3. Provisioners

Question 1

Provisioners

• Provisioners can be used to model specific actions on the local machine or on a remote machine in order to prepare servers or other infrastructure objects for service.
• Use provisioners only if there is no other option.
• Two main types of provisioners:
  
  • local-exec:
    
    • allow to invoke local executables after resources is created
    • execute one or more commands on the machine running Terraform
  • remote-exec: allow to invoke scripts directly on the remote server
• Usage: add a provisioner block inside the resource block of a compute instance.

Question 2

remote-exec Provisioner

• The remote-exec provisioner invokes a script on a remote resource after it is created.
• The remote-exec provisioner supports both ssh and winrm type connections.

Question 3

Provisioner Types

There are two primary types of provisioners:

• Creation-Time Provisioner: only run during creation, not during updating or any other lifecycle. If a creation-time provisioner fails, the resource is marked as tainted.
• Destroy-Time Provisioner: run before the resource is destroyed

If when = destroy is specified, the provisoner will run when the resource it is define within is destroyed:

• resource “aws_instance” “web” {*
• provisioner “local-exec” {*
• when = destroy*
• command = “echo ‘Destroy-time provisioner’”*
• }*
• }*

Question 4

Failure Behavior

By default, provisioners that fail will also cause the terraform apply itself to fail.

The on_failure setting can be used to change this. The allowed values are:

1. continue: Ignore the error and continue with the creation or destruction
2. fail: Raise an error and stop applying (the default behavior). If this is a creation provisioner, taint the resource.