Categories
DevOps

How to execute terraform in an offline mode

Execute the old and new Terraform using the selected provider in an offline mode.

The old one – Terraform 0.12

Inspect Terraform version.

$ ./terraform version
Terraform v0.12.3

Create a module that will be used in this example.

provider "graylog" {
  version          = "1.0.4"
  web_endpoint_uri = "https://graylog.example.com/api"
  api_version      = "v3"
  auth_name        = "admin"
  auth_password    = "password"
}

resource "graylog_user" "user" {
  username  = "user"
  email     = "user@example.com"
  full_name = "Example User"
  password  = "password"
  session_timeout_ms = "3600000"
  roles = [
    "Reader"
  ]
}

This module requires graylog provider.

Create .terraform/plugins/linux_amd64 plugin cache directory.

The format is .terraform/plugins/$OS_$ARCH

$ mkdir -p .terraform/plugins/linux_amd64

Extract downloaded provider.

$ unzip -d .terraform/plugins/linux_amd64/ /tmp/terraform-provider-graylog_1.0.4_linux_amd64.zip terraform-provider-graylog_v1.0.4
Archive:  /tmp/terraform-provider-graylog_1.0.4_linux_amd64.zip
  inflating: .terraform/plugins/linux_amd64/terraform-provider-graylog_v1.0.4

Initialize a working directory containing Terraform configuration files.

$ ./terraform init
Initializing the backend...

Initializing provider plugins...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Inspect Terraform version.

$ ./terraform version
Terraform v0.12.3
+ provider.graylog v1.0.4

Inspect execution plan.

$ ./terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # graylog_user.user will be created
  + resource "graylog_user" "user" {
      + client_address     = (known after apply)
      + email              = "user@example.com"
      + external           = (known after apply)
      + full_name          = "Example User"
      + id                 = (known after apply)
      + last_activity      = (known after apply)
      + password           = (sensitive value)
      + permissions        = (known after apply)
      + read_only          = (known after apply)
      + roles              = [
          + "Reader",
        ]
      + session_active     = (known after apply)
      + session_timeout_ms = 3600000
      + timezone           = (known after apply)
      + user_id            = (known after apply)
      + username           = "user"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

Apply the changes to reach the desired state of the configuration.

$ ./terraform apply -auto-approve
graylog_user.user: Creating...
graylog_user.user: Creation complete after 1s [id=user]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

The new one – Terraform 0.14

Inspect Terraform version.

$ ./terraform version
Terraform v0.14.0

Create a module that will be used in this example – I will use a single file to keep things as simple as possible.

terraform {
  required_providers {
    graylog = {
      source  = "terraform-provider-graylog/graylog"
      version = "1.0.4"
    }
  }
  required_version = ">= 0.13"
}

provider "graylog" {
  web_endpoint_uri = "https://graylog.example.com/api"
  api_version      = "v3"
  auth_name        = "admin"
  auth_password    = "password"
}

resource "graylog_user" "example" {
  username  = "example"
  email     = "test@example.com"
  full_name = "Example User"
  password  = "examplepassword"
  session_timeout_ms = "3600000"
  roles = [
    "Reader"
  ]
}

This module requires graylog provider.

Create terraform.d/plugins/registry.terraform.io/terraform-provider-graylog/graylog/1.0.4/linux_amd64 directory.

The format is terraform.d/plugins/$SOURCEHOST/$NAMESPACE/$TYPE/$VERSION/$OS_$ARCH

$ mkdir -p terraform.d/plugins/registry.terraform.io/terraform-provider-graylog/graylog/1.0.4/linux_amd64

Extract downloaded provider.

$ unzip -d terraform.d/plugins/registry.terraform.io/terraform-provider-graylog/graylog/1.0.4/linux_amd64 /tmp/terraform-provider-graylog_1.0.4_linux_amd64.zip terraform-provider-graylog_v1.0.4
Archive:  /tmp/terraform-provider-graylog_1.0.4_linux_amd64.zip
  inflating: terraform.d/plugins/registry.terraform.io/terraform-provider-graylog/graylog/1.0.4/linux_amd64/terraform-provider-graylog_v1.0.4

Initialize a working directory containing Terraform configuration files.

$ ./terraform init
Initializing the backend...

Initializing provider plugins...
- Finding terraform-provider-graylog/graylog versions matching "1.0.4"...
- Installing terraform-provider-graylog/graylog v1.0.4...
- Installed terraform-provider-graylog/graylog v1.0.4 (unauthenticated)

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Inspect Terraform version.

$ ./terraform version
Terraform v0.14.0
+ provider registry.terraform.io/terraform-provider-graylog/graylog v1.0.4

Inspect .terraform.lock.hcl file.

# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.

provider "registry.terraform.io/terraform-provider-graylog/graylog" {
  version     = "1.0.4"
  constraints = "1.0.4"
  hashes = [
    "h1:NpviWrn+TiUR0E/zGKOd+e4PqpUUTeeLvfiLSheuSUo=",
  ]
}

Inspect execution plan.

$ ./terraform plan
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # graylog_user.user will be created
  + resource "graylog_user" "user" {
      + client_address     = (known after apply)
      + email              = "user@example.com"
      + external           = (known after apply)
      + full_name          = "Example User"
      + id                 = (known after apply)
      + last_activity      = (known after apply)
      + password           = (sensitive value)
      + permissions        = (known after apply)
      + read_only          = (known after apply)
      + roles              = [
          + "Reader",
        ]
      + session_active     = (known after apply)
      + session_timeout_ms = 3600000
      + timezone           = (known after apply)
      + user_id            = (known after apply)
      + username           = "user"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

Apply the changes to reach the desired state of the configuration.

$ ./terraform apply -auto-approve
graylog_user.user: Creating...
graylog_user.user: Creation complete after 1s [id=user]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Additional notes

This is just an example, so I took a few shortcuts to keep things clear.

For more information, please read “Failed to query available provider packages” with locally-installed third-party plugin #25172 GitHub Issue.

Do not try to use the old .terraform/plugins plugin cache directory in more recent terraform versions.

Warning: Missing provider is in legacy cache directory

Terraform supports a number of local directories that can serve as automatic
local filesystem mirrors, but .terraform/plugins is not one of them because
Terraform v0.13 and earlier used this directory to cache copies of provider
plugins retrieved from elsewhere.

If you intended to use this directory as a filesystem mirror for
registry.terraform.io/terraform-provider-graylog/graylog, place it instead in
the following directory:
  terraform.d/plugins/registry.terraform.io/terraform-provider-graylog/graylog/1.0.4/linux_amd64

Remember to define the provider version. Terraform will use the most recent one, but only the older terraform will issue a warning.

Initializing the backend...

Initializing provider plugins...

The following providers do not have any version constraints in configuration,
so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.

* provider.graylog: version = "~> 1.0"

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.