Closed aslepcev closed 9 months ago
At the moment it's not possible to attach a firewall to the nodebalancer like it's possible to do using Cloud Manager.
Terraform plan works, but apply returns an error.
Terraform and Linode provider version:
Terraform v1.6.5 on linux_amd64 + provider registry.terraform.io/linode/linode v2.10.1
Terraform plan:
Terraform will perform the following actions: # linode_firewall.my_firewall will be created + resource "linode_firewall" "my_firewall" { + created = (known after apply) + devices = (known after apply) + disabled = false + id = (known after apply) + inbound_policy = "DROP" + label = "my_firewall" + linodes = [ + 495975, ] + nodebalancers = (known after apply) + outbound_policy = "ACCEPT" + status = (known after apply) + updated = (known after apply) + inbound { + action = "ACCEPT" + ipv4 = [ + "0.0.0.0/0", ] + ipv6 = [ + "::/0", ] + label = "allow-http" + ports = "80" + protocol = "TCP" } + inbound { + action = "ACCEPT" + ipv4 = [ + "0.0.0.0/0", ] + ipv6 = [ + "::/0", ] + label = "allow-https" + ports = "443" + protocol = "TCP" } + outbound { + action = "DROP" + ipv4 = [ + "0.0.0.0/0", ] + ipv6 = [ + "::/0", ] + label = "reject-http" + ports = "80" + protocol = "TCP" } + outbound { + action = "DROP" + ipv4 = [ + "0.0.0.0/0", ] + ipv6 = [ + "::/0", ] + label = "reject-https" + ports = "443" + protocol = "TCP" } } Plan: 1 to add, 0 to change, 0 to destroy.
Terraform apply:
linode_nodebalancer.foobar: Refreshing state... [id=495975] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # linode_firewall.my_firewall will be created + resource "linode_firewall" "my_firewall" { + created = (known after apply) + devices = (known after apply) + disabled = false + id = (known after apply) + inbound_policy = "DROP" + label = "my_firewall" + linodes = [ + 495975, ] + nodebalancers = (known after apply) + outbound_policy = "ACCEPT" + status = (known after apply) + updated = (known after apply) + inbound { + action = "ACCEPT" + ipv4 = [ + "0.0.0.0/0", ] + ipv6 = [ + "::/0", ] + label = "allow-http" + ports = "80" + protocol = "TCP" } + inbound { + action = "ACCEPT" + ipv4 = [ + "0.0.0.0/0", ] + ipv6 = [ + "::/0", ] + label = "allow-https" + ports = "443" + protocol = "TCP" } + outbound { + action = "DROP" + ipv4 = [ + "0.0.0.0/0", ] + ipv6 = [ + "::/0", ] + label = "reject-http" + ports = "80" + protocol = "TCP" } + outbound { + action = "DROP" + ipv4 = [ + "0.0.0.0/0", ] + ipv6 = [ + "::/0", ] + label = "reject-https" + ports = "443" + protocol = "TCP" } } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes linode_firewall.my_firewall: Creating... ╷ │ Error: failed to create Firewall: [400] [devices.linodes] Invalid Linode ID: 495975 │ │ with linode_firewall.my_firewall, │ on node.tf line 10, in resource "linode_firewall" "my_firewall": │ 10: resource "linode_firewall" "my_firewall" { │ ╵
Thank you.
linode_nodebalancer linode_firewall
resource "linode_nodebalancer" "foobar" { label = "mynodebalancer" region = "us-east" client_conn_throttle = 20 tags = ["foobar"] }
resource "linode_firewall" "my_firewall" { label = "my_firewall"
inbound { label = "allow-http" action = "ACCEPT" protocol = "TCP" ports = "80" ipv4 = ["0.0.0.0/0"] ipv6 = ["::/0"] }
inbound_policy = "DROP"
outbound { label = "reject-https" action = "DROP" protocol = "TCP" ports = "443" ipv4 = ["0.0.0.0/0"] ipv6 = ["::/0"] }
outbound_policy = "ACCEPT"
linodes = [linode_nodebalancer.foobar.id] }
NVM, just found the syntax is: nodebalancers = [linode_nodebalancer.foobar.id]
Description
At the moment it's not possible to attach a firewall to the nodebalancer like it's possible to do using Cloud Manager.
Terraform plan works, but apply returns an error.
Terraform and Linode provider version:
Terraform v1.6.5 on linux_amd64 + provider registry.terraform.io/linode/linode v2.10.1
Terraform plan:
Terraform apply:
Thank you.
New or Affected Terraform Resources
linode_nodebalancer linode_firewall
Potential Terraform Configuration
resource "linode_nodebalancer" "foobar" { label = "mynodebalancer" region = "us-east" client_conn_throttle = 20 tags = ["foobar"] }
resource "linode_firewall" "my_firewall" { label = "my_firewall"
inbound { label = "allow-http" action = "ACCEPT" protocol = "TCP" ports = "80" ipv4 = ["0.0.0.0/0"] ipv6 = ["::/0"] }
inbound_policy = "DROP"
outbound { label = "reject-https" action = "DROP" protocol = "TCP" ports = "443" ipv4 = ["0.0.0.0/0"] ipv6 = ["::/0"] }
outbound_policy = "ACCEPT"
linodes = [linode_nodebalancer.foobar.id] }