ignition_config creation fails if the files section contains both static and dynamic content files

[IvanovOleg]

Terraform Version

Terraform v0.12.1

Affected Resource(s)

Please list the resources as a list, for example:

• ignition_config

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

resource "tls_private_key" "ca" {
  algorithm = "${var.tls_algorithm}"
}

data "ignition_file" "sysctl-net-core" {
  filesystem = "root"
  path       = "/etc/sysctl.d/nc.conf"
  mode       = 420

  content {
    content = "net.core.somaxconn = 512"
  }
}

data "ignition_file" "ca-key" {
  filesystem = "root"
  path       = "${var.tls_directory}/ca-key.pem"
  mode       = 493

  content {
    content = "${tls_private_key.ca.private_key_pem}"
  }
}

data "ignition_config" "main" {
  files = [
    "${data.ignition_file.sysctl-net-core.id}",
    "${data.ignition_file.ca-key.id}",
  ]
}

tls_directory             = "/etc/ssl/certs/kubernetes"
tls_algorithm             = "RSA"
tls_validity_period_hours = 26280
etcd_disk_lun_number      = 1

variable "tls_algorithm" {}
variable "tls_validity_period_hours" {}
variable "etcd_disk_lun_number" {}
variable "tls_directory" {}

Expected Behavior

Ignition config is created.

Actual Behavior

data.ignition_file.sysctl-net-core: Refreshing state...

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # data.ignition_config.main will be read during apply
  # (config refers to values not yet known)
 <= data "ignition_config" "main"  {
      + files    = [
          + "84c1889315f23264eb059f6a0dea5b0c3c3c362bc274c33c249b640e4700c4f0",
          + (known after apply),
        ]
      + id       = (known after apply)
      + rendered = (known after apply)
    }

  # data.ignition_file.ca-key will be read during apply
  # (config refers to values not yet known)
 <= data "ignition_file" "ca-key"  {
      + filesystem = "root"
      + id         = (known after apply)
      + mode       = 493
      + path       = "/etc/ssl/certs/kubernetes/ca-key.pem"

      + content {
          + content = (known after apply)
        }
    }

  # tls_private_key.ca will be created
  + resource "tls_private_key" "ca" {
      + algorithm                  = "RSA"
      + ecdsa_curve                = "P224"
      + id                         = (known after apply)
      + private_key_pem            = (known after apply)
      + public_key_fingerprint_md5 = (known after apply)
      + public_key_openssh         = (known after apply)
      + public_key_pem             = (known after apply)
      + rsa_bits                   = 2048
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

tls_private_key.ca: Creating...
tls_private_key.ca: Creation complete after 0s [id=7bcfe6bcf6ac7e5db31e29fd75615c6512ff20ee]
data.ignition_file.ca-key: Refreshing state...
data.ignition_config.main: Refreshing state...

Error: invalid file "84c1889315f23264eb059f6a0dea5b0c3c3c362bc274c33c249b640e4700c4f0", unknown file id

  on ignition.tf line 21, in data "ignition_config" "main":
  21: data "ignition_config" "main" {

Debug Output

2019/06/19 22:35:36 [TRACE] EvalReadData: working on data.ignition_config.main
2019/06/19 22:35:36 [TRACE] GetResourceInstance: data.ignition_file.sysctl-net-core is a single instance
2019/06/19 22:35:36 [TRACE] GetResourceInstance: data.ignition_file.ca-key is a single instance
2019/06/19 22:35:36 [TRACE] Re-validating config for data.ignition_config.main
2019/06/19 22:35:36 [TRACE] GRPCProvider: ValidateDataSourceConfig
2019/06/19 22:35:36 [TRACE] EvalReadData: data.ignition_config.main configuration is complete, so reading from provider
2019/06/19 22:35:36 [TRACE] GRPCProvider: ReadDataSource
2019/06/19 22:35:36 [ERROR] <root>: eval: *terraform.EvalReadData, err: invalid file "84c1889315f23264eb059f6a0dea5b0c3c3c362bc274c33c249b640e4700c4f0", unknown file id
2019/06/19 22:35:36 [ERROR] <root>: eval: *terraform.EvalSequence, err: invalid file "84c1889315f23264eb059f6a0dea5b0c3c3c362bc274c33c249b640e4700c4f0", unknown file id
2019/06/19 22:35:36 [TRACE] [walkApply] Exiting eval tree: data.ignition_config.main
2019/06/19 22:35:36 [TRACE] vertex "data.ignition_config.main": visit complete
2019/06/19 22:35:36 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping
2019/06/19 22:35:36 [TRACE] dag/walk: upstream of "provider.ignition (close)" errored, so skipping
2019/06/19 22:35:36 [TRACE] dag/walk: upstream of "root" errored, so skipping
2019/06/19 22:35:36 [TRACE] statemgr.Filesystem: no original state snapshot to back up
data2019/06/19 22:35:36 [TRACE] statemgr.Filesystem: state has changed since last snapshot, so incrementing serial to 3
.2019/06/19 22:35:36 [TRACE] statemgr.Filesystem: writing snapshot at terraform.tfstate
ignition_config.main: Refreshing state...
2019/06/19 22:35:36 [TRACE] statemgr.Filesystem: removing lock metadata file .terraform.tfstate.lock.info

Important Factoids

If the files section of the ignition_config contains references on both static content files and dynamic content files, ignition_config fails. Second execution of the apply command works. If I comment static content or dynamic content file references separately, it works. Looks like ignition_config doesn't resolve dependencies correctly.

[IvanovOleg]

Exists in the terraform 0.12.2 as well

[IvanovOleg]

I've changed this line:
https://github.com/terraform-providers/terraform-provider-ignition/blob/cbc74835e76081caf05f1861e695b4eb8fbceffc/ignition/resource_ignition_config.go#L258
to:
return storage, fmt.Errorf("invalid file %q, unknown file id", c.files)
and to:
return storage, fmt.Errorf("invalid file %q, unknown file id", d.Get("files"))
to see content and the problem is that there are two files in d.Get("files"), but only one file is in c.files. Looks like the static content file doesn't appear in the cache at this point.

[IvanovOleg]

The reason of the issue is that terraform 0.12 resolves static and dynamic content on different stages. This means that there are two separate"globalcache" instances. So when the buildStorage function works, it tries to check the availability of static files stored in the schema with globalcache that holds only dynamic content files and fails. The same thing happens with the other types.

[seh]

Why did you close the issue? It sounds like there’s still a defect here.

[IvanovOleg]

@seh Because I've found #12 that looks the same

[smalltown]

also encounter the same issue in terraform 0.12.3 ...

[tstoermer]

Same issue with

• Terraform v0.12.6
• provider.ignition v1.1.0

Using a variable to assign ignition file content fails. Using the file() operation reading content from a file works.

[esomore]

I am having the same issue

Error: invalid systemd unit "d119185b0d6e25dcdbf0f4ee0d9ccc4c34505f45894f759680e663faae018aea", unknown systemd unit id

[seh]

We're hitting this too with Terraform version 0.12.7 and provider version 1.1.0.

It used to be possible to work around these problems in 0.11-era Terraform versions by not doing a separate terraform plan and terraform apply <plan>, but rather going straight through with terraform apply. Now, though, with Terraform's 0.12-era versions, we can't get this provider to work at all.

Best would be if this provider immediately failed with an error during terraform init, warning not to proceed with trying to use it. @alexsomesan, it looks like you've been the most active maintainer on this project recently, and worked through the Terraform version 0.12 transition. Have you found it to work for you? If not, what's your recommended course of action here?