Title
a
Aiman Ismail
03/10/2023, 2:43 AManyone encountered issues running plan in atlantis after the new 1.4 terraform release? We didn’t commit Terraform lock files to our repo and apparently that the latest version broke the behavior of the plugin cache esp if you didn’t commit Terraform lock files.
What happens here I think is because we use local directory as plugin cache, when multiple init is running at the same time and trying to access the plugin cache, it lead to this error
text file busyInitializing the backend...
Initializing provider plugins...
- <http://terraform.io/builtin/terraform|terraform.io/builtin/terraform> is built in to Terraform
- Finding latest version of hashicorp/template...
- Finding hashicorp/aws versions matching "~> 4.0"...
- Installing hashicorp/template v2.2.0...
- Installed hashicorp/template v2.2.0 (signed by HashiCorp)
- Installing hashicorp/aws v4.58.0...
╷
│ Error: Failed to install provider
│
│ Error while installing hashicorp/aws v4.58.0: open
│ /atlantis-data/plugin-cache/registry.terraform.io/hashicorp/aws/4.58.0/linux_amd64/terraform-provider-aws_v4.58.0_x5:
│ text file busyside question: is it possible to override the Terraform CLI version globally from the server side? I want to revert our CLI revert from using 1.4 at least for now.
I know we can set the default CLI version on server side but it is lower precedence than the
required_versionterraform_versionatlantis.yamlp
PePe Amengual
03/10/2023, 2:56 AMyou can pass a tf env var to keep the old behaviour
nop I'm lying
a
Aiman Ismail
03/10/2023, 3:02 AMyeah I found
TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILErm -rf /atlantis-data/plugin-cache👍 2
p
PePe Amengual
03/10/2023, 3:03 AMa
Aiman Ismail
03/10/2023, 3:07 AMWith this new breaking change from Terraform CLI, is it currently recommended to commit the Terraform lock file to git? I think I read somewhere before that I shouldn’t commit it when using Atlantis but I might’ve remembered wrong.
w
wby
03/10/2023, 3:12 AMHashicorp recommends it strongly
I don’t do it (I’m the one who made the request for them to add a method to configure the new config option via env var).
There have been a lot of contentious threads about Hashicorp not supporting not using a lockfile, as well as some of the deficiencies with the current lockfile implementation.
They made it very clear in the discussions around that workaround for 1.4 that this workaround may not be continued / followed in future Terraform versions.
Terraform automatically creates or updates the dependency lock file each time you run the terraform init command. You should include this file in your version control repository so that you can discuss potential changes to your external dependencies via code reviewhttps://developer.hashicorp.com/terraform/language/files/dependency-lock We don’t use it, because we pin almost all of our providers / modules to exact versions, and because we use Renovate to update our dependencies (it still doesn’t manage the lockfile as well as you might like). That said, I have never heard of any Atlantis specific reason that you shouldn’t check in the lockfile; you probably should check it in unless you have a good reason not to.
👍 2
@Aiman Ismail you can set the default Terraform version as you mentioned, though Atlantis will still try to get another version if it’s requested in the version constraints
ATLANTIS_DEFAULT_TF_VERSION: "1.3.9"But if you have
required_version: 1.4a
Aiman Ismail
03/10/2023, 3:24 AMI think I’ve misunderstood the
required_version>= 1.0required_versionw
wby
03/10/2023, 3:27 AMI think it is a good practice, if not required. for sure tools like
tflintlike you could do
~> 1.3.0