provider should offer sync on apply functionality

F5Networks / terraform-provider-bigip

Terraform resources that can configure F5 BIG-IP products

https://registry.terraform.io/providers/F5Networks/bigip/latest/docs

Mozilla Public License 2.0

103 stars 119 forks source link

provider should offer sync on apply functionality #444

Open oniGino opened 3 years ago

oniGino commented 3 years ago

After a successful apply, the LTM should sync with its HA pair

A line in provider to specify the cm sync-group options, should be allowed so after successful applies sync's can be performed automatically

My Hack around this is to do a resource "bigip_command" "sync" { commands = ["run cm config-sync to-group syncfailover"] }

but its not ideal as I cannot guarantee its the last task run

nmenant commented 3 years ago

Tracking this request internally with INFRAANO-274. We will do some research on whether it would be best to have a specific resource for this (like we do on Ansible) or whether we should add this in our provider

nmenant commented 3 years ago

We started to look into your ask and we have some questions/concerns i'd like to discuss: The challenge is that we don't have a way to trigger a specific config sync event at the end of a terraform execution. So it means we need to trigger it with every resource ; we cannot create a specific resource since we won't be sure it is executed last.

If we are to trigger the sync with every resources; i have the following question: wouldn't it be better to enable automatic sync on your BIG-IP ? Automatic sync is not always recommended depending on your setup so i wanted to get your thoughts on this

trinaths commented 3 years ago

@oniGino - any update on this? Where you able to resolve this with the above recommendation ? thoughts ?

bhoriuchi commented 2 years ago

bump

oniGino commented 2 years ago

a sync per resource is not ideal for us, given that option i will probably just continue to manage my sync manually, perhaps it's worth filling a ticket upstream asking for the ability to run a command last

nickzxcv commented 2 years ago

I'm making sure the sync runs last with a depends_on like this:

resource "bigip_command" "sync" {
  # TODO make the depends_on refer to a name of all resources created in the environment
  commands = ["run cm config-sync to-group ${var.devicegroup}"]
  depends_on = [bigip_ltm_node.chicago, bigip_ltm_node.zoro]
}

and it's working except it doesn't run all the time, like if I take some resources out they are correctly deleted on my first F5 but the sync didn't happen to second F5.

nickzxcv commented 1 year ago

I'm just using autosync now, but doing in the provider to just always sync at the end of apply or destroy in case of any changes would be be much the best. Like if stuff depends_on the bigip_command.sync the sync will happen before creating the resource during apply (no good), if the resource depends on bigip_command.sync, then the sync will happen before deleting the resource during destroy (also no good).