OpenTofu: A Beginners Guide to a Terraform Fork Including Migration From Terraform
OpenTofu Import Tainting Resources and Deubugging
Demo Taint and Debugging
Welcome to the OpenTofu lab on Tainting and Debugging. In this hands-on tutorial, you will learn:
- How to export logs to a specific path using environment variables
- Generating and configuring debug log levels
- Enabling logging for an OpenTofu project
- Tainting and replacing Terraform resources (AWS EC2 example)
1. Environment Variables for Debugging
OpenTofu uses two key environment variables to control logging:
Variable | Purpose | Example |
---|---|---|
TF_LOG | Sets the log verbosity level (error , warn , info , debug , trace ) | export TF_LOG=debug |
TF_LOG_PATH | Specifies the file path where log output will be written | export TF_LOG_PATH=/tmp/ot.log |
Note
TF_LOG_PATH
must be set alongside TF_LOG
; otherwise, no logs will be written to disk.
2. Enabling Logging and Exporting Logs
Assume your project directory is /root/OpenTofu/projects/project_a
. To enable error
-level logging and export output to /tmp/project_a.log
, run:
cd /root/OpenTofu/projects/project_a
export TF_LOG=error
export TF_LOG_PATH=/tmp/project_a.log
opentofu init
opentofu apply
When prompted, type yes
. Authentication warnings may appear, but the log file will be created at /tmp/project_a.log
.
Warning
Do not modify any configuration files before exporting logs; this ensures you capture the original error context.
Among the log levels, trace
produces the most detailed output.
3. Provisioning an EC2 Instance and Tainting
Navigate to the projectB
directory:
cd /root/OpenTofu/projects/projectB
Your main.tf
defines an AWS EC2 instance:
resource "aws_instance" "ProjectB" {
ami = "ami-0c9bf21ac5bf10eb"
instance_type = "t2.large"
tags = {
Name = "projectB-webserver"
Description = "Oversized Webserver"
}
}
Initialize and apply the configuration:
opentofu init
opentofu apply
Confirm with yes
. After apply completes, the EC2 instance ProjectB
appears in your AWS console.
Effects of Tainting
To mark the EC2 instance for replacement:
opentofu taint aws_instance.ProjectB
Review the plan:
opentofu plan
Expected output:
Plan: 1 to add, 0 to change, 0 to destroy.
This indicates that the tainted resource will be recreated.
Replacing a Tainted Resource
Execute the apply command with -replace
:
opentofu apply -replace=aws_instance.ProjectB
OpenTofu will destroy the existing instance and create a new one before finalizing the update.
References
This concludes the lab on Tainting and Debugging with OpenTofu. In the next lesson, we'll explore resource dependencies and outputs.
Watch Video
Watch video content
Practice Lab
Practice lab