andybouts
commented
3 years ago The second time it worked as expected once I hard coded the nat_ip into the ansible-vars
Closed andybouts closed 3 years ago
andybouts
commented
3 years ago The second time it worked as expected once I hard coded the nat_ip into the ansible-vars
thpang
commented
3 years ago The sample file used when one is also using the IAC repos has the following items: https://github.com/sassoftware/viya4-deployment/blob/main/examples/ansible-vars-iac.yaml#L4-L6 . These items are needed in the file and parsed and replaced if they are found in the tfstate file supplied. As the README.md states here
The ansible-vars-iac.yaml example file shows the values that need to be set when using the iac integration.
Not sure why you commented out that line. If you add the line back into your file things will work as expected.
andybouts
commented
3 years ago I had commented it out because the main readme that you linked indicated this field, Cloud NAT IP address, is parsed and used, but it seems those fields are not the same thing. I'd like to request that the main readme use the same field names that the ansible-vars.yaml use.
AWSmith0216
commented
3 years ago This seems similar to internal issue IAC-208, although in that case the LOADBALANCER_SOURCE_RANGES was not commented out. Seems there is a bug in general with the parsing of the NAT IP, although that may be exclusive to using the internal viya4-deployment 'overlay'.
andybouts
commented
3 years ago Thanks Adam, are you suggesting that instead of commenting out LOADBALANCER_SOURCE_RANGES, instead I should just leave it with the stock configuration of LOADBALANCER_SOURCE_RANGES: ['<desired_cidr_blocks>'] and it should perform the parsing for me?
From: Adam @.> Date: Monday, May 3, 2021 at 10:53 AM To: sassoftware/viya4-deployment @.> Cc: Andy Bouts @.>, Author @.> Subject: Re: [sassoftware/viya4-deployment] Load Balancer NAT Did not Auto-Parse and Use (#85)
EXTERNAL
This seems similar to internal issue IAC-208, although in that case the LOADBALANCER_SOURCE_RANGES was not commented out. Seems there is a bug in general with the parsing of the NAT IP, although that may be exclusive to using the internal viya4-deployment 'overlay'.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsassoftware%2Fviya4-deployment%2Fissues%2F85%23issuecomment-831312749&data=04%7C01%7Candy.bouts%40sas.com%7Cc2c4e0749c2e4e6b9a7308d90e433f19%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C637556504260386912%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=73CyZLy7J%2FzdMvWFNWszhzWOECsI5g0Lc0jj%2BNS5zFk%3D&reserved=0, or unsubscribehttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAKAZKJ643OC37ZDLJERWLTDTL22HPANCNFSM4347M2YA&data=04%7C01%7Candy.bouts%40sas.com%7Cc2c4e0749c2e4e6b9a7308d90e433f19%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C637556504260386912%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=s67JmYR58Oic3V3oSHDTdCClCbTasDf4gZ7E2XEHYXQ%3D&reserved=0.
AWSmith0216
commented
3 years ago I believe that is what Thomas was suggesting, although personally I would assume that you want something other than the NAT IP in the LOADBALANCER_SOURCE_RANGES. Set whatever your desired CIDRs are (your personal computer, company network, etc.) and the NAT IP should be parsed from the tfstate file and added to the user provided list if it's not already included.
My comment specifically was that even if you do that, I don't know if this functionality is working as intended. Refer to Jira IAC-208. I don't know if that issue is exclusive to using the internal viya4-deployment overlay, or also affects the official, external version.
andybouts
commented
3 years ago It will not work with the default value unchanged as it retained the sting and errored:
I am going to re-try with an empty list []: LOADBALANCER_SOURCE_RANGES: [] # should automatically parse and pull from the IAC tfstate
Error:
TASK [ingress-nginx : Deploy ingress-nginx] ****
fatal: [localhost]: FAILED! => {"changed": false, "command": "/usr/local/bin/helm --kubeconfig /tmp/ansible.kkhfg28r/.kube --namespace=ingress-nginx --version=3.20.1 --repo=https://kubernetes.github.io/ingress-nginx upgrade -i --reset-values --wait --create-namespace -f=/tmp/tmporn2b3h_.yml ingress-nginx ingress-nginx", "msg": "Failure when executing Helm command. Exited 1.\nstdout: Release \"ingress-nginx\" does not exist. Installing it now.\n\nstderr: Error: Service \"ingress-nginx-controller\" is invalid: spec.LoadBalancerSourceRanges: Invalid value: \"[
From: Adam @.> Date: Monday, May 3, 2021 at 2:09 PM To: sassoftware/viya4-deployment @.> Cc: Andy Bouts @.>, Author @.> Subject: Re: [sassoftware/viya4-deployment] Load Balancer NAT Did not Auto-Parse and Use (#85)
EXTERNAL
I believe that is what Thomas was suggesting, although personally I would assume that you want something other than the NAT IP in the LOADBALANCER_SOURCE_RANGES. Set whatever your desired CIDRs are (your personal computer, company network, etc.) and the NAT IP should be parsed from the tfstate file and added to the user provided list if it's not already included.
My comment specifically was that even if you do that, I don't know if this functionality is working as intended. Refer to Jira IAC-208. I don't know if that issue is exclusive to using the internal viya4-deployment overlay, or also affects the official, external version.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsassoftware%2Fviya4-deployment%2Fissues%2F85%23issuecomment-831434564&data=04%7C01%7Candy.bouts%40sas.com%7Ceb472fa1c3d9439d0faa08d90e5e9c8c%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C637556621786130528%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=smAVQyO3x1TxbEarlPsu0W%2BqVY6TMoViHLTsgCkiS1M%3D&reserved=0, or unsubscribehttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAKAZKJ4XZU7YJ2BHMQKJHG3TL3RGBANCNFSM4347M2YA&data=04%7C01%7Candy.bouts%40sas.com%7Ceb472fa1c3d9439d0faa08d90e5e9c8c%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C637556621786140516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=6TpVl%2B8AH6kCucPHN9M5bZ%2FQ%2B3JqbeNNR3tnSWV1tDs%3D&reserved=0.
andybouts
commented
3 years ago Wait, I think I see what you are saying.
Are you saying that the ingress CIDR that was provided in the IAC is not retained here and it must be provided again? Meaning: LOADBALANCER_SOURCE_RANGES: [{the CIDR I provided to the IAC},{the parsed NAT IP from Terraform state}] # need to manually re-add your ingress CIDR and then this should automatically parse concatenate the NAT IP from the IAC tfstate
I was under the impression (right / wrong / otherwise) that the ingress CIDR from the IAC was retained and appended to a list including the parsed NAT IP that Terraform reported when the IAC completed so that it was fully automated.
From: Adam @.> Date: Monday, May 3, 2021 at 2:09 PM To: sassoftware/viya4-deployment @.> Cc: Andy Bouts @.>, Author @.> Subject: Re: [sassoftware/viya4-deployment] Load Balancer NAT Did not Auto-Parse and Use (#85)
EXTERNAL
I believe that is what Thomas was suggesting, although personally I would assume that you want something other than the NAT IP in the LOADBALANCER_SOURCE_RANGES. Set whatever your desired CIDRs are (your personal computer, company network, etc.) and the NAT IP should be parsed from the tfstate file and added to the user provided list if it's not already included.
My comment specifically was that even if you do that, I don't know if this functionality is working as intended. Refer to Jira IAC-208. I don't know if that issue is exclusive to using the internal viya4-deployment overlay, or also affects the official, external version.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsassoftware%2Fviya4-deployment%2Fissues%2F85%23issuecomment-831434564&data=04%7C01%7Candy.bouts%40sas.com%7Ceb472fa1c3d9439d0faa08d90e5e9c8c%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C637556621786130528%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=smAVQyO3x1TxbEarlPsu0W%2BqVY6TMoViHLTsgCkiS1M%3D&reserved=0, or unsubscribehttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAKAZKJ4XZU7YJ2BHMQKJHG3TL3RGBANCNFSM4347M2YA&data=04%7C01%7Candy.bouts%40sas.com%7Ceb472fa1c3d9439d0faa08d90e5e9c8c%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C637556621786140516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=6TpVl%2B8AH6kCucPHN9M5bZ%2FQ%2B3JqbeNNR3tnSWV1tDs%3D&reserved=0.
AWSmith0216
commented
3 years ago None of the CIDRs provided to the IAC pieces is retained. You'll need to duplicate the 'default_public_access_cidrs' values in the ansible-vars-iac.yaml. Only the NAT IP will be parsed from the tfstate and appended to the list you provide.
But, that sounds like a good enhancement idea to me. If LOAD_BALANCER_SOURCE_RANGES is commented out and not set at all, then parse all values from the terraform state file.
andybouts
commented
3 years ago Yes, that’s be behavior that I observed.
I have a list of things to clarify in the documentation, so I’ll make changes and do a PR when I get time.
Appreciate the clarification.
From: Adam @.> Date: Monday, May 3, 2021 at 3:04 PM To: sassoftware/viya4-deployment @.> Cc: Andy Bouts @.>, Author @.> Subject: Re: [sassoftware/viya4-deployment] Load Balancer NAT Did not Auto-Parse and Use (#85)
EXTERNAL
None of the CIDRs provided to the IAC pieces is retained. You'll need to duplicate the 'default_public_access_cidrs' values in the ansible-vars-iac.yaml. Only the NAT IP will be parsed from the tfstate and appended to the list you provide.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsassoftware%2Fviya4-deployment%2Fissues%2F85%23issuecomment-831467523&data=04%7C01%7Candy.bouts%40sas.com%7Cc6db466da8394e11718e08d90e6641a3%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C637556654623326110%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=xKOif2rDPIZj2zga1k1rQM8qjnVNezmUxrx4qohIAHo%3D&reserved=0, or unsubscribehttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAKAZKJ3ZC2UCU6RBW7625DDTL3XTHANCNFSM4347M2YA&data=04%7C01%7Candy.bouts%40sas.com%7Cc6db466da8394e11718e08d90e6641a3%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C637556654623336100%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=EAhxGdQHYKk4%2Bz%2BTES6%2Bfc3dCJMHHPYL0%2BQLJS8aG%2BQ%3D&reserved=0.
According to the main page readme, the value for the
Cloud NAT IP addressshould be automatically parsed and used.The following line did not work in the ansible-vars.yaml and produced the following error:
#LOADBALANCER_SOURCE_RANGES: ['x.x.x.x/32'] # but this did not automatically parse and pull from the IAC tfstateIn order to get past the error, I had to paste the following output from the CLI response from the
tf apply -auto-approve: nat_ip = 20.42.xxx.xxx