terraform-oci-vscode-server icon indicating copy to clipboard operation
terraform-oci-vscode-server copied to clipboard

Published 20 hours ago verified publisher icon timoa

The Cloudflare Tunnel Route fail to be created during boot time

Open timoa opened this issue 2 years ago • 1 comments

On the first run, the provisioning of the instance is failing when Cloudflare Zero Trust is enabled due to the cloudflare_tunnel_route.cf_tunnel_route.

The error is triggered due to a network not being ready on the instance.

It can be because it tried to create the Tunnel route during the reboot of the instance if there are OS updates that needs a reboot (kernel updates for ex.) or the instance is just not ready.

The fix can be to use a depends_on resource like the null_resource.common_playbook or another resource that makes sure that the instance is up and running (after the 1st reboot).

timoa avatar Jun 02 '22 11:06 timoa

From what I have investigated, the tunnel needs to be created when cloudflared has been installed and running.

I made a depends_on on the Cloudflare install script, but it seems that the Cloudflare provider is trying to change the wrong tunnel route since the private IP used as an ID is changing when the instance is replaced.

Example:

cloudflare_tunnel_route.cf_tunnel_route[0]: Modifying... [id=10.1.20.8/32]
[...]
│ Error: error updating Tunnel Route for Network "10.1.20.24/32": You are trying to modify the route for a network that isn't routed. Please add the network before modifying it. Or, check that you specified the correct network. (1015)
│
│   with cloudflare_tunnel_route.cf_tunnel_route[0],
│   on cloudflare.tf line 39, in resource "cloudflare_tunnel_route" "cf_tunnel_route":
│   39: resource "cloudflare_tunnel_route" "cf_tunnel_route" {
│

If reapply, the terraform apply will create the right tunnel route:

cloudflare_tunnel_route.cf_tunnel_route[0]: Refreshing state... [id=10.1.20.8/32]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # cloudflare_tunnel_route.cf_tunnel_route[0] will be created
  + resource "cloudflare_tunnel_route" "cf_tunnel_route" {
      + account_id = (sensitive)
      + comment    = "Tunnel Route for VSCode Server"
      + id         = (known after apply)
      + network    = "10.1.20.24/32"
      + tunnel_id  = "a2c43bab-e8bc-47e8-a9ed-dd3c0de84390"
    }

Plan: 1 to add, 0 to change, 0 to destroy.
cloudflare_tunnel_route.cf_tunnel_route[0]: Creating...
cloudflare_tunnel_route.cf_tunnel_route[0]: Creation complete after 2s [id=10.1.20.24/32]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

timoa avatar Jun 03 '22 07:06 timoa