Any way to set variables during terraform apply process?

[anton...@gmail.com]

Hi Guys

I'm stuck trying to provision a crappy Windows Box in AWS using terraform. 

Is there any way to set a variable during the terraform apply process?

I have an instance with a local-exec provisioner which runs a script to get the password for a windows instance.

After the local-exec provisioner has completed, a remote-exec provisioner runs and I want the config for the remote-exec provisioner to use the windows password that was obtained by the local-exec provisioner.

I've tried the following:

In my variables.tf file I have declared a variable with a default value of "" e.g:

variable "windows_password" {

  default = ""

}

In my local-exec script, once I've got my windows password I have tried to export the value as an environment variable e.g:

export TF_VAR_ windows_password=something

Then in my config for my remote-exec provisioner I've got the following:

connection {

  type = "winrm"

  timeout = "10m"

  password = "${var.windows_password}"

}

The problem is that the var.windows_password variable doesn't appear to have been set so I assume that the local-exec provisioner runs in a new shell and therefore the main terraform process doesn't have access to the variable I exported - this is a guess so correct me if I'm wrong.

Is there any way to achieve what I'm trying to achieve here and have a value calculated in my local-exec provisioner and then use that value in my remote-exec config?

Any help or advice would be greatly appreciated!

Thanks!

[Paul Hinze]

Hi there,

Good question, and thanks for the clear description of your use case.

Unfortunately the way things are ordered within a Terraform run makes this pretty impossible today.

Seems like there are two ways to approach this:

 (1) The general case: allow local-exec provisioners to export variables into the Terraform run

 (2) The specific case: provide a way of retrieving the Windows password on an AWS instance

They're both valid enhancements, but I think (2) is going to be easier for us to address in the short term.

I filed (2) as https://github.com/hashicorp/terraform/issues/3148 for you to track.

Hope this helps!

Paul

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/9dcac77a-622c-4d2f-a361-b2448ce745ea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[anton...@gmail.com]

Thanks Paul

Interestingly, a colleague suggested I use packer as I was essentially building an AMI.

The packer provisioner handles windows passwords out-of-the-box so terraform could probably borrow & tweak the code that packer is using for the provisioner.

Packer will work for me in the short term but terraform would be my preference as I use a lot of variables coming from remote state outputs.

My workaround in the interim will be to have a script which gets outputs from my terraform modules and exports them as environment variables and then calls packer which will reference the env vars.

[Lance Johnston]

Hi,

(1), the general case, would be an awesome enhancement! For both local-exec and remote-exec provisioners.

Lance