Open RavinderReddyF5 opened 3 years ago
Comment by papineni87
Tuesday Mar 10, 2020 at 16:55 GMT
Thanks @jakauppila for looking into it, yes read function should be modified and take the as3 json from bigip and update the state.
Comment by papineni87
Thursday Mar 19, 2020 at 09:43 GMT
@jakauppila fixed in the latest release v1.1.2, can you try it now ?
Comment by jakauppila
Wednesday Mar 25, 2020 at 20:13 GMT
@papineni87 So it does appear to somewhat work, but it introduces another problem because #253 is not addressed. When the resource performs the read at https://github.com/terraform-providers/terraform-provider-bigip/blob/master/bigip/resource_bigip_as3.go#L87 without restricting it to the particular tenant, it pulls back ALL AS3 declarations on the appliance and stores it in the statefile. This should not happen.
Comment by strantalis
Thursday Apr 23, 2020 at 15:53 GMT
I noticed this issue to posting the bad state into the state file. My issue is when as3 returns 503 the provider doesn't retry so we get the out of sync state.
If we upgrade to 1.1.2 even though it pulls all the as3 declarations back into the state file it will only cause the as3 declaration defined in terraform resource to be applied right? It won't mess with the other declarations applied outside of terraform right?
Comment by focrensh
Thursday Apr 23, 2020 at 16:41 GMT
The updates coming are locking down the state terraform tracks to only Tenants that it created.
Comment by strantalis
Thursday Apr 23, 2020 at 16:59 GMT
Understood. I guess what I am asking is it safe to use version 1.1.2 until those updates are released. Trying to understand current impact in 1.1.2 if it adds all as3 declarations to state file.
Answered my own question. It deleted all as3 tenants outside of the one being applied. This is really concerning.
Comment by zx1986
Thursday May 07, 2020 at 02:59 GMT
resourceBigipAs3Read may have a problem on:
GET https://{{host}}/mgmt/shared/appsvcs/declare
I test on postman, the GET return status 204, not 200. but in the source code: https://github.com/terraform-providers/terraform-provider-bigip/blob/15bdcd75ed73079d2b51b9821e914519154ea45e/bigip/resource_bigip_as3.go#L104
......
I always failed with Error while Sending/fetching http request : <nil>
refs: https://github.com/terraform-providers/terraform-provider-bigip/issues/278#issuecomment-624769694
this provider really make me sad 😢
Comment by focrensh
Thursday May 07, 2020 at 14:44 GMT
Thanks for the info @zx1986 . This is part of what is being fixed in the upcoming release.
Comment by strantalis
Thursday May 14, 2020 at 13:02 GMT
I just ran a plan with v1.2.0 and it shows that it will be removing all other tenants still even though the as3 that is being posted has a single tenant. I also tried using tenant_filter but still same result.
Comment by RavinderReddyF5
Thursday May 14, 2020 at 13:11 GMT
@strantalis can u please share logs...we did validated scenarios around this...it should not delete all tenants
Comment by RavinderReddyF5
Thursday May 14, 2020 at 13:21 GMT
@strantalis I Just Verified with One tenant configured using Postman client and another with Terraform, it only Deletes terraform configured One.
HYD-ML-00064448:terraform-provider-bigip chinthalapalli$ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# bigip_as3.as3-example01 will be created
+ resource "bigip_as3" "as3-example01" {
+ as3_json = jsonencode(
{
+ action = "deploy"
+ class = "AS3"
+ declaration = {
+ Sample_new = {
+ Application_1 = {
+ class = "Application"
+ serviceMain = {
+ class = "Service_HTTP"
+ pool = "web_pool"
+ virtualAddresses = [
+ "10.0.1.10",
]
}
+ template = "http"
+ web_pool = {
+ class = "Pool"
+ members = [
+ {
+ serverAddresses = [
+ "192.0.1.100",
+ "192.0.1.110",
]
+ servicePort = 80
},
]
+ monitors = [
+ "http",
]
}
}
+ class = "Tenant"
+ defaultRouteDomain = 0
}
+ class = "ADC"
+ id = "example-declaration-01"
+ label = "Sample 1"
+ remark = "Simple HTTP application with round robin pool"
+ schemaVersion = "3.0.0"
}
+ persist = true
}
)
+ id = (known after apply)
+ tenant_list = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
bigip_as3.as3-example01: Creating...
bigip_as3.as3-example01: Creation complete after 9s [id=Sample_new]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
HYD-ML-00064448:terraform-provider-bigip chinthalapalli$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
bigip_as3.as3-example01: Refreshing state... [id=Sample_new]
------------------------------------------------------------------------
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.
HYD-ML-00064448:terraform-provider-bigip chinthalapalli$ terraform destroy
bigip_as3.as3-example01: Refreshing state... [id=Sample_new]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# bigip_as3.as3-example01 will be destroyed
- resource "bigip_as3" "as3-example01" {
- as3_json = jsonencode(
{
- action = "deploy"
- class = "AS3"
- declaration = {
- Sample_new = {
- Application_1 = {
- class = "Application"
- serviceMain = {
- class = "Service_HTTP"
- pool = "web_pool"
- virtualAddresses = [
- "10.0.1.10",
]
}
- template = "http"
- web_pool = {
- class = "Pool"
- members = [
- {
- serverAddresses = [
- "192.0.1.100",
- "192.0.1.110",
]
- servicePort = 80
},
]
- monitors = [
- "http",
]
}
}
- class = "Tenant"
- defaultRouteDomain = 0
}
- class = "ADC"
- id = "example-declaration-01"
- label = "Sample 1"
- remark = "Simple HTTP application with round robin pool"
- schemaVersion = "3.0.0"
}
- persist = true
}
) -> null
- id = "Sample_new" -> null
- tenant_list = "Sample_new" -> null
}
Plan: 0 to add, 0 to change, 1 to destroy.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
bigip_as3.as3-example01: Destroying... [id=Sample_new]
bigip_as3.as3-example01: Destruction complete after 6s
Destroy complete! Resources: 1 destroyed.
Comment by strantalis
Thursday May 14, 2020 at 15:18 GMT
@RavinderReddyF5 I can open a support case and upload them there if you want?
It doesn't appear that the
resourceBigipAs3Read
function is currently detecting and writing the actual current AS3 declaration into state.According to https://www.terraform.io/docs/extend/best-practices/detecting-drift.html it looks like it should be setting
d.Set("as3_json", <filtered as3 declaration from http request>)
As I've been utilizing the resource, I've had scenarios where I had issues with the syntax so the actual HTTP POST with the AS3 declaration failed, but since
Read
does not pull the actual values back, it simply wrote my errored declaration into state, so subsequent executions "saw" no change despite the declaration on the remote appliance not matching my local.