Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to run sudo commands in terraform?

My question is similar to this git hub post, but unfortunately it is unsolved:

https://github.com/hashicorp/terraform/issues/550

I want a simple way to give sudo privileges to the commands run in the provisioner "remote-exec" { } block of my terraform scripts.

I am coming from an ansible background that has the sudo: yes option that allows any commands ansible runs to run commands with sudo privileges when using the --ask-sudo-pass optional in my ansible-playbook run commands. I would like to do something like that in the provisioner "remote-exec" block of my terraform script.

Here is the provisioner "remote-exec" block I want to run:

  provisioner "remote-exec" {
    inline = [
      "sudo apt-get update",
      "sudo apt-get install -y curl"
    ]
  }

When I run this in my terraform apply I see the following lines appear in the output of this command:

openstack_compute_instance_v2.test.0 (remote-exec): [sudo] password for myUserName:
openstack_compute_instance_v2.test.1 (remote-exec): [sudo] password for myUserName:
openstack_compute_instance_v2.test.2 (remote-exec): [sudo] password for myUserName:

Then it just gives me an infinite number of these:

openstack_compute_instance_v2.test.0: Still creating... 
openstack_compute_instance_v2.test.1: Still creating... 
openstack_compute_instance_v2.test.2: Still creating... 

So how do I fix this and let terraform run sudo commands?

Note: The connection for my provisioner "remote-exec" block cannot be root, so even though that would be a simple solution its not what I can use.

like image 714
Alex Cohen Avatar asked Jun 15 '16 23:06

Alex Cohen


People also ask

How do I run commands in Terraform?

Main commands: init Prepare your working directory for other commands validate Check whether the configuration is valid plan Show changes required by the current configuration apply Create or update infrastructure destroy Destroy previously-created infrastructure All other commands: console Try Terraform expressions at ...

What is a Provisioner in Terraform?

Provisioners are used to execute scripts on a local or remote machine as part of resource creation or destruction. Provisioners can be used to bootstrap a resource, cleanup before destroy, run configuration management, etc.

What Provisioner can you use to that invokes a command on the machine that runs Terraform CLI?

local-exec Provisioner. The local-exec provisioner invokes a local executable after a resource is created. This invokes a process on the machine running Terraform, not on the resource.

What is remote-exec in Terraform?

The remote-exec provisioner invokes a script on a remote resource after it is created. This can be used to run a configuration management tool, bootstrap into a cluster, etc. To invoke a local process, see the local-exec provisioner instead.


2 Answers

What about:

echo ${var.pw} | sudo -S -k apt-get update

-k means to ignore cached credentials to force sudo to always ask. This is for consistent behavior.

https://superuser.com/q/67765

like image 108
Paesano19 Avatar answered Sep 18 '22 13:09

Paesano19


The answer was to use the following syntax in my first sudo command:

"echo yourPW | sudo -S someCommand" 

This bypasses the sudo password prompt and enters the password directly into the command. I already had my sudo password as a variable "${var.pw}" so running my sudo commands was the simple matter of changing my first command to:

  provisioner "remote-exec" {
    inline = [
      "echo ${var.pw} | sudo -S apt-get update",
      "sudo apt-get install -y curl"
    ]
  }
like image 21
Alex Cohen Avatar answered Sep 18 '22 13:09

Alex Cohen