Provisioners

Terraform not only helps us in infrastructure creation and management but also in provisioning them during resource creation or deletion.

Provisioners are used to execute scripts or shell commands on a local or remote machine as part of resource creation or deletion.

Provisioners can be used to bootstrap a resource, cleanup before destroy, run configuration management etc.

Below are list of the supported provisioners

chef : The chef provisioner installs, configures and runs the Chef Client on a remote resource.
connection : The chef provisioner to define or override connection properties of a resource
file : The file provisioner is used to copy files or directories to the newly created resource.
habitat : The habitat provisioner installs the Habitat supervisor and loads configured services.
local-exec : The local-exec provisioner invokes a local executable after a resource is created.
null_resource : The null_resource is a resource that allows you to configure provisioners that are not directly associated with a single existing resource.
remote-exec : The remote-exec provisioner invokes a script on a remote resource after it is created.
salt-masterless : The salt-masterless Terraform provisioner provisions machines built by Terraform using Salt states, without connecting to a Salt master.

Defining a Provisioner

To define a provisioner, add a provisioner block within the resource block. Multiple provisioner blocks can be added to define multiple provisioning steps.

resource "aws_instance" "webserver" {
  ami = "ami-b374d5a5"
  instance_type = "t2.micro"

  provisioner "local-exec" {
  command = "echo ${aws_instance.webserver.public_ip} > ip_address.txt"
  }
}

Running Provisioners

Provisioners by default run only when a resource is created, not during updating or any other lifecycle.

If a creation-time provisioner fails, the resource is marked as tainted. A tainted resource will be planned for deletion and recreation upon the next terraform apply.

Failure Behavior

By default, provisioners that fail will cause to error. With on_failure setting we can change this.

The allowed values are:

continue : Ignore the error and continue with creation or destruction.
fail (default behavior): Error. If it is a creation provisioner, taint the resource.

resource "aws_instance" "webserver" {
# ...

  provisioner "local-exec" {
  command = "echo ${server.private_ip} > file.txt"
  on_failure = "continue"
 }
}

Destroy Provisioners

Provisioners can also be defined that run only during a destroy operation. These are useful for performing system cleanup, extracting data, etc.

If when = “destroy” is specified, the provisioner will before the resource is destroyed.

resource "aws_instance" "web" {
# ...
  provisioner "local-exec" {
    command = "echo Creating"
  }
  provisioner "local-exec" {
    when = "destroy"
    command = "echo Destroying"
  }
}

Share this:

Like this: