search

hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.52k stars 4.6k forks source link

Can't create postgres flexible server with private DNS #19976

Open gy0ung-git opened 1 year ago

gy0ung-git commented 1 year ago

Is there an existing issue for this?

Community Note

How to reproduce: I followed the example code here: https://learn.microsoft.com/en-us/azure/developer/terraform/deploy-postgresql-flexible-server-database?tabs=azure-cli

│ Error: creating Flexible Server (Subscription: "1fa5f263-e925-448e-8af6-7a74fcbe1658" │ Resource Group Name: "uswest2-database-rg" │ Server Name: "dynamouswest2db"): polling after Create: Code="InternalServerError" Message="An unexpected error occured while processing the request. Tracking ID: '8a7254d7-a39b-4b55-bef6-6b00ec48f46c'" │ │ with module.postgresql.azurerm_postgresql_flexible_server.this, │ on ../../../modules/postgresql/postgres.tf line 37, in resource "azurerm_postgresql_flexible_server" "this": │ 37: resource "azurerm_postgresql_flexible_server" "this" { │

Provider version: provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/azurerm/3.38.0/darwin_arm64/terraform-provider-azurerm_v3.38.0_x5

Terraform Version

1.3.1

AzureRM Provider Version

3.38.0

Affected Resource(s)/Data Source(s)

azurerm_postgresql_flexible_server

Terraform Configuration Files

https://learn.microsoft.com/en-us/azure/developer/terraform/deploy-postgresql-flexible-server-database?tabs=azure-cli

Debug Output/Panic Output

│ Error: creating Flexible Server (Subscription: "1fa5f263-e925-448e-8af6-7a74fcbe1658"
│ Resource Group Name: "uswest2-database-rg"
│ Server Name: "dynamouswest2db"): polling after Create: Code="InternalServerError" Message="An unexpected error occured while processing the request. Tracking ID: '8a7254d7-a39b-4b55-bef6-6b00ec48f46c'"
│
│   with module.postgresql.azurerm_postgresql_flexible_server.this,
│   on ../../../modules/postgresql/postgres.tf line 37, in resource "azurerm_postgresql_flexible_server" "this":
│   37: resource "azurerm_postgresql_flexible_server" "this" {
│

Expected Behaviour

We were able to create PostgresDB Flexible Server with Private DNS manually on azure portal, but failed with terraform.

Actual Behaviour

We were able to create PostgresDB Flexible Server with Private DNS manually on azure portal, but failed with terraform.

Steps to Reproduce

https://learn.microsoft.com/en-us/azure/developer/terraform/deploy-postgresql-flexible-server-database?tabs=azure-cli

Important Factoids

No response

References

No response

kinseii commented 1 year ago

I have the same problem.

Terraform version: 1.3.7 azurerm provider version: 3.40.0

Debug: https://gist.github.com/kinseii/374f8a22adda1358c0b626fd20685ffb

IaC:

resource "azurerm_resource_group" "pgsql" {
  name     = var.resource_group_name
  location = var.resource_group_location
  tags     = var.resource_tags
}

resource "azurerm_virtual_network" "pgsql" {
  name                = "${var.db_instance_name}-vnet"
  resource_group_name = azurerm_resource_group.pgsql.name
  location            = azurerm_resource_group.pgsql.location
  address_space       = "192.168.10.0/24"
  tags                = var.resource_tags
}

resource "azurerm_subnet" "pgsql" {
  name                 = "${var.db_instance_name}-subnet"
  resource_group_name  = azurerm_resource_group.pgsql.name
  virtual_network_name = azurerm_virtual_network.pgsql.name
  address_prefixes     = azurerm_virtual_network.pgsql.address_space
  delegation {
    name = "${var.db_instance_name}-managed-instance-delegation"
    service_delegation {
      name = "Microsoft.DBforPostgreSQL/flexibleServers"
      actions = [
        "Microsoft.Network/virtualNetworks/subnets/join/action"
      ]
    }
  }
}

resource "azurerm_private_dns_zone" "pgsql" {
  name                = "${var.db_instance_name}.private.postgres.database.azure.com"
  resource_group_name = azurerm_resource_group.pgsql.name
}

resource "azurerm_private_dns_zone_virtual_network_link" "pgsql" {
  name                  = "${var.db_instance_name}-vnet-link"
  private_dns_zone_name = azurerm_private_dns_zone.pgsql.name
  virtual_network_id    = azurerm_virtual_network.pgsql.id
  resource_group_name   = azurerm_resource_group.pgsql.name
}

resource "random_password" "pgsql" {
  length      = 32
  min_lower   = 1
  min_upper   = 1
  min_numeric = 1
  min_special = 1
}

resource "azurerm_postgresql_flexible_server" "this" {
  resource_group_name          = azurerm_resource_group.pgsql.name
  name                         = var.db_instance_name
  location                     = azurerm_resource_group.pgsql.location
  delegated_subnet_id          = azurerm_subnet.pgsql.id
  private_dns_zone_id          = azurerm_private_dns_zone.pgsql.id
  zone                         = 1
  sku_name                     = "B_Standard_B1ms"
  version                      = 14
  storage_mb                   = 32768
  administrator_login          = var.db_instance_admin_user_name
  administrator_password       = random_password.pgsql.result
  geo_redundant_backup_enabled = true
  tags                         = var.resource_tags
  depends_on = [
    azurerm_private_dns_zone_virtual_network_link.pgsql
  ]
}

P.S. It's the same on provider version 3.41.0. We really need to run a lot of environments, please help quickly if you can. Thank you in advance!

awonline-net commented 1 year ago

Hello,

the issue seems to be region related. I followed the example: https://learn.microsoft.com/en-us/azure/developer/terraform/deploy-postgresql-flexible-server-database?tabs=azure-cli

The infrastructure was created correctly in "eastus" region. The error appears when using "westeurope" region. Creating the infrastructure directly in Azure Portal works correct for West Europe region.

Terraform: 1.3.5 Provider: v3.21.1

kinseii commented 1 year ago

@awonline-net thank you, I originally created resources in the location of North Central US and came out this error. I tried creating in a Central US location and the resource deployed successfully.

awonline-net commented 1 year ago

@kinseii You're welcome. But this is only a solution if your infrastructure is not strongly related to a specific region. The first issue has been reported 3 weeks ago and was related (probably) to the West US2 region. We've deployed to West Europe the last week. Now it's not possible. Looks for me like the problem is spreading across new regions.

cafecrema commented 1 year ago

+1 have the same issue with europewest. Additionally, "Error: Flexible Server (Subscription: "d0abdf8a-1560-4037-a374-XXXX" │ Resource Group Name: "westeurope" │ Flexible Server Name: "otspasspush") does not exist"

He mixed up the RG Region with RG Name? The RG is named "ots-passpush-dev"

awonline-net commented 1 year ago

I finally found the real reason of the issue. It's because the Availability Zone in the region is not available at the deployment time. Possible solution is to use automatically assigned Availability Zone together with Terraform's ignore_changes functionality.

On the other hand the Terraform error message could be more detailed.

cafecrema commented 1 year ago

I finally found the real reason of the issue. It's because the Availability Zone in the region is not available at the deployment time. Possible solution is to use automatically assigned Availability Zone together with Terraform's ignore_changes functionality.

On the other hand the Terraform error message could be more detailed.

Thanks for the hint! For azurerm_mysql_flexible_server I tried zone 1 - same error - but Zone 2 worked for me. azurerm_mysql_flexible_server has no auto-zone feature.

javiervelamindcurv commented 1 year ago

Same problem here.

The plugin should show a clear message error when a zone is not valid.

praiaNickGoeben commented 1 week ago

This also happens if you accidentally omit the delegated_subnet_id argument on a private server.

It seems like the provider (v4.0.1) does not check for this condition.