Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bgp peer configuration #4809

Closed
baodongli opened this issue Nov 4, 2019 · 5 comments
Closed

bgp peer configuration #4809

baodongli opened this issue Nov 4, 2019 · 5 comments
Assignees
Labels

Comments

@baodongli
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
  • If an issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to "hashibot", a community member has claimed the issue already.

Terraform Version

$ terraform -v
Terraform v0.12.12

Your version of Terraform is out of date! The latest version
is 0.12.13. You can update by downloading from www.terraform.io/downloads.html

Affected Resource(s)

  • google_compute_router_interface

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://www.hashicorp.com/security
# If reproducing the bug involves modifying the config file (e.g., apply a config,
# change a value, apply the config again, see the bug) then please include both the
# version of the config before the change, and the version of the config after the change.

resource "google_compute_router_interface" "zone1_router_intf" {
name = "${var.gcloud_region}-z1-${var.pod_id}-intf"
router = var.routers.z1.name
region = var.gcloud_region
interconnect_attachment = google_compute_interconnect_attachment.zone1_ac.self_link
}

resource "google_compute_router_interface" "zone2_router_intf" {
name = "${var.gcloud_region}-z2-${var.pod_id}-intf"
router = var.routers.z2.name
region = var.gcloud_region
interconnect_attachment = google_compute_interconnect_attachment.zone2_ac.self_link
}

Debug Output

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

module.us-east4.module.nat_gw.data.google_compute_image.nat_image: Refreshing state...


Panic Output

Error: Each interface requires one linked resource or an ip range, or both.

on ../modules/pod/pod.tf line 21, in resource "google_compute_router_interface" "zone1_router_intf":
21: resource "google_compute_router_interface" "zone1_router_intf" {

Error: Each interface requires one linked resource or an ip range, or both.

on ../modules/pod/pod.tf line 29, in resource "google_compute_router_interface" "zone2_router_intf":
29: resource "google_compute_router_interface" "zone2_router_intf" {

Expected Behavior

terraform plan/apply should have succeeded

Actual Behavior

terraform plan/apply returned error as described in above.
Added ip_range in the resource as requested by the error message, and terraform plan/apply no longer complained. However, later on, terraform apply emitted the following errors:

Error: Error patching router us-east4/control-path-us-east4-z1-router: googleapi: Error 400: Invalid value for field 'resource.interfaces[0].ipRange': '169.254.0.0/24'. IP range of router interface 'us-east4-z1-pod1-intf' must be equal to cloudRouterIpAddress of interconnect attachment 'us-east4-z1-pod1-ac': 169.254.121.25/29, invalid

on ../modules/pod/pod.tf line 21, in resource "google_compute_router_interface" "zone1_router_intf":
21: resource "google_compute_router_interface" "zone1_router_intf" {

Error: Error patching router us-east4/control-path-us-east4-z2-router: googleapi: Error 400: Invalid value for field 'resource.interfaces[0].ipRange': '169.254.0.0/24'. IP range of router interface 'us-east4-z2-pod1-intf' must be equal to cloudRouterIpAddress of interconnect attachment 'us-east4-z2-pod1-ac': 169.254.234.41/29, invalid

on ../modules/pod/pod.tf line 29, in resource "google_compute_router_interface" "zone2_router_intf":
29: resource "google_compute_router_interface" "zone2_router_intf" {

I then removed ip_range from the configuration. And terraform apply would proceed successfully.

So to make it provision the resources successfully, I had to add and then remove ip_range in the google_compute_router_interface resource and run terraform apply each time.

Steps to Reproduce

see above description

  1. terraform apply

Important Factoids

References

  • #0000
@ghost ghost added the bug label Nov 4, 2019
@danawillow danawillow self-assigned this Nov 6, 2019
@danawillow
Copy link
Contributor

Hi @baodongli, I'm not able to reproduce this. Can you please post the full config you used that fails when running terraform plan? What version of the google provider are you using?

@baodongli
Copy link
Author

baodongli commented Nov 7, 2019

Thanks for looking into it.

$ terraform -v
Terraform v0.12.13

`resource "google_compute_interconnect_attachment" "IAs" {
for_each = var.links
name = each.value.ia_name # "${var.gcloud_region}-z${each.value.zone}-${var.pod_id}-ia"
interconnect = each.value.di_self_link
router = each.value.router.self_link
bandwidth = each.value.bandwidth
vlan_tag8021q = each.value.vlan
admin_enabled = true
region = var.gcloud_region
}

resource "google_compute_router_interface" "router_interfaces" {
for_each = var.links
name = each.value.intf_name # "${var.gcloud_region}-z${each.value.zone}-${var.pod_id}-intf"
router = each.value.router.name
region = var.gcloud_region
// ip_range = "169.254.0.0/24"
ip_range = google_compute_interconnect_attachment.IAs[each.key].cloud_router_ip_address
interconnect_attachment = google_compute_interconnect_attachment.IAs[each.key].self_link
}

resource "google_compute_router_peer" "router_bgp_peers" {
for_each = var.links
name = each.value.bgp_peer_name # "${var.gcloud_region}-z${each.value.zone}-${var.pod_id}-bgp-peer"
region = var.gcloud_region
router = each.value.router.name
peer_ip_address = split("/", google_compute_interconnect_attachment.IAs[each.key].customer_router_ip_address)[0]
interface = google_compute_router_interface.router_interfaces[each.key].name
peer_asn = var.peer_asn
}`

Basically I have to run twice and switch between the two ip_range lines in order to come through successfully

@ghost ghost removed the waiting-response label Nov 7, 2019
@selslack
Copy link

selslack commented Dec 6, 2019

@danawillow

here's the minimum repro test case

provider "google" {
  version = "= 2.20.0"

  batching {
    enable_batching = true
    send_after      = "5s"
  }
}

provider "google-beta" {
  version = "= 3.0.0-beta.1"

  batching {
    enable_batching = true
    send_after      = "5s"
  }
}

resource "google_compute_network" "test" {
  name = "test"
}

resource "google_compute_ha_vpn_gateway" "test" {
  provider = google-beta

  name    = "test"
  network = google_compute_network.test.self_link
}

resource "google_compute_router" "test" {
  name    = "test"
  network = google_compute_network.test.self_link

  bgp {
    asn = 64516
  }
}

resource "google_compute_router_interface" "test" {
  provider = google-beta

  name   = "test"
  router = google_compute_router.test.name

  vpn_tunnel = google_compute_vpn_tunnel.test.self_link
}

resource "google_compute_external_vpn_gateway" "test" {
  provider = google-beta

  name = "test"

  redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"

  interface {
    id         = 0
    ip_address = "127.0.0.1"
  }
}

resource "google_compute_vpn_tunnel" "test" {
  provider = google-beta

  name = "test"

  router        = google_compute_router.test.self_link
  ike_version   = 1
  shared_secret = "random_password.preshared_key.result"

  vpn_gateway           = google_compute_ha_vpn_gateway.test.id
  vpn_gateway_interface = 0

  peer_external_gateway           = google_compute_external_vpn_gateway.test.id
  peer_external_gateway_interface = 0
}

Then, terraform plan.

Basically any (known after apply) / computed / not-known-at-the-time-of-plan value is not good for either ip_range or vpn_tunnel value.

In the example above, if google_compute_vpn_tunnel.test.self_link is known at the time of plan (i.e. existed before google_compute_router_interface is added) -- then there's no problem.

@danawillow
Copy link
Contributor

GoogleCloudPlatform/magic-modules#2835 should fix this, which was released today in v3.3.0.

If for some reason that doesn't fix it, the equivalent PR of GoogleCloudPlatform/magic-modules#2852 that I started working on before I saw the other one should :)

Closing this out, but feel free to reopen if you still see issues after upgrading to the release with the fix.

@ghost
Copy link

ghost commented Mar 28, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 28, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

3 participants