-1

I am a 2/3 week old newbie to GitLab and have run into a GitLab pipeline issue which has left me tearing my hair out, as despite hours of research online, including the official GitLab website, I simply can't seem to find a resolution.

Basically, my pipeline is made up of a number of stages, with each stage requiring one or more jobs to be executed. I've called the first pipeline stage "prep" and it features two jobs - gitlab_job1 and gitlab_job2.

The first job, gitlab_job1 does a simple terraform version check and confirms the fact that the terraform command is recognised within that job and as per my expectation, the entire pipeline.

The second job, gitlab_job2 pulls down a container image of Azure CLI and installs it successfully. However, within this same job, I'm required to run a number of terraform commands (and possibly other scripts as well) and this is where my issue lies, because suddenly the pipeline job no longer appears to recognise any Terraform command. I'm assuming that referencing the Azure CLI image in that job has wiped out Terraform from the gitlab_job2's scope entirely, but I need it to recognise it here.

Now, I don't mind having to create a third job in this same "prep" stage within which I can then reference my Terraform image (like I did in gitlab_job1) and run the required commands, but the key issue here is that this 3rd job will also be required to recognise or have within its scope, the installed Azure CLI from gitlab_job2.

Azure CLI and Terraform have therefore got to co-exist within the same job or if kept in discrete jobs, each must be visible from the other job. What am I doing wrong? Is it even also possible to reference more than one container image in a GitLab pipeline job? I've even tried the Needs and Dependencies keywords, but all to no avail.

Below is a snippet of my .gitlab-ci.yml file, including some descriptive annotation to provide better clarity. Could greatly do with some help on this.

default:
  image: 
    name: hashicorp/terraform:1.1.7
    entrypoint: [""]

stages:
  - prep
  - build
  - deploy  

gitlab_job1:
  stage: prep
  inherit:
    default: true
  script:
    - echo "This job successfully confirms the inherited Terraform version as 1.1.7" 
    - terraform --version

gitlab_job2:
   stage: prep
   inherit:
    default: true
   image: mcr.microsoft.com/dotnet/core/sdk:3.1

   script:
     - echo "This job will install the Azure cli."
     - curl -sL https://aka.ms/InstallAzureCLIDeb | bash
     - az --version   # Verify cli version after the install

     # This next command below should then run a basic Terraform validation, but throws the error directly below it.

     - terraform --validate 
     # Error msg displayed: - '/bin/bash line 139':' terraform':' command not found.

     # Other terraform commands follow the above validation command, but also fail as a result of the same error as above.
hitman126
  • 699
  • 1
  • 12
  • 43

1 Answers1

0

In the job gitlab_job2 you have specified image: mcr.microsoft.com/dotnet/core/sdk:3.1 as the image for the job environment. This image does not contain terraform therefore, the command will not be found unless you first install terraform in the job.

gitlab_job1 works because it is using the hashicorp/terraform:1.1.7 image which does include terraform.

Consider using the terraform image and installing azure cli in it instead for gitlab_job2: -- or use an image with azure CLI and install terraform.

Working example:

gitlab_job2:
   stage: prep
   # use Azure CLI image as a starting point
   image: mcr.microsoft.com/azure-cli

   script:
     - az --version   # CLI is included in image

     # install Terraform
     - curl -o ./terraform-bin.zip https://releases.hashicorp.com/terraform/1.1.8/terraform_1.1.8_linux_amd64.zip
     - unzip ./terraform-bin.zip -d /usr/local/bin
     - rm ./terraform-bin.zip
     
     - terraform version # terraform is now installed!
     #... now you can use azure cli and terraform together.
sytech
  • 29,298
  • 3
  • 45
  • 86
  • sytech, sorry but I'm not sure you've really read through my issue well to understand the problem.............or perhaps I haven't explained it well. Let me repeat/reiterate the key points again. Yes, in gitlab_job2 I have specified the image to be "mcr.microsoft.com/dotnet/core/sdk:3.1" and please note this carefully..........I've specified that image because the purpose of that job is to install Azure CLI and hence the need for that reference. However, in that same job, i.e. gitlab_job2, I need to run some terraform commands after the Azure CLI installation. That is the crux of the matter. – hitman126 Apr 15 '22 at 23:04
  • 1
    @hitman126 all jobs are separate environments. If you need terraform in the second job, you'll either need to change the image or install terraform in the job in order to use terraform and the azure CLI together. – sytech Apr 16 '22 at 20:28
  • Sytech, you keep stating the problem but are not providing a meaningful solution. The issue is simple. I need to run Terraform and Az CLI commands in a single job……and I stress on those key words again, I need to run both in the same pipeline job. How can that be achieved in a GitLab pipeline? That is what I’m seeking a solution for. If both Terraform and Az CLI commands cannot be run in a single job, then the question is how they can be run in two separate jobs…….but then remain in scope for the other job. – hitman126 Apr 17 '22 at 01:36
  • 1
    I stated the solution multiple times. You need to either (1) choose an image with the tool(s) you need or (2) install the tools as part of the job @hitman126 – sytech Apr 17 '22 at 07:38
  • Sytech, much appreciated. Unfortunately however, obtaining an image with all the tools required is something beyond my power, as my organisation has a tight control on all images stored in our central repository and due to an extremely lengthy and painful change request process we have in place, it could take me weeks to get the required image available. Hence why I'd have preferred to have the capability to implement a workaround myself, through my code. Oh and it's worth pointing out that we're not allowed to reference images from any docker registry that is external to the organisation. – hitman126 Apr 18 '22 at 12:07
  • @hitman126 then it seems you would have to use option (2) -- install the tools you need inside your job. For example, you could use the terraform image, then install Azure CLI inside of the job (which you already have the essential steps for in your job). That would result in you having both the tools you need. – sytech Apr 18 '22 at 16:22
  • Sytech, that's the actual issue you see - It's not possible to reference two images in the same GitLab CI pipeline job..........unless someone can confirm otherwise. I've spent hours looking into this issue and from all the research I've done, it's become apparent that firstly, you can only ever reference one image per job. – hitman126 Apr 19 '22 at 06:20
  • Secondly, if you move on to another pipeline job and reference the next image (e.g. Azure CLI), the first image reference (e.g. Terraform) is lost from the scope of the second job. Again, I stand to be corrected on this and like many people tend to prefer, if you or anyone can prove otherwise with actual code examples, that would be excellent. A copy of my code (above) could be edited to illustrate the proposed solution and that would bring this entire subject to a close instantly. – hitman126 Apr 19 '22 at 06:20
  • In my particular case, I require both image references to be in one single job, because my pipeline is executing a number of terraform config to provision some Azure infrastructure. The pipeline is therefore mimicking the behaviour one would expect, if for instance I was running the terraform config in VSCode or any CLI - you'll be required to firstly sign in to your Azure subs, before being able to proceed with the terraform infra provisioning. The GitLab CI pipeline is behaving no different and so within that single job, I need to log into Azure firstly before executing my terraform config. – hitman126 Apr 19 '22 at 06:30
  • Hopefully, adding that extra context has helped clarify my situation and the absolute need to have those two image references within scope of that one single GitLab CI pipeline job. If they cannot be referenced in a single job and it's only possible to have them in two separate jobs, then each must be in the scope of the other's job, simple. Again, to reiterate my earlier point, it would be great (for future reference by others too) if any proposed solution is illustrated with code snippets and my earlier one (above) could be edited for that purpose. – hitman126 Apr 19 '22 at 06:32
  • @hitman126 it sounds like you may be misunderstanding how docker images and gitlab jobs work. You cannot use two images together and you cannot preserve environments between jobs. I've added a working example to the above that you can use. – sytech Apr 19 '22 at 17:25
  • Sytech, that's great. The example provided could have certainly brought a conclusion to this discussion much, much earlier. It's greatly appreciated and an immense help to GitLab and Docker newbies like myself. Will try it out and provide some feedback shortly. – hitman126 Apr 20 '22 at 04:41