terraform-provider-ibm icon indicating copy to clipboard operation
terraform-provider-ibm copied to clipboard

Published 20 hours ago verified publisher icon IBM-Cloud

Wait logic is missing/not working in VPN Gateway

Open MalarvizhiK opened this issue 3 years ago • 2 comments
trafficstars

I used the below script to create VPN Gateway, Connections. My VPN gateway connections are created with 0.0.0.0 as the VPN gateway address. We need wait logic in VPN gateway, it should wait till the status is changed from Pending to Available. Then only VPN gateway connections should get created. Please fix on high priority. Issue is seen only with multiple VPN gateways (3 in number) and VPN gateway connections (4 in number). I need to add sleep in VPN gateway, which is not working always.

resource "ibm_is_vpn_gateway" "VPNClientGateway" {
  name   = "demo-think-peer-vpn"
  subnet = data.ibm_is_subnet.client_subnet.id
  resource_group = data.ibm_resource_group.group.id
  mode = "policy"
    provisioner "local-exec" {
    command = "sleep 180"
  }
}

resource "ibm_is_vpn_gateway" "VPNPeerGateway1" {
  name   = "think-demo-rok2-vpn-gw"
  subnet = data.ibm_is_subnet.server_subnet1.id
  resource_group = data.ibm_resource_group.group.id
  mode = "policy"
provisioner "local-exec" {
    command = "sleep 180"
  }
}

resource "ibm_is_vpn_gateway" "VPNPeerGateway2" {
  name   = "think-demo-rok2-vpn-gw-2"
  subnet = data.ibm_is_subnet.server_subnet2.id
  resource_group = data.ibm_resource_group.group.id
  mode = "policy"
provisioner "local-exec" {
    command = "sleep 180"
  }
}

resource "ibm_is_vpn_gateway_connection" "VPNClientGateway_Conn1" {
  name = "demo-think-peer-vpn-gw-conn1"
  vpn_gateway = ibm_is_vpn_gateway.VPNClientGateway.id
  peer_address = ibm_is_vpn_gateway.VPNPeerGateway1.public_ip_address
  local_cidrs = [data.ibm_is_subnet.client_subnet.ipv4_cidr_block]
  peer_cidrs = [data.ibm_is_subnet.server_subnet1.ipv4_cidr_block]
  preshared_key = "secret"
  admin_state_up = true
  depends_on = [ibm_is_vpn_gateway.VPNPeerGateway1]
}

resource "ibm_is_vpn_gateway_connection" "VPNClientGateway_Conn2" {
  name = "demo-think-peer-vpn-gw-conn2"
  vpn_gateway = ibm_is_vpn_gateway.VPNClientGateway.id
  peer_address = ibm_is_vpn_gateway.VPNPeerGateway2.public_ip_address
  local_cidrs = [data.ibm_is_subnet.client_subnet.ipv4_cidr_block]
  peer_cidrs = [data.ibm_is_subnet.server_subnet2.ipv4_cidr_block]
  preshared_key = "secret"
  admin_state_up = true
  depends_on = [ibm_is_vpn_gateway.VPNPeerGateway2]
}

resource "ibm_is_vpn_gateway_connection" "VPNPeerGateway1_Conn1" {
  name = "think-demo-rok2-vpn-gw-conn1"
  vpn_gateway = ibm_is_vpn_gateway.VPNPeerGateway1.id
  peer_address = ibm_is_vpn_gateway.VPNClientGateway.public_ip_address
  local_cidrs = [data.ibm_is_subnet.server_subnet1.ipv4_cidr_block]
  peer_cidrs = [data.ibm_is_subnet.client_subnet.ipv4_cidr_block]
  preshared_key = "secret"
  admin_state_up = true
  depends_on = [ibm_is_vpn_gateway.VPNClientGateway]
}

resource "ibm_is_vpn_gateway_connection" "VPNPeerGateway2_Conn1" {
  name = "think-demo-rok2-vpn-gw-2-conn1"
  vpn_gateway = ibm_is_vpn_gateway.VPNPeerGateway2.id
  peer_address = ibm_is_vpn_gateway.VPNClientGateway.public_ip_address
  local_cidrs = [data.ibm_is_subnet.server_subnet2.ipv4_cidr_block]
  peer_cidrs = [data.ibm_is_subnet.client_subnet.ipv4_cidr_block]
  preshared_key = "secret"
  admin_state_up = true
  depends_on = [ibm_is_vpn_gateway.VPNClientGateway]
}

MalarvizhiK avatar Aug 11 '22 12:08 MalarvizhiK

vpn gw with mode as policy, needs an active public ip address of the peer. Changing the configuration to this should resolve the issue.

resource "ibm_is_vpn_gateway" "VPNClientGateway" {
  name   = "demo-think-peer-vpn"
  subnet = data.ibm_is_subnet.client_subnet.id
  resource_group = data.ibm_resource_group.group.id
  mode = "policy"
    provisioner "local-exec" {
    command = "sleep 180"
  }
}

resource "ibm_is_vpn_gateway" "VPNPeerGateway1" {
  name   = "think-demo-rok2-vpn-gw"
  subnet = data.ibm_is_subnet.server_subnet1.id
  resource_group = data.ibm_resource_group.group.id
  mode = "policy"
provisioner "local-exec" {
    command = "sleep 180"
  }
}

resource "ibm_is_vpn_gateway" "VPNPeerGateway2" {
  name   = "think-demo-rok2-vpn-gw-2"
  subnet = data.ibm_is_subnet.server_subnet2.id
  resource_group = data.ibm_resource_group.group.id
  mode = "policy"
provisioner "local-exec" {
    command = "sleep 180"
  }
}

resource "ibm_is_vpn_gateway_connection" "VPNClientGateway_Conn1" {
  name = "demo-think-peer-vpn-gw-conn1"
  vpn_gateway = ibm_is_vpn_gateway.VPNClientGateway.id
  peer_address = ibm_is_vpn_gateway.VPNPeerGateway1.public_ip_address != "0.0.0.0" ? ibm_is_vpn_gateway.VPNPeerGateway1.public_ip_address : ibm_is_vpn_gateway.VPNPeerGateway1.public_ip_address2
  local_cidrs = [data.ibm_is_subnet.client_subnet.ipv4_cidr_block]
  peer_cidrs = [data.ibm_is_subnet.server_subnet1.ipv4_cidr_block]
  preshared_key = "secret"
  admin_state_up = true
  depends_on = [ibm_is_vpn_gateway.VPNPeerGateway1]
}

resource "ibm_is_vpn_gateway_connection" "VPNClientGateway_Conn2" {
  name = "demo-think-peer-vpn-gw-conn2"
  vpn_gateway = ibm_is_vpn_gateway.VPNClientGateway.id
  peer_address = ibm_is_vpn_gateway.VPNPeerGateway2.public_ip_address != "0.0.0.0" ? ibm_is_vpn_gateway.VPNPeerGateway2.public_ip_address : ibm_is_vpn_gateway.VPNPeerGateway2.public_ip_address2
  local_cidrs = [data.ibm_is_subnet.client_subnet.ipv4_cidr_block]
  peer_cidrs = [data.ibm_is_subnet.server_subnet2.ipv4_cidr_block]
  preshared_key = "secret"
  admin_state_up = true
  depends_on = [ibm_is_vpn_gateway.VPNPeerGateway2]
}

resource "ibm_is_vpn_gateway_connection" "VPNPeerGateway1_Conn1" {
  name = "think-demo-rok2-vpn-gw-conn1"
  vpn_gateway = ibm_is_vpn_gateway.VPNPeerGateway1.id
  peer_address = ibm_is_vpn_gateway.VPNClientGateway.public_ip_address != "0.0.0.0" ? ibm_is_vpn_gateway.VPNPeerGateway2.public_ip_address : ibm_is_vpn_gateway.VPNPeerGateway2.public_ip_address2
  local_cidrs = [data.ibm_is_subnet.server_subnet1.ipv4_cidr_block]
  peer_cidrs = [data.ibm_is_subnet.client_subnet.ipv4_cidr_block]
  preshared_key = "secret"
  admin_state_up = true
  depends_on = [ibm_is_vpn_gateway.VPNClientGateway]
}

resource "ibm_is_vpn_gateway_connection" "VPNPeerGateway2_Conn1" {
  name = "think-demo-rok2-vpn-gw-2-conn1"
  vpn_gateway = ibm_is_vpn_gateway.VPNPeerGateway2.id
  peer_address = ibm_is_vpn_gateway.VPNClientGateway.public_ip_address != "0.0.0.0" ? ibm_is_vpn_gateway.VPNClientGateway.public_ip_address : ibm_is_vpn_gateway.VPNClientGateway.public_ip_address2
  local_cidrs = [data.ibm_is_subnet.server_subnet2.ipv4_cidr_block]
  peer_cidrs = [data.ibm_is_subnet.client_subnet.ipv4_cidr_block]
  preshared_key = "secret"
  admin_state_up = true
  depends_on = [ibm_is_vpn_gateway.VPNClientGateway]
}

uibm avatar Aug 12 '22 05:08 uibm

The solution works fine, please document and close the issue.

MalarvizhiK avatar Aug 23 '22 13:08 MalarvizhiK