Comments (13)
Yea I have been racking my brain to try to come up with a solution for this type of thing so I am debating using some sort of cidr calculator to parse the values first but since terraform is single pass I'm struggling to find a good solution. If I come up with something I'll add it as a comment here. I will also try to reproduce the error I saw next week (got some issues I'm working on right now).
from terraform-aws-vpc.
v2.0 release was cut today so you should be able to use ipam as expected. we eliminated 2 of your problems:
- you can now perform second apply with no issue
- we do not use the data source and therefor do not query for multiple cidrs, you should not see the error when your pool is out of ranges
from terraform-aws-vpc.
Thank you for opening this issue. ill take a look
from terraform-aws-vpc.
Seems like there are 3 issues here:
-
2nd apply is not working with ipam arguments (confirmed): This is definitely a problem and Im looking into how to fix that
-
If a pool cannot query for another CIDR the data source fails: This is interesting and may require an update to the provider to account. Can you please post the error you get when you run into the full event
-
Cannot create an ipam in the same root module. This is not so much of a bug but i agree we could potentially fix this race condition by referencing a non-computed value; for example we could use a bool
ipam = bool
and that would unblock the dependency issue
One thing to note. I do not believe you would be able to use for_each
to loop over creating these resources if referencing ipam. The reason is because the query for a CIDR is done with the data source before the resource graph is built so each VPC will get the same CIDR block. There is, sadly, no easy way around this :/ The vpc resource can receive the next computed CIDR by specifying those arguments, however, then we cannot compute the subnets because theyre an attribute of the VPC resource itself (race condition)
from terraform-aws-vpc.
Yeah im struggling to fix the 2nd apply issue (and im sad i didnt catch this before now 😭 ). I can get the resources to work and require no changes but the outputs still change because the calculator still fires
from terraform-aws-vpc.
Alright, i got a fix coming regarding the 2nd apply issue but its going to be part of v2 which will have some breaking changes because im changing some inputs and outputs
I might release as alpha next week, if i have time to finish it... would love your input prior to raising it to GA if youre interested
from terraform-aws-vpc.
Alright, i got a fix coming regarding the 2nd apply issue but its going to be part of v2 which will have some breaking changes because im changing some inputs and outputs
I might release as alpha next week, if i have time to finish it... would love your input prior to raising it to GA if youre interested
100%
I'd definitely give it a whirl on Monday. Just let me know the branch name or tag me on the PR.
from terraform-aws-vpc.
I've rethought my implementation a bit regarding how to solve this issue. I proposed to hashi we add a modifier to the data source that prevents preview always grabbing a new CIDR. I dont think that behavior is even useful.
This however is bending the notion of a data source so I'm not certain how theyll respond.
from terraform-aws-vpc.
I've rethought my implementation a bit regarding how to solve this issue. I proposed to hashi we add a modifier to the data source that prevents preview always grabbing a new CIDR. I dont think that behavior is even useful.
This however is bending the notion of a data source so I'm not certain how theyll respond.
Yea I won't hold my breath on it. I am going to work on a cidr calculator for working with foreach loops.
from terraform-aws-vpc.
I tried implementing on my own locally but we're limited by what terraform core allows: hashicorp/terraform#31549
I'm going back to my original idea without run_once
and just a bunch of greedy ignore_changes
:/
Hopefully will have that out for testing in a day or 2
from terraform-aws-vpc.
issue closed by default. i got a couple more PRs coming before we cut a 2.0 release but, if youre able, would love your feedback on whats currently in main from #67
from terraform-aws-vpc.
Works great now for re-runability but if you want to move something it does fail (just changed the region and ipam region and got the following error):
│ Error: Error previewing next cidr from IPAM pool (ipam-pool-XXXXXXXXXX): InvalidParameterValue: The pool ipam-pool-XXXXXXXXXXXXX is not in the current region us-west-2.
│ status code: 400, request id: e83e2f8a-f81a-44a8-bccf-f59ca5936b21
│
│ with module.ci_vpc.data.aws_vpc_ipam_preview_next_cidr.main[0],
│ on .terraform/modules/ci_vpc/data.tf line 53, in data "aws_vpc_ipam_preview_next_cidr" "main":
│ 53: data "aws_vpc_ipam_preview_next_cidr" "main" {
but that is out of scope from the issue I raised and something that I think will happen no matter what unless you target destroy first and then respool.
from terraform-aws-vpc.
I was also able to refactor a bit which should help with refresh times and allowed us to use the RESOURCE instead of the DATA SOURCE. ik that was causing an error for you when the pool ran out of cidrs. I had never considered that situation!
it also allows us to remove all the greedy ignore_changes
from terraform-aws-vpc.
Related Issues (20)
- [Testing rewrite] Cloud Wan example fails HOT 1
- Is it possible to create a VPC without IPv6? HOT 11
- Requesting new release to fix deprecated warning HOT 1
- keys derived from resource attributres that cannot be determined until apply HOT 2
- determanistic subnet cidr calculation HOT 3
- Output list of subnets, IDs and CIDRs HOT 2
- Invalid index on module.subnet_tags is object with no attributes HOT 5
- Setup mocks for longer tests
- TGW attachment without dedicated subnets HOT 2
- Create secondary cidr block on first pass? HOT 14
- You must define a backend block (it can be empty!) in your Terraform code HOT 2
- Support managing the default security group for vpc HOT 3
- Add option to tag CloudWAN attachments HOT 1
- Trying to get IPAM to Allocate a Secondary CIDR Fails; CIDR Already Allocated to the Primary VPC is Used
- Unable to use with existing VPC
- Dual Stack subnets - assign_ipv6_address_on_creation attribute doesn't work. HOT 1
- Multi-account central-egress vpc example HOT 2
- Bump awscc provider version
- create_vpc variable
- Variables on the v4.4.2 branch doesn't match the one on terraform registry HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-vpc.