opentelekomcloud_compute_instance_v2 fails to detach ports before destruction

[wongak]

Terraform provider version

Terraform v1.3.5
on darwin_amd64
+ provider registry.terraform.io/hashicorp/local v2.2.3
+ provider registry.terraform.io/hashicorp/random v3.4.3
+ provider registry.terraform.io/opentelekomcloud/opentelekomcloud v1.31.8

Affected Resource(s)

• opentelekomcloud_compute_instance_v2
• opentelekomcloud_networking_port_v2
  1. terraform apply

  Expected Behavior

  Resources are created.

  Actual Behavior

  No problem.

  2. terraform destroy

  Expected Behavior

  Instance and Port are destroyed

  Actual Behavior

  Intermittently the port cannot be destroyed, since it is still in a connected state to the destroyed instance.

  Error: error deleting OpenTelekomCloud Neutron port: Bad request with: [DELETE  https://vpc.eu-de.otc.t-systems.com/v2.0/ports/e6774f97-0000-0000-0000-ecbe9e4a
  d223], error message: {"NeutronError":{"message":"Port's device_owner is not empty and is not neutron:VIP_PORT","type":"HTTPBadRequest","detail":""}}

  Important Factoids

  This leaves the port, subnet, network in an unmanageable state, since the port resource cannot be detroyed.

  It might be a race condition, since it happens intermittently. The port should always be disconnected before destroying the instance.

  Openstack provides a flag for that: https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/compute_instance_v2#detach_ports_before_destroy

[anton-sidelnikov]

@wongak Hello I cannot reproduce this case even with more than one ports attached to instance:

data "opentelekomcloud_networking_secgroup_v2" "default_sg" {
  name = "default"
}

resource "opentelekomcloud_networking_floatingip_v2" "instance_fip" {
  port_id = opentelekomcloud_networking_port_v2.instance_port_1.id
}

resource "opentelekomcloud_networking_port_v2" "instance_port_1" {
  name           = "instance-port-1"
  admin_state_up = "true"

  network_id = data.opentelekomcloud_vpc_subnet_v1.shared_subnet.network_id
  security_group_ids = [
     data.opentelekomcloud_networking_secgroup_v2.default_sg.id
  ]
}

resource "opentelekomcloud_networking_port_v2" "instance_port_2" {
  name           = "instance-port-2"
  admin_state_up = "true"

  network_id = data.opentelekomcloud_vpc_subnet_v1.shared_subnet.network_id
  security_group_ids = [
     data.opentelekomcloud_networking_secgroup_v2.default_sg.id
  ]
}

resource "opentelekomcloud_compute_instance_v2" "instance_1" {
  name              = "instance_1"
  image_id          = data.opentelekomcloud_images_image_v2.latest_image.id
  availability_zone = "%s"

  metadata = {
    foo = "bar"
  }
  network {
    port = opentelekomcloud_networking_port_v2.instance_port_1.id
  }
  network {
    port = opentelekomcloud_networking_port_v2.instance_port_2.id
  }

  tags = {
    muh = "value-create"
    kuh = "value-create"
  }
}

[anton-sidelnikov]

Maybe you have some dependencies inside tf config? Please provide more details.

P.S.: port detaching happens inside api we cannot detach it like in openstack, but we did all possible check and waits in terraform and do not leave resources in active state while detaching

[wongak]

I have pretty much the same config. Since this happens intermittently I am suspecting that it is a race condition.

This occurred now a couple of times on our domain.

[wongak]

data "opentelekomcloud_networking_secgroup_v2" "default_sg" {
  name = "default"
}

resource "opentelekomcloud_networking_floatingip_v2" "instance_fip" {
  count = var.create ? 1 : 0
  port_id = opentelekomcloud_networking_port_v2.instance_port_1[0].id
}

resource "opentelekomcloud_networking_port_v2" "instance_port_1" {
.  count = var.create ? 1 : 0
  name           = "instance-port-1"
  admin_state_up = "true"

  network_id = data.opentelekomcloud_vpc_subnet_v1.shared_subnet.network_id
  security_group_ids = [
     data.opentelekomcloud_networking_secgroup_v2.default_sg.id
  ]
}

resource "opentelekomcloud_networking_port_v2" "instance_port_2" {
  name           = "instance-port-2"
  admin_state_up = "true"

  network_id = data.opentelekomcloud_vpc_subnet_v1.shared_subnet.network_id
  security_group_ids = [
     data.opentelekomcloud_networking_secgroup_v2.default_sg.id
  ]
}

resource "opentelekomcloud_compute_instance_v2" "instance_1" {
.  count = var.create ? 1 : 0
  name              = "instance_1"
  image_id          = data.opentelekomcloud_images_image_v2.latest_image.id
  availability_zone = "%s"

  metadata = {
    foo = "bar"
  }
  network {
    port = opentelekomcloud_networking_port_v2.instance_port_1.id
  }
  network {
    port = opentelekomcloud_networking_port_v2.instance_port_2.id
  }

  tags = {
    muh = "value-create"
    kuh = "value-create"
  }
}

We do have conditional creation of the resources though. Maybe this happens if we set var.create to 0, which should destroy the resources as well.