terraform hangs when sudo su in amazon linux

[eduardomaillo]

When executing the bootstrap commands, terraforms hangs in the sudo su line. The instance is created, the commands before the sudo su are executed, and it hangs when the sudo su. Nothing else is executed: aws_instance.example: Still creating... (1m40s elapsed) for ever.

The terraform script

provider "aws" {
  access_key = "----------------"
  secret_key = "================="
  region     = "us-east-1"
}

resource "aws_instance" "example" {
  ami                    = "ami-013be31976ca2c322"
  instance_type          = "t2.micro"
  key_name               = "My-KeyPair"
  vpc_security_group_ids = ["sg-051214b144rw33a5ffb"]
  subnet_id              = "subnet-03b83bec74e3w5d1612f"
  
  provisioner "remote-exec" {
    inline = [
      "touch test1.txt",
      "sudo su",
      "echo \"supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;\" >> /etc/dhcp/dhclient.conf",
      "touch test2.txt",
    ]
    
    connection {
      type        = "ssh"
      user        = "ec2-user"
      private_key = "${file("/Users/testUser/Downloads/my-KeyPair.pem")}"

    }
  }    
}

[apparentlymart]

Hi @eduardomaillo,

It's hard to say what's going on here, but my first idea is that sudo is configured to prompt for a password and so it's hanging waiting for interactive input. That seems strange to me since Terraform does not run commands in an interactive terminal (and so sudo should just fail completely in that case) but that's the best lead I have to start.

I assume you're using sudo here so that the I/O redirection on the following line can have access to that file. Another way to do this, which I've seen used more commonly, is to run a child shell under sudo:

  "sudo bash -c 'echo \"...\" >> /etc/dhcp/dhclient.conf'"

I'm not sure if this will make any difference -- if it's sudo causing the problem then this'd probably hang too -- but maybe it was actually the su that was the problem and so this will work around it.

---

Another thing I'd add here, though it's not directly related to your question, is that by the time the EC2 instance is listening on the network and running sshd it's probably already got its DHCP lease and so it may be too late to reconfigure the client like that. If you're also separately restarting the client some way that I can't see here then never mind, but you might find it better to do this particular operation using cloud-init (assuming your AMI is using that) so that it can happen sooner during startup. That's unfortunately still to late because the network must be up for cloud-init to fetch the user data blob, but at least then it can happen before any incoming connections (like SSH) are active.

[eduardomaillo]

Thanks for the input. When I directly sudo su in the server's console, it does not ask for password, so I assume it shouldn't ask for it either in terraform.

[michatch]

I was having the same issue when running from the terraform Windows installation through cmd. When running from a macOs i did not have any problem. It also seems when a command responded with a colored output, this stopped the execution in windows.

Update: when running from cygwin I had no problem too.

[Soap2G]

To enable sudo su in the remote exec, just do:

inline = [
      "touch test1.txt",
      "sudo su <<EOF",
      "echo \"supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;\" >> /etc/dhcp/dhclient.conf",
      "touch test2.txt",
      "EOF"
    ]

The operator << is an instruction to read input until it finds a line containing the specified delimiter, as EOF (end of file).

[danieldreier]

I want to apologize for the slow response time on this issue, and also let you know that I am bulk-closing all issues exclusively reported against Terraform 0.11.x, including this issue, because we are no longer investigating issues reported against Terraform 0.11.x. In most cases, when we try to reproduce issues reported against 0.11, we either can't reproduce them anymore, or the reporter has moved on, so we believe we can better support the Terraform user community by prioritizing more recent issues.

Terraform 0.12 has been available since May of 2019, and there are really significant benefits to adopting it. I know that migrating from 0.11 to versions past 0.12 can require a bit of effort, but it really is worth it, and the upgrade path is pretty well understood in the community by now. 0.14 is available and stable, and we are quickly approaching an 0.15 release.

We have made a significant effort in the last year to stay on top of bug reports; we have triaged almost all new bug reports within 1-2 weeks for 6+ months now. If you are still experiencing this problem, please submit a new bug report with a reproduction case that works on 0.14.x, link this old issue for context, and we will triage it.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.