Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

multiple remote-exec's against the same target overwrite script.sh #1545

Closed
arubis opened this issue Apr 15, 2015 · 3 comments · Fixed by #1588
Closed

multiple remote-exec's against the same target overwrite script.sh #1545

arubis opened this issue Apr 15, 2015 · 3 comments · Fixed by #1588
Assignees
@mitchellh
Labels
bug core

Comments

@arubis
Copy link

arubis commented Apr 15, 2015

I'm using terraform's remote-exec provisioner with inline argument to run a script on my configuration management server whenever a new instance is provisioned. This allows me to pass Terraform variables directly into the script, which is very convenient.

Crucially, in case this wasn't clear, I'm using remote-exec to execute not on the instance the enclosing resource block describes, but on another central server.

This method works well so long as I provision one new instance at a time. However, if multiple instances are provisioned at once, since remote-exec always names its script /tmp/script.sh on the destination server, parallel terraform-remote-exec processes sometimes knock each other's scripts over while executing.

A snippet from my app.tf:

  provisioner "remote-exec" {
    connection {
      user = "ubuntu"
      agent = "true"
      host = "${module.salt_master.public_dns}"
    }
    inline = [
      "until sudo /usr/bin/salt-key ; do sleep 5; echo Waiting for saltstack install to complete ; done",
      "until ssh -i (CREDENTIALS) ubuntu@${self.public_dns} hostname ; do echo Connecting to ${self.public_dns} ; sleep 5s ; done",
      "sudo salt-key -y -d app${count.index}.${var.base_domain}; echo Invalidated old key for app${count.index}.${var.base_domain}",
      "sudo salt-key --gen-keys=app${count.index}.${var.base_domain} && echo Created new key for app${count.index}.${var.base_domain}",
      "sudo cp app${count.index}.${var.base_domain}.pub /etc/salt/pki/master/minions/app${count.index}.${var.base_domain} && echo Installed new key for app${count.index}.${var.base_domain} on master",
      "echo Installing new key for app${count.index}.${var.base_domain} on minion",
      "sudo scp -i (CREDENTIALS app${count.index}.${var.base_domain}.* ubuntu@${self.public_dns}:~/",
      "ssh -i (CREDENTIALS) ${self.public_dns} 'sudo mkdir -p /etc/salt/pki/minion; sudo mv ~/app${count.index}.${var.base_domain}.pub /etc/salt/pki/minion/minion.pub; sudo mv ~/app${count.index}.${var.base_domain}.pem /etc/salt/pki/minion/minion.pem'",
      "sudo rm -f app${count.index}.${var.base_domain}.*",
    ]
  }

I have similar provisioners in TF files for different server roles, and have seen a terraform run with output including:

aws_instance.es (remote-exec): Invalidated old key for app0.MYDOMAIN.com
aws_instance.es (remote-exec): Created new key for app0.MYDOMAIN.com
aws_instance.es (remote-exec): Installed new key for app0.MYDOMAIN.com on master
aws_instance.es (remote-exec): Installing new key for app0.MYDOMAIN.com on minion

...which should be managing a key for 'es0.MYDOMAIN.com' but the script.sh was swapped in mid-run due to another simultaneous provisioner.

Could terraform add entropy to the end of a script name, ie. /tmp/script-0EB5.sh, or a timestamp, or some other way to prevent collision?
mitchellh added a commit that referenced this issue Apr 18, 2015
@mitchellh
helper/ssh: add random number to script [GH-1545]
9a4ac76
@mitchellh mitchellh mentioned this issue Apr 18, 2015
Merged
mitchellh added a commit that referenced this issue Apr 18, 2015
@mitchellh
helper/ssh: add random number to script [GH-1545]
de8666a
@mitchellh
Copy link
Contributor

Fixed in PR #1588. Nice edge case catch! Thanks.

@mitchellh mitchellh self-assigned this Apr 18, 2015
mitchellh added a commit that referenced this issue Apr 20, 2015
@mitchellh
Merge pull request #1588 from hashicorp/b-par-prov
ccd14a6 
helper/ssh: add random number to upload path for script [GH-1545]
@arubis
Copy link
Author

arubis commented Apr 20, 2015

Thanks so much!

marvinpinto added a commit to freshbooks/terraform that referenced this issue Apr 20, 2015
@marvinpinto
Merge remote-tracking branch 'origin/master' into updatefresh
07c8f3a 
* origin/master:
  update CHANGELOG
  provider/aws: fix vet error, missing fmt param
  update CHANGELOG
  update CHANGELOG
  update CHANGELOG
  terraform: don't panic on input for bad default type [hashicorpGH-1344]
  helper/ssh: add random number to script [hashicorpGH-1545]
  Allow using deprecated security_groups in NI spec
  provider/aws: Fix issue when creating ELB with no tags
  Refresh state for deleted s3 bucket correctly
  Added Docker links support to the docker_container resource.
  providers/aws: check allocationId only if it's vpc, fixes hashicorp#1345
@ghost
Copy link

ghost commented May 3, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators May 3, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mitchellh mitchellh

Labels
bug core
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

helper/ssh: add random number to upload path for script [GH-1545] hashicorp/terraform
2 participants
@mitchellh @arubis