search

F5Networks / terraform-azure-bigip-module

Terraform module for Deploying BIG-IP in azure
Apache License 2.0
9 stars 23 forks source link

Feature: allow tagging of Azure interfaces with custom tags #33

Closed JeffGiroux closed 2 years ago

JeffGiroux commented 2 years ago

User would like to add unique tags per NIC. Currently, the var.tags is available but it is applied to all resources.

Use Case

The use case would be for F5 Cloud Failover Extension to satisfy Azure requirements in which NICs must be tagged with the failover labels, and nic maps. Specifically the primary IP on the external NIC must be tagged with 2 tags for example. Then the public IPs must be tagged too.

https://clouddocs.f5.com/products/extensions/f5-cloud-failover/latest/userguide/azure.html

Current behavior

Successful deployment of BIG-IP, but all NICs are tagged the same. There is no way to specify unique tags per NIC. In order to setup HA failover, manual workaround needed to add tags after deployment to NICs is needed.

Workaround

You must manually tag after but it won't be in time for onboarding to be successful. Still though, since the BIG-IP module doesn't contain those tags in state...upon next run...it will wipe out the values.

There is an aws_ec2_tag resource in the AWS provider, but I cannot find an equivalent for the Azure provider. See similar ticket in AWS BIG-IP module here - https://github.com/F5Networks/terraform-aws-bigip-module/issues/22

Suggestion

Add ability for the module parameters on the subnet lines to take additional tags.

Current...

module bigip {
  source                      = "F5Networks/bigip-module/azure"
  prefix                      = "bigip-azure-3nic"
  resource_group_name         = "testbigip"
  mgmt_subnet_ids             = [{"subnet_id" = "subnet_id_mgmt" , "public_ip" = true, "private_ip_primary" =  ""}]
  mgmt_securitygroup_ids      = ["securitygroup_id_mgmt"]
  external_subnet_ids         = [{"subnet_id" =  "subnet_id_external", "public_ip" = true, "private_ip_primary" = "", "private_ip_secondary" = "" }]
  external_securitygroup_ids  = ["securitygroup_id_external"]
  internal_subnet_ids         = [{"subnet_id" =  "subnet_id_internal", "public_ip"=false, "private_ip_primary" = "" }]
  internal_securitygroup_ids  = ["securitygropu_id_internal"]
}

With tags...

module bigip {
  source                      = "F5Networks/bigip-module/azure"
  prefix                      = "bigip-azure-3nic"
  resource_group_name         = "testbigip"
  mgmt_subnet_ids             = [{"subnet_id" = "subnet_id_mgmt" , "public_ip" = true, "private_ip_primary" =  ""}]
  mgmt_securitygroup_ids      = ["securitygroup_id_mgmt"]
  external_subnet_ids         = [{"subnet_id" =  "subnet_id_external", "public_ip" = true, "private_ip_primary" = "", "private_ip_secondary" = "", "more_tags_here" = "" }]
  external_securitygroup_ids  = ["securitygroup_id_external"]
  internal_subnet_ids         = [{"subnet_id" =  "subnet_id_internal", "public_ip"=false, "private_ip_secondary" = "", "more_tags_here" = "" }]
  internal_securitygroup_ids  = ["securitygropu_id_internal"]
}
JeffGiroux commented 2 years ago

I found a workaround via AZ cli as a null_resource...still hacky though. There is a source of truth issue still since both the null_resource and the module bigip will try to manage the NIC. Upon next update, the tags will either be there or not due to this workaround. Not consistent and not recommend...but gets me by for now.

  1. Collect data on NIC
  2. then run null_resource with az cli command to update nic
# BIG-IP 1 NIC info
data "azurerm_network_interface" "bigip_ext" {
  name                = format("%s-ext-nic-public-0", element(split("-f5vm01", element(split("/", module.bigip.bigip_instance_ids), 8)), 0))
  resource_group_name = azurerm_resource_group.main.name
}
data "azurerm_network_interface" "bigip_int" {
  name                = format("%s-int-nic0", element(split("-f5vm01", element(split("/", module.bigip.bigip_instance_ids), 8)), 0))
  resource_group_name = azurerm_resource_group.main.name
}

# Add Cloud Failover tags to BIG-IP 1 NICs
resource "null_resource" "f5vm01_nic_tags" {
  depends_on = [module.bigip]
  # Running AZ CLI to add tags
  provisioner "local-exec" {
    command = <<-EOF
      #!/bin/bash
      az network nic update -g ${azurerm_resource_group.main.name} -n ${data.azurerm_network_interface.bigip_ext.name} --set tags.f5_cloud_failover_label=bigip-failover-cluster123 tags.f5_cloud_failover_nic_map=external
      az network nic update -g ${azurerm_resource_group.main.name} -n ${data.azurerm_network_interface.bigip_int.name} --set tags.f5_cloud_failover_label=bigip-failover-cluster123 tags.f5_cloud_failover_nic_map=internal
    EOF
  }
}
KrithikaChidambaram commented 2 years ago

This request is now being tracked internally with ID INFRAANO-856

RavinderReddyF5 commented 2 years ago

Hi @JeffGiroux , Issue fixed in v1.2.5