search

timoa / terraform-oci-vscode-server

Terraform project that deploys VSCode Server on Oracle Cloud Infrastructure (free tier) and protect the access with Cloudflare Zero Trust (optional) or an SSH tunnel
https://timoa.com
Apache License 2.0
26 stars 1 forks source link

The Cloudflare Tunnel Route fail to be created during boot time #14

Open timoa opened 2 years ago

timoa commented 2 years ago

On the first run, the provisioning of the instance is failing when Cloudflare Zero Trust is enabled due to the cloudflare_tunnel_route.cf_tunnel_route.

The error is triggered due to a network not being ready on the instance.

It can be because it tried to create the Tunnel route during the reboot of the instance if there are OS updates that needs a reboot (kernel updates for ex.) or the instance is just not ready.

The fix can be to use a depends_on resource like the null_resource.common_playbook or another resource that makes sure that the instance is up and running (after the 1st reboot).

timoa commented 2 years ago

From what I have investigated, the tunnel needs to be created when cloudflared has been installed and running.

I made a depends_on on the Cloudflare install script, but it seems that the Cloudflare provider is trying to change the wrong tunnel route since the private IP used as an ID is changing when the instance is replaced.

Example:

cloudflare_tunnel_route.cf_tunnel_route[0]: Modifying... [id=10.1.20.8/32]
[...]
│ Error: error updating Tunnel Route for Network "10.1.20.24/32": You are trying to modify the route for a network that isn't routed. Please add the network before modifying it. Or, check that you specified the correct network. (1015)
│
│   with cloudflare_tunnel_route.cf_tunnel_route[0],
│   on cloudflare.tf line 39, in resource "cloudflare_tunnel_route" "cf_tunnel_route":
│   39: resource "cloudflare_tunnel_route" "cf_tunnel_route" {
│

If reapply, the terraform apply will create the right tunnel route:

cloudflare_tunnel_route.cf_tunnel_route[0]: Refreshing state... [id=10.1.20.8/32]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # cloudflare_tunnel_route.cf_tunnel_route[0] will be created
  + resource "cloudflare_tunnel_route" "cf_tunnel_route" {
      + account_id = (sensitive)
      + comment    = "Tunnel Route for VSCode Server"
      + id         = (known after apply)
      + network    = "10.1.20.24/32"
      + tunnel_id  = "a2c43bab-e8bc-47e8-a9ed-dd3c0de84390"
    }

Plan: 1 to add, 0 to change, 0 to destroy.
cloudflare_tunnel_route.cf_tunnel_route[0]: Creating...
cloudflare_tunnel_route.cf_tunnel_route[0]: Creation complete after 2s [id=10.1.20.24/32]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.