oracle / terraform-provider-oci

Terraform Oracle Cloud Infrastructure provider
https://www.terraform.io/docs/providers/oci/
Mozilla Public License 2.0
758 stars 681 forks source link

Multiple NICs support missing from "oci_core_instance" #1797

Open mhca99 opened 1 year ago

mhca99 commented 1 year ago

Hi,

I am using OCI Terraform module "oci_core_instance" for deploying VM with three additional/secondary network cards. This VM leverages cloud-init(user-data) script to configure FortiGate initial configuration on all three Network cards.

The problem or bug is that the "oci_core_instance" resource module does not have option to assign Secondary NICs in the same resource module i..e "oci_core_instance" and therefore I have to use separate NIC attachment resource "oci_core_vnic_attachment" to assign three NICs to VM. By the time these NICs are assigned , the VM already reboots and cloud-init(user-data) configuration start kicks in without all secondary NICs available in the VM. Therefore cloud-init configuration fails.

Can we make it possible to have secondary NICs created/assigned within "oci_core_instance" resource OR if we can introduce some delay in triggering the metdata block (which has user-data script) in "oci_core_instance" resource so that all required secondary NICs are attached to VM before cloud-init triggers ?

I am also looking into "oci_core_instance_configuration" if that can be used as it has multiple NIC option , however, I think it may be related to instance pool configuration. I will check and update unless someone already knows.

Community Note

Terraform Version and Provider Version

terraform {

backend "azurerm" {}

required_version = ">= 1.3.0, < 2.0.0"

required_providers { oci = { source = "oracle/oci" version = ">= 4.93.0, < 5.0.0" configuration_aliases = [ oci.home ] } } }

Affected Resource(s)

"oci_core_instance" and "oci_core_vnic_attachment"

Terraform Configuration Files

Following is the excerpt from configuration:

resource "oci_core_instance" "vm-a" { count = 1 availability_domain = ( var.availability_domain_name != "" ? var.availability_domain_name : ( length(data.oci_identity_availability_domains.ads.availability_domains) == 1 ? data.oci_identity_availability_domains.ads.availability_domains[0].name : data.oci_identity_availability_domains.ads.availability_domains[count.index].name)) compartment_id = local.appdev_compartment_id display_name = "FortiGate-Primary-Firewall" shape = var.vm_compute_shape

dynamic "shape_config" { for_each = local.is_flex_shape content { ocpus = shape_config.value.ocpus memory_in_gbs = shape_config.value.memory } } create_vnic_details { subnet_id = local.use_existing_network ? var.mangement_subnet_id : oci_core_subnet.mangement_subnet[0].id display_name = "vm-a" assign_public_ip = true hostname_label = "vma" private_ip = var.mgmt_private_ip_primary_a } launch_options { network_type = "PARAVIRTUALIZED" }

source_details { source_type = "image" source_id = local.listing_resource_id }

metadata = { user_data = base64encode(data.template_file.vm-a_userdata.rendered) } timeouts { create = "60m" } }

resource "oci_core_vnic_attachment" "vnic_attach_untrust_a" { count = 1

depends_on = [oci_core_instance.vm-a]

instance_id = oci_core_instance.vm-a[count.index].id display_name = "vnic_untrust_a"

create_vnic_details { subnet_id = local.use_existing_network ? var.untrust_subnet_id : oci_core_subnet.untrust_subnet[0].id display_name = "vnic_untrust_a" assign_public_ip = false skip_source_dest_check = false private_ip = var.untrust_private_ip_primary_a } }

resource "oci_core_vnic_attachment" "vnic_attach_trust_a" { depends_on = [oci_core_vnic_attachment.vnic_attach_untrust_a] count = 1 instance_id = oci_core_instance.vm-a[count.index].id display_name = "vnic_trust"

create_vnic_details { subnet_id = local.use_existing_network ? var.trust_subnet_id : oci_core_subnet.trust_subnet[0].id display_name = "vnic_trust_a" assign_public_ip = false skip_source_dest_check = true private_ip = var.trust_private_ip_primary_a } }

resource "oci_core_vnic_attachment" "vnic_attach_hb_a" { depends_on = [oci_core_vnic_attachment.vnic_attach_trust_a] count = 1 instance_id = oci_core_instance.vm-a[count.index].id display_name = "vnic_hb_a"

create_vnic_details { subnet_id = local.use_existing_network ? var.ha_subnet_id : oci_core_subnet.ha_subnet[0].id display_name = "vnic_hb_a" assign_public_ip = false skip_source_dest_check = false private_ip = var.hb_private_ip_primary_a } }

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. 
# Please remove any sensitive information from configuration files before sharing them. 

Debug Output

Panic Output

Expected Behavior

Actual Behavior

Steps to Reproduce

  1. terraform apply

Important Factoids

References

NagendraNigade commented 1 year ago

Thank you for reporting the issue. Sometime its really hard to support nested resources on terraform as this can cause difference in config & state files. We try our best to provider the best solution in such scenarios.

We are reconsidering the above mentioned scenario. Will update the ticket accordingly.

mhca99 commented 1 year ago

Thanks Nagendra for looking into it.

I also tried "oci_core_instance_configuration" , however, could not leverage it as it only allows one secondary NIC unless you create instance configuration from existing VM OCID which has four NICs, which is not feasible process and involves lot of pre-work.

Even if I am able to create configuration with four NICs, there is no field in "oci_core_instance" to reference oci_core_instance_configuration while there is a field "instance_configuration_id" available in oci_core_instance_pool which we dont intend to use for this use-case.

ravinitp commented 1 year ago

Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.

ravinitp commented 1 year ago

Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.

ravinitp commented 1 year ago

Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.

ravinitp commented 1 year ago

Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.

ravinitp commented 1 year ago

We have notified our service engineer. Our service engineers will get back to you.

ravinitp commented 1 year ago

We have notified our service engineer. Our service engineers will get back to you.

ravinitp commented 1 year ago

Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.

sagarp337 commented 1 year ago

@mhca99 According to the code, only one secondary vNIC can be attached to the oci_core_instance resource -https://github.com/oracle/terraform-provider-oci/blob/master/internal/service/core/core_instance_resource.go#L160

ianchen0119 commented 1 month ago

Are any updates here?