surajsbharadwaj
commented
1 year ago Closed surajsbharadwaj closed 1 year ago
surajsbharadwaj
commented
1 year ago 
toddgiguere
commented
1 year ago Root cause has been identified, currently working on a fix.
This issue can happen when the VPC deployment is incomplete or missing elements, such as subnets. This will cause the terraform module to have missing or incomplete output attributes that are referenced in dynamic_values module. Since these references will happen at plan execution, the destroy of remaining resources will fail and be stuck in that state.
toddgiguere
commented
1 year ago After analysis and trial, we have determined that the fix for this will not be simple. We will be evaluating solutions, sizing and prioritizing, in order to have a permanent solution.
TEMPORARY WORKAROUND: We did discover a workaround in case you find yourself in a situation where you cannot destroy resources:
The main cause for the error is due to the fact that certain resources, like VSI instances, are assigned to other VPC resources (such as subnets) that are now non-existent. In order to get past this issue you can "unassign" those resources by using the override_json_string input parameter when executing a terraform destroy. This will remove the association with certain elements and allow the mapping process to continue. It appears that it will not affect the actual destroy (mapping is not really used for destroy phase).
EXAMPLE: If you see a situation like above, where the "dynamic_values/config_modules/vsi" is complaining about non-existent "subnet_zone_list", this means that in the configuration (default or override) there are VSI instances mapped to subnets that do not exist. To get around this situation you could remove all VSI mapping to subnets by supplying an empty array for VSI configuration:
export TF_VAR_override_json_string='{"vsi": []}'This will skip the problem of mapping the VSI list to subnet IDs, and let the destroy operation complete.
NOTE: while this workaround works fine for destroy, since the destroy operation does not use these mappings, I don't know if I would recommend to continue an unfinished terraform apply by using this method, as you may wind up with certain resources incorrectly configured.
ocofaigh
commented
1 year ago This has been documented in the known issues with a workaround -> https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-known-issues#ki-unsupported-attribute
Going to close this issue
We use custom json: https://github.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/blob/main/solutions/ibm-catalog/presets/slz-for-powervs/rhel-vpc-pvs.preset.json.tftpl
If something errors during terraform apply, then terraform destroy breaks. It throws an error and doesnt destroy the resources.
Terraform apply: Lets assume something breaks / failed to create some resource…/
Terraform destroy
other error when terraform destroy fails: