Bug: Nameserver records are sometimes deleted in terraform state but still exist on INWX

[2martens]

I've had it multiple times that I deleted records in terraform, they appear to be deleted but still exist on INWX. If I add them back in on the side of terraform, it fails because they still exist. So I always need to manually check the records on the website, clean leftovers up so that terraform can work.

That's not how it's supposed to work. If terraform reports a resource as deleted, it should really be deleted.

[kimdre]

Same issue here. When I try to delete, modify or replace entries I always get an error.

Also the same happens when I try to add CNAME records. The inital run fails with an error, that the json value is incorrect but the records get created anyway. When I try to re-run terraform, I get API response not status code 1000 or 1001. Got response: {"code":2302,"msg":"Object exists"}

[kimdre]

In addition, sometimes entries are not created on the name server at all, but are nevertheless added to the Terraform state. So you really have to read the entire list of entries in the web UI to determine whether everything has been created correctly, which is very cumbersome and error-prone and takes forever with lots of entries.

[sowinski]

Same here. Will be this fixed soon? Or do you know a partner company which supports terraform correctly?

[fsoederhuyzen]

Could you provide a sample configuration terraform file which reproduces this issue? Additionally is this issue limited to our live environment or does it affect OTE as well?

[sowinski]

terraform {
  required_providers {
    inwx = {
      source = "inwx/inwx"
      version = ">= 1.0.0"
    }
  }
}

provider "inwx" {
  api_url = var.api_url
  tan = var.tan
  username = var.username
}

resource "inwx_nameserver_record" "a_records" {
  domain    = "mydomain.org"
  name      = "www"
  type      = "A"
  content   = var.a_record_ip
  ttl       = 3600
}

If you change the ip several times or destroy this entry, it will end up with a unpredictable state

OTE did not work for me at all. I tested it only live

[jamie-staib]

Also affected by this. It's actually a big blocker as totally breaks the reasons to go for the provider.

That's not how it's supposed to work. If terraform reports a resource as deleted, it should really be deleted.

Wholeheartedly agree here. Trust in the provider is fundamental to using it. We can deal with the provider reporting errors and having to retry. But if terraform apply/destroy reports success, the expectation is that the final state matches reality.

[mknet]

Same here. Is there anything I can do to support solving the issue?

[sowinski]

I already wrote to the INWX support and they don't really care and are not going to do anything against this issue.

Please write to the support as well. Maybe they will start to do something....

[mknet]

Done - as you you suggested. Let's see what happens.

[montybanse]

Hi Guys,

It’s Montgomery from INWX and I would brief you shortly: My colleagues had a lot of work in November and December (and a bit of vacation for some colleagues =D). That’s the reason why the fix is not released until yet.

My colleagues told me, that the bugfix is already in the actual sprint and in progress soon.

So, I’ll bet you guys to have some patience about this. We are working on that bug and release the fix as soon as possible!

All bests, Montgomery

[mknet]

Got a similar answer like @montybanse‘s.

Gotta wait a little bit longer.

[fsoederhuyzen]

I couldn't reproduce this issue live either. If this problem still persists, please provide additional information: the output of the command which caused this error prefixed with TF_LOG=debug and either the domain/record/nameserver for which this problem persists or preferably the terraform.tfstate (since this can include sensitive information, you can send this via encrypted mail to support, if you prefer that).

[kimdre]

This issue is still relevant to me. I just tested it with 3 records that I created on the Nameserver and removed afterwards. All 3 were created, but when I removed them only 1 was actually destroyed even tho it said all 3 were destroyed:

Here the 2 records that haven't been destroyed:

Here is a gist with the relevant debug logs from terraform: https://gist.github.com/kimdre/a7ad99de3b9028f9ce0e112002910600

These 3 records are also no longer in the tf state.

[sowinski]

Same here, I have the feeling if I wait one hour before I change something. it is working "sometimes" but If I run my commands within 1-3 minutes. everything starts to break.

[sowinski]

I tried it a second ago to change the TTL of my domain. It is not working ...

Terraform says: Apply complete! Resources: 0 added, 1 changed, 0 destroyed. But nothing changed