search

OpenNebula / terraform-provider-opennebula

Terraform provider for OpenNebula
https://www.terraform.io/docs/providers/opennebula/
Mozilla Public License 2.0
63 stars 53 forks source link

Opennebula provider tries to change group of created VM to group 0 when not desired. #460

Closed johnwhitmore closed 1 year ago

johnwhitmore commented 1 year ago

Description

Creating VMs as user in group Sre_group (I believe gid 104) and after creating, terraform tries to change the group to group 0 (I believe group name 'Admin').

╷ │ Error: Failed to change group │ │ with module.worker-server.opennebula_virtual_machine.instance[0], │ on modules/centos7_instance/main.tf line 18, in resource "opennebula_virtual_machine" "instance": │ 18: resource "opennebula_virtual_machine" "instance" { │ │ virtual machine (ID: 2496): Can't find a group with ID 0: OpenNebula error [AUTHORIZATION]: [one.vm.chown] User [77] : Not authorized to perform USE GROUP [0]. ╵

Trying to add my group name to the configuration and get a different error: ╷ │ Error: Failed to change group │ │ with module.worker-server.opennebula_virtual_machine.instance[0], │ on modules/centos7_instance/main.tf line 18, in resource "opennebula_virtual_machine" "instance": │ 18: resource "opennebula_virtual_machine" "instance" { │ │ virtual machine (ID: 2493): Can't find a group with name sre_group: strconv.ParseInt: parsing "3454668.75": invalid syntax ╵

I do not need or want the group to be changed, but cannot find a way to stop it trying.

Terraform and Provider version

% terraform -v Terraform v1.4.6 on darwin_arm64

Affected resources and data sources

% cat main.tf terraform { required_providers { opennebula = { source = "OpenNebula/opennebula" version = "~> 1.2" } } }

provider "opennebula" { username = var.one_user password = var.one_password endpoint = var.one_endpoint insecure = true

default_tags { tags = { environment = "jww-k8s" } } }

module "pulse-server" { name = "jww-odp_pulse-server" servers = 0 cpu = 2 vcpu = 2 memory = 8192 source = "./modules/centos7_instance" }

module "master-server" { name = "jww-k8s-m" servers = 0 cpu = 0.5 vcpu = 8 memory = 16384 source = "./modules/centos7_instance" }

module "worker-server" { name = "jww-k8s-w" servers = 3 cpu = 0.5 vcpu = 16 memory = 16384 source = "./modules/centos7_instance" }

% cat modules/centos7_instance/variables.tf variable "servers" { default = 1 } variable "name" { default = "control" } variable "description" { default = "instance created by terraform" } variable "cpu" { default = 1 } variable "vcpu" { default = 1 } variable "memory" { default = 1024 } variable "group" { default = "Sre_group" }

% cat modules/centos7_instance/main.tf terraform { required_providers { opennebula = { source = "OpenNebula/opennebula" version = "1.2" } } }

data "opennebula_template" "my_template" { name = "AD-CentOS(Patched)-K8S-5Apr2023" }

data "opennebula_virtual_network" "pulse_net" { name = "Pulse_Network - 10.90.3.0" }

resource "opennebula_virtual_machine" "instance" { count = var.servers name = var.servers > 1 ? "${var.name}${count.index}" : "${var.name}" description = var.description cpu = var.cpu vcpu = var.vcpu memory = var.memory template_id = data.opennebula_template.my_template.id

timeouts { create = "1h30m" update = "2h" delete = "20m" }

context = { SET_HOSTNAME = var.servers > 1 ? "${var.name}${count.index}" : "${var.name}" ENS192_DNS = "1.1.1.1 8.8.8.8" NETWORK = "YES" }

nic { network_id = data.opennebula_virtual_network.pulse_net.id }

lifecycle { ignore_changes = [ disk["volatile_format"] ] } }

Terraform configuration

No response

Expected behavior

After the VMs are created, the group change should not be attempted, and the terraform apply should complete successfully.

Actual behavior

VMs are created, but the terraform apply fails and information about the VMs is not available. In addition, because of the failure, any attempt to apply changes results in the original VMs being destroyed and new VMs being created.

Steps to Reproduce

Every attempt the create a VM in this environment leads to the chgrp being attempted and failure results. I suspect it has a lot to do with the limited access my account has in the environment. I cannot change the settings for my account to attempt to troubleshoot additionally.

Debug output

https://gist.github.com/johnwhitmore/7ab2f0bb61dfaf5243899725b4a60776

Panic output

No response

Important factoids

My Opennebula account is significantly restricted. I can create VMs successfully in the Opennebula gui, though.

References

No response

treywelsh commented 1 year ago

Thanks for opening this issue, I'm able to reproduce

There's some problems with the group management in the code:

It's possible to configure a group for a bunch of resource via group attribute: it's user configurable. But there's also a gid attribute which is computed only (not user configurable) but the code use it to test it's content like if it was user configurable. Not sure but: these code part are old and at first someone probably wanted to make it possible to configure a group via group and gid then probably had some troubles and partially removed the capability of configuring the gid. The argument to allow to pass a gid instead of a group name may be that using group attribute make an additional XML-RPC call to retrieve the group ID from the group name.

Anyway, I'll submit a PR soon to fix this

johnwhitmore commented 1 year ago

Thank you, @treywelsh ! I verified that this solves my problem and terraform completes.

treywelsh commented 1 year ago

Thanks for the feedback :)