https://www.runatlantis.io/ logo
Title
a

Aiman Ismail

03/10/2023, 2:43 AM
anyone encountered issues running plan in atlantis after the new 1.4 terraform release? We didn’t commit Terraform lock files to our repo and apparently that the latest version broke the behavior of the plugin cache esp if you didn’t commit Terraform lock files. What happens here I think is because we use local directory as plugin cache, when multiple init is running at the same time and trying to access the plugin cache, it lead to this error
text file busy
. Error when running plan:
Initializing the backend...

Initializing provider plugins...
- <http://terraform.io/builtin/terraform|terraform.io/builtin/terraform> is built in to Terraform
- Finding latest version of hashicorp/template...
- Finding hashicorp/aws versions matching "~> 4.0"...
- Installing hashicorp/template v2.2.0...
- Installed hashicorp/template v2.2.0 (signed by HashiCorp)
- Installing hashicorp/aws v4.58.0...
╷
│ Error: Failed to install provider
│ 
│ Error while installing hashicorp/aws v4.58.0: open
│ /atlantis-data/plugin-cache/registry.terraform.io/hashicorp/aws/4.58.0/linux_amd64/terraform-provider-aws_v4.58.0_x5:
│ text file busy
side question: is it possible to override the Terraform CLI version globally from the server side? I want to revert our CLI revert from using 1.4 at least for now. I know we can set the default CLI version on server side but it is lower precedence than the
required_version
config in the folder. I know I can set the
terraform_version
in
atlantis.yaml
but that is only per project. There are no way AFAIK that we can override TF version centrally.
p

PePe Amengual

03/10/2023, 2:56 AM
you can pass a tf env var to keep the old behaviour
nop I'm lying
a

Aiman Ismail

03/10/2023, 3:02 AM
yeah I found
TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE
and set that in Helm. That fixed the issue but I had to
rm -rf /atlantis-data/plugin-cache
first before it works properly again.
👍 2
a

Aiman Ismail

03/10/2023, 3:07 AM
With this new breaking change from Terraform CLI, is it currently recommended to commit the Terraform lock file to git? I think I read somewhere before that I shouldn’t commit it when using Atlantis but I might’ve remembered wrong.
w

wby

03/10/2023, 3:12 AM
Hashicorp recommends it strongly
I don’t do it (I’m the one who made the request for them to add a method to configure the new config option via env var). There have been a lot of contentious threads about Hashicorp not supporting not using a lockfile, as well as some of the deficiencies with the current lockfile implementation.
They made it very clear in the discussions around that workaround for 1.4 that this workaround may not be continued / followed in future Terraform versions.
Terraform automatically creates or updates the dependency lock file each time you run the terraform init command. You should include this file in your version control repository so that you can discuss potential changes to your external dependencies via code review
https://developer.hashicorp.com/terraform/language/files/dependency-lock We don’t use it, because we pin almost all of our providers / modules to exact versions, and because we use Renovate to update our dependencies (it still doesn’t manage the lockfile as well as you might like). That said, I have never heard of any Atlantis specific reason that you shouldn’t check in the lockfile; you probably should check it in unless you have a good reason not to.
👍 2
@Aiman Ismail you can set the default Terraform version as you mentioned, though Atlantis will still try to get another version if it’s requested in the version constraints
ATLANTIS_DEFAULT_TF_VERSION: "1.3.9"
But if you have
required_version: 1.4
in the config, that will always be a problem; presumably you could resolve that by reverting the code change that updated the required version, unless I’m misunderstanding your question?
a

Aiman Ismail

03/10/2023, 3:24 AM
I think I’ve misunderstood the
required_version
config before. We have it set in all our repos to
>= 1.0
which is the reason why it always updates to the latest one. This also made it hard for us to globally override it. Will be removing
required_version
from all our Terraform files in the future unless only when we need to specifically use a Terraform version for that folder.
w

wby

03/10/2023, 3:27 AM
I think it is a good practice, if not required. for sure tools like
tflint
will complain if you don’t have it set. I would suggest setting it, but just setting it either to an exact version, or to a range that makes sense for you
like you could do
~> 1.3.0
or something. We use Renovate to manage all the deps, and just pin to exact version for both provider / module versions, and the terraform required versions, but it does create some extra noise / work to do it that way.