#terragrunt - September 2020

hey all, ive been working with terragrunt for a while now.. just moving some automation into a jenkinsfile job to deploy from a jenkins… however getting errors when pulling for remote private repo, has anyone implemented this ? example source and error below:

terraform {
  source = "git::<ssh://git@bitbucket.org/company/paas-multi-terraform-library.git//gcp/network/subnet>"
} 

error

error downloading '<ssh://git@bitbucket.org/company/paas-multi-terraform-library.git>': /usr/bin/git exited with 128: Cloning into '/home/jenkins/agent/workspace/kinsfile-test_MSP-273-ci-jenkins/non-prod/amer/us-west1/mgmt/compute/dev_private_gke_cluster/.terragrunt-cache/h4cvKw_rhACL9f2Geh59b-KBmeI/6D1EtXnNY27AvhFueqKBaj4w-Gk'...
Warning: Permanently added the RSA host key for IP address '18.205.93.2' to the list of known hosts.
<mailto:git@bitbucket.org|git@bitbucket.org>: Permission denied (publickey).

i have loaded the ssh key and other commands work, the key is also working locally

jenkinsfile extract:

withCredentials([sshUserPrivateKey(credentialsId: 'company_bb', keyFileVariable: 'identity')]) {
              sh ("eval `ssh-agent -s` && ssh-add ${identity} && ssh-add -L")
              sh("ssh -T -oStrictHostKeyChecking=no <mailto:git@bitbucket.org|git@bitbucket.org> || true")
              sh("cd non-prod/amer/us-west1/mgmt/compute/dev_private_gke_cluster/ && terragrunt apply --terragrunt-non-interactive --terragrunt-debug")
  
            }

any working examples or if anyone spots any glaring problems any support would be great 👍️

not pretty, but I have the required outcome using the below:

sh("eval `ssh-agent -s` && ssh-add ${identity} && cd non-prod/amer/us-west1/mgmt/compute/dev_private_gke_cluster/ && terragrunt apply --auto-approve --terragrunt-non-interactive")

Yeah, your initial sh() step was in a sub shell and then lost for subsequent calls. We’ve gotten around this with some git config and using PATs over HTTPS, so no ssh keys needed.

the plan-all/apply-all are very useful, but is there a way to only plan-some/apply-some with a list of modules to run?

Or, getting to my real use case, is there a way to run a module that has dependency blocks on other modules while specifying --terragrunt-source?

Don’t use ACTION-all commands IMO, they aren’t production safe. stdin/stdout all get munged, there is little way to control what exactly to target and the current implementation is broken if you want to save the plan to a planfile and pas that to your apply, which you should be doing.

fair enough

But is there a way to run a single module with input from dependencies against local source?

Not AFAIK. --terragrunt-source is used essentially for the terraform init -from-module step for where to pull in the initial top level module, it won’t overrite your other sources in there to also point to local modules.

I'm attemping to use a dependency output in a locals block like so:

locals {

  thing2 = do_stuff(dependency.another_module.outputs.thing)
}

dependency "another_module" {
  config_path = "../another-module"
}

inputs = {
  thing = local.thing2
  
}

But I'm getting the error :

[terragrunt] 2020/09/11 13:10:37 Not all locals could be evaluated:
[terragrunt] 2020/09/11 13:10:37 	- thing2
[terragrunt] 2020/09/11 13:10:37 Could not evaluate all locals in block.

Can you not use dependencies in local blocks?

hi, new to terragrunt. I am trying to set an env variable (AWS_PROFILE) as part of before_hook. I am trying this with the hope that the cmd is run in the same shell session as the terraform cmd will be run but now i think that's not how the hooks work. Any suggestions on how i can have the AWS_PROFILE set for the terraform cmds automatically by terragrunt?

i'm new to terragrunt and i've hit a snag that is difficult to solve since the online documentations is for the newester version. anyone still stuck on old versions of terragrunt in here?

i'm stuck on v0.18.7 and i wanted to read in another config file with read_terragrunt_config() but that seems to be a newer addition.

what i really want is to have a file somewhere in the parent folder path with a list of variables containing versions, that i can then reference in the terragrunt files like

terraform {
  source = "git@github.com:org/module?ref=${version_from_var}"
  ...
}

any suggestions for workarounds or solutions that wil work with terragrunt 0.18?

@Mads Hvelplund Am using read_terragrunt_config() for exactly this. Can you upgrade Terragrunt?

nope. i'm told by the ops guys that 0.18.7 is the last version that works with terraform 11

Ah indeed, if you are TF 11 you are stuck.

Given TF 14 is alpha, may want to tackle that before a big infra refactor into Terragrunt

Does the file with versions have any fancy HCL specific logic in it? If not, you could make that file JSON or YAML and then read in the file and decode it using older functions

i'm pretty sure you can use the latest terragrunt, you just have to set terraform_version_constraint = ">= 0.11" in your terragrunt config... https://terragrunt.gruntwork.io/docs/reference/config-blocks-and-attributes/#terraform_version_constraint

we were doing that for quite a while, as part of our own upgrade path

Ah, nice, I thought they’d done a hard cut off

they did, and then someone contributed the version_constraint argument, since there wasn't really a technical reason for the restriction, more just a limitation of how they're testing