F5Networks / terraform-azure-bigip-module

Terraform module for Deploying BIG-IP in azure
Apache License 2.0
9 stars 24 forks source link

Resource group required before using this module #58

Closed minsis closed 11 months ago

minsis commented 1 year ago

This module requires a resource group to be created beforehand, making it unusable in a single project.

https://github.com/F5Networks/terraform-azure-bigip-module/blob/main/main.tf#L190

 Error: Error: Resource Group "network-lab" was not found
│ 
│   with module.bigip[0].data.azurerm_resource_group.bigiprg,
│   on .terraform/modules/bigip/main.tf line 190, in data "azurerm_resource_group" "bigiprg":
│  190: data "azurerm_resource_group" "bigiprg" {
pgouband commented 1 year ago

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1361.

pgouband commented 1 year ago

Hi @minsis,

Resource group needs to be created before, it's a requirement for the module used.

Have you tried the following example? https://github.com/F5Networks/terraform-azure-bigip-module/blob/main/examples/bigip_azure_1nic_deploy/main.tf

minsis commented 1 year ago

As you said, the resource group has to be created. So the examples don’t work.

The module doesn’t work unless the resource group is created which prevents you from being able to build an entire resource group with everything in it as a single project. Meaning in order to utilize this you would need to create two separate projects to be able to build out your stuff.

You probably don’t need the requirement but instead just ask for the resource group name and location. That way you won’t need to do a data lookup but instead rely on terraform’s planning to deal with it.

RavinderReddyF5 commented 1 year ago

Hi @minsis, In example provided we are creating Resource Group(https://github.com/F5Networks/terraform-azure-bigip-module/blob/main/examples/bigip_azure_1nic_deploy/main.tf#L14-L19) and referencing it to module as here (https://github.com/F5Networks/terraform-azure-bigip-module/blob/main/examples/bigip_azure_1nic_deploy/main.tf#L30-L40)

It was created with the intention there might be existed RG and networks, we can make use of these RG and networks to deploy instance.

can you please run through example and let me know if you see any problem there. example take care of creating RG and referencing it to module as input.

minsis commented 1 year ago

Even in the example the resource group has to be created first before passing the name in. This is due to terraforms planning phase.

If this was a fresh run the planning stage fails because the module is doing a data lookup to get the resource information, but obviously it can’t because the resource group hasn’t even been created yet.

RavinderReddyF5 commented 1 year ago

Hi @minsis

I don't see any issue for running example, resource group creation and referring it in module can be done single file

➜  bigip_azure_1nic_deploy git:(main) ✗ terraform apply
module.bigip[0].data.azurerm_subscription.current: Reading...
module.bigip[0].data.azurerm_client_config.current: Reading...
module.bigip[0].data.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD0wNGIwNzc5NS04ZGRiLTQ2MWEtYmJlZS0wMmY5ZTFiZjdiNDY7b2JqZWN0SWQ9MmRkZjNmMDUtY2UxYy00MGMwLWFmMjktYTlhMGM4NzBjNTIzO3N1YnNjcmlwdGlvbklkPWQzMWU0ZTU0LTc1NzctNGY0My1iNDA3LWJhZTZjYzBmNGY1NTt0ZW5hbnRJZD1kMTA2ODcxZS03YjkxLTQ3MzMtODQyMy1mOTg1ODYzMDNiNjg=]
module.bigip[0].data.azurerm_subscription.current: Read complete after 0s [id=/subscriptions/d31e4e54-7577-4f43-b407-bae6cc0f4f55]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # data.azurerm_subnet.mgmt will be read during apply
  # (config refers to values not yet known)
 <= data "azurerm_subnet" "mgmt" {
      + address_prefix                                 = (known after apply)
      + address_prefixes                               = (known after apply)
      + enforce_private_link_endpoint_network_policies = (known after apply)
      + enforce_private_link_service_network_policies  = (known after apply)
      + id                                             = (known after apply)
      + name                                           = "mgmt-subnet"
      + network_security_group_id                      = (known after apply)
      + private_endpoint_network_policies_enabled      = (known after apply)
      + private_link_service_network_policies_enabled  = (known after apply)
      + resource_group_name                            = (known after apply)
      + route_table_id                                 = (known after apply)
      + service_endpoints                              = (known after apply)
      + virtual_network_name                           = (known after apply)
    }

  # azurerm_network_security_rule.mgmt_allow_http will be created
  + resource "azurerm_network_security_rule" "mgmt_allow_http" {
      + access                      = "Allow"
      + destination_address_prefix  = "*"
      + destination_port_range      = "80"
      + direction                   = "Inbound"
      + id                          = (known after apply)
      + name                        = "Allow_Http"
      + network_security_group_name = (known after apply)
      + priority                    = 201
      + protocol                    = "Tcp"
      + resource_group_name         = (known after apply)
      + source_address_prefixes     = [
          + "0.0.0.0/0",
        ]
      + source_port_range           = "*"
    }

  # azurerm_network_security_rule.mgmt_allow_https will be created
  + resource "azurerm_network_security_rule" "mgmt_allow_https" {
      + access                      = "Allow"
      + destination_address_prefix  = "*"
      + destination_port_range      = "8443"
      + direction                   = "Inbound"
      + id                          = (known after apply)
      + name                        = "Allow_Https"
      + network_security_group_name = (known after apply)
      + priority                    = 200
      + protocol                    = "Tcp"
      + resource_group_name         = (known after apply)
      + source_address_prefixes     = [
          + "0.0.0.0/0",
        ]
      + source_port_range           = "*"
    }

  # azurerm_network_security_rule.mgmt_allow_ssh will be created
  + resource "azurerm_network_security_rule" "mgmt_allow_ssh" {
      + access                      = "Allow"
      + destination_address_prefix  = "*"
      + destination_port_range      = "22"
      + direction                   = "Inbound"
      + id                          = (known after apply)
      + name                        = "Allow_ssh"
      + network_security_group_name = (known after apply)
      + priority                    = 202
      + protocol                    = "Tcp"
      + resource_group_name         = (known after apply)
      + source_address_prefixes     = [
          + "0.0.0.0/0",
        ]
      + source_port_range           = "*"
    }

  # azurerm_resource_group.rg will be created
  + resource "azurerm_resource_group" "rg" {
      + id       = (known after apply)
      + location = "eastus"
      + name     = (known after apply)
    }

  # azurerm_ssh_public_key.f5_key will be created
  + resource "azurerm_ssh_public_key" "f5_key" {
      + id                  = (known after apply)
      + location            = "eastus"
      + name                = (known after apply)
      + public_key          = <<-EOT
            ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC65CYwTigMlzqll/1z3yQ0Yvpl27oGsXSXqTh4g2o3hPhFugxGFODjuQeZpF/1ywuG9Pcg2OCiP2vwjcyjcrOH/Sob6XufbPjnKLqi2cMFdav3LbaGE4p4eprzR0UIIVJFwB/SFGHeIJu5VgR2GPDbg3lwF+ZYKiBP4K/UJvuKAT9t0fesXeZeKaHyHNZCpl9ltGW16qivyoeMXavI5z3c3bjYOrCXOI3A2MQQJ3p7DBN3mP8es/lpKoCF7oPya5BnB125otQ3e5j9stX79LBtB5w7iQRXKUtM+ZaqhQCgKprIe+pnw33zJ08ta130nnbZqWgPUXGtCHDJ5dZV7Ggz0uHEB71ARFWHGpCdvJAKa46jQGWJC06sydP7zVNJbwWmuVcngxkpaKQ+O5v1M0WztI/7RfOxGrQQOCVs5r4zinvw+CmDQ7AhYqHrvlh4iR/yWhrayPpUlk6cxbqW1bRqxP04SoNroP6RHWbhYEd+b/dqPtR6yVVcUDaiC7mPd9ifitX4q+mc0cb182thZtsWhJ7jzkwu5KytpViT7BEn5mTt6cv/yIEd/9HIBB9cFGf8Mc2dsR++Z1GEQqyBeyjH5NmnoZnc9P/8NSEv0wtQUEGFo5LLAnxt7nego9IRjGzYRUgql30mQTc3gGc/fmQnlouqSKJVYSPP+BrYJAw/tw== r.chinthalapalli@JP27H964T7
        EOT
      + resource_group_name = (known after apply)
    }

  # null_resource.clusterDO[0] will be created
  + resource "null_resource" "clusterDO" {
      + id = (known after apply)
    }

  # random_id.id will be created
  + resource "random_id" "id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 2
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

  # module.bigip[0].data.azurerm_resource_group.bigiprg will be read during apply
  # (config refers to values not yet known)
 <= data "azurerm_resource_group" "bigiprg" {
      + id         = (known after apply)
      + location   = (known after apply)
      + managed_by = (known after apply)
      + name       = (known after apply)
      + tags       = (known after apply)
    }

  # module.bigip[0].azurerm_linux_virtual_machine.f5vm01 will be created
  + resource "azurerm_linux_virtual_machine" "f5vm01" {
      + admin_password                  = (sensitive value)
      + admin_username                  = "bigipuser"
      + allow_extension_operations      = true
      + computer_name                   = (known after apply)
      + custom_data                     = (sensitive value)
      + disable_password_authentication = false
      + extensions_time_budget          = "PT1H30M"
      + id                              = (known after apply)
      + location                        = (known after apply)
      + max_bid_price                   = -1
      + name                            = (known after apply)
      + network_interface_ids           = (known after apply)
      + patch_assessment_mode           = "ImageDefault"
      + patch_mode                      = "ImageDefault"
      + platform_fault_domain           = -1
      + priority                        = "Regular"
      + private_ip_address              = (known after apply)
      + private_ip_addresses            = (known after apply)
      + provision_vm_agent              = true
      + public_ip_address               = (known after apply)
      + public_ip_addresses             = (known after apply)
      + resource_group_name             = (known after apply)
      + size                            = "Standard_D8s_v4"
      + tags                            = (known after apply)
      + virtual_machine_id              = (known after apply)
      + zone                            = "1"

      + admin_ssh_key {
          + public_key = <<-EOT
                ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC65CYwTigMlzqll/1z3yQ0Yvpl27oGsXSXqTh4g2o3hPhFugxGFODjuQeZpF/1ywuG9Pcg2OCiP2vwjcyjcrOH/Sob6XufbPjnKLqi2cMFdav3LbaGE4p4eprzR0UIIVJFwB/SFGHeIJu5VgR2GPDbg3lwF+ZYKiBP4K/UJvuKAT9t0fesXeZeKaHyHNZCpl9ltGW16qivyoeMXavI5z3c3bjYOrCXOI3A2MQQJ3p7DBN3mP8es/lpKoCF7oPya5BnB125otQ3e5j9stX79LBtB5w7iQRXKUtM+ZaqhQCgKprIe+pnw33zJ08ta130nnbZqWgPUXGtCHDJ5dZV7Ggz0uHEB71ARFWHGpCdvJAKa46jQGWJC06sydP7zVNJbwWmuVcngxkpaKQ+O5v1M0WztI/7RfOxGrQQOCVs5r4zinvw+CmDQ7AhYqHrvlh4iR/yWhrayPpUlk6cxbqW1bRqxP04SoNroP6RHWbhYEd+b/dqPtR6yVVcUDaiC7mPd9ifitX4q+mc0cb182thZtsWhJ7jzkwu5KytpViT7BEn5mTt6cv/yIEd/9HIBB9cFGf8Mc2dsR++Z1GEQqyBeyjH5NmnoZnc9P/8NSEv0wtQUEGFo5LLAnxt7nego9IRjGzYRUgql30mQTc3gGc/fmQnlouqSKJVYSPP+BrYJAw/tw== r.chinthalapalli@JP27H964T7
            EOT
          + username   = "bigipuser"
        }

      + identity {
          + identity_ids = (known after apply)
          + principal_id = (known after apply)
          + tenant_id    = (known after apply)
          + type         = "UserAssigned"
        }

      + os_disk {
          + caching                   = "ReadWrite"
          + disk_size_gb              = 84
          + name                      = (known after apply)
          + storage_account_type      = "Standard_LRS"
          + write_accelerator_enabled = false
        }

      + plan {
          + name      = "f5-big-best-plus-hourly-25mbps"
          + product   = "f5-big-ip-best"
          + publisher = "f5-networks"
        }

      + source_image_reference {
          + offer     = "f5-big-ip-best"
          + publisher = "f5-networks"
          + sku       = "f5-big-best-plus-hourly-25mbps"
          + version   = "latest"
        }
    }

  # module.bigip[0].azurerm_network_interface.mgmt_nic[0] will be created
  + resource "azurerm_network_interface" "mgmt_nic" {
      + applied_dns_servers           = (known after apply)
      + dns_servers                   = (known after apply)
      + enable_accelerated_networking = false
      + enable_ip_forwarding          = false
      + id                            = (known after apply)
      + internal_dns_name_label       = (known after apply)
      + internal_domain_name_suffix   = (known after apply)
      + location                      = (known after apply)
      + mac_address                   = (known after apply)
      + name                          = (known after apply)
      + private_ip_address            = (known after apply)
      + private_ip_addresses          = (known after apply)
      + resource_group_name           = (known after apply)
      + tags                          = (known after apply)
      + virtual_machine_id            = (known after apply)

      + ip_configuration {
          + gateway_load_balancer_frontend_ip_configuration_id = (known after apply)
          + name                                               = (known after apply)
          + primary                                            = (known after apply)
          + private_ip_address                                 = (known after apply)
          + private_ip_address_allocation                      = "Dynamic"
          + private_ip_address_version                         = "IPv4"
          + public_ip_address_id                               = (known after apply)
          + subnet_id                                          = (known after apply)
        }
    }

  # module.bigip[0].azurerm_network_interface_security_group_association.mgmt_security[0] will be created
  + resource "azurerm_network_interface_security_group_association" "mgmt_security" {
      + id                        = (known after apply)
      + network_interface_id      = (known after apply)
      + network_security_group_id = (known after apply)
    }

  # module.bigip[0].azurerm_public_ip.mgmt_public_ip[0] will be created
  + resource "azurerm_public_ip" "mgmt_public_ip" {
      + allocation_method       = "Static"
      + ddos_protection_mode    = "VirtualNetworkInherited"
      + domain_name_label       = (known after apply)
      + fqdn                    = (known after apply)
      + id                      = (known after apply)
      + idle_timeout_in_minutes = 4
      + ip_address              = (known after apply)
      + ip_version              = "IPv4"
      + location                = (known after apply)
      + name                    = (known after apply)
      + resource_group_name     = (known after apply)
      + sku                     = "Standard"
      + sku_tier                = "Regional"
      + tags                    = (known after apply)
    }

  # module.bigip[0].azurerm_user_assigned_identity.user_identity[0] will be created
  + resource "azurerm_user_assigned_identity" "user_identity" {
      + client_id           = (known after apply)
      + id                  = (known after apply)
      + location            = (known after apply)
      + name                = (known after apply)
      + principal_id        = (known after apply)
      + resource_group_name = (known after apply)
      + tags                = (known after apply)
      + tenant_id           = (known after apply)
    }

  # module.bigip[0].azurerm_virtual_machine_extension.vmext will be created
  + resource "azurerm_virtual_machine_extension" "vmext" {
      + failure_suppression_enabled = false
      + id                          = (known after apply)
      + name                        = (known after apply)
      + publisher                   = "Microsoft.Azure.Extensions"
      + settings                    = <<-EOT
            {
                  "commandToExecute": "bash /var/lib/waagent/CustomData; exit 0;"
                }
        EOT
      + tags                        = (known after apply)
      + type                        = "CustomScript"
      + type_handler_version        = "2.0"
      + virtual_machine_id          = (known after apply)
    }

  # module.bigip[0].random_id.module_id will be created
  + resource "random_id" "module_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 2
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

  # module.bigip[0].random_string.password will be created
  + resource "random_string" "password" {
      + id          = (known after apply)
      + length      = 16
      + lower       = true
      + min_lower   = 1
      + min_numeric = 1
      + min_special = 0
      + min_upper   = 1
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = true
    }

  # module.bigip[0].time_sleep.wait_for_azurerm_virtual_machine_f5vm will be created
  + resource "time_sleep" "wait_for_azurerm_virtual_machine_f5vm" {
      + create_duration = "300s"
      + id              = (known after apply)
    }

  # module.mgmt-network-security-group.data.azurerm_resource_group.nsg will be read during apply
  # (config refers to values not yet known)
 <= data "azurerm_resource_group" "nsg" {
      + id         = (known after apply)
      + location   = (known after apply)
      + managed_by = (known after apply)
      + name       = (known after apply)
      + tags       = (known after apply)
    }

  # module.mgmt-network-security-group.azurerm_network_security_group.nsg will be created
  + resource "azurerm_network_security_group" "nsg" {
      + id                  = (known after apply)
      + location            = (known after apply)
      + name                = (known after apply)
      + resource_group_name = (known after apply)
      + security_rule       = (known after apply)
      + tags                = {
          + "costcenter"  = "terraform"
          + "environment" = "dev"
        }
    }

  # module.network.azurerm_subnet.subnet[0] will be created
  + resource "azurerm_subnet" "subnet" {
      + address_prefixes                               = [
          + "10.2.1.0/24",
        ]
      + enforce_private_link_endpoint_network_policies = false
      + enforce_private_link_service_network_policies  = false
      + id                                             = (known after apply)
      + name                                           = "mgmt-subnet"
      + private_endpoint_network_policies_enabled      = (known after apply)
      + private_link_service_network_policies_enabled  = (known after apply)
      + resource_group_name                            = (known after apply)
      + virtual_network_name                           = (known after apply)
    }

  # module.network.azurerm_virtual_network.vnet will be created
  + resource "azurerm_virtual_network" "vnet" {
      + address_space       = [
          + "10.2.0.0/16",
        ]
      + dns_servers         = []
      + guid                = (known after apply)
      + id                  = (known after apply)
      + location            = "eastus"
      + name                = (known after apply)
      + resource_group_name = (known after apply)
      + subnet              = (known after apply)
      + tags                = {
          + "costcenter"  = "it"
          + "environment" = "dev"
        }
    }

Plan: 19 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + bigip_instance_ids = [
      + (known after apply),
    ]
  + bigip_password     = [
      + (known after apply),
    ]
  + bigip_username     = [
      + "bigipuser",
    ]
  + mgmtPort           = [
      + "8443",
    ]
  + mgmtPublicDNS      = [
      + (known after apply),
    ]
  + mgmtPublicIP       = [
      + (known after apply),
    ]
  + mgmtPublicURL      = [
      + (known after apply),
    ]
  + private_addresses  = [
      + {
          + external_private = {
              + private_ip  = []
              + private_ips = []
            }
          + internal_private = {
              + private_ip  = []
              + private_ips = []
            }
          + mgmt_private     = {
              + private_ip  = [
                  + (known after apply),
                ]
              + private_ips = [
                  + (known after apply),
                ]
            }
          + public_private   = {
              + private_ip  = []
              + private_ips = []
            }
        },
    ]
  + public_addresses   = [
      + {
          + external_primary_public   = []
          + external_secondary_public = []
        },
    ]
  + resourcegroup_name = (known after apply)
╷
│ Warning: Argument is deprecated
│
│   with module.network.azurerm_subnet.subnet[0],
│   on .terraform/modules/network/main.tf line 26, in resource "azurerm_subnet" "subnet":
│   26:   enforce_private_link_endpoint_network_policies = lookup(var.subnet_enforce_private_link_endpoint_network_policies, var.subnet_names[count.index], false)
│
│ `enforce_private_link_endpoint_network_policies` will be removed in favour of the property `private_endpoint_network_policies_enabled` in version 4.0 of the AzureRM Provider
│
│ (and one more similar warning elsewhere)
╵

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value:

here is usage of module

module "bigip" {
  count  = var.instance_count
  source = "F5Networks/bigip-module/azure"
  # source                      = "../../"
  prefix                      = format("%s-1nic", var.prefix)
  resource_group_name         = azurerm_resource_group.rg.name
  f5_ssh_publickey            = azurerm_ssh_public_key.f5_key.public_key
  mgmt_subnet_ids             = [{ "subnet_id" = data.azurerm_subnet.mgmt.id, "public_ip" = true, "private_ip_primary" = "" }]
  mgmt_securitygroup_ids      = [module.mgmt-network-security-group.network_security_group_id]
  availability_zone           = var.availability_zone
  availabilityZones_public_ip = var.availabilityZones_public_ip
}
RavinderReddyF5 commented 1 year ago

hi @minsis, you don't need data source here for referring data group.

module "bigip" {
  count  = var.instance_count
  source = "F5Networks/bigip-module/azure"
  # source                      = "../../"
  prefix                      = format("%s-1nic", var.prefix)
  resource_group_name         = azurerm_resource_group.rg.name
  f5_ssh_publickey            = azurerm_ssh_public_key.f5_key.public_key
  mgmt_subnet_ids             = [{ "subnet_id" = data.azurerm_subnet.mgmt.id, "public_ip" = true, "private_ip_primary" = "" }]
  mgmt_securitygroup_ids      = [module.mgmt-network-security-group.network_security_group_id]
  availability_zone           = var.availability_zone
  availabilityZones_public_ip = var.availabilityZones_public_ip
}
minsis commented 1 year ago

Here's a very simple example of whats happening here.

resource "azurerm_resource_group" "example" {
  name     = "example"
  location = "West Europe"
}

data "azurerm_resource_group" "example" {
  name = "example"
}

So here you can see that it knows it needs to create a resource group, but I can't do a data look up on said resource because it doesn't exist yet.

tf-test $ tf plan
data.azurerm_resource_group.example: Reading...

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform planned the following actions, but then encountered a problem:

  # azurerm_resource_group.example will be created
  + resource "azurerm_resource_group" "example" {
      + id       = (known after apply)
      + location = "westeurope"
      + name     = "example"
    }

Plan: 1 to add, 0 to change, 0 to destroy.
╷
│ Error: Error: Resource Group "example" was not found
│ 
│   with data.azurerm_resource_group.example,
│   on main.tf line 6, in data "azurerm_resource_group" "example":
│    6: data "azurerm_resource_group" "example" {
│ 
╵

Now, I can get around this by setting a dependency on it:

resource "azurerm_resource_group" "example" {
  name     = "example"
  location = "West Europe"
}

data "azurerm_resource_group" "example" {
  name = "example"
  depends_on = [ azurerm_resource_group.example ]
}

Which works nicely:

tf-test $ tf plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # data.azurerm_resource_group.example will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "azurerm_resource_group" "example" {
      + id         = (known after apply)
      + location   = (known after apply)
      + managed_by = (known after apply)
      + name       = "example"
      + tags       = (known after apply)
    }

  # azurerm_resource_group.example will be created
  + resource "azurerm_resource_group" "example" {
      + id       = (known after apply)
      + location = "westeurope"
      + name     = "example"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

However, because the data look up is in the module, I can't force this. I have tried to put the dependancy on the module itself when declared but this still didn't work.

RavinderReddyF5 commented 1 year ago

Hi @minsis you don't need of data source here for pointing RG to module, as I mentioned in my previous comment.

resource "azurerm_resource_group" "example" {
  name     = "example"
  location = "West Europe"
}

module "bigip" {
  count  = var.instance_count
  source = "F5Networks/bigip-module/azure"
  prefix                      = format("%s-1nic", var.prefix)
  resource_group_name         = azurerm_resource_group.example.name
  f5_ssh_publickey            = azurerm_ssh_public_key.f5_key.public_key
  mgmt_subnet_ids             = [{ "subnet_id" = data.azurerm_subnet.mgmt.id, "public_ip" = true, "private_ip_primary" = "" }]
  mgmt_securitygroup_ids      = [module.mgmt-network-security-group.network_security_group_id]
  availability_zone           = var.availability_zone
  availabilityZones_public_ip = var.availabilityZones_public_ip
}
minsis commented 1 year ago

I dont know why its successful for you but failing for me. The error output given in my OP was exactly from the referenced example, obviously with name changes.

RavinderReddyF5 commented 1 year ago

Hi @minsis just copy below code in main.tf and run it by providing required inputs. and let me know if you still see issue

provider "azurerm" {
  //  version = "~>2.0"
  features {}
}

#
# Create a random id
#
resource "random_id" "id" {
  byte_length = 2
}

#
# Create a resource group
#
resource "azurerm_resource_group" "rg" {
  name     = format("%s-rg-%s", var.prefix, random_id.id.hex)
  location = var.location
}

resource "azurerm_ssh_public_key" "f5_key" {
  name                = format("%s-pubkey-%s", var.prefix, random_id.id.hex)
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  public_key          = file("~/.ssh/id_rsa.pub")
}
#
#Create N-nic bigip
#
module "bigip" {
  count  = var.instance_count
  source = "F5Networks/bigip-module/azure"
  # source                      = "../../"
  prefix                      = format("%s-1nic", var.prefix)
  resource_group_name         = azurerm_resource_group.rg.name
  f5_ssh_publickey            = azurerm_ssh_public_key.f5_key.public_key
  mgmt_subnet_ids             = [{ "subnet_id" = data.azurerm_subnet.mgmt.id, "public_ip" = true, "private_ip_primary" = "" }]
  mgmt_securitygroup_ids      = [module.mgmt-network-security-group.network_security_group_id]
  availability_zone           = var.availability_zone
  availabilityZones_public_ip = var.availabilityZones_public_ip
}

#
# Create the Network Module to associate with BIGIP
#

module "network" {
  source              = "Azure/vnet/azurerm"
  version             = "3.0.0"
  vnet_name           = format("%s-vnet-%s", var.prefix, random_id.id.hex)
  resource_group_name = azurerm_resource_group.rg.name
  vnet_location       = var.location
  address_space       = [var.cidr]
  subnet_prefixes     = [cidrsubnet(var.cidr, 8, 1)]
  subnet_names        = ["mgmt-subnet"]

  tags = {
    environment = "dev"
    costcenter  = "it"
  }
}

data "azurerm_subnet" "mgmt" {
  name                 = "mgmt-subnet"
  virtual_network_name = module.network.vnet_name
  resource_group_name  = azurerm_resource_group.rg.name
  depends_on           = [module.network]
}

#
# Create the Network Security group Module to associate with BIGIP-Mgmt-Nic
#
module "mgmt-network-security-group" {
  source              = "Azure/network-security-group/azurerm"
  resource_group_name = azurerm_resource_group.rg.name
  security_group_name = format("%s-mgmt-nsg-%s", var.prefix, random_id.id.hex)
  tags = {
    environment = "dev"
    costcenter  = "terraform"
  }
}

resource "azurerm_network_security_rule" "mgmt_allow_https" {
  name                        = "Allow_Https"
  priority                    = 200
  direction                   = "Inbound"
  access                      = "Allow"
  protocol                    = "Tcp"
  source_port_range           = "*"
  destination_port_range      = "8443"
  destination_address_prefix  = "*"
  source_address_prefixes     = var.AllowedIPs
  resource_group_name         = azurerm_resource_group.rg.name
  network_security_group_name = format("%s-mgmt-nsg-%s", var.prefix, random_id.id.hex)
  depends_on                  = [module.mgmt-network-security-group]
}
resource "azurerm_network_security_rule" "mgmt_allow_http" {
  name                        = "Allow_Http"
  priority                    = 201
  direction                   = "Inbound"
  access                      = "Allow"
  protocol                    = "Tcp"
  source_port_range           = "*"
  destination_port_range      = "80"
  destination_address_prefix  = "*"
  source_address_prefixes     = var.AllowedIPs
  resource_group_name         = azurerm_resource_group.rg.name
  network_security_group_name = format("%s-mgmt-nsg-%s", var.prefix, random_id.id.hex)
  depends_on                  = [module.mgmt-network-security-group]
}
resource "azurerm_network_security_rule" "mgmt_allow_ssh" {
  name                        = "Allow_ssh"
  priority                    = 202
  direction                   = "Inbound"
  access                      = "Allow"
  protocol                    = "Tcp"
  source_port_range           = "*"
  destination_port_range      = "22"
  destination_address_prefix  = "*"
  source_address_prefixes     = var.AllowedIPs
  resource_group_name         = azurerm_resource_group.rg.name
  network_security_group_name = format("%s-mgmt-nsg-%s", var.prefix, random_id.id.hex)
  depends_on                  = [module.mgmt-network-security-group]
}
pgouband commented 11 months ago

Hi @minsis,

We didn't get any feedback from our last message so we are closing this issue. Please reopen a new one if you are still facing the issue.