search

ibm-cloud-architecture / terraform-openshift4-vcd

7 stars 29 forks source link

Error while setting up Bastion VM `Error: unable to make firewall rule query: could not convert 'destination' block to API request: could not lookup vNic indexes for networks: error searching for network kan_service: [ENF] entity not found` #48

Closed kanrenibm closed 2 years ago

kanrenibm commented 2 years ago

Got the following error messages while trying to execute the apply command

hanges to Outputs:
  + output_file = (known after apply)
vcd_nsxv_snat.snat_priv: Creating...
vcd_nsxv_firewall_rule.bastion_private_outbound_allow: Creating...
vcd_nsxv_snat.snat_pub: Creating...
vcd_nsxv_dnat.dnat: Creating...
vcd_nsxv_snat.snat_priv: Still creating... [10s elapsed]
vcd_nsxv_firewall_rule.bastion_private_outbound_allow: Still creating... [10s elapsed]
vcd_nsxv_dnat.dnat: Still creating... [10s elapsed]
vcd_nsxv_snat.snat_pub: Still creating... [10s elapsed]
vcd_nsxv_firewall_rule.bastion_private_outbound_allow: Still creating... [20s elapsed]
vcd_nsxv_snat.snat_priv: Still creating... [20s elapsed]
vcd_nsxv_dnat.dnat: Still creating... [20s elapsed]
vcd_nsxv_snat.snat_priv: Still creating... [30s elapsed]
vcd_nsxv_firewall_rule.bastion_private_outbound_allow: Still creating... [30s elapsed]
vcd_nsxv_dnat.dnat: Still creating... [30s elapsed]
vcd_nsxv_snat.snat_priv: Still creating... [40s elapsed]
vcd_nsxv_dnat.dnat: Still creating... [40s elapsed]
vcd_nsxv_snat.snat_priv: Still creating... [50s elapsed]
vcd_nsxv_snat.snat_priv: Still creating... [1m0s elapsed]
╷
│ Error: unable to make firewall rule query: could not convert 'destination' block to API request: could not lookup vNic indexes for networks: error searching for network kan_service: [ENF] entity not found
│
│   with vcd_nsxv_firewall_rule.bastion_private_outbound_allow,
│   on bastion-vm.tf line 78, in resource "vcd_nsxv_firewall_rule" "bastion_private_outbound_allow":
│   78: resource "vcd_nsxv_firewall_rule" "bastion_private_outbound_allow" {
│
╵
╷
│ Error: unable to make structure for API call: can't find network 'kan_network' of type 'ext' attached to edge gateway therefore unable to identify vNic: [ENF] entity not found
│
│   with vcd_nsxv_dnat.dnat,
│   on bastion-vm.tf line 181, in resource "vcd_nsxv_dnat" "dnat":
│  181: resource "vcd_nsxv_dnat" "dnat" {
│
╵
╷
│ Error: unable to make structure for API call: can't find network 'kan_network' of type 'ext' attached to edge gateway therefore unable to identify vNic: [ENF] entity not found
│
│   with vcd_nsxv_snat.snat_pub,
│   on bastion-vm.tf line 199, in resource "vcd_nsxv_snat" "snat_pub":
│  199: resource "vcd_nsxv_snat" "snat_pub" {
│
╵
╷
│ Error: unable to make structure for API call: can't find network 'kan_service' of type 'ext' attached to edge gateway therefore unable to identify vNic: [ENF] entity not found
│
│   with vcd_nsxv_snat.snat_priv,
│   on bastion-vm.tf line 214, in resource "vcd_nsxv_snat" "snat_priv":
│  214: resource "vcd_nsxv_snat" "snat_priv" {

Terraform vars file:

slipsibm commented 2 years ago

There seems to be some issue with vcd where the network creation is taking too long and timing out. Once this happens, the rest of the terraform will fail. There is really nothing that can be done from a terraform perspective as this is a vcd issue. If this keeps happening, you might try opening a ticket with vcd team to have them check on why the network creates are failing. You can try using a terraform destroy command by replacing the apply in the command that you used to try and create the cluster. You can also try creating a new vcd in a different DC to see if that helps.

kanrenibm commented 2 years ago

Thanks for the suggestions, I think I got the rc, the issue is I have given wrong external name, it was not matching with the name 'kan_service', the correct one 

user_service_network_name = "dal10-w02-service02"
user_tenant_external_network_name  ="dal10-w02-tenant-external"

another observation, while giving the vcd_url, I have to add /api, else its giving an error.

vcd_url = "https://daldir01.vmware-solutions.cloud.ibm.com/api"

Thanks again for the support, am closing this issue.