Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

inf-terraform-aws - preserve errored.tfstate file in case of write failure in make deploy #665

Open
tbugfinder opened this issue Nov 4, 2021 · 5 comments
Open

inf-terraform-aws - preserve errored.tfstate file in case of write failure in make deploy #665

tbugfinder opened this issue Nov 4, 2021 · 5 comments
Assignees
@nichtraunzer

Comments

@tbugfinder
Copy link
Contributor

In case terraform cannot upload the state file to the configured bucket it writes it to a file errored.tfstate.
It is important to preserve this file so that manual error handling can be done (e.g. upload file manually).

In addition it might be beneficial to check before that permissions and infrastructure setup is properly configured for running the terraform deploy command.

ods-quickstarters/inf-terraform-aws/Jenkinsfile.template

Lines 227 to 233 in 35ca70f

def status = sh(script: '''
eval \"\$(rbenv init -)\" && \
make deploy''',
returnStatus: true)
if (status != 0) {
error "Deploy failed!"
}

FYI: @nichtraunzer
@tbugfinder
Copy link
Contributor Author

Error message:

aws_cloudformation_stack.cft-s3: Still creating... [30s elapsed]
aws_cloudformation_stack.cft-s3: Creation complete after 37s [id=arn:aws:cloudformation:<snip>
Error: Failed to save state

Error saving state: failed to upload state: AccessDenied: Access Denied
	status code: 403, request id: <snip>
Error: Failed to persist state to backend

The error shown above has prevented Terraform from writing the updated state
to the configured backend. To allow for recovery, the state has been written
to the file "errored.tfstate" in the current working di

@nichtraunzer
Copy link
Member

nichtraunzer commented Jan 12, 2022
edited

In case terraform cannot upload the state file to the configured bucket it writes it to a file errored.tfstate. It is important to preserve this file so that manual error handling can be done (e.g. upload file manually).

  • can u describe what u mean by "preserve" ? (how long, where should it be preserved, ...)

I assume this error occurs because the policy for the shared S3 bucket has not been updated for the given account. I also assume this error will not occur when we switch to dedicated S3 buckets to store the TF state for each account -am I right ?

@tbugfinder
Copy link
Contributor Author

The error was raised as the bucket policy wasn't set properly. I cannot tell all error conditions which could come up nevertheless if terraform errors out and leaves a file errored.tfstate on the ephemeral jenkins agent the this file should be uploaded within the pipeline run as an artifact.

@tbugfinder
Copy link
Contributor Author

https://www.jenkins.io/doc/pipeline/steps/core/

==>

archiveArtifacts artifacts: 'errored.tfstate',
                   allowEmptyArchive: true

@nichtraunzer
Copy link
Member

I would like to see this feature into the new InfrastructureService provided by the Jenkins Shared Library #740 - draft should be available by early next week.

@nichtraunzer nichtraunzer self-assigned this Mar 31, 2022
@nichtraunzer nichtraunzer mentioned this issue Apr 14, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nichtraunzer nichtraunzer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nichtraunzer @tbugfinder