Comments (3)
Cluster/Datacenter level would do the trick for me but even after removing the node_name
attribute, I'm still getting the same iface validation error... :)
Looks like the validation with the regex net\d+
is called systematically here, even on cluster rules. The description seems to indicate otherwise however...
Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
from terraform-provider-proxmox.
Hi @bpg,
I can confirm that I am experiencing the same error as @simoncaron.
When attempting to create Firewall Rules at the cluster level, I receive the same error that they indicated in their initial report.
As an example, assume a block that appears as follows:
resource "proxmox_virtual_environment_firewall_rules" "inbound" {
provider = "proxmox-bpg"
# Interface: vmbr0 (Public Interface)
rule {
security_group = "foo"
comment = "Allow Rule for Public Interface for Accepting Connections from foo"
iface = "vmbr0"
enabled = true
}
# Interface: vmbr1 (Private Interface)
rule {
security_group = "bar"
comment = "Allow Rule for Public Interface for Accepting Connections from bar"
iface = "vmbr1"
enabled = true
}
[...]
}
When terraform plan
is executed, the following occurs:
╷
│ Error: invalid value for iface (Must be a valid VM/Container iface key, e.g. 'net0')
│
│ with proxmox_virtual_environment_firewall_rules.inbound,
│ on proxmox-firewall.tf line 66, in resource "proxmox_virtual_environment_firewall_rules" "inbound":
│ 66: iface = "vmbr0"
│
╵
╷
│ Error: invalid value for iface (Must be a valid VM/Container iface key, e.g. 'net0')
│
│ with proxmox_virtual_environment_firewall_rules.inbound,
│ on proxmox-firewall.tf line 75, in resource "proxmox_virtual_environment_firewall_rules" "inbound":
│ 75: iface = "vmbr1"
│
╵
Notably, this is in spite of node_name
not being present as an argument in the configuration block above. For that matter, vm_id
and container_id
are also not specified.
The same behavior is presented by the provider if node_name
is present regardless of whether or not it has a value of null
(e.g.: node_name = null
) or is given the value of an empty string, e.g.: node_name = ""
.
In short, it appears that the provider attempts to treat the configuration as if it should be assigned to a VM or to a Container regardless of whether or not the parameter node_name
is present in the configuration, and accordingly issues an error.
from terraform-provider-proxmox.
Hi @simoncaron! 👋🏼
Firewall rules are supported on cluster or VM / Container levels. In order to define a cluster-level rule you'd need to remove node_name
attribute.
If this is not enough for your use case and you'd like to have a node rule support, I'll covert this ticket to 'enhancement'.
from terraform-provider-proxmox.
Related Issues (20)
- Selection of the components you want to be hotpluggable HOT 1
- error creating clonr vm linked clone HOT 6
- Problem with obtain ipv4 addresses for group of nodes HOT 5
- Control the SDN with Terraform HOT 1
- Auto-increase the VM disk size if necessary when provisioning a disk from a `qcow2` image HOT 8
- Proxmox v7.4: Sporadic failure `unable to read tail (got 0 bytes)` on teardown of VMs HOT 3
- VM start fails with large RAM allocation and PCI-E Passthrough HOT 1
- proxmox_virtual_environment_datastores should group attributes in an array scoped to a single datastore HOT 1
- Can't create link clone of LXC Containers. There is no options. HOT 1
- Missing SPICE options for VMs HOT 1
- proxmox_virtual_environment_download_file new attribute: "path_in_datastore" HOT 2
- proxmox_virtual_environment_vm: cdrom / disk import issue HOT 4
- Error cloning template from shared storage
- Intent to contribute: ISO generation for cloud-init disks HOT 6
- proxmox_virtual_environment_container managing mount_points HOT 7
- Cannot create volume mount point in LXC HOT 7
- Add support for `proxmox_virtual_environment_file` data source HOT 4
- Terraform VM Creation crashes plugin when adding ipv4 configuration to VM HOT 3
- Context Deadline Exceeded only on certain resources HOT 11
- Using Cloud Init package_upgrade: false HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-proxmox.