terraform-provider-bigip
terraform-provider-bigip copied to clipboard
F5Networks
snatpool is scheduled to be modified when it should be (re-)created
After a deletion of a SNATPOOL outside of Terraform, a subsequent terraform apply/plan shows the pool would be modifies insted of created.
The details: I created a SNATPOOL and attached that to a VS in Terraform. After the VS and SNATPOOL get deleted on the device, I would expect Terraform to detect it during refresh and schedule it to be created again (before re-creating the VS) during terraform plan. Instead, Terraform schedules an update for the SNATPOOL and a (correct) create for the VS. Applying this failed because of the SNATPOOL not more existing at this time.
I tried to taint the SNATPOOL, which caused Terraform to schedule it for deletion in the next plan. Applying this, the deletion failed, as the SNATPOOL is not existing on the device.
As a workaround it was possible to issue a terraform state rm ... to remove the SNATPOOL resource from the statefile.
I verified that the F5 REST API does not show the deleted SNATPOOL anymore.
The resource:
resource "bigip_ltm_snatpool" "snatpool_ingress" {
# execute once per cluster
name = "/${var.cluster_name}/snat_${var.cluster_name}"
members = ["/${var.cluster_name}/${var.ingres_vs_ip}"]
}
The output:
> terraform apply
...
module.create_f5_default_ingress_vs.bigip_ltm_snatpool.snatpool_ingress: Refreshing state... [id=/rancher-test/snat_rancher-test]
...
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
~ update in-place
Terraform will perform the following actions:
# module.create_f5_default_ingress_vs.bigip_ltm_snatpool.snatpool_ingress will be updated in-place
~ resource "bigip_ltm_snatpool" "snatpool_ingress" {
id = "/rancher-test/snat_rancher-test"
~ members = [
+ "/rancher-test/192.168.100.48",
]
name = "/rancher-test/snat_rancher-test"
}
# module.create_f5_default_ingress_vs.bigip_ltm_virtual_server.http will be created
...
Plan: 1 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
module.create_f5_default_ingress_vs.bigip_ltm_snatpool.snatpool_ingress: Modifying... [id=/rancher-test/snat_rancher-test]
Error: 01020036:3: The requested SNAT Pool (/rancher-test/snat_rancher-test) was not found.
on ../../modules/create_default_f5_ingress_vs/create_default_f5_ingress_vs.tf line 34, in resource "bigip_ltm_snatpool" "snatpool_ingress":
34: resource "bigip_ltm_snatpool" "snatpool_ingress" {
> terraform state show module.create_f5_default_ingress_vs.bigip_ltm_snatpool.snatpool_ingress
# module.create_f5_default_ingress_vs.bigip_ltm_snatpool.snatpool_ingress:
resource "bigip_ltm_snatpool" "snatpool_ingress" {
id = "/rancher-test/snat_rancher-test"
members = [
"/rancher-test/192.168.100.48",
]
name = "/rancher-test/snat_rancher-test"
}
Terraform v0.12.18 ...
- provider.bigip v1.1.0 ...
