers. Why Terraform?īecause I am fucking sick and tired of not having versioned infrastructure. I thought it might be helpful to share some of my notes and lessons learned.
I have terraformed in rage, I have terraformed in delight. I’ve been using terraform regularly for 2-3 weeks now.
0 kommentar(er)
