problems with IPs reservations

ibmappm commented 2 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform IBM Provider Version

$ terraform version Terraform v1.2.2 on linux_amd64

provider registry.terraform.io/ibm-cloud/ibm v1.42.0
Affected Resource(s)

ibm_is_subnet_reserved_ip

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please share a link to the ZIP file.
provider "ibm" {
  region = "eu-de"
}

data "ibm_is_image" "example" {
  name = "ibm-debian-11-3-minimal-amd64-1"
}

resource "ibm_is_vpc" "example" {
  name = "example-vpc"
}

resource "ibm_is_vpc_address_prefix" "example" {
  name = "example-address-prefix"
  vpc  = ibm_is_vpc.example.id
  zone = "eu-de-1"
  cidr = "10.240.0.0/24"
}

resource "ibm_is_subnet" "example" {
  name            = "example-subnet"
  vpc             = ibm_is_vpc.example.id
  zone            = "eu-de-1"
  ipv4_cidr_block = "10.240.0.0/24"

  depends_on = [ibm_is_vpc_address_prefix.example]
}

resource "ibm_is_subnet_reserved_ip" "example" {
  name   = "example-reserved-ip"
  subnet = ibm_is_subnet.example.id
}

resource "ibm_is_ssh_key" "example" {
  name       = "example-ssh"
  public_key = "ssh-rsa ...."
}

resource "ibm_is_instance" "example1" {
  image   = data.ibm_is_image.example.id
  name    = "example-instance-1-reserved-ip"
  profile = "bx2-2x8"

  primary_network_interface {
    name   = "eth0"
    subnet = ibm_is_subnet.example.id
    primary_ip {
      reserved_ip = ibm_is_subnet_reserved_ip.example.reserved_ip
    }
  }

  vpc  = ibm_is_vpc.example.id
  zone = "eu-de-1"
  keys = [ibm_is_ssh_key.example.id]
}

resource "ibm_is_instance" "example2" {
  image   = data.ibm_is_image.example.id
  name    = "example-instance-2-reserved-ip"
  profile = "bx2-2x8"

  primary_network_interface {
    name   = "eth0"
    subnet = ibm_is_subnet.example.id
    primary_ip {
      reserved_ip = ibm_is_subnet_reserved_ip.example.reserved_ip
    }
  }

  vpc  = ibm_is_vpc.example.id
  zone = "eu-de-1"
  keys = [ibm_is_ssh_key.example.id]
}

Debug Output

Panic Output

Expected Behavior

It should have failed since the IP should be unique for each VSI.

Actual Behavior

Steps to Reproduce

terraform apply

$ terraform apply data.ibm_is_image.example: Reading... ibm_is_ssh_key.example: Refreshing state... [id=r010-03ee12ab-eda5-4e0c-901e-61121d7df6a6] ibm_is_vpc.example: Refreshing state... [id=r010-da0ba964-30b9-4505-b783-ed248b065f78] data.ibm_is_image.example: Read complete after 1s [id=r010-b6c658a8-901c-4a6c-802f-f3488a114e28] ibm_is_vpc_address_prefix.example: Refreshing state... [id=r010-da0ba964-30b9-4505-b783-ed248b065f78/r010-c9f48a74-16d7-447f-af80-718e7b8778dd] ibm_is_subnet.example: Refreshing state... [id=02b7-461d844c-4701-463c-b9fe-92240a753622] ibm_is_subnet_reserved_ip.example: Refreshing state... [id=02b7-461d844c-4701-463c-b9fe-92240a753622/02b7-31e1fc79-3ee2-40af-8d45-bb91dd255a9c] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # ibm_is_instance.example1 will be created + resource "ibm_is_instance" "example1" { + availability_policy_host_failure = (known after apply) + bandwidth = (known after apply) + crn = (known after apply) + default_trusted_profile_auto_link = (known after apply) + disks = (known after apply) + force_action = false + gpu = (known after apply) + id = (known after apply) + image = "r010-b6c658a8-901c-4a6c-802f-f3488a114e28" + keys = [ + "r010-03ee12ab-eda5-4e0c-901e-61121d7df6a6", ] + memory = (known after apply) + metadata_service_enabled = (known after apply) + name = "example-instance-1-reserved-ip" + placement_target = (known after apply) + profile = "bx2-2x8" + resource_controller_url = (known after apply) + resource_crn = (known after apply) + resource_group = (known after apply) + resource_group_name = (known after apply) + resource_name = (known after apply) + resource_status = (known after apply) + status = (known after apply) + status_reasons = (known after apply) + tags = (known after apply) + total_network_bandwidth = (known after apply) + total_volume_bandwidth = (known after apply) + vcpu = (known after apply) + volume_attachments = (known after apply) + vpc = "r010-da0ba964-30b9-4505-b783-ed248b065f78" + wait_before_delete = true + zone = "eu-de-1" + boot_volume { + encryption = (known after apply) + iops = (known after apply) + name = (known after apply) + profile = (known after apply) + size = (known after apply) + snapshot = (known after apply) + volume_id = (known after apply) } + network_interfaces { + allow_ip_spoofing = (known after apply) + id = (known after apply) + name = (known after apply) + primary_ipv4_address = (known after apply) + security_groups = (known after apply) + subnet = (known after apply) + primary_ip { + address = (known after apply) + auto_delete = (known after apply) + href = (known after apply) + name = (known after apply) + reserved_ip = (known after apply) + resource_type = (known after apply) } } + primary_network_interface { + allow_ip_spoofing = false + id = (known after apply) + name = "eth0" + port_speed = (known after apply) + primary_ipv4_address = (known after apply) + security_groups = (known after apply) + subnet = "02b7-461d844c-4701-463c-b9fe-92240a753622" + primary_ip { + address = (known after apply) + auto_delete = (known after apply) + href = (known after apply) + name = (known after apply) + reserved_ip = "02b7-31e1fc79-3ee2-40af-8d45-bb91dd255a9c" + resource_type = (known after apply) } } } # ibm_is_instance.example2 will be created + resource "ibm_is_instance" "example2" { + availability_policy_host_failure = (known after apply) + bandwidth = (known after apply) + crn = (known after apply) + default_trusted_profile_auto_link = (known after apply) + disks = (known after apply) + force_action = false + gpu = (known after apply) + id = (known after apply) + image = "r010-b6c658a8-901c-4a6c-802f-f3488a114e28" + keys = [ + "r010-03ee12ab-eda5-4e0c-901e-61121d7df6a6", ] + memory = (known after apply) + metadata_service_enabled = (known after apply) + name = "example-instance-2-reserved-ip" + placement_target = (known after apply) + profile = "bx2-2x8" + resource_controller_url = (known after apply) + resource_crn = (known after apply) + resource_group = (known after apply) + resource_group_name = (known after apply) + resource_name = (known after apply) + resource_status = (known after apply) + status = (known after apply) + status_reasons = (known after apply) + tags = (known after apply) + total_network_bandwidth = (known after apply) + total_volume_bandwidth = (known after apply) + vcpu = (known after apply) + volume_attachments = (known after apply) + vpc = "r010-da0ba964-30b9-4505-b783-ed248b065f78" + wait_before_delete = true + zone = "eu-de-1" + boot_volume { + encryption = (known after apply) + iops = (known after apply) + name = (known after apply) + profile = (known after apply) + size = (known after apply) + snapshot = (known after apply) + volume_id = (known after apply) } + network_interfaces { + allow_ip_spoofing = (known after apply) + id = (known after apply) + name = (known after apply) + primary_ipv4_address = (known after apply) + security_groups = (known after apply) + subnet = (known after apply) + primary_ip { + address = (known after apply) + auto_delete = (known after apply) + href = (known after apply) + name = (known after apply) + reserved_ip = (known after apply) + resource_type = (known after apply) } } + primary_network_interface { + allow_ip_spoofing = false + id = (known after apply) + name = "eth0" + port_speed = (known after apply) + primary_ipv4_address = (known after apply) + security_groups = (known after apply) + subnet = "02b7-461d844c-4701-463c-b9fe-92240a753622" + primary_ip { + address = (known after apply) + auto_delete = (known after apply) + href = (known after apply) + name = (known after apply) + reserved_ip = "02b7-31e1fc79-3ee2-40af-8d45-bb91dd255a9c" + resource_type = (known after apply) } } } Plan: 2 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes ibm_is_instance.example1: Creating... ibm_is_instance.example2: Creating... ibm_is_instance.example1: Still creating... [10s elapsed] ibm_is_instance.example2: Still creating... [10s elapsed] ibm_is_instance.example1: Still creating... [20s elapsed] ibm_is_instance.example2: Still creating... [20s elapsed] ibm_is_instance.example2: Creation complete after 27s [id=02b7_cba53a91-2924-40fd-993e-af42fda2b98b] ibm_is_instance.example1: Creation complete after 29s [id=02b7_7b407a4f-d951-4ac6-84ed-609bdb36f2e9] Apply complete! Resources: 2 added, 0 changed, 0 destroyed. moby@f2898e894286:~/cloud-practice/internal/extra/vm-ibm-exam

Important Factoids

References

0000

ibmappm commented 2 years ago

Hi, we have added new code without private references

ujjwal-ibm commented 2 years ago

Please change your configuration to use either of the one :

Example 1, add one more reserved ip and change it in the second vsi

data "ibm_is_image" "example" {
  name = "ibm-debian-11-3-minimal-amd64-1"
}

resource "ibm_is_vpc" "example" {
  name = "example-vpc"
}

resource "ibm_is_vpc_address_prefix" "example" {
  name = "example-address-prefix"
  vpc  = ibm_is_vpc.example.id
  zone = "eu-de-1"
  cidr = "10.240.0.0/24"
}

resource "ibm_is_subnet" "example" {
  name            = "example-subnet"
  vpc             = ibm_is_vpc.example.id
  zone            = "eu-de-1"
  ipv4_cidr_block = "10.240.0.0/24"

  depends_on = [ibm_is_vpc_address_prefix.example]
}

resource "ibm_is_subnet_reserved_ip" "example" {
  name   = "example-reserved-ip"
  subnet = ibm_is_subnet.example.id
}

resource "ibm_is_subnet_reserved_ip" "example2" {
  name   = "example-reserved-ip2"
  subnet = ibm_is_subnet.example.id
}

resource "ibm_is_ssh_key" "example" {
  name       = "example-ssh"
  public_key = "ssh-rsa ...."
}

resource "ibm_is_instance" "example1" {
  image   = data.ibm_is_image.example.id
  name    = "example-instance-1-reserved-ip"
  profile = "bx2-2x8"

  primary_network_interface {
    name   = "eth0"
    subnet = ibm_is_subnet.example.id
    primary_ip {
      reserved_ip = ibm_is_subnet_reserved_ip.example.reserved_ip
    }
  }

  vpc  = ibm_is_vpc.example.id
  zone = "eu-de-1"
  keys = [ibm_is_ssh_key.example.id]
}

resource "ibm_is_instance" "example2" {
  image   = data.ibm_is_image.example.id
  name    = "example-instance-2-reserved-ip"
  profile = "bx2-2x8"

  primary_network_interface {
    name   = "eth0"
    subnet = ibm_is_subnet.example.id
    primary_ip {
      reserved_ip = ibm_is_subnet_reserved_ip.example2.reserved_ip
    }
  }

  vpc  = ibm_is_vpc.example.id
  zone = "eu-de-1"
  keys = [ibm_is_ssh_key.example.id]
}

Example 2, use inline reserved ip in vsi

data "ibm_is_image" "example" {
  name = "ibm-debian-11-3-minimal-amd64-1"
}

resource "ibm_is_vpc" "example" {
  name = "example-vpc"
}

resource "ibm_is_vpc_address_prefix" "example" {
  name = "example-address-prefix"
  vpc  = ibm_is_vpc.example.id
  zone = "eu-de-1"
  cidr = "10.240.0.0/24"
}

resource "ibm_is_subnet" "example" {
  name            = "example-subnet"
  vpc             = ibm_is_vpc.example.id
  zone            = "eu-de-1"
  ipv4_cidr_block = "10.240.0.0/24"

  depends_on = [ibm_is_vpc_address_prefix.example]
}

resource "ibm_is_ssh_key" "example" {
  name       = "example-ssh"
  public_key = "ssh-rsa ...."
}

resource "ibm_is_instance" "example1" {
  image   = data.ibm_is_image.example.id
  name    = "example-instance-1-reserved-ip"
  profile = "bx2-2x8"

  primary_network_interface {
    name   = "eth0"
    subnet = ibm_is_subnet.example.id
    primary_ip {
      name = "example-reserved-ip1"
      auto_delete = true
    }
  }

  vpc  = ibm_is_vpc.example.id
  zone = "eu-de-1"
  keys = [ibm_is_ssh_key.example.id]
}

resource "ibm_is_instance" "example2" {
  image   = data.ibm_is_image.example.id
  name    = "example-instance-2-reserved-ip"
  profile = "bx2-2x8"

  primary_network_interface {
    name   = "eth0"
    subnet = ibm_is_subnet.example.id
    primary_ip {
      name = "example-reserved-ip2"
      auto_delete = true
    }
  }

  vpc  = ibm_is_vpc.example.id
  zone = "eu-de-1"
  keys = [ibm_is_ssh_key.example.id]
}

ibmappm commented 2 years ago

Hi, we are aware that we must assign each ip to a different vsi, but since we have different teams working at the same time, it is difficult to keep track of the ip's that are already reserved to use another one. What we would like is to get an error when trying to assign an ip that references a vsi, when that ip is already assigned, so we can then change the ip and avoid this problem.

astha-jain commented 2 years ago

Hi. We have reached out to the respective backend teams and they'll be working on fixing the reserved IP association with multiple VSIs. In the meantime, @ujjwal-ibm has suggested fixing potential problems on terraform config that would help unblock you. I'll be marking this issue as good to close on Terraform and follow up on customer support ticket. Thanks.

ibmappm commented 2 years ago

Hi, we would like to know when the change in the provider will be published. Thanks

IBM-Cloud / terraform-provider-ibm