recreate_client seemingly ignored when using chef provisioner twice for same node

[Bjorn248]

Terraform Version

0.7.13

Affected Resource(s)

Please list the resources as a list, for example:

• aws_instance
• null_resource

Terraform Configuration Files

https://gist.github.com/Bjorn248/99b7820d982e1abb0abca99e9fd6b5bd

Debug Output

Debug: https://gist.github.com/Bjorn248/9972bccb6a8d8c308386045ac0cbaabb
Non-Debug: https://gist.github.com/Bjorn248/22f0441dc99a225beebfb3307e5a720b

Expected Behavior

sudo knife node delete should have never been run with recreate_client set to false. With older versions of terraform this was not an issue, and the apply ran through without problems. Once recreate_client was added this broke.

What I am doing here is configuring a mongo replicaset, a relatively simple task. First, I use three aws_instance resources to spin up my servers and use the inline chef provisioner to install mongo on them, and then once all 3 are up I use a null_resource to configure a replicaset from DB1, also using chef. This was working before (in older versions of terraform), and the behavior was just that terraform would ssh in and basically run chef-client with the appropriate attributes and run_list inside the null_resource and it would not try to delete the chef node before the second run.

Actual Behavior

Once the apply gets to the null_resource it tries to delete the chef node even though recreate_client is set to false. It fails to delete the chef node (citing lack of permissions even though I tried this with an admin user and that still did not resolve the issue) and the apply fails. In order to get the apply to run all the way through I have to delete the chef client nodes before running apply again so that terraform can recreate the nodes and run chef-client a second time, this time configuring the replica set.

Steps to Reproduce

1. Have a chef server that you can use to provision ec2 instances.
2. Use the inline chef provisioner on an ec2 instance.
3. Use a null_resource to further configure a previously configured node with recreate_client set to false (it actually does not matter if it is set to true or false the result is the same).
4. Notice that the provision step inside the null_resource fails because terraform tries to delete the node.

References

#3605

[svanharmelen]

@Bjorn248 I suspect that you need to add these to your null_resource chef provisioner blocks:

  skip_install = true
  skip_register = true

As the Chef-Client is already installed and the client.pem is already available. See these docs for more details. The recreate_client entry can be omitted if you set bot these values.

The missing delete permission message you observed is due to the code trying to delete the existing node object, not the client object (see here) hence that the recreate_client entry has no effect on this message.

[Bjorn248]

@svanharmelen thanks! That will likely resolve the issue. I will close this for now and reopen if I run into further issues.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.