search

megaport / terraform-provider-megaport

Terraform Provider for Megaport Network
Mozilla Public License 2.0
30 stars 16 forks source link

Azure VXC Destroy doesn't work #43

Open alexeyvromanov opened 1 year ago

alexeyvromanov commented 1 year ago

Something changed on Azure side and destroy for VXC doesn't work anymore and requires to remove peering connection from express route first, probably need some adjustment for VXC deletion process on Megaport side

│ Error: Error deleting resource f026542c-aef0-4a8c-b7d4-56b0b9fbceca: has an attached peering connection that must be removed in Azure first:

mega-alex commented 5 months ago

This has been reworked in the v1.0.0 provider. The underlying issue is that the peering can't be deleted by megaport, only created. You can specify the peering using the azure terraform provider, here is the documentation for that. The azure provider can tear that down first before the VXC is deleted.

rybakovanton-metta commented 2 months ago

it's not working tried with lifecycle create_before_destroy and without. same....thing. version: v1.1.0 config:

resource "megaport_vxc" "azure_vxc" {
  product_name         = var.vxc_name
  rate_limit           = var.rate
  contract_term_months = var.term
  a_end = {
    requested_product_uid = var.router_id
    vnic_index     = var.nic_id
    ordered_vlan          = 0
  }
  b_end = {}
  b_end_partner_config = {
    partner = "azure"
    azure_config = {
      port_choice = "primary"
      service_key = var.service_key
    }
  }
  lifecycle {
    create_before_destroy = true
  }
}

resource "azurerm_express_route_circuit_peering" "megaport" {
  peering_type                  = "AzurePrivatePeering"
  express_route_circuit_name    = var.circuit_name
  resource_group_name           = var.rg_name
  peer_asn                      = var.bgp.mgp_as
  primary_peer_address_prefix   = "${cidrhost(var.bgp.mgp_ip, 0)}/30"
  secondary_peer_address_prefix = "123.0.0.4/30"
  ipv4_enabled                  = true
  vlan_id                       = 101
  shared_key                    = var.key
}

error

module.k8rt[0].module.cloud_connections["0"].module.azr[0].megaport_vxc.azure_vxc: Destroying...
module.k8rt[0].module.cloud_connections["0"].module.azr[0].megaport_vxc.azure_vxc: Still destroying... [10s elapsed]
module.k8rt[0].module.cloud_connections["0"].module.azr[0].azurerm_express_route_circuit_peering.megaport: Destroying... [id=/subscriptions/e338d0b7-7621-4af8-8799-b092b1e55b34/resourceGroups/devnet-azr-en1-k8sm-01/providers/Microsoft.Network/expressRouteCircuits/er-devnet-azr-en1-k8sm-01/peerings/AzurePrivatePeering]
module.k8rt[0].module.cloud_connections["0"].module.azr[0].azurerm_express_route_circuit_peering.megaport: Still destroying... [id=/subscriptions/e338d0b7-7621-4af8-8799-...1-k8sm-01/peerings/AzurePrivatePeering, 10s elapsed]
module.k8rt[0].module.cloud_connections["0"].module.azr[0].azurerm_express_route_circuit_peering.megaport: Still destroying... [id=/subscriptions/e338d0b7-7621-4af8-8799-...1-k8sm-01/peerings/AzurePrivatePeering, 20s elapsed]
module.k8rt[0].module.cloud_connections["0"].module.azr[0].azurerm_express_route_circuit_peering.megaport: Destruction complete after 25s

╷
│ Error: Error Deleting VXC
│
│ Could not delete VXC, unexpected error: POST https://api.megaport.com/v3/product/b52dafda-d784-4587-8a67-7eaa477a5f08/action/CANCEL_NOW: 409 (trace_id "26c7e2aa86976aecb56302c8d33241e2") has an
│ attached peering connection that must be removed in Azure first
mega-alex commented 2 months ago

I'll do some more testing on this to confirm, but I think this may be a timing issue with the Azure APIs we use internally not updating at the same time as the public API when you delete the ExpressRoute.

I would try to delete the express route in a different terraform apply, wait for a bit, and then try to delete the VXC to see if this issue is fixed.

rybakovanton-metta commented 2 months ago

thank you! I forgot to mention this vxc connected to MVE-Cisco (if it's matter)

mega-alex commented 2 months ago

Does deleting the ExpressRoute first, then waiting for a few minutes, then tearing down the VXC work?

rybakovanton-metta commented 2 months ago

Yes, if I delete it via portal wait a little and start destroy again, it's working.

mega-alex commented 2 months ago

I think this issue is related to timing, the public Azure API appears to return a 404 for the ExpresssRouteCircuit (which is what the azure terraform provider waits for) before the API we use reports that is has been deleted.

I would try managing the peering in the azure terraform provider rather than having us push the peers. That way you can delete the peering first, then the ExpressRouteCircuit.