terraform-provider-pritunl icon indicating copy to clipboard operation
terraform-provider-pritunl copied to clipboard

Published 20 hours ago verified publisher icon disc

support for cloud advertisement on the server's virtual network route?

Open dlethin opened this issue 3 years ago • 5 comments

When creating a server, pritunl includes with it a non-removable 'virtual network` route. You can then edit that route and mark the route with 'cloud advertise' which allows the active server's host (assuming it has the proper credentials) to edit the route tables in the VPC to direct routes to it.

Is this functionality that can be added to the server resource to allow setting cloud advertise? I'm wondering the best way to model this. Maybe something like this?

resource "pritunl_server" "test" {
  name="test"

  organization_ids = [
    "xxx"
  ]

  network = "w.x.y.z/n"
  port = NNN
  ...

  # new field.  If not present, default is no cloud_advertise?

  virtual_network_route = {
    cloud_advertise = true
  }

Thoughts? Thanks.

dlethin avatar Oct 14 '21 03:10 dlethin

I've got a draft PR in my fork that I worked on yesterday that works for my needs. I'll find some time to clean it up and submit a PR here.

It allows me to have a project looking like this -- essentially adding support for the virtual_network_route block:

resource "pritunl_server" "test" {
  name="terraform_test"

  groups = []

  # todo = convert this to a data resource lookup
  organization_ids = [
    "[REDACTED]"
  ]

  host_ids = [for host in local.host_names:
    data.pritunl_host.host[host].id
  ]

  network = "172.20.68.0/24"
  port = 20068
  cipher             = "aes256"
  dns_servers        = [
    "10.20.0.2",
    "9.9.9.9",
  ]

  # This block is new, allowing me to ensure the server's network is updated in our VPC to
  # always point to the active pritunl host for this server.
  virtual_network_route {
    cloud_advertise = true
  }

  route {
     network =     "10.20.0.2/32"
     nat = false
  }
}

dlethin avatar Oct 23 '21 12:10 dlethin

On challenge I ran into when testing my changes on our existing infrastructure via terraform import, is that pritunl used to use the vpc_id field to mark whether a route was marked as cloud_advertise. So I've got a few routes in that situation where advertise is not set for vpc_id is.
I tried to account for that in this change here -- https://github.com/dlethin/terraform-provider-pritunl-1/commit/bc8144202cbf15d5a59ac2fb7a0514a8dcf62ab3#diff-3f3aaab5413458017dfa169b2579db2467bc64be78ba8f86a84872472e6c1e32R618

But I don't know if its great to have the provider try to manage changes like this. Maybe the expectation might be that the user cleans up there installation prior to trying to use this plugin?

Cuirious if anyone has thoughts on this?

dlethin avatar Oct 26 '21 19:10 dlethin

I had another discussion with pritunl developer and it seems that when terraform provider wants to update a route to turn cloud_advertise off, we only need to set advertise to false, and the server will handle setting unsetting vpc_id. That makes this problem easier. The only thing we need to do is marke cloud_advertise as true if either advertise is set or vpc_id is not empty.

dlethin avatar Oct 26 '21 20:10 dlethin

Hey @dlethin, why did you close your draft PR with cloud_advertise feature? Have you faced with some issues with it? Have this PR solved your issue? https://github.com/dlethin/terraform-provider-pritunl-1/pull/1

disc avatar Jun 14 '22 09:06 disc

Hi there -- Quite frankly, I don't remember why I had closed it back then -- I'm not a native golang developer and wasn't really reaching critical momentum getting this to work I was doing this in my spare time but other priorities arose and I completely stopped working on this. It's been so long I've forgotten all the context behind this, but if you are actively working on this I can try to offer some help in this area.

dlethin avatar Jun 14 '22 13:06 dlethin