My question is similar to this git hub post, but unfortunately it is unsolved:
https://github.com/hashicorp/terraform/issues/550
I want a simple way to give sudo privileges to the commands run in the provisioner "remote-exec" { }
block of my terraform scripts.
I am coming from an ansible background that has the sudo: yes
option that allows any commands ansible runs to run commands with sudo privileges when using the --ask-sudo-pass
optional in my ansible-playbook run commands. I would like to do something like that in the provisioner "remote-exec"
block of my terraform script.
Here is the provisioner "remote-exec"
block I want to run:
provisioner "remote-exec" {
inline = [
"sudo apt-get update",
"sudo apt-get install -y curl"
]
}
When I run this in my terraform apply
I see the following lines appear in the output of this command:
openstack_compute_instance_v2.test.0 (remote-exec): [sudo] password for myUserName:
openstack_compute_instance_v2.test.1 (remote-exec): [sudo] password for myUserName:
openstack_compute_instance_v2.test.2 (remote-exec): [sudo] password for myUserName:
Then it just gives me an infinite number of these:
openstack_compute_instance_v2.test.0: Still creating...
openstack_compute_instance_v2.test.1: Still creating...
openstack_compute_instance_v2.test.2: Still creating...
So how do I fix this and let terraform run sudo commands?
Note: The connection for my provisioner "remote-exec"
block cannot be root, so even though that would be a simple solution its not what I can use.
Main commands: init Prepare your working directory for other commands validate Check whether the configuration is valid plan Show changes required by the current configuration apply Create or update infrastructure destroy Destroy previously-created infrastructure All other commands: console Try Terraform expressions at ...
Provisioners are used to execute scripts on a local or remote machine as part of resource creation or destruction. Provisioners can be used to bootstrap a resource, cleanup before destroy, run configuration management, etc.
local-exec Provisioner. The local-exec provisioner invokes a local executable after a resource is created. This invokes a process on the machine running Terraform, not on the resource.
The remote-exec provisioner invokes a script on a remote resource after it is created. This can be used to run a configuration management tool, bootstrap into a cluster, etc. To invoke a local process, see the local-exec provisioner instead.
What about:
echo ${var.pw} | sudo -S -k apt-get update
-k
means to ignore cached credentials to force sudo to always ask. This is for consistent behavior.
https://superuser.com/q/67765
The answer was to use the following syntax in my first sudo command:
"echo yourPW | sudo -S someCommand"
This bypasses the sudo password prompt and enters the password directly into the command. I already had my sudo password as a variable "${var.pw}"
so running my sudo commands was the simple matter of changing my first command to:
provisioner "remote-exec" {
inline = [
"echo ${var.pw} | sudo -S apt-get update",
"sudo apt-get install -y curl"
]
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With