update exisitng terraform compute instance when added new "components"

Question

I am new with terraform, but I have created an openstack compute instance like this:

provider "openstack" {
  auth_url    = "https://my-auth/v2.0/" 
  domain_name = "default"                         
  alias       = "alias"                              
  user_name   = "username"
  tenant_name = "tenantname"
  password    = "pwd"
  region      = "region"
}

# Import SSH key pair into openstack project
resource "openstack_compute_keypair_v2" "keypair" {
  provider   = "myprovider"               
  name       = "keypair"                 
  public_key = "${file("~/.ssh/id_rsa.pub")}"
}

# Create a new virtual machine
resource "openstack_compute_instance_v2" "compute_instance" {
  name        = "compute_instance" # Instance Name
  provider    = "myprovider"       # Instance distr
  image_name  = "Centos 7"         # Image name
  flavor_name = "b2-7"             # Machine type name

  key_pair = "${openstack_compute_keypair_v2.keypair.name}"

  network {
    name = "Ext-Net"
  }
}

For maintainability and flexibility reasons I would like to add some "components" in the same instance, it could be anything, but here I have tried with a provisionner file and remote execution. Indeed, when I add this arguments in my compute instance, I noticed that my compute instance will not be updated. For example:

provider "openstack" {
  auth_url    = "https://my-auth/v2.0/" 
  domain_name = "default"                         
  alias       = "alias"                              
  user_name   = "username"
  tenant_name = "tenantname"
  password    = "pwd"
  region      = "region"
}

resource "openstack_compute_keypair_v2" "keypair" {
  provider   = "myprovider"               
  name       = "keypair"                 
  public_key = "${file("~/.ssh/id_rsa.pub")}"
}

resource "openstack_compute_instance_v2" "compute_instance" {
  name        = "compute_instance" # Instance Name
  provider    = "myprovider"       # Instance distr
  image_name  = "Centos 7"         # Image name
  flavor_name = "b2-7"             # Machine type name

  key_pair = "${openstack_compute_keypair_v2.keypair.name}"

  network {
    name = "Ext-Net"
  }

  # Add a provisionner file on the ressource
  provisioner "file" {
    source      = "foo_scripts/bar-setup.sh"
    destination = "/tmp/bar-setup.sh"

    connection {
      type        = "ssh"
      user        = "user"
      private_key = "${file("~/.ssh/id_rsa")}"
    }
  }

  # execute server setup file
  provisioner "remote-exec" {
    inline = [
      "chmod +x /tmp/bar-setup.sh",
      "sudo bash /tmp/bar-setup.sh",
    ]

    connection {
      type        = "ssh"
      user        = "centos"
      private_key = "${file("~/.ssh/id_rsa")}"
    }
}

Indeed, by adding the provionner file on the ressource, when I run the command terraform plan or terraform apply, nothing change on my instance. I have infos messages notify me that:

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

What it's the right way to apply my changes to my compute instance.

Answer 1

Following Terraform documentation:

Provisioners are used to execute scripts on a local or remote machine as part of resource creation or destruction.

If you want the provisionners to run again, you should destroy (terraform destroy) and create (terraform apply) the resource again.

Answer 2

There's no way that Terraform can check the state of a local or a remote execution, it's not like there's an API call that can tell you what happen on your custom code - bar-setup.sh. That would be like magic, or actual Magic.

Terraforms' for managing the infrastructure, the config of the instance, and not really for the content on the instance. Immutable content and recreating is the true path here. Making a completely new instance. However if it's your Hammer there are ways.

If you taint the resource that you want to update, then when terraform is run again next time the resource will be re-executed. But heed what I said about Hammers.

Alternatively you could leverage your CM tool of choice to manage the content of your instance - Chef/Ansible or create the images (i.e. immutable) used by Openstack via a tool like packer and update those. I'd do the latter.