FG
☁️ Cloud & DevOps

Configuring one provider with a dynamic attribute from another (was: depends_on for providers)

Freshabout 19 hours ago
Mar 14, 20260 views
Confidence Score95%
95%

Problem

This issue was inspired by this question on Google Groups. > I've got some Terraform code that doesn't work because the EC2 instance running the Docker daemon doesn't exist yet so I get "\* Error pinging Docker server: Get http://${aws_instance.docker.public_ip}:2375/_ping: dial tcp: lookup ${aws_instance.docker.public_ip}: no such host" if I run plan or apply. There are providers (docker and consul - theoretically also openstack but that's a stretch) that can be implemented with Terraform itself using other providers like AWS; if there are other resources in a Terraform deployment that use the (docker or consul) provider they cannot be provisioned or managed in any way until and unless the other resources that implement the docker server or consul cluster have been successfully provisioned. If there were a `depends_on` clause for providers like docker and consul, this kind of dependency could be managed automatically. In the absence of this, it may be possible to add `depends_on` clauses for all the resources using the docker or consul provider, but that does not fully address the problem as Terraform will attempt (and fail, if they are not already provisioned) to discover the state of the docker/consul resources during the planning stage, long before it has completed the computation of dependencies. Multiple plan/apply runs may be able to resolve that specific problem, but having a `depends_on` clause for providers would allow everything to be managed in a single pass

Error Output

Error pinging Docker server: Get http://${aws_instance.docker.public_ip}:2375/_ping: dial tcp: lookup ${aws_instance.docker.public_ip}: no such host" if I run plan or apply.

Unverified for your environment

Select your OS to check compatibility.

1 Fix

Canonical Fix
Unverified Fix
New Fix – Awaiting Verification

Implement Provider Dependency Management in Terraform

Medium Risk

The error occurs because Terraform attempts to interact with the Docker provider before the AWS EC2 instance hosting the Docker daemon is created. This leads to a failure in resolving the public IP of the instance, as it does not exist yet. Without a way to declare dependencies for providers, Terraform cannot manage the lifecycle of resources that rely on other providers effectively.

Awaiting Verification

Be the first to verify this fix

  1. 1

    Define AWS EC2 Instance

    Create an AWS EC2 instance that will run the Docker daemon. Ensure that the instance is properly configured with the necessary security groups and IAM roles.

    hcl
    resource "aws_instance" "docker" {
  ami           = "ami-12345678"
  instance_type = "t2.micro"
  tags = {
    Name = "DockerHost"
  }
}
  2. 2

    Use Local-Exec Provisioner to Wait for Docker

    Add a local-exec provisioner to the AWS EC2 instance resource to ensure that the Docker daemon is up and running before Terraform attempts to use the Docker provider.

    hcl
    resource "aws_instance" "docker" {
  # ... existing configuration ...
  provisioner "local-exec" {
    command = "while ! nc -z ${self.public_ip} 2375; do sleep 1; done"
  }
}
  3. 3

    Configure Docker Provider with Dynamic IP

    Set the Docker provider to use the public IP of the AWS instance dynamically, ensuring that it references the instance only after it has been created.

    hcl
    provider "docker" {
  host = "tcp://${aws_instance.docker.public_ip}:2375"
}
  4. 4

    Add Dependencies for Docker Resources

    Ensure that all Docker resources depend on the AWS EC2 instance by using the depends_on argument. This guarantees that the Docker resources are only created after the EC2 instance is fully provisioned.

    hcl
    resource "docker_container" "my_container" {
  depends_on = [aws_instance.docker]
  image = "my_docker_image"
  name  = "my_container"
}
  5. 5

    Run Terraform Apply

    Execute the Terraform apply command to provision the resources. The changes should ensure that the Docker provider is only accessed after the EC2 instance is ready.

    bash
    terraform apply

Validation

After applying the changes, confirm that the Docker container is created successfully without any errors related to the Docker server being unreachable. Check the state of the resources using 'terraform state list' and ensure that all dependencies are satisfied.

Sign in to verify this fix

Environment

Submitted by

AC

Alex Chen

2450 rep

Tags

terraformiacawsenhancementconfigunknown-values