search

oracle / terraform-provider-oci

Terraform Oracle Cloud Infrastructure provider
https://www.terraform.io/docs/providers/oci/
Mozilla Public License 2.0
759 stars 676 forks source link

Problem with NLB when using reserved public IP and run terraform more than one times #1893

Open dburianov opened 1 year ago

dburianov commented 1 year ago

Prescription

I create resource oci_core_public_ip and attach it to NLB

Terraform and provider versions

terraform: 1.4+ provider: 4+, 5+ previous versions do not tested.

Affected Resource(s)

affected_resources = oci_core_public_ip,oci_network_load_balancer_network_load_balancer,oci_core_private_ip,terraform

resource "oci_core_public_ip" "lb_reserved_ip" {
  compartment_id = var.compartment_ocid
  lifetime       = "RESERVED"
  display_name   = "nlb"
}
resource "oci_network_load_balancer_network_load_balancer" "nlb_openvpn" {
  compartment_id = var.compartment_ocid
  subnet_id = data.oci_core_subnets.subnet_public.subnets[0].id
  display_name = "nlb"
  reserved_ips {
    id = oci_core_public_ip.lb_reserved_ip.id
  }
  is_preserve_source_destination = false
  is_private                     = false
}

Next steps

NLB created, but in console log we see:

 # oci_core_public_ip.lb_reserved_ip will be updated in-place
 ~ resource "oci_core_public_ip" "lb_reserved_ip" {
       id                   = "ocid1.publicip.oc1.phx.amaaaaaa3u7z2qyaz7ld2eo7pswzk3ykclzw4mfp5pv5jjzd4rqwtxgjhh2a"
     - private_ip_id        = "ocid1.privateip.oc1.phx.abyhqljtojmp75txjmdogzxuqyw5ni6msepjshbnmidom5m5sfy2b4oxsnyq" -> null
       # (11 unchanged attributes hidden)
}

Problem

oci_core_public_ip disassociated from NLB private IP and NLB does not receive traffic. On the NLB we see, that resource oci_core_public_ip.lb_reserved_ip associated, but on the Reserved IP we see that no VNIC attached. However in terraform state we can see that oci_core_public_ip assignet to ocid1.privateip...

    {
      "mode": "managed",
      "type": "oci_core_public_ip",
      "name": "lb_reserved_ip",
      "provider": "provider[\"registry.terraform.io/hashicorp/oci\"]",
      "instances": [
        {
          "attributes": {
            "assigned_entity_id": "ocid1.privateip.oc1.phx.abyhqljtojmp75txjmdogzxuqyw5ni6msepjshbnmidom5m5sfy2b4oxsnyq",
            "assigned_entity_type": "",
            "id": "ocid1.publicip.oc1.phx.amaaaaaa3u7z2qyaz7ld2eo7pswzk3ykclzw4mfp5pv5jjzd4rqwtxgjhh2a",
            "ip_address": "144.24.48.75",
            "lifetime": "RESERVED",
            "scope": "REGION",
            "state": "AVAILABLE",
          },
        }
      ]
    },
    {
      "mode": "managed",
      "type": "oci_network_load_balancer_network_load_balancer",
      "name": "nlb_openvpn",
      "provider": "provider[\"registry.terraform.io/hashicorp/oci\"]",
      "instances": [
        {
          "attributes": {
            "display_name": "nlb_openvpn",
            "freeform_tags": {},
            "id": "ocid1.networkloadbalancer.oc1.phx.amaaaaaa3u7z2qyayrkrb6hz6ottinpleswvw4iu2rayptphe2sxuvn3gceq",
            "ip_addresses": [
              {
                "ip_address": "144.24.48.75",
                "reserved_ip": [
                  {
                    "id": "ocid1.publicip.oc1.phx.amaaaaaa3u7z2qyaz7ld2eo7pswzk3ykclzw4mfp5pv5jjzd4rqwtxgjhh2a"
                  }
                ]
              },
              {
                "ip_address": "10.166.10.118",
              }
            ],
            "is_preserve_source_destination": false,
            "reserved_ips": [
              {
                "id": "ocid1.publicip.oc1.phx.amaaaaaa3u7z2qyaz7ld2eo7pswzk3ykclzw4mfp5pv5jjzd4rqwtxgjhh2a"
              }
            ],
            "state": "ACTIVE",
            "subnet_id": "ocid1.subnet.oc1.phx.aaaaaaaave5j72m6cg7zn3sa5pszjqgaloksrbkwp6rt4dcdvkyaxd7rtanq",
            "system_tags": {
              "orcl-cloud.free-tier-retained": "true"
            },
          },
          "dependencies": [
            "data.oci_core_subnets.subnet_public",
            "oci_core_public_ip.lb_reserved_ip"
          ]
        }
      ]
    }

I try to create

follow by documentation all options are optionas, but:

resource "oci_core_private_ip" "lb_reserved_ip_private" {
//ip_address= "10.166.10.168" or no options
// -> 
//│ Error: 400-MissingParameter, This request is missing a required vnicId or subnetId or vlanId argument.
//->
//  subnet_id = data.oci_core_subnets.subnet_public.subnets[0].id (this option is not declarated in documentation)
//│ Can't configure a value for "subnet_id": its value will be decided automatically based on the result of applying this configuration.
//
// vnicId -> no dedicated resource vnic_id, no resource in NLB
// vlanId -> it resource for vmware
}

Can you fix creation resource "oci_core_private_ip" with declare subnet_id or create internal mechaninm for update association NLB with oci_core_public_ip

this issue similar to closed issue (https://github.com/oracle/terraform-provider-oci/issues/1385)

tf-oci-pub commented 1 year ago

Thank you for reporting the issue. We observed the affected resources are not provided in the description or it's incorrect. We request you to add it in issue description as mentioned in below format. Example: affected_resources = oci_core_instance , oci_core_instances

If it's not related to any particular resource then mention affected resource as terraform. Example: affected_resources = terraform

As this works through automation, request you to follow exact syntax.

tf-oci-pub commented 1 year ago

Thank you for reporting the issue. We observed the affected resources are not provided in the description or it's incorrect. We request you to add it in issue description as mentioned in below format. Example: affected_resources = oci_core_instance , oci_core_instances

If it's not related to any particular resource then mention affected resource as terraform. Example: affected_resources = terraform

As this works through automation, request you to follow exact syntax.

dburianov commented 1 year ago

affected_resources = oci_core_public_ip,oci_network_load_balancer_network_load_balancer,oci_core_private_ip,terraform

added

a-priestley commented 1 year ago

Is there a workaround for this issue? I also tried defining a private IP address resource for the public IP to assign to, but I encountered the same error -- it needs the VNIC id, but I am having trouble finding documentation on how to acquire it from the provider.

dburianov commented 1 year ago

Is there a workaround for this issue? I also tried defining a private IP address resource for the public IP to assign to, but I encountered the same error -- it needs the VNIC id, but I am having trouble finding documentation on how to acquire it from the provider.

resource "oci_core_public_ip" "lb_reserved_ip" { compartment_id = var.compartment_ocid lifetime = "RESERVED" display_name = "nlb_service" lifecycle { ignore_changes = [ private_ip_id ] } }