search

equinix-labs / terraform-equinix-metal-nutanix-cluster

Nutanix Cluster on Equinix Metal
https://deploy.equinix.com/labs/terraform-equinix-metal-nutanix-cluster/
Apache License 2.0
2 stars 7 forks source link

Fix: De-centralize the network to support multiple clusters #82

Closed codinja1188 closed 4 months ago

codinja1188 commented 4 months ago

Description:

This pull request introduces changes to decentralize the network setup in the Terraform Equinix Metal Nutanix cluster module to support multiple clusters. Key modifications include:

Additional issues it fixes.

https://github.com/equinix-labs/terraform-equinix-metal-nutanix-cluster/issues/74

codinja1188 commented 4 months ago

@displague ,

Here are some snapshots

VRF

image

Metal Gateways

image
codinja1188 commented 4 months ago

@displague,

How to verify/confirm metal gateways are reachable OR not?

codinja1188 commented 4 months ago

@displague,

Two clusters(like Bastion, Nutanix AHV, CVM controller) are to reachable to their gateways IP's 

admin@NTNX-7WWG2N3-A-CVM:192.168.96.18:~$ ping 192.168.96.1
PING 192.168.96.1 (192.168.96.1) 56(84) bytes of data.
64 bytes from 192.168.96.1: icmp_seq=1 ttl=64 time=0.187 ms
64 bytes from 192.168.96.1: icmp_seq=2 ttl=64 time=0.204 ms
64 bytes from 192.168.96.1: icmp_seq=3 ttl=64 time=0.191 ms
^C
--- 192.168.96.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.187/0.194/0.204/0.007 ms
admin@NTNX-7WWG2N3-A-CVM:192.168.96.18:~$ exit
logout
Connection to 192.168.96.18 closed.
[root@NTNX-7WWG2N3-A ~]# ping 192.168.96.1
PING 192.168.96.1 (192.168.96.1) 56(84) bytes of data.
64 bytes from 192.168.96.1: icmp_seq=1 ttl=64 time=0.363 ms
64 bytes from 192.168.96.1: icmp_seq=2 ttl=64 time=0.154 ms
64 bytes from 192.168.96.1: icmp_seq=3 ttl=64 time=0.148 ms
64 bytes from 192.168.96.1: icmp_seq=4 ttl=64 time=0.169 ms
^C
--- 192.168.96.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3057ms
rtt min/avg/max/mdev = 0.148/0.208/0.363/0.090 ms
[root@NTNX-7WWG2N3-A ~]# exit
logout
Connection to 192.168.96.4 closed.
root@bastion:~# ping 192.168.96.1 -c 5
PING 192.168.96.1 (192.168.96.1) 56(84) bytes of data.
64 bytes from 192.168.96.1: icmp_seq=1 ttl=64 time=0.189 ms
64 bytes from 192.168.96.1: icmp_seq=2 ttl=64 time=0.216 ms
64 bytes from 192.168.96.1: icmp_seq=3 ttl=64 time=0.274 ms
64 bytes from 192.168.96.1: icmp_seq=4 ttl=64 time=0.177 ms
64 bytes from 192.168.96.1: icmp_seq=5 ttl=64 time=0.240 ms

--- 192.168.96.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4090ms
rtt min/avg/max/mdev = 0.177/0.219/0.274/0.035 ms

Cluster -A is not reachable for Cluster -B Gateway, Do you think, do we have to add any firewall rules ?

codinja1188 commented 4 months ago

@displague ,

I can successfully ping VIPs between clusters.

codinja1188 commented 4 months ago

@displague ,

PR ready for review

codinja1188 commented 4 months ago

@ctreatma / @displague , 

data.local_file.cvm_ip_address: Reading...
data.local_file.cvm_ip_address: Read complete after 0s [id=a77db81fae96a895fc3db05af25db50e6fc84a91]
╷
│ Error: error reserving IP address block: json: cannot unmarshal array into Go struct field ErrorResponse.errors of type string
│
│   with equinix_metal_reserved_ip_block.nutanix,
│   on main.tf line 109, in resource "equinix_metal_reserved_ip_block" "nutanix":
│  109: resource "equinix_metal_reserved_ip_block" "nutanix" {
│

Is there any known issues in Infra side. oberserved the issue in main branch too.

ctreatma commented 4 months ago

@codinja1188 I think someone else ran into a similar problem recently. Could you run with TF_LOG=debug in order to log HTTP details to stdout and share the request URL and response body that lead to this error?

One thing to note is that the parse error is happening on an error response from the API, which likely means there's something wrong with the attributes being passed in to terraform rather than a problem inside the terraform provider. When we've seen this parse error before, it seemed to be triggered by sending invalid IP addresses to the API, so you should double-check that you're not including unnecessary slashes or cidr notation in the network attribute or other attributes of the equinix_metal_reserved_ip_block resource.

codinja1188 commented 4 months ago

@displague / @ctreatma ,

I verified, it's working. plz check and approve it.