search

PaloAltoNetworks / terraform-azurerm-vmseries-modules

Terraform Reusable Modules for VM-Series on Azure
https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/azurerm/latest
MIT License
49 stars 59 forks source link

upgrade_mode = "Manual" doesnot work properly #256

Closed jzheng2022 closed 1 year ago

jzheng2022 commented 1 year ago

Describe the bug

With upgrade_mode = "Manual", if the image id changed, the firewall scale set instance will re-launch randomly. This is caused by (ref https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/features-block#virtual_machine_scale_set) : virtual_machine_scale_set { ... roll_instances_when_required = true ... } This need to be fixed in the code if upgrade_mode = "Manual" is hard coded.

Module Version

v0.5.5

Terraform version

No response

Expected behavior

When change the image id, the vm scale set instance should just shows it is not running the latest version, and not to re-launch the instance.

Current behavior

No response

Anything else to add?

No response

migara commented 1 year ago

Duplicate of https://github.com/PaloAltoNetworks/terraform-azurerm-vmseries-modules/issues/253

FoSix commented 1 year ago

Closing #253 and reopening this one.

253 cannot be fixed due to lack of proper way of running VMSS health probes on interfaces other then the 1st one. Either this have to be changed on Microsoft side, or management interface swap needs to be introduced on Azure images of PanOS. For the time being Rolling updates are not possible.

FoSix commented 1 year ago

@jzheng2022 this provider feature roll_instances_when_required = true is actually already introduced, but in the example code, not in the module.

Testing if this can be moved to provider configuration in the module.

FoSix commented 1 year ago

unfortunately the module cannot have it's own provider block:

image

FoSix commented 1 year ago

added documentation in #265