Troubleshooting Terraform Common Issues (Azure)
I decided to write this story because some readers got errors during my last stories, which is normal when you are working with Terraform or any application. Knowing how to troubleshot your code is what makes you a better professional, because you are paid to solve problems, so let’s waste no more time and get started on troubleshooting Terraform.
Resource Already Exists
…already exists — to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for “<Resource here>” for more information….”
This usually happens for two reasons:
First:
Your deployment probably has failed. When it happens, Terraform will not save the updates into the terraform tfstate file, and it doesn’t release the lock in the tfstate file, which means that Terraform is not tracking the recently created resource, even if it already exists in Azure, because it is not in the tfstate file. When Terraform tries to re-create this resource that already exists and nothing is in the tfstate file, it assumes that the resource is not created yet and try to create a new one, which will cause the issue.
To fix this, if you are in a dev environment, you can just delete the resource and also the Terraform tfstate file.
If it’s already in production, you have to import the existing resource to your Terraform configuration file using the import command.
Second: You already have the resource created. So if you are trying to create a resource group for instance, with the same name as the existing one in Azure, it will fail, because by default Terraform will not override any infrastructure resource that it is not in its tfstate file.
The argument is required, but no definition was found
When this happens is because either the resource you are trying to create has a required argument, or because you’ve created an argument for your module but you forgot to define it when tried to create the resource. Here the problem was:
The argument was commented out, which means it didn’t exist. After removing the comment/adding the argument back, the configuration is now valid:
Reference to Undeclared Input Variable
This will happen when you have something casting a variable, but the variable definition doesn’t exist in your files, you have to create a variable block for it to become a valid variable:
This variable block will make sure that the variable exists and you can call it from any part of your code. After that, you can validate it:
The access policy does not allow token issuance
This can happen when you are trying to perform any action on Azure AD but your token is too old for it, and then you try to authenticate with it and you are blocked. To fix that, you can try to run:
az loginTo refresh your token credentials. If it doesn’t resolve your issue, contact your azure administrator and check with him which conditional access policy is preventing you to authenticate.
ENOENT — This may indicate the process failed to start
This error indicates that Terraform executable was not able to find any terraform files to run.
You have to review if you are executing Terraform commands in the correct folder. This error is very often found at pipelines, when you set the path with variables for example, and then you put the wrong variable value.
The root module input variable is not set and has no default value
When you forget to pass the -var-file argument to Terraform, this is what happens. This means that the variables don’t have any values. You have to make sure that you are passing this parameter correctly, or assign default values to the variables that you set.
Can’t set variables when applying a saved plan
This happens because you are trying to use variables in the apply command with a saved plan. Problem is: This plan is supposed to have that variable already, you should pass this parameter in the plan phase, and not in the apply phase.
This concludes that you can’t pass -var or -var-file together with a tfplan file.
EDIT:
State Blob is Already Locked
When you try to run terraform plan command, and you see this message, it’s because your latest terraform run was not successful, either you have interrupted or terraform application crashed, thus leaving the state file locked. My case here was the first option, I cancelled the run on purpose:
To fix that, there are two ways:
You can use the terraform force-unlock command:
terraform force-unlock LOCK_IDWhere LOCK_ID is the id that is shown in the error message above.
The second way is to go to the tfstate file and break the lease.
Here I’m using Azure storage explorer for Azure backend. You have to do the following:
In AWS:
- Open the file and choose the lock icon.
- The lock icon disappears, and you can use the file again.
Other cloud providers will have their own way to unlock it.
I will be updating this story from time to time when I get new errors. Stay tuned and subscribe to receive my updates via email and don’t miss anything!
I hope this story is useful. If you have faced any other issue that is not covered here, feel free to leave it in the comments and I’ll help you to find out what’s going on. Happy Terraforming!
