InternalServerError while creating flow logs for NSG

harsha1163 commented 1 year ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.0.1, < 2.0

AzureRM Provider Version

3.20.0

Affected Resource(s)/Data Source(s)

azurerm_network_watcher_flow_log

Terraform Configuration Files

resource "azurerm_network_watcher_flow_log" "private" {
  depends_on                = [azurerm_storage_account.this]
  network_watcher_name      = var.azurerm_network_watcher
  resource_group_name       = data.azurerm_resource_group.azurerm_network_watcher_rg.name
  network_security_group_id = azurerm_network_security_group.private.id
  storage_account_id        = azurerm_storage_account.this.id
  enabled                   = true
  name                      = "test-flowlog-private"

  retention_policy {
    enabled = "true"
    days    = local.flow_logs_retention_policy_days
  }

  traffic_analytics {
    enabled               = true
    workspace_id          = azurerm_log_analytics_workspace.this.workspace_id
    workspace_region      = azurerm_log_analytics_workspace.this.location
    workspace_resource_id = azurerm_log_analytics_workspace.this.id
    interval_in_minutes   = 10
  }
}

Debug Output/Panic Output

Error: waiting for completion of creating "Flow Log: (Name \"vaau45-private-log\" / Network Watcher Name \"NetworkWatcher_eastus\" / Resource Group \"NetworkWatcherRG\")": Code="InternalServerError" Message="An error occurred."

The above error is frequently occurring now a days when trying to create flow logs.

Expected Behaviour

Flow logs should create without any error.

Actual Behaviour

Internal server error while creating flowlogs.

Steps to Reproduce

Apply the terraform resource. Issue is not frequent.

Important Factoids

No response

References

No response

neil-yechenwei commented 1 year ago

Thanks for raising this issue. Seems I cannot repro this issue with below tf config that is similar with yours. Could you compare below config with yours for the difference? Then apply/remove the difference to see if the issue still exists? Thanks.

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "test" {
  name     = "acctestRG-watcher-test01"
  location = "westeurope"
}

resource "azurerm_network_security_group" "test" {
  name                = "acctestNSGtest01"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name
}

resource "azurerm_network_watcher" "test" {
  name                = "acctest-NW-test01"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name
}

resource "azurerm_storage_account" "test" {
  name                = "acctestsatest01"
  resource_group_name = azurerm_resource_group.test.name
  location            = azurerm_resource_group.test.location

  account_tier              = "Standard"
  account_kind              = "StorageV2"
  account_replication_type  = "LRS"
  enable_https_traffic_only = true
}

resource "azurerm_log_analytics_workspace" "test" {
  name                = "acctestLAW-test01"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name
  sku                 = "PerGB2018"
}

resource "azurerm_network_watcher_flow_log" "test" {
  network_watcher_name = azurerm_network_watcher.test.name
  resource_group_name  = azurerm_resource_group.test.name
  name                 = "flowlog-test01"
  location             = azurerm_network_watcher.test.location

  network_security_group_id = azurerm_network_security_group.test.id
  storage_account_id        = azurerm_storage_account.test.id
  enabled                   = true

  retention_policy {
    enabled = true
    days    = 7
  }

  traffic_analytics {
    enabled               = true
    workspace_id          = azurerm_log_analytics_workspace.test.workspace_id
    workspace_region      = azurerm_log_analytics_workspace.test.location
    workspace_resource_id = azurerm_log_analytics_workspace.test.id
    interval_in_minutes   = 10
  }
}

harsha1163 commented 1 year ago

The error we are getting is intermittent. Once/twice in a day we are getting, and some times more than twice. compared above code snippet with my tf config. everything is common.

harsha1163 commented 1 year ago

We are also facing the below error. till yesterday this is intermittent, after retry it used to work. but now retry also not working.

Error: creating "Flow Log: (Name \"demo\" / Network Watcher Name \"NetworkWatcher\" / Resource Group \"NetworkWatcher\")": network.FlowLogsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status= Code="AnotherOperationInProgress" Message="Another operation on this or dependent resource is in progress.

hashicorp / terraform-provider-azurerm