Comments (23)
dannyk81
commented on June 7, 2024
Hi Dan,
This is an issue I'm afraid, I have similar trouble with monitor resource. It seems that the state of the profile resource is not being correctly recorded for all configurable attributes when it's first created so subsequent applies triggers changes.
/cc @scshitole
from terraform-provider-bigip.
commented on June 7, 2024
Hi Danny,
I looked a bit further, and it appears in my case that the state is being written with the correct default values when the resource is provisioned:
root@dev:~/dev/obo-terraform-release/sandbox/f5# terraform state show bigip_ltm_profile_tcp.PFL_DP_EVAL_TEST
id = /Common/PFL_DP_EVAL_TEST
close_wait_timeout = 5
defaults_from = /Common/tcp-lan-optimized
deferred_accept = disabled
fast_open = disabled
finwait_2timeout = 300
finwait_timeout = 5
idle_timeout = 300
keepalive_interval = 1800
name = /Common/PFL_DP_EVAL_TEST
partition = Common
...so I don't know why a subsequent apply would trigger an update, as local state should equal device state.
Thanks,
Dan
from terraform-provider-bigip.
commented on June 7, 2024
I also tested with the monitor resource and the fastl4 profile resource and experience the same issue.
from terraform-provider-bigip.
scshitole
commented on June 7, 2024
@dpeachey @dannyk81 thanks let me look at that.
from terraform-provider-bigip.
commented on June 7, 2024
Hi @scshitole, did you have a chance to look at this one?
Thanks.
from terraform-provider-bigip.
scshitole
commented on June 7, 2024
@dpeachey will look today
from terraform-provider-bigip.
scshitole
commented on June 7, 2024
Just fixed it and tested the fix
bigip_ltm_profile_tcp.PFL_DP_EVAL_TCP: Creating...
close_wait_timeout: "" => "5"
defaults_from: "" => "/Common/tcp-lan-optimized"
deferred_accept: "" => "disabled"
fast_open: "" => "disabled"
finwait_2timeout: "" => "300"
finwait_timeout: "" => "5"
idle_timeout: "" => "300"
keepalive_interval: "" => "1800"
name: "" => "/Common/PFL_DP_EVAL_TCP"
partition: "" => "Common"
bigip_ltm_profile_tcp.PFL_DP_EVAL_TCP: Creation complete after 0s (ID: /Common/PFL_DP_EVAL_TCP)
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
SJC-ML-00028512:terraform-provider-bigip shitole$
SJC-ML-00028512:terraform-provider-bigip shitole$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
bigip_ltm_profile_tcp.PFL_DP_EVAL_TCP: Refreshing state... (ID: /Common/PFL_DP_EVAL_TCP)
------------------------------------------------------------------------
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.
from terraform-provider-bigip.
commented on June 7, 2024
Thanks @scshitole, I will test. Could you also update the oneconnect profile? Same issue with that one.
from terraform-provider-bigip.
scshitole
commented on June 7, 2024
@dpeachey here you go
bigip_ltm_profile_oneconnect.test-oneconnect: Creating...
defaults_from: "" => "/Common/oneconnect"
idle_timeout_override: "" => "disabled"
max_age: "" => "3600"
max_reuse: "" => "1000"
max_size: "" => "1000"
name: "" => "/Common/test-oneconnect"
partition: "" => "Common"
share_pools: "" => "disabled"
source_mask: "" => "255.255.255.255"
bigip_ltm_profile_oneconnect.test-oneconnect: Creation complete after 0s (ID: /Common/test-oneconnect)
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
SJC-ML-00028512:terraform-provider-bigip shitole$
SJC-ML-00028512:terraform-provider-bigip shitole$
SJC-ML-00028512:terraform-provider-bigip shitole$
SJC-ML-00028512:terraform-provider-bigip shitole$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
bigip_ltm_profile_oneconnect.test-oneconnect: Refreshing state... (ID: /Common/test-oneconnect)
------------------------------------------------------------------------
No changes. Infrastructure is up-to-date.
from terraform-provider-bigip.
commented on June 7, 2024
great, thank you. I will test.
from terraform-provider-bigip.
commented on June 7, 2024
Hi @scshitole , I see a couple of issues still.
With the oneconnect profile, the default values seem to be wrong. I get:
* bigip_ltm_profile_oneconnect.PFL_DP_EVAL_PARENT_ONECONNECT: Error create profile oneConnect (/Common/PFL_DP_EVAL_PARENT_ONECONNECT): "max-age":"-1" integer value is out of range
Also with the fastl4, some of the default values are incorrect:
~ bigip_ltm_profile_fastl4.PFL_DP_EVAL_CHILD_FASTL4
iptos_toclient: "pass-through" => "65535"
iptos_toserver: "pass-through" => "65535"
keepalive_interval: "disabled" => "0"
Thanks,
Dan
from terraform-provider-bigip.
scshitole
commented on June 7, 2024
@dpeachey I dont see this issue ?
+ bigip_ltm_profile_fastl4.test-fastl4
id: <computed>
client_timeout: "40"
defaults_from: "/Common/fastL4"
explicitflow_migration: "enabled"
hardware_syncookie: "enabled"
idle_timeout: "200"
iptos_toclient: "pass-through"
iptos_toserver: "pass-through"
keepalive_interval: "disabled"
name: "/Common/Fastl4sanjay"
partition: "Common"
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
SJC-ML-00028512:terraform-provider-bigip shitole$
SJC-ML-00028512:terraform-provider-bigip shitole$
SJC-ML-00028512:terraform-provider-bigip shitole$
SJC-ML-00028512:terraform-provider-bigip shitole$
SJC-ML-00028512:terraform-provider-bigip shitole$
SJC-ML-00028512:terraform-provider-bigip shitole$
SJC-ML-00028512:terraform-provider-bigip shitole$ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ bigip_ltm_profile_fastl4.test-fastl4
id: <computed>
client_timeout: "40"
defaults_from: "/Common/fastL4"
explicitflow_migration: "enabled"
hardware_syncookie: "enabled"
idle_timeout: "200"
iptos_toclient: "pass-through"
iptos_toserver: "pass-through"
keepalive_interval: "disabled"
name: "/Common/Fastl4sanjay"
partition: "Common"
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
bigip_ltm_profile_fastl4.test-fastl4: Creating...
client_timeout: "" => "40"
defaults_from: "" => "/Common/fastL4"
explicitflow_migration: "" => "enabled"
hardware_syncookie: "" => "enabled"
idle_timeout: "" => "200"
iptos_toclient: "" => "pass-through"
iptos_toserver: "" => "pass-through"
keepalive_interval: "" => "disabled"
name: "" => "/Common/Fastl4sanjay"
partition: "" => "Common"
bigip_ltm_profile_fastl4.test-fastl4: Creation complete after 0s (ID: /Common/Fastl4sanjay)
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
SJC-ML-00028512:terraform-provider-bigip shitole$
SJC-ML-00028512:terraform-provider-bigip shitole$
SJC-ML-00028512:terraform-provider-bigip shitole$
SJC-ML-00028512:terraform-provider-bigip shitole$ sh plan
sh: plan: No such file or directory
SJC-ML-00028512:terraform-provider-bigip shitole$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
bigip_ltm_profile_fastl4.test-fastl4: Refreshing state... (ID: /Common/Fastl4sanjay)
------------------------------------------------------------------------
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.
SJC-ML-00028512:terraform-provider-bigip shitole$
from terraform-provider-bigip.
commented on June 7, 2024
@scshitole in the resource_bigip_ltm_profile_fastl4.go file I see the following which I think is causing the issue:
"iptos_toclient": {
Type: schema.TypeString,
Optional: true,
Default: "65535",
Description: "Use the parent Fastl4 profile",
},
"iptos_toserver": {
Type: schema.TypeString,
Optional: true,
Default: "65535",
Description: "Use the parent Fastl4 profile",
},
"keepalive_interval": {
Type: schema.TypeString,
Optional: true,
Default: 0,
Description: "Use the parent Fastl4 profile",
},
Thanks,
Dan
from terraform-provider-bigip.
scshitole
commented on June 7, 2024
@dpeachey what is the bigip image you are using ? I am using 12.X release and my TF file is below, I don't see the issue ?
resource "bigip_ltm_profile_fastl4" "test-fastl4" {
name = "/Common/testfastl4"
partition = "Common"
defaults_from = "/Common/fastL4"
client_timeout = 40
idle_timeout = "200"
explicitflow_migration = "enabled"
hardware_syncookie = "enabled"
iptos_toclient = "pass-through"
iptos_toserver = "pass-through"
keepalive_interval = "disabled"
}
from terraform-provider-bigip.
commented on June 7, 2024
@scshitole I am using 13.1.1. I see in your config you are specifying the values for those variables, but I'm not in mine, so mine is using the defaults from the schema, which seems to be incorrect.
from terraform-provider-bigip.
dannyk81
commented on June 7, 2024
@scshitole, I'm not sure your recent fixes are correct.
The resource needs to read all the attributes values from F5 after Create and update their values in state.
the Defaults are just a way to specify some values when creating a resource, so that the user won't have to specify them, however since they are optional these defaults are not really needed.
Also, defaults change from version to version, so need to be carefull as you may override them. by setting a single value in the provider.
from terraform-provider-bigip.
scshitole
commented on June 7, 2024
@dannyk81 let me check
from terraform-provider-bigip.
scshitole
commented on June 7, 2024
@dpeachey I removed the configs and tried same results, can you please share the .tf file config ?
terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ bigip_ltm_profile_fastl4.test-l4
id: <computed>
client_timeout: "40"
defaults_from: "/Common/fastL4"
explicitflow_migration: "enabled"
hardware_syncookie: "enabled"
idle_timeout: "200"
iptos_toclient: "65535"
iptos_toserver: "65535"
keepalive_interval: "0"
name: "/Common/Fastjay"
partition: "Common"
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
SJC-ML-00028512:terraform-provider-bigip shitole$ cat master.tf
provider "bigip" {
address = "10.192.74.68"
username = "admin"
password = "admin"
}
resource "bigip_ltm_profile_fastl4" "test-l4" {
name = "/Common/Fastjay"
partition = "Common"
defaults_from = "/Common/fastL4"
client_timeout = 40
idle_timeout = "200"
explicitflow_migration = "enabled"
hardware_syncookie = "enabled"
}
SJC-ML-00028512:terraform-provider-bigip shitole$ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ bigip_ltm_profile_fastl4.test-l4
id: <computed>
client_timeout: "40"
defaults_from: "/Common/fastL4"
explicitflow_migration: "enabled"
hardware_syncookie: "enabled"
idle_timeout: "200"
iptos_toclient: "65535"
iptos_toserver: "65535"
keepalive_interval: "0"
name: "/Common/Fastjay"
partition: "Common"
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
bigip_ltm_profile_fastl4.test-l4: Creating...
client_timeout: "" => "40"
defaults_from: "" => "/Common/fastL4"
explicitflow_migration: "" => "enabled"
hardware_syncookie: "" => "enabled"
idle_timeout: "" => "200"
iptos_toclient: "" => "65535"
iptos_toserver: "" => "65535"
keepalive_interval: "" => "0"
name: "" => "/Common/Fastjay"
partition: "" => "Common"
bigip_ltm_profile_fastl4.test-l4: Creation complete after 0s (ID: /Common/Fastjay)
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
SJC-ML-00028512:terraform-provider-bigip shitole$
from terraform-provider-bigip.
scshitole
commented on June 7, 2024
@dpeachey may be you are using the 0.12 binary, in that case you are not using the fix, can you send me terraform init . output it should not say 0.12 tag
from terraform-provider-bigip.
commented on June 7, 2024
@scshitole I've rebuilt from the latest master branch and still have the same issue. My config looks like this:
resource "bigip_ltm_profile_fastl4" "PFL_DP_EVAL_PARENT_FASTL4" {
name = "/Common/PFL_DP_EVAL_PARENT_FASTL4"
defaults_from = "/Common/fastL4"
partition = "Common"
And I get the following when I re-apply:
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
~ bigip_ltm_profile_fastl4.PFL_DP_EVAL_PARENT_FASTL4
iptos_toclient: "pass-through" => "65535"
iptos_toserver: "pass-through" => "65535"
keepalive_interval: "disabled" => "0"
I know if I specified those values in the config it would workaround it but they should be optional I would have thought.
Thanks,
Dan
from terraform-provider-bigip.
kylegentle
commented on June 7, 2024
Hi @scshitole,
I'm not a user of terraform-provider-bigip, but I came across this issue while looking for a fix to this same bug in a Terraform provider I'm developing.
In my case, I was able to solve the issue by adding Computed: true, to the Optional attributes that were causing problems. This seems necessary when an optional attribute may be computed by the API at creation time. It's possible that might help here; if not, feel free to ignore.
Best,
Kyle
from terraform-provider-bigip.
dannyk81
commented on June 7, 2024
@scshitole was going over @kylegentle's suggestion above and it makes a lot of sense, we have many attributes that default to various values by the device once the resource is created.
I think hard coding these defaults in the provider is problematic long-term, since defaults may change over time or differ across versions of bigip.
The better approach is to mark these optional fields as Computed: true which ensures their values are retrieved and stored in the state right after the resource is created.
Thanks @kylegentle for the suggestion!
from terraform-provider-bigip.
focrensh
commented on June 7, 2024
Closing into https://github.com/terraform-providers/terraform-provider-bigip/issues/298
from terraform-provider-bigip.
Related Issues (20)
- Virtual Server 0.0.0.0 Mask Conversion HOT 2
- Deleting iRules from Virtual Server Configs HOT 9
- RFE: Add new resource to create/manage Rewrite profiles HOT 3
- Support for check_max_value_length in parameters for declarative WAF policy HOT 1
- Issue with virtual address deletion or replacement when the name field contains the route domain (f.e. %50) HOT 1
- bigip_ltm_node resource fails consistently with: "Error: error modifying node /Common/<node_name_here>: "node" unexpected argument" HOT 1
- Requesting the ability to use a port list in terraform for f5networks/bigip provider HOT 3
- bigip_ltm_profile_http encrypt_cookie_secret plan diffs HOT 1
- Terraform error while deploying to LTM VE HOT 1
- Fake changes on security log profile in bigip_ltm_virtual_server resource HOT 1
- Log Profile - Arguments report infrastructure doesn't match the terraform configuration HOT 2
- bigip_as3 does not provide details about what resource will be changed when a modification was done outside of terraform
- bigip_bigiq_as3 with provider 1.21.0 is returning "Error: onPatch Not implemented" HOT 5
- Failure to refresh state HOT 1
- `requestlog_template` is added to the state as `responselog_template` HOT 4
- Big-IQ bigip_bigiq_as3 resource - Provider produced inconsistent final plan HOT 1
- Addition of "Enforcement Mode" for Cross Domain Request Enforcement in URL properties HOT 1
- Big-IQ bigip_bigiq_as3 tenant resource removal/destruction fails with 500 error Cannot read property 'class' of null HOT 1
- Bug: Request-log templates escaped double-quotes not being configured on the BIG-IP HOT 1
- Error while attaching WAF policy to virtual server HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-bigip.