Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating image inside the example doesn't cause container to restart #29

Open
morgante opened this issue Jul 22, 2019 · 22 comments · Fixed by #31
Open

Updating image inside the example doesn't cause container to restart #29

morgante opened this issue Jul 22, 2019 · 22 comments · Fixed by #31
Labels
bug Something isn't working P3 medium priority issues triaged Scoped and ready for work

Comments

@morgante
Copy link
Contributor

morgante commented Jul 22, 2019
edited
Loading

Changing the image name should cause a new container to be spun up.

Reproduction:

  1. Open the simple-example
  2. Run terraform apply
  3. Change the image ID
  4. Run terraform apply again - the new container should be started instead.
@aaron-lane aaron-lane added the bug Something isn't working label Jul 23, 2019
@ivankorn
Copy link
Contributor

ivankorn commented Aug 8, 2019

@morgante @aaron-lane this issue is no longer reproducible.

Created container-vmf from simple example:

[15:53][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ terraform init
Initializing modules...
- gce-container in ../..

Initializing the backend...

Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "random" (terraform-providers/random) 2.1.2...
- Downloading plugin for provider "google" (terraform-providers/google) 2.12.0...
- Downloading plugin for provider "external" (terraform-providers/external) 1.2.0...

The following providers do not have any version constraints in configuration,
so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.

* provider.external: version = "~> 1.2"
* provider.google: version = "~> 2.12"
* provider.random: version = "~> 2.1"

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
[15:57][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.google_compute_zones.available: Refreshing state...
module.gce-container.data.google_compute_image.coreos: Refreshing state...
module.gce-container.data.external.spec_as_yaml: Refreshing state...

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # google_compute_instance.vm will be created
  + resource "google_compute_instance" "vm" {
      + can_ip_forward       = false
      + cpu_platform         = (known after apply)
      + deletion_protection  = false
      + guest_accelerator    = (known after apply)
      + id                   = (known after apply)
      + instance_id          = (known after apply)
      + label_fingerprint    = (known after apply)
      + labels               = {
          + "container-vm" = "cos-stable-75-12105-97-0"
        }
      + machine_type         = "n1-standard-1"
      + metadata             = {
          + "gce-container-declaration" = "---\nspec:\n  containers:\n  - env:\n    - name: TEST_VAR\n      value: Hello World!\n    image: gcr.io/google-samples/hello-app:1.0\n    volumeMounts:\n    - mountPath: \"/cache\"\n      name: tempfs-0\n      readOnly: false\n  restartPolicy: Always\n  volumes:\n  - emptyDir:\n      medium: Memory\n    name: tempfs-0\n"
        }
      + metadata_fingerprint = (known after apply)
      + name                 = "container-vm-example-test"
      + project              = "gl-ivankorniienko-seed"
      + self_link            = (known after apply)
      + tags                 = [
          + "container-vm-example",
        ]
      + tags_fingerprint     = (known after apply)
      + zone                 = (known after apply)

      + boot_disk {
          + auto_delete                = true
          + device_name                = (known after apply)
          + disk_encryption_key_sha256 = (known after apply)
          + kms_key_self_link          = (known after apply)
          + source                     = (known after apply)

          + initialize_params {
              + image  = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-75-12105-97-0"
              + labels = (known after apply)
              + size   = (known after apply)
              + type   = (known after apply)
            }
        }

      + network_interface {
          + address            = (known after apply)
          + name               = (known after apply)
          + network            = (known after apply)
          + network_ip         = (known after apply)
          + subnetwork         = "default"
          + subnetwork_project = "gl-ivankorniienko-seed"

          + access_config {
              + assigned_nat_ip = (known after apply)
              + nat_ip          = (known after apply)
              + network_tier    = (known after apply)
            }
        }

      + scheduling {
          + automatic_restart   = (known after apply)
          + on_host_maintenance = (known after apply)
          + preemptible         = (known after apply)

          + node_affinities {
              + key      = (known after apply)
              + operator = (known after apply)
              + values   = (known after apply)
            }
        }

      + service_account {
          + email  = (known after apply)
          + scopes = [
              + "https://www.googleapis.com/auth/cloud-platform",
            ]
        }
    }

  # random_shuffle.zone will be created
  + resource "random_shuffle" "zone" {
      + id           = (known after apply)
      + input        = [
          + "us-east4-a",
          + "us-east4-b",
          + "us-east4-c",
        ]
      + result       = (known after apply)
      + result_count = 1
    }

Plan: 2 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

[16:00][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ 
[16:00][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ echo $?
0
[16:04][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ terraform apply
module.gce-container.data.external.spec_as_yaml: Refreshing state...
module.gce-container.data.google_compute_image.coreos: Refreshing state...
data.google_compute_zones.available: Refreshing state...

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # google_compute_instance.vm will be created
  + resource "google_compute_instance" "vm" {
      + can_ip_forward       = false
      + cpu_platform         = (known after apply)
      + deletion_protection  = false
      + guest_accelerator    = (known after apply)
      + id                   = (known after apply)
      + instance_id          = (known after apply)
      + label_fingerprint    = (known after apply)
      + labels               = {
          + "container-vm" = "cos-stable-75-12105-97-0"
        }
      + machine_type         = "n1-standard-1"
      + metadata             = {
          + "gce-container-declaration" = "---\nspec:\n  containers:\n  - env:\n    - name: TEST_VAR\n      value: Hello World!\n    image: gcr.io/google-samples/hello-app:1.0\n    volumeMounts:\n    - mountPath: \"/cache\"\n      name: tempfs-0\n      readOnly: false\n  restartPolicy: Always\n  volumes:\n  - emptyDir:\n      medium: Memory\n    name: tempfs-0\n"
        }
      + metadata_fingerprint = (known after apply)
      + name                 = "container-vm-example-test"
      + project              = "gl-ivankorniienko-seed"
      + self_link            = (known after apply)
      + tags                 = [
          + "container-vm-example",
        ]
      + tags_fingerprint     = (known after apply)
      + zone                 = (known after apply)

      + boot_disk {
          + auto_delete                = true
          + device_name                = (known after apply)
          + disk_encryption_key_sha256 = (known after apply)
          + kms_key_self_link          = (known after apply)
          + source                     = (known after apply)

          + initialize_params {
              + image  = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-75-12105-97-0"
              + labels = (known after apply)
              + size   = (known after apply)
              + type   = (known after apply)
            }
        }

      + network_interface {
          + address            = (known after apply)
          + name               = (known after apply)
          + network            = (known after apply)
          + network_ip         = (known after apply)
          + subnetwork         = "default"
          + subnetwork_project = "gl-ivankorniienko-seed"

          + access_config {
              + assigned_nat_ip = (known after apply)
              + nat_ip          = (known after apply)
              + network_tier    = (known after apply)
            }
        }

      + scheduling {
          + automatic_restart   = (known after apply)
          + on_host_maintenance = (known after apply)
          + preemptible         = (known after apply)

          + node_affinities {
              + key      = (known after apply)
              + operator = (known after apply)
              + values   = (known after apply)
            }
        }

      + service_account {
          + email  = (known after apply)
          + scopes = [
              + "https://www.googleapis.com/auth/cloud-platform",
            ]
        }
    }

  # random_shuffle.zone will be created
  + resource "random_shuffle" "zone" {
      + id           = (known after apply)
      + input        = [
          + "us-east4-a",
          + "us-east4-b",
          + "us-east4-c",
        ]
      + result       = (known after apply)
      + result_count = 1
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

random_shuffle.zone: Creating...
random_shuffle.zone: Creation complete after 0s [id=-]
google_compute_instance.vm: Creating...
google_compute_instance.vm: Still creating... [10s elapsed]
google_compute_instance.vm: Creation complete after 11s [id=container-vm-example-test]

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

Outputs:

container = {
  "env" = [
    {
      "name" = "TEST_VAR"
      "value" = "Hello World!"
    },
  ]
  "image" = "gcr.io/google-samples/hello-app:1.0"
  "volumeMounts" = [
    {
      "mountPath" = "/cache"
      "name" = "tempfs-0"
      "readOnly" = "false"
    },
  ]
}
instance_name = container-vm-example-test
ipv4 = 35.221.36.163
project_id = gl-ivankorniienko-seed
vm_container_label = cos-stable-75-12105-97-0
volumes = [
  {
    "emptyDir" = {
      "medium" = "Memory"
    }
    "name" = "tempfs-0"
  },
]
zone = us-east4-c
[16:05][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$

Noted the image gcr.io/google-samples/hello-app:1.0:

[16:05][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ grep hello-app main.tf 
    image = "gcr.io/google-samples/hello-app:1.0"

Updated the image with gcr.io/google-samples/hello-app:2.0:

[16:06][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ sed -i 's/hello-app:1.0/hello-app:2.0/g' main.tf 
[16:07][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ grep hello-app main.tf 
    image = "gcr.io/google-samples/hello-app:2.0"
[16:07][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$

Re-applied the template: it worked, output reflects changes (note image v2.0)

[16:07][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ terraform apply
data.google_compute_zones.available: Refreshing state...
module.gce-container.data.google_compute_image.coreos: Refreshing state...
module.gce-container.data.external.spec_as_yaml: Refreshing state...
random_shuffle.zone: Refreshing state... [id=-]
google_compute_instance.vm: Refreshing state... [id=container-vm-example-test]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # google_compute_instance.vm will be updated in-place
  ~ resource "google_compute_instance" "vm" {
        can_ip_forward       = false
        cpu_platform         = "Intel Broadwell"
        deletion_protection  = false
        guest_accelerator    = []
        id                   = "container-vm-example-test"
        instance_id          = "8808858470383199004"
        label_fingerprint    = "16h2vNHPdWY="
        labels               = {
            "container-vm" = "cos-stable-75-12105-97-0"
        }
        machine_type         = "n1-standard-1"
      ~ metadata             = {
          ~ "gce-container-declaration" = <<~EOT
                ---
                spec:
                  containers:
                  - env:
                    - name: TEST_VAR
                      value: Hello World!
              -     image: gcr.io/google-samples/hello-app:1.0
              +     image: gcr.io/google-samples/hello-app:2.0
                    volumeMounts:
                    - mountPath: "/cache"
                      name: tempfs-0
                      readOnly: false
                  restartPolicy: Always
                  volumes:
                  - emptyDir:
                      medium: Memory
                    name: tempfs-0
            EOT
        }
        metadata_fingerprint = "mLtKvl0__xU="
        name                 = "container-vm-example-test"
        project              = "gl-ivankorniienko-seed"
        self_link            = "https://www.googleapis.com/compute/v1/projects/gl-ivankorniienko-seed/zones/us-east4-c/instances/container-vm-example-test"
        tags                 = [
            "container-vm-example",
        ]
        tags_fingerprint     = "fHIXWKpF9LM="
        zone                 = "us-east4-c"

        boot_disk {
            auto_delete = true
            device_name = "persistent-disk-0"
            source      = "https://www.googleapis.com/compute/v1/projects/gl-ivankorniienko-seed/zones/us-east4-c/disks/container-vm-example-test"

            initialize_params {
                image  = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-75-12105-97-0"
                labels = {}
                size   = 10
                type   = "pd-standard"
            }
        }

        network_interface {
            name               = "nic0"
            network            = "https://www.googleapis.com/compute/v1/projects/gl-ivankorniienko-seed/global/networks/default"
            network_ip         = "10.150.0.2"
            subnetwork         = "https://www.googleapis.com/compute/v1/projects/gl-ivankorniienko-seed/regions/us-east4/subnetworks/default"
            subnetwork_project = "gl-ivankorniienko-seed"

            access_config {
                nat_ip       = "35.221.36.163"
                network_tier = "PREMIUM"
            }
        }

        scheduling {
            automatic_restart   = true
            on_host_maintenance = "MIGRATE"
            preemptible         = false
        }

        service_account {
            email  = "[email protected]"
            scopes = [
                "https://www.googleapis.com/auth/cloud-platform",
            ]
        }

        shielded_instance_config {
            enable_integrity_monitoring = true
            enable_secure_boot          = false
            enable_vtpm                 = true
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

google_compute_instance.vm: Modifying... [id=container-vm-example-test]
google_compute_instance.vm: Modifications complete after 10s [id=container-vm-example-test]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Outputs:

container = {
  "env" = [
    {
      "name" = "TEST_VAR"
      "value" = "Hello World!"
    },
  ]
  "image" = "gcr.io/google-samples/hello-app:2.0"
  "volumeMounts" = [
    {
      "mountPath" = "/cache"
      "name" = "tempfs-0"
      "readOnly" = "false"
    },
  ]
}
instance_name = container-vm-example-test
ipv4 = 35.221.36.163
project_id = gl-ivankorniienko-seed
vm_container_label = cos-stable-75-12105-97-0
volumes = [
  {
    "emptyDir" = {
      "medium" = "Memory"
    }
    "name" = "tempfs-0"
  },
]
zone = us-east4-c
[16:08][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$

Double checked with gcloud: we got the image updated, as expected:

[16:24][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ gcloud beta compute instances describe container-vm-example-test --project=gl-ivankorniienko-seed --zone=us-east4-c | grep containers -A 4 
        containers:
        - env:
          - name: TEST_VAR
            value: Hello World!
          image: gcr.io/google-samples/hello-app:2.0
[16:25][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$

@ivankorn
Copy link
Contributor

ivankorn commented Aug 8, 2019

Double-checked again - the issue is still valid.

Applied template:

[16:48][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ terraform apply
module.gce-container.data.external.spec_as_yaml: Refreshing state...
data.google_compute_zones.available: Refreshing state...
module.gce-container.data.google_compute_image.coreos: Refreshing state...

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # google_compute_instance.vm will be created
  + resource "google_compute_instance" "vm" {
      + can_ip_forward       = false
      + cpu_platform         = (known after apply)
      + deletion_protection  = false
      + guest_accelerator    = (known after apply)
      + id                   = (known after apply)
      + instance_id          = (known after apply)
      + label_fingerprint    = (known after apply)
      + labels               = {
          + "container-vm" = "cos-stable-75-12105-97-0"
        }
      + machine_type         = "n1-standard-1"
      + metadata             = {
          + "gce-container-declaration" = "---\nspec:\n  containers:\n  - env:\n    - name: TEST_VAR\n      value: Hello World!\n    image: gcr.io/google-samples/hello-app:1.0\n    volumeMounts:\n    - mountPath: \"/cache\"\n      name: tempfs-0\n      readOnly: false\n  restartPolicy: Always\n  volumes:\n  - emptyDir:\n      medium: Memory\n    name: tempfs-0\n"
        }
      + metadata_fingerprint = (known after apply)
      + name                 = "container-vm-example-test"
      + project              = "gl-ivankorniienko-seed"
      + self_link            = (known after apply)
      + tags                 = [
          + "container-vm-example",
        ]
      + tags_fingerprint     = (known after apply)
      + zone                 = (known after apply)

      + boot_disk {
          + auto_delete                = true
          + device_name                = (known after apply)
          + disk_encryption_key_sha256 = (known after apply)
          + kms_key_self_link          = (known after apply)
          + source                     = (known after apply)

          + initialize_params {
              + image  = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-75-12105-97-0"
              + labels = (known after apply)
              + size   = (known after apply)
              + type   = (known after apply)
            }
        }

      + network_interface {
          + address            = (known after apply)
          + name               = (known after apply)
          + network            = (known after apply)
          + network_ip         = (known after apply)
          + subnetwork         = "default"
          + subnetwork_project = "gl-ivankorniienko-seed"

          + access_config {
              + assigned_nat_ip = (known after apply)
              + nat_ip          = (known after apply)
              + network_tier    = (known after apply)
            }
        }

      + scheduling {
          + automatic_restart   = (known after apply)
          + on_host_maintenance = (known after apply)
          + preemptible         = (known after apply)

          + node_affinities {
              + key      = (known after apply)
              + operator = (known after apply)
              + values   = (known after apply)
            }
        }

      + service_account {
          + email  = (known after apply)
          + scopes = [
              + "https://www.googleapis.com/auth/cloud-platform",
            ]
        }
    }

  # random_shuffle.zone will be created
  + resource "random_shuffle" "zone" {
      + id           = (known after apply)
      + input        = [
          + "us-east4-a",
          + "us-east4-b",
          + "us-east4-c",
        ]
      + result       = (known after apply)
      + result_count = 1
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

random_shuffle.zone: Creating...
random_shuffle.zone: Creation complete after 0s [id=-]
google_compute_instance.vm: Creating...
google_compute_instance.vm: Still creating... [10s elapsed]
google_compute_instance.vm: Creation complete after 11s [id=container-vm-example-test]

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

Outputs:

container = {
  "env" = [
    {
      "name" = "TEST_VAR"
      "value" = "Hello World!"
    },
  ]
  "image" = "gcr.io/google-samples/hello-app:1.0"
  "volumeMounts" = [
    {
      "mountPath" = "/cache"
      "name" = "tempfs-0"
      "readOnly" = "false"
    },
  ]
}
instance_name = container-vm-example-test
ipv4 = 35.221.36.163
project_id = gl-ivankorniienko-seed
vm_container_label = cos-stable-75-12105-97-0
volumes = [
  {
    "emptyDir" = {
      "medium" = "Memory"
    }
    "name" = "tempfs-0"
  },
]
zone = us-east4-c

[16:55][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ gcloud beta compute instances describe container-vm-example-test --project=gl-ivankorniienko-seed --zone=us-east4-c | grep containers -A 4 
        containers:
        - env:
          - name: TEST_VAR
            value: Hello World!
          image: gcr.io/google-samples/hello-app:1.0
[16:55][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ gcloud compute ssh container-vm-example-test --project=gl-ivankorniienko-seed --zone=us-east4-c
Updating project ssh metadata...⠧Updated [https://www.googleapis.com/compute/v1/projects/gl-ivankorniienko-seed].                                                                                                                            
Updating project ssh metadata...done.                                                                                                                                                                                                        
Waiting for SSH key to propagate.
Warning: Permanently added 'compute.6407004692787861186' (ED25519) to the list of known hosts.
  ########################[ Welcome ]########################
  #  You have logged in to the guest OS.                    #
  #  To access your containers use 'docker attach' command  #
  ###########################################################
                                                             
user@container-vm-example-test ~ $ docker container ls
CONTAINER ID        IMAGE                                 COMMAND             CREATED             STATUS              PORTS               NAMES
16cc18190d70        gcr.io/google-samples/hello-app:1.0   "./hello-app"       7 minutes ago       Up 7 minutes                            klt--abvr
user@container-vm-example-test ~ $ 
user@container-vm-example-test ~ $ exit
logout

Connection to 35.221.36.163 closed.

Modified the image:

[16:57][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ sed -i 's/hello-app:1.0/hello-app:2.0/g' main.tf 
[16:57][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ grep hello-app main.tf 
    image = "gcr.io/google-samples/hello-app:2.0"

Re-applied template (note updated image):

[16:57][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ terraform apply -auto-approve 
module.gce-container.data.external.spec_as_yaml: Refreshing state...
data.google_compute_zones.available: Refreshing state...
module.gce-container.data.google_compute_image.coreos: Refreshing state...
random_shuffle.zone: Refreshing state... [id=-]
google_compute_instance.vm: Refreshing state... [id=container-vm-example-test]
google_compute_instance.vm: Modifying... [id=container-vm-example-test]
google_compute_instance.vm: Still modifying... [id=container-vm-example-test, 10s elapsed]
google_compute_instance.vm: Modifications complete after 13s [id=container-vm-example-test]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Outputs:

container = {
  "env" = [
    {
      "name" = "TEST_VAR"
      "value" = "Hello World!"
    },
  ]
  "image" = "gcr.io/google-samples/hello-app:2.0"
  "volumeMounts" = [
    {
      "mountPath" = "/cache"
      "name" = "tempfs-0"
      "readOnly" = "false"
    },
  ]
}
instance_name = container-vm-example-test
ipv4 = 35.221.36.163
project_id = gl-ivankorniienko-seed
vm_container_label = cos-stable-75-12105-97-0
volumes = [
  {
    "emptyDir" = {
      "medium" = "Memory"
    }
    "name" = "tempfs-0"
  },
]
zone = us-east4-c
[16:58][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$

Double-checked with gcloud (note updated image)

[16:58][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ gcloud compute instances describe container-vm-example-test --project=gl-ivankorniienko-seed --zone=us-east4-c | grep containers -A 4 
        containers:
        - env:
          - name: TEST_VAR
            value: Hello World!
          image: gcr.io/google-samples/hello-app:2.0
[16:59][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$

Double checked on the host itself:

[16:59][user@host:~/workspace/google/terraform-google-container-vm/examples/simple_instance]$ gcloud compute ssh container-vm-example-test --project=gl-ivankorniienko-seed --zone=us-east4-c
  ########################[ Welcome ]########################
  #  You have logged in to the guest OS.                    #
  #  To access your containers use 'docker attach' command  #
  ###########################################################
                                                             
user@container-vm-example-test ~ $ docker container ls
CONTAINER ID        IMAGE                                 COMMAND             CREATED             STATUS              PORTS               NAMES
16cc18190d70        gcr.io/google-samples/hello-app:1.0   "./hello-app"       11 minutes ago      Up 11 minutes                           klt--abvr
user@container-vm-example-test ~ $ exit

The issue is still valid !

ivankorn added a commit to ivankorn/terraform-google-container-vm that referenced this issue Aug 8, 2019
@ivankorn
Fixes terraform-google-modules#29
d4eb1f0 
- Updated examples/simple_instance/main.tf with adding hashed image into instance_name
- Updated examples/simple_instance/outputs.tf with adding hashed image into instance_name
ivankorn added a commit to ivankorn/terraform-google-container-vm that referenced this issue Aug 8, 2019
@ivankorn
Fixes terraform-google-modules#29
5f4e3ad 
- Updated examples/simple_instance/main.tf with adding hashed image into instance_name
- Updated examples/simple_instance/outputs.tf with adding hashed image into instance_name
@ivankorn ivankorn mentioned this issue Aug 8, 2019
Merged
ivankorn added a commit to ivankorn/terraform-google-container-vm that referenced this issue Aug 9, 2019
@ivankorn
Fixes terraform-google-modules#29
dfc3d20 
- Updated examples/simple_instance/main.tf with adding hashed image into instance_name
- Updated examples/simple_instance/outputs.tf with adding hashed image into instance_name
ivankorn added a commit to ivankorn/terraform-google-container-vm that referenced this issue Aug 9, 2019
@ivankorn
Fixes terraform-google-modules#29
705f8d2 
- Updated examples/simple_instance/main.tf with adding hashed image into instance_name
- Updated examples/simple_instance/outputs.tf with adding hashed image into instance_name
@morgante morgante mentioned this issue Aug 16, 2019
Closed
ivankorn added a commit to ivankorn/terraform-google-container-vm that referenced this issue Aug 19, 2019
@ivankorn
Linters fail on master terraform-google-modules#32
3fe1ebe 
- Removed outdated doc_generator
- Added missing helper scripts
- Removed outdated docker linter
- Fixed flake8 errors reported in terraform-google-modules#32
- Fixed broken simlinks(fixes terraform fmt terraform-google-modules#32)
- Updated shared tfvars
- Updated README files

Migrate modules to 0.12 and make the rest of the code base 0.12-compatible terraform-google-modules#35

- Migrated modules to 0.12 syntax
- Added variable types constraints
- Updated README
- Removed outdated check_docker make target
- Added a temporary workgaround for terraform-google-modules#28 (skip not migrated files in `find_files`)

Updating image inside the example doesn't cause container to restart terraform-google-modules#29

- Updated examples/simple_instance/main.tf with adding hashed image into instance_name
- Updated examples/simple_instance/outputs.tf with adding hashed image into instance_name
ivankorn added a commit to ivankorn/terraform-google-container-vm that referenced this issue Aug 19, 2019
@ivankorn
Linters fail on master terraform-google-modules#32
1936ae6 
- Removed outdated doc_generator
- Added missing helper scripts
- Removed outdated docker linter
- Fixed flake8 errors reported in terraform-google-modules#32
- Fixed broken simlinks(fixes terraform fmt terraform-google-modules#32)
- Updated shared tfvars
- Updated README files

Migrate modules to 0.12 and make the rest of the code base 0.12-compatible terraform-google-modules#35

- Migrated modules to 0.12 syntax
- Added variable types constraints
- Updated README
- Removed outdated check_docker make target
- Added a temporary workgaround for terraform-google-modules#28 (skip not migrated files in `find_files`)

Updating image inside the example doesn't cause container to restart terraform-google-modules#29

- Updated examples/simple_instance/main.tf by introducing local.instance_name and adding substring of contianer image hash into instance_name
- Updated examples/simple_instance/outputs.tf by reflecting the change above
- Updated examples/instance_with_attached_disk/main.tf by introducing local.instance_name and adding substring of contianer image hash into instance_name
- Updated examples/instance_with_attached_disk/outputs.tf by reflecting the change above
ivankorn added a commit to ivankorn/terraform-google-container-vm that referenced this issue Aug 19, 2019
@ivankorn
Linters fail on master terraform-google-modules#32
cdc9ec7 
- Removed outdated doc_generator
- Added missing helper scripts
- Removed outdated docker linter
- Fixed flake8 errors reported in terraform-google-modules#32
- Fixed broken simlinks(fixes terraform fmt terraform-google-modules#32)
- Updated shared tfvars
- Updated README files
- Fixed trailing white-space from master

Migrate modules to 0.12 and make the rest of the code base 0.12-compatible terraform-google-modules#35

- Migrated modules to 0.12 syntax
- Added variable types constraints
- Updated README
- Removed outdated check_docker make target
- Added a temporary workgaround for terraform-google-modules#28 (skip not migrated files in `find_files`)

Updating image inside the example doesn't cause container to restart terraform-google-modules#29

- Updated examples/simple_instance/main.tf by introducing local.instance_name and adding substring of contianer image hash into instance_name
- Updated examples/simple_instance/outputs.tf by reflecting the change above
- Updated examples/instance_with_attached_disk/main.tf by introducing local.instance_name and adding substring of contianer image hash into instance_name
- Updated examples/instance_with_attached_disk/outputs.tf by reflecting the change above
ivankorn added a commit to ivankorn/terraform-google-container-vm that referenced this issue Aug 19, 2019
@ivankorn
Linters fail on master terraform-google-modules#32
221f9d7 
- Removed outdated doc_generator
- Added missing helper scripts
- Removed outdated docker linter
- Fixed flake8 errors reported in terraform-google-modules#32
- Fixed broken simlinks(fixes terraform fmt terraform-google-modules#32)
- Updated shared tfvars
- Updated README files
- Fixed trailing white-space from master

Migrate modules to 0.12 and make the rest of the code base 0.12-compatible terraform-google-modules#35

- Migrated modules to 0.12 syntax
- Added variable types constraints
- Updated README
- Removed outdated check_docker make target
- Added a temporary workgaround for terraform-google-modules#28 (skip not migrated files in `find_files`)

Updating image inside the example doesn't cause container to restart terraform-google-modules#29

- Updated examples/simple_instance/main.tf by introducing local.instance_name and adding substring of contianer image hash into instance_name
- Updated examples/simple_instance/outputs.tf by reflecting the change above
- Updated examples/instance_with_attached_disk/main.tf by introducing local.instance_name and adding substring of contianer image hash into instance_name
- Updated examples/instance_with_attached_disk/outputs.tf by reflecting the change above
ivankorn added a commit to ivankorn/terraform-google-container-vm that referenced this issue Aug 20, 2019
@ivankorn
Linters fail on master terraform-google-modules#32
67b616e 
- Removed outdated doc_generator
- Added missing helper scripts
- Removed outdated docker linter
- Fixed flake8 errors reported in terraform-google-modules#32
- Fixed broken simlinks(fixes terraform fmt terraform-google-modules#32)
- Updated shared tfvars
- Updated README files
- Fixed trailing white-space from master
- Adjusted .gitingore

Migrate modules to 0.12 and make the rest of the code base 0.12-compatible terraform-google-modules#35

- Migrated modules to 0.12 syntax
- Added variable types constraints
- Updated README
- Removed outdated check_docker make target
- Added a temporary workgaround for terraform-google-modules#28 (skip not migrated files in `find_files`)

Updating image inside the example doesn't cause container to restart terraform-google-modules#29

- Updated examples/simple_instance/main.tf by introducing local.instance_name and adding substring of contianer image hash into instance_name
- Updated examples/simple_instance/outputs.tf by reflecting the change above
- Updated examples/instance_with_attached_disk/main.tf by introducing local.instance_name and adding substring of contianer image hash into instance_name
- Updated examples/instance_with_attached_disk/outputs.tf by reflecting the change above
ivankorn added a commit to ivankorn/terraform-google-container-vm that referenced this issue Aug 20, 2019
@ivankorn
Linters fail on master terraform-google-modules#32
185ec55 
- Removed outdated doc_generator
- Added missing helper scripts
- Removed outdated docker linter
- Fixed flake8 errors reported in terraform-google-modules#32
- Fixed broken simlinks(fixes terraform fmt terraform-google-modules#32)
- Updated shared tfvars
- Updated README files
- Fixed trailing white-space from master
- Adjusted .gitingore

Migrate modules to 0.12 and make the rest of the code base 0.12-compatible terraform-google-modules#35

- Migrated modules to 0.12 syntax
- Added variable types constraints
- Updated README
- Removed outdated check_docker make target
- Added a temporary workgaround for terraform-google-modules#28 (skip not migrated files in `find_files`)

Updating image inside the example doesn't cause container to restart terraform-google-modules#29

- Updated examples/simple_instance/main.tf by introducing local.instance_name and adding substring of contianer image hash into instance_name
- Updated examples/simple_instance/outputs.tf by reflecting the change above
- Updated examples/instance_with_attached_disk/main.tf by introducing local.instance_name and adding substring of contianer image hash into instance_name
- Updated examples/instance_with_attached_disk/outputs.tf by reflecting the change above
@YermakovvD
Copy link

YermakovvD commented Oct 10, 2019
edited
Loading

image

Hi guys, the issue still valid. Step for reproducing is the same

  1. Open the simple-example (or any other)
  2. Run terraform apply
  3. Change the image ID
  4. Run terraform apply again - the new container should be started instead.

@ivankorn , issue still valid, please fix it ASAP

@aaron-lane , please review changes more deeply

@denys1yermakov denys1yermakov mentioned this issue Oct 10, 2019
Closed
@morgante morgante reopened this Oct 10, 2019
@ivankorn
Copy link
Contributor

ivankorn commented Oct 11, 2019
edited
Loading

@Den-gl

@ivankorn , issue still valid, please fix it ASAP

Do you have your tests output?

The issue was checked here as you can see it's not reproducible since then

The image you referenced is not a proof of the fix, it's a proof of the bug, after that it was fixed with tests outputs of successful results in the PR not in the issue.

cc: @aaron-lane @morgante

@YermakovvD
Copy link

@ivankorn, you absolutely right, but issue still valid, and you didn't fix their.

And this issue not about your tests, your tests its your problem, but functionality of that module absolutely doesn't work as expected. Try reproduce this issue with the following steps you find above.

If you can't reproduce it, please ping me and I'll provide all my logs.

P.S. double checked and I can't find any word in a title / issue description about broken test you mention I am sure this issue about broken functionality

@ivankorn
Copy link
Contributor

ivankorn commented Oct 11, 2019
edited
Loading

@ivankorn, you absolutely right, but issue still valid, and you didn't fix their.
@YermakovvD

I'm 100% sure it was passing(I posted link to output above), but what I didn't do is running the check a number of times to confirm subsequent passes..

P.S. double checked and I can't find any word in a title / issue description about broken test you mention I am sure this issue about broken functionality

I spoke to @kopachevsky who discussed that with you guys.
Looks like what you're seeing is intermittent failure. Is it the case? Like it's randomly reproducible, one pass, one fail etc ? Your're using the latest version right and you tried pulling the code or pointing to a git repo instead of terraform registry which may have older release?

@YermakovvD
Copy link

yes, we work with the latest version of this module

@YermakovvD
Copy link

@ivankorn, any updates with fixing this bug ?

@ivankorn
Copy link
Contributor

@aaron-lane @morgante

I looked at the code @YermakovvD is reporting an issue with.

He didn't include workaround for this container image in it and still uses

locals {
  instance_name = var.instance_name
}

instead of

locals {
  instance_name = format("%s-%s", var.instance_name, substr(md5(module.gce-container.container.image), 0, 8))
}

@YermakovvD is still concerned about workaround @morgante proposed earlier for the fix and he doesn't want whole VM to be re-created in order to update the container image.

However the mentioned workaround merged with #31 still works.

@YermakovvD, can you please confirm if I understood your concern correctly?

Thanks

@Ahmedn1
Copy link

Ahmedn1 commented Feb 19, 2021

I also have the same issue. Currently I'm solving it by running gcloud compute instances update-container $instance_name --container-image $TF_VAR_image_id command everytime I run terraform apply

@github-actions
Copy link

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

@github-actions github-actions bot added the Stale label Apr 20, 2021
@Redmega
Copy link

Redmega commented Apr 21, 2021

Facing this issue not only when image updates, but also when any image config (e.x. env) updates.

@morgante morgante added P3 medium priority issues triaged Scoped and ready for work and removed Stale labels Apr 21, 2021
@derhally
Copy link

derhally commented May 6, 2021

Ran into this issue as well where anytime we update environment variables defined in the metadata, we have to restart the instance

@theCrius
Copy link

Can confirm that this issue is still there. Simply changing the container image reference doesn't actually make the change happen inside the VM.

The Web Dashboard shows the new image being correctly assigned but when accessing the VM itself and checking, it still load the previous image.

Only by using the workaround reported by @Ahmedn1 it seems to be fine but that's triggering a restart of the whole VM it seems while it would suffice if there was a docker refresh of sort.

Is there anyone working on this? Can someone point to where to go looking to understand how to help?

@JBuschAtMonoLets
Copy link

Yes this is still an issue.

@dbousamra
Copy link

Any updates?

@dbousamra
Copy link

I think we want to run sudo systemctl start konlet-startup anytime the metadata changes. Is this possible using remote-exec perhaps? I am not very good at Terraform.

@m0ar
Copy link

m0ar commented Nov 10, 2021

This is still a problem, and a very annoying one. Having dynamic resource names means we can't just communicate between VMs using their name, because that will unexpectedly change with infra updates 🤦

@ArnaudD
Copy link

ArnaudD commented Dec 8, 2021
edited
Loading

This dirty workaround seems to work for me :

locals {
  envs = [{
    name  = "FOO"
    value = "BAR"
  }]

  config_sha = sha1("${join("", local.envs.*.value)}-${local.image}")
  image    = "gcr.io/..."
  zone     = "..."
}

module "my_gce_container" {
  source  = "terraform-google-modules/container-vm/google"
  # ...

  container = {
    image = local.image
    env   = local.envs
    # ...
  }
}

resource "google_compute_instance" "gce_instance" {
  project = data.google_project.project.project_id
  zone    = local.zone
  # ...

}

resource "null_resource" "gce_null_instance" {
  triggers = {
    config_sha = local.config_sha
  }

  provisioner "local-exec" {
    command = "gcloud compute ssh --project=${data.google_project.project.project_id} --zone=${local.zone} ${google_compute_instance.gce_instance.name} --command 'sudo systemctl start konlet-startup'"
  }

  depends_on = [
    google_compute_instance.gce_instance
  ]
}

It should also work with remote-exec @dbousamra .

@slatkovic
Copy link

slatkovic commented Jan 15, 2022
edited
Loading

+1

EDIT:
Although the instance group gets updated with a new template via tf, compute instances still point to the previous template.

One workaround I found is to manually run gcloud compute instance-groups managed set-instance-template with the new template version.

EDIT 2:
After digging through this a bit more, the issue seems to be that rolling update is not triggered for some reason after updating the template on the instance group.

A better workaround is to run gcloud compute instance-groups managed rolling-action start-update via local exec in google_compute_instance_group_manager as it doesn't destroy instances as the previous command.

 provisioner "local-exec" {
    command = <<EOL
      gcloud compute instance-groups managed rolling-action start-update \
        ${google_compute_instance_group_manager.my_group_manager.name} \
        --version template=${google_compute_instance_template.my_instance_template.id} \
        --max-unavailable=1 \
        --project=${var.my_project_id} \
        --zone=${var.my_zone}"
    EOL
  }

EDIT 3:
It seems like the same effect can be achieved by adding an update_policy to google_compute_instance_group_manager. Before update_policy was introduced, a rolling update would run automatically, which is not the case anymore.

 update_policy {
    type = "PROACTIVE"
    minimal_action = "REPLACE"
    max_unavailable_fixed = 1
 }

@nilebox
Copy link

nilebox commented Jun 22, 2022
edited
Loading

Another workaround described in https://cloud.google.com/blog/topics/developers-practitioners/force-terraform-resource-recreation is hashing the metadata content and putting the hash into a GCE field which forces its replacement (e.g. destroy and create), the description field for example.

This of course means a downtime, so may not work for everyone.

@hadim
Copy link

hadim commented Jan 17, 2023

I ended up using the update_policy trick from @slatkovic .

It works well but create a new VM instance each time. It's not ideal but acceptable for my usecase.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working P3 medium priority issues triaged Scoped and ready for work
Projects
None yet
Milestone
No milestone