terraform-provider-vcd
terraform-provider-vcd copied to clipboard
vmware
vcd_nsxv_dnat and DHCP
Hi there,
I figured out an issue with a DHCP routed network and trying to set dnat rule. IP is during plan known, but in apply not. The network is created manually in vCD due other bugs in the plugin with routed network and distributed interface type (#559 ).
vcd_network_routed net
- routed
- distributed
- static IP pool
- DHCP Pool
- ..DHCP binding MAC to IP, hostname
Terraform Version
Terraform v0.13.3
+ provider registry.terraform.io/hashicorp/random v2.3.0
+ provider registry.terraform.io/terraform-providers/ignition v1.2.1
+ provider registry.terraform.io/terraform-providers/vcd v2.9.0
Affected Resource(s)
- vcd_nsxv_dnat
Terraform Configuration Files
resource "vcd_nsxv_dnat" "rule_internet_ssh" {
count = var.vcd_allow_ssh == true ? 1 :0
edge_gateway = var.vcd_edge_gateway_name
network_type = "ext"
network_name = data.vcd_edgegateway.edge.default_gateway_network
original_address = data.vcd_edgegateway.edge.default_external_network_ip
original_port = 22
translated_address = vcd_vapp_vm.okd_bastion_vm00.network[0].ip
translated_port = 22
protocol = "tcp"
}
Debug Output
https://gist.github.com/haf-tech/d1e213e26a37b3fc72534aeaa7739bd2
Panic Output
n/a
Expected Behavior
- VM with DHCP
- ...and Firewall rules
Actual Behavior
Error: Provider produced inconsistent final plan
When expanding the plan for
module.module_vcd.vcd_nsxv_dnat.rule_internet_ssh[0] to include new values
learned so far during apply, provider
"registry.terraform.io/terraform-providers/vcd" produced an invalid new value
for .translated_address: was cty.StringVal("192.168.100.11"), but now
cty.StringVal("").
This is a bug in the provider, which should be reported in the provider's own
issue tracker.
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform apply
Important Factoids
- vCD on IBM Cloud
References
n/a
@haf-tech ,
First thing. Could you also share definition of vcd_vapp_vm.okd_bastion_vm00 resource?
@Didainius yes, see enclosed the resource definition.
# Create a VM, bastion 0
resource "vcd_vapp_vm" "okd_bastion_vm00" {
name = "okd_bastion_vm00"
vapp_name = vcd_vapp.okd-bastion-vapp.name
template_name = "CentOS-8-Template-Official"
power_on = "true"
catalog_name = "Public Catalog"
memory = 4096
cpus = 1
# helpful for DHCP to wait for the IP assignment, relevant for other steps like firewall rule
network_dhcp_wait_seconds = 30
network {
name = vcd_vapp_org_network.bastion-direct-network.org_network_name
type = "org"
#ip_allocation_mode = "POOL"
#ip = "192.168.100.6"
#ip_allocation_mode = "MANUAL"
ip_allocation_mode = "DHCP"
is_primary = true
}
# define the Ignition config
guest_properties = {
"guest.hostname" = "okd-bastion-vm00"
}
customization {
force = true
enabled = true
allow_local_admin_password = true
must_change_password_on_first_login = false
auto_generate_password = false
admin_password = random_password.password.result
}
lifecycle {
ignore_changes = [customization[0].admin_password]
}
}
@haf-tech,
That one is a tricky thing with DHCP because we rely on VM reporting IP (showing in UI).
Did it happen on initial deployment or later on while doing apply?
Does UI still report IP for that VM?
Could a longer network_dhcp_wait_seconds = 30 help?
Is your DHCP pool configured in Edge gateway or some external infrastructure using DHCP relay?
Would you be able to also capture (TF_LOG=TRACE) from Terraform itself? It should have a few custom logs lines from this provider about how succesfull DHCP IP lookup was.