terraform-azurerm-lz-vending icon indicating copy to clipboard operation
terraform-azurerm-lz-vending copied to clipboard

Published 20 hours ago verified publisher icon Azure

feat: force peer resynch when VNET extended

Open fearofweapons opened this issue 1 year ago • 8 comments

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Is your feature request related to an issue? Feature Request

When a peered VNET is extended the peer needs to be resync'ed. The native Terraform modules force a resync when a VNET is extended. The Microsoft modules do not.

Describe the solution you'd like

The Microsoft modules should force a resync on any peered VNETS where the range is changed ( extended or reduced.)

We are looking to implement a workaround in Powershell that will get a list of all VNETS. Check to see if the PeeringSyncLevel is RemoteNotInSync and if it is pass the VNET name to Sync-AzVirtualNetworkPeering to force the peer sync.

Additional context

fearofweapons avatar Sep 29 '23 13:09 fearofweapons

Hi @fearofweapons

This is a sensible suggestion. Leave it with us to see if we can implement.

matt-FFFFFF avatar Sep 30 '23 07:09 matt-FFFFFF

Voted for this, and it would be great to have this feature added.

qaiserali avatar Nov 29 '23 16:11 qaiserali

I had a ta-da moment today on how we can implement.

Will report back!

matt-FFFFFF avatar Nov 29 '23 22:11 matt-FFFFFF

I have proved this works in a poc, will work on adding this to a future release

matt-FFFFFF avatar Feb 13 '24 14:02 matt-FFFFFF

PoC is here:

https://www.youtube.com/watch?v=5_39Ed5Lx1E

and here: https://github.com/matt-FFFFFF/terraform-azapi-vnet-peer-resync

Will look to get this added as a feature

matt-FFFFFF avatar Feb 16 '24 11:02 matt-FFFFFF

Outstanding - thanks Matt -- really appreciated. We'll take a look and have a go at using this in our deployments as soon as we can!

fearofweapons avatar Feb 16 '24 13:02 fearofweapons

incredibly good work - thanks for that! Do you btw already have an idea how and when it will go into the module? We use the module and are currently facing this challenge. We are already thinking about a PS script as a workaround that syncs the peerings again. The only question I have is whether I could trigger this in a meaningful way?

lulevapa avatar Mar 01 '24 10:03 lulevapa

incredibly good work - thanks for that! Do you btw already have an idea how and when it will go into the module? We use the module and are currently facing this challenge. We are already thinking about a PS script as a workaround that syncs the peerings again. The only question I have is whether I could trigger this in a meaningful way?

I went for a workaround. As our landingzone deployment is made with an azure devops release pipeline I added a step which calls a webhook from an automation runbook. This runbook iterates over all peerings in the HUB and initiate a resync if not fully in sync

lulevapa avatar Mar 13 '24 06:03 lulevapa