Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Destruction order for dependent providers is incorrect #4645

Closed
partamonov opened this issue Jan 12, 2016 · 10 comments · Fixed by #10659
Closed

Destruction order for dependent providers is incorrect #4645

partamonov opened this issue Jan 12, 2016 · 10 comments · Fixed by #10659
Assignees
@mitchellh
Labels
bug core

Comments

@partamonov
Copy link

Situation:

  • I have RDS database created with aws_rds_instance resource
  • I have MySQL/Postgre/MSSQL providers with _database resource

For MySQL/Postgre/MSSQL provider endpoint is created RDS.

But I found that if I'm doing terraform destroy RDS instance is destroyed before database on it. I checked dependency graph and found that _database resource is not linked to RDS resource. The only option here is to add depends_on flag

Should we think how to fix dependencies or at least we should document this somewhere, may be on MySQL/Postgre/MSSQL providers pages

My graph for 2 cases in attached files:
with_depends_on.txt
without_depends_on.txt
@catsby catsby added the bug label Jan 13, 2016
@catsby
Copy link
Contributor

catsby commented Jan 13, 2016

For MySQL/Postgre/MSSQL provider endpoint is created RDS

Hey @partamonov – do you have a configuration that demonstrates this? If you could share it (minus any secrets) that would help. Assuming you're using the interpolation for the endpoint, this should certainly work..

Thanks

@catsby catsby added waiting-response An issue/pull request is waiting for a response from the community core labels Jan 13, 2016
@partamonov
Copy link
Author

Sure, I will post. In short, I use it as

module "rds" {
  ...
}

provider mysql {
  host "${module.rds.address}"
  ...
}

mysql_database "mydb" {
  name = "mydb"
}

This won't create dependency. Terraform version is 0.6.9

@partamonov
Copy link
Author 

provider "aws" {
    access_key = "${var.aws_key}"
    secret_key = "${var.aws_secret_key}"
    region = "eu-west-1"
}

module "rds" {
  source = "../modules/rds_provisioned"

  purpose = "${var.purpose}"
  customer = "${var.customer}"
  security_group_id = "${module.aws_iam.security_group_id}"
  instance_size = "${var.rds_instance_size}"
  instance_admin = "${var.rds_instance_admin}"
  instance_password = "${var.rds_instance_password}"
  subnet = "${var.subnet}"
  subnet_backup = "${var.subnet_backup}"
}

provider "mssql" {
  endpoint = "${module.rds.address}"
  username = "${module.rds.username}"
  password = "${var.rds_instance_password}"
}

resource "mssql_database" "mydb" {
  name = "mydb"
}

### RDS module returns
output "address" {
  value = "${aws_db_instance.db.address}"
}
output "username" {
  value = "${aws_db_instance.db.username}"
}

@partamonov
Copy link
Author

@catsby, please see above

@catsby catsby removed the waiting-response An issue/pull request is waiting for a response from the community label Jan 15, 2016
@catsby
Copy link
Contributor

catsby commented Jan 15, 2016

Thank you @partamonov ! We'll look into this

@mtekel
Copy link

mtekel commented Feb 26, 2016

Related problem here (also with postgresql provider), but in our case TF graph does show the dependency, yet TF behaves as if the dependency was not there: #5340

@partamonov partamonov mentioned this issue Apr 21, 2016
Closed
@partamonov
Copy link
Author

Version 0.6.14
Graph looks better now, but I still see that in current example mysql provider is initialized before resource is created on which provider is dependent

digraph {
        compound = "true"
        newrank = "true"
        subgraph "root" {
                "[root] aws_db_instance.db" [label = "aws_db_instance.db", shape = "box"]
                "[root] aws_db_subnet_group.rds" [label = "aws_db_subnet_group.rds", shape = "box"]
                "[root] aws_ecs_cluster.cis" [label = "aws_ecs_cluster.cis", shape = "box"]
                "[root] aws_iam_instance_profile.cissaas" [label = "aws_iam_instance_profile.cissaas", shape = "box"]
                "[root] aws_iam_role.cissaas" [label = "aws_iam_role.cissaas", shape = "box"]
                "[root] aws_iam_role.role_service" [label = "aws_iam_role.role_service", shape = "box"]
                "[root] aws_iam_role_policy.ecs" [label = "aws_iam_role_policy.ecs", shape = "box"]
                "[root] aws_iam_role_policy.ecs_service" [label = "aws_iam_role_policy.ecs_service", shape = "box"]
                "[root] aws_security_group.docker" [label = "aws_security_group.docker", shape = "box"]
                "[root] mysql_database.app" [label = "mysql_database.app", shape = "box"]
                "[root] provider.aws" [label = "provider.aws", shape = "diamond"]
                "[root] provider.mysql" [label = "provider.mysql", shape = "diamond"]
                "[root] provider.template" [label = "provider.template", shape = "diamond"]
                "[root] template_file.user_data" [label = "template_file.user_data", shape = "box"]
                "[root] aws_db_instance.db" -> "[root] aws_db_subnet_group.rds"
                "[root] aws_db_instance.db" -> "[root] aws_security_group.docker"
                "[root] aws_db_instance.db" -> "[root] provider.aws"
                "[root] aws_db_subnet_group.rds" -> "[root] provider.aws"
                "[root] aws_ecs_cluster.cis" -> "[root] provider.aws"
                "[root] aws_iam_instance_profile.cissaas" -> "[root] aws_iam_role.cissaas"
                "[root] aws_iam_instance_profile.cissaas" -> "[root] aws_iam_role_policy.ecs"
                "[root] aws_iam_instance_profile.cissaas" -> "[root] provider.aws"
                "[root] aws_iam_role.cissaas" -> "[root] provider.aws"
                "[root] aws_iam_role.role_service" -> "[root] provider.aws"
                "[root] aws_iam_role_policy.ecs" -> "[root] aws_iam_role.cissaas"
                "[root] aws_iam_role_policy.ecs" -> "[root] provider.aws"
                "[root] aws_iam_role_policy.ecs_service" -> "[root] aws_iam_role.role_service"
                "[root] aws_iam_role_policy.ecs_service" -> "[root] provider.aws"
                "[root] aws_security_group.docker" -> "[root] provider.aws"
                "[root] mysql_database.app" -> "[root] provider.mysql"
                "[root] provider.mysql" -> "[root] aws_db_instance.db"
                "[root] template_file.user_data" -> "[root] provider.template"
        }
}

provider "mysql" {
    endpoint = "${aws_db_instance.db.endpoint}"
    username = "${var.rds_admin}"
    password = "${var.rds_password}"
}

resource "mysql_database" "app" {
    name = "my_awesome_app"
    #default_character_set = "latin2"
    #default_collation = "latin2_general_ci"
}

And as result I see that ${aws_db_instance.db.endpoint} is not passed to mysql provider during initial run
Debug error messages from provider.
Initial run

 endpoint - , dial tcp: missing address

Second run

endpoint - blah.eu-west-1.rds.amazonaws.com:3306

@partamonov
Copy link
Author

@catsby do you have any ideas

@mitchellh mitchellh self-assigned this Dec 11, 2016
mitchellh added a commit that referenced this issue Dec 11, 2016
@mitchellh
terraform: destroy resources in dependent providers first
14d079f 
Fixes #4645

This is something that never worked (even in legacy graphs), but as we
push forward towards encouraging multi-provider usage especially with
things like the Vault data source, I want to make sure we have this
right for 0.8.

When you have a config like this:

```
resource "foo_type" "name" {}
provider "bar" { attr = "${foo_type.name.value}" }
resource "bar_type" "name" {}
```

Then the destruction ordering MUST be:

  1. `bar_type`
  2. `foo_type`

Since configuring the client for `bar_type` requires accessing data from
`foo_type`. Prior to this PR, these two would be done in parallel. This
properly pushes forward the dependency.

There are more cases I want to test but this is a basic case that is
fixed.
@mitchellh mitchellh mentioned this issue Dec 11, 2016
Merged
@mitchellh
Copy link
Contributor

I finally have a fix for this queued up in the referenced PR. :)

@mitchellh mitchellh changed the title Dependency Graph issue Destruction order for dependent providers is incorrect Dec 11, 2016
@ghost
Copy link

ghost commented Apr 18, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 18, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mitchellh mitchellh

Labels
bug core
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

terraform: destroy resources in dependent providers first hashicorp/terraform
4 participants
@mitchellh @catsby @mtekel @partamonov