Update to TF1.5 with ansible 2.8.0 gives error

The set-up I have is terraform being run via Ansible roles in containers.
My existing set-up was with TF0.12 and and ansible 2.8.0 (both coming from our custom docker image) which was working fine.
I have now a new docker image with TF1.5 and ansible 2.8.0 and this is giving error like so:

Failed to validate Terraform configuration files. Failed to parse command-line flags flag provided but not defined: -var. Too many command line arguments. Expected at most one positional argument.

I’ve asked the same on Terraform forums and they said it’s more of an Ansible issue here.

Can someone please guide as to what can be done for this?

Hi @dev-travelex , welcome to the forum! Let me share a few tips so we can help you better:

Please provide more info on how you built the docker image and what are you trying to do, also where the error is coming from would help.

It’s good to have a reference to another site and know there was a discussion around it (particularly if it involves other projects, so thank you for that!), but it’s easier for people to help if they can see the details in the post itself here.

And if you are using ansible 2.8 (the version released in 2019), that’s been out of support for a long time and a lot has changed since then (split of included modules to collections for example and the use of execution environments). That might have something to do with the issues you are having, considering Terraform 1.5 is quite recent.

Thanks @Leo !

CircleCI spins up an ECR container which has Ansible 2.8.0 and TF1.5. This was working when it was TF0.12. Terraform is run via Ansible roles, datadog-log-shipper in this case.

This is my Ansible task:

- name: "Generate provider  region based datadog-log-shipper for active regions"
  template:
    src: "../terraform_1.5/{{ role_name }}/provider.tf.j2"
    dest: "../terraform_1.5/{{ role_name }}/provider.tf"  
  #when: hostvars[inventory_hostname]['config_ec2patchgrouptag_remediation'] == 'ENABLED'

- name: "Generate region based datadog-log-shipper solution  for active regions"
  template:
    src: "../terraform_1.5/{{ role_name }}/datadog-log-shipper.tf.j2"
    dest: "../terraform_1.5/{{ role_name }}/datadog-log-shipper.tf"
  #when: hostvars[inventory_hostname]['config_ec2patchgrouptag_remediation'] == 'ENABLED'  


# Long term use this, instead of terrafrom run in tasks/main.yml from each role.
- name: "Run terraform project: {{ tf_project }}"
  terraform:
    state: present
    force_init: true
    backend_config:
      bucket: "{{ tf_bucket_name }}"
      region: "{{ bootstrap_region }}"
      kms_key_id: "{{ tf_bucket_kms_id }}"
      encrypt: "true"
      workspace_key_prefix: "{{ target_infra }}"
      key: "{{ tf_project }}-tf1.5.tfstate"
    project_path: "../terraform_1.5/{{ tf_project }}"
    variables:
      assume_role: "arn:aws:iam::{{ hostvars[inventory_hostname]['Id'] }}:role/AWSControlTowerExecution"
      target_region: "{{ hostvars[inventory_hostname]['Region'] }}"
      target_infra: "{{ target_infra }}"
      datadog_api_key: "{{ datadog_api_key }}"   
    workspace: "{{ hostvars[inventory_hostname]['Id'] }}"  
  check_mode: "{{ check_mode | default('yes') }}"
  tags:
    - datadog-log-shipper

These are my TF files where the jinja templated variables are passed:

provider.tf.j2

{% for region in hostvars[inventory_hostname]['Active_Regions'] %}
provider "aws" {
    alias  = "{{ region }}"
    region = "{{ region }}"
    
    assume_role {
        role_arn     = var.assume_role
        session_name = "terraform"
    }
}


{% endfor %}

datadog-log-shipper.tf.j2

{% for region in hostvars[inventory_hostname]['Active_Regions'] %}

module "datadog_log_shipper_{{ region }}" {
  providers = {
    aws = aws.{{ region }}
  }
  source                        = "./module/datadog-log-shipper"
  create                        = true  
  datadog_log_shipper_role_arn  = aws_iam_role.datadog_log_shipper_role.arn
  datadog_log_shipper_timeout   = 900
  datadog_api_key               = var.datadog_api_key
  
}

{% endfor %}

I am getting error for this task:

TASK [datadog-log-shipper : Run terraform project: datadog-log-shipper] ********

"msg": "Failed to validate Terraform configuration files.Failed to parse command-line flags.flag provided but not defined: -var.Too many command line arguments.Expected at most one positional argument.

Hi,

It looks to me the module is running terraform command with a -var parameter with no value provided.

According to Input Variables documentation:

When variables are declared in the root module of your configuration, they can be set in a number of ways:

* [In a Terraform Cloud workspace](https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables).
* Individually, with the `-var` command line option.
* In variable definitions (`.tfvars`) files, either specified on the command line or automatically loaded.
* As environment variables.

Ansible Terraform module states this on variables parameter:

A group of key-values pairs to override template variables or those in variables files

Now it doesn’t seem to me you’re using a vars files, nor having them defined elsewhere, so I’m not sure what this modules should override. Maybe I’m overthinking it, but I think you could solve this by templating vars out on a .tfvars file (or setting them with envvars or any option listed in TF documentation) instead of using Ansible terraform module variables parameter. Or just extrapolate them directly in your template files without having to use expressions in your blocks.

For a generic advice, You could start troubleshoot your issue by gathering the command used by module (see the command key, that is returned on execution), template out your tf config files, then running the same command manually with terraform cli and perhaps a verbose flag.

You can also consult Terraform changelog and compare versions to highlight cli changes, if you know your playbook worked fine with older Terraform version.

Hope it helps !

HI @dev-travelex , Ansible 2.8.0 is out of support and (very) old in terms of Ansible development and compatibility.

If you are using version 1.5 of Terraform, which is a current release from Jun 2023, you most likely will find issues with the Terraform module included in Ansible 2.8, as that one is from 2019, and as you noted, it was compatible with the older Terraform at the time.

You need to upgrade Ansible and move to a current release to ensure that both parties are compatible. Upgrading only one is not enough.

As stated by a Terraform dev in your Terraform forum thread:

In preparation for Terraform v1.0 and the v1.x compatibility promises we fixed various situations where Terraform had been accepting but ignoring arguments that were inappropriate for particular situations, such as when providing planning options like -var to commands that don’t create plans. You seem to be running Terraform using something that was relying on those incorrect-but-formerly-ignored arguments, and so modern Terraform rejects the given command line.

Terraform has applied changes to their arguments, which should be updated in a current release of Ansible + the community.general.terraform module (included in community.general collection) or the certified Terraform collection (cloud.terraform).

You might want to check how to use the Terraform collection and the new Ansible Terraform provider in the following blog posts:

• Walking on Clouds with Ansible
• Providing Terraform with that Ansible Magic,
• Terraforming clouds with Ansible

For anyone who comes here looking a solution to this error, it got resolved by downloading the latest Ansible version. Thanks for taking time and suggestion solutions.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.