-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
resource/aws_network_interface: Use first of private_ips as primary #1672
Conversation
This is pretty important to anyone who needs to attach more than one interface to an instance in a particular order, such as anything using a |
Agreed ... this keeps us from building infrastructures where HA is dependent on deterministic addressing order. |
a603074
to
659a13e
Compare
@radeksimko any chance of taking another look at this one? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @matt-deboer
sorry for the delay on reviewing this one.
I have 2 questions:
- Do we know for sure that IPs are always sorted the same way? The API doesn't document that. Do you have any confirmation from the AWS support? While I understand the difficulties of referencing sets (something we need to address in the core/language) the reason we use sets instead of lists is also to avoid spurious diffs whenever API returns IPs (or other fields) in a different order. Amazon tells us which one's primary via a special field called
Primary
which is IMO safer to follow. - This would be a breaking change for any users who already have existing configs & state in a couple of ways:
- depending on the ordering of IPs the state may not be the same as in config and we're now making it the same which will raise diffs in the
plan
after upgrading. - Ordering of IPs in the config was not previously respected, or we rather took the first one based on hash and used that as primary.
- depending on the ordering of IPs the state may not be the same as in config and we're now making it the same which will raise diffs in the
On a related note I think that private_ip
& private_ips
are broken in general. As the former is used to specify primary IP and the second one may be used too, then we need to mark them as ConflictsWith
.
The following cfg presents the problem:
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
}
resource "aws_subnet" "public_a" {
vpc_id = "${aws_vpc.main.id}"
cidr_block = "10.0.0.0/24"
}
resource "aws_network_interface" "test" {
subnet_id = "${aws_subnet.public_a.id}"
private_ip = "10.0.0.60"
private_ips = ["10.0.0.51", "10.0.0.40", "10.0.0.30"]
}
If we're absolutely sure that ordering is predictable I'm ok with scheduling this as BC which can be part of the next major release (2.0.0
), otherwise we'll need to find another way around.
This issue might be resolved by updating the documentation. The option "private_ip" is not documented at https://www.terraform.io/docs/providers/aws/r/network_interface.html |
I tested the above configuration however the privateIP seemed to be ignored:
However the primary was not set correctly as per the console.
|
I can confirm that the template above is not working. Maybe the logic needs to be:
Alternatively drop the "private_ip" as it's not documented and just use the first item in "private_ips" |
The AWS API works by specifying that one of the IP addresses is primary. http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_PrivateIpAddressSpecification.html Order is not the determining factor. Maybe the cleanest fix is to make sure that "private_ip" is honoured as the primary IP address, and this option is documented. |
From the CLI documentation:
--private-ip-addresses (list)
` |
I agree with @thallam08 After reviewing the AWS API it seems the plugin wasn't handling the private IP as it was supposed to be. |
There's a related issue that may not have been logged. If you change the list of IPs then the primary IP may change. The AWS CLI allows for adding and removing secondary IPs. As implemented this module does not allow us to do this reliably as it may try to change the primary IP and either have to recreate the resource or fail (eg primary interface). |
The real issue here is that "private_ip" is ignored completely, even when set. It's set in the state, but it doesn't seem to propagate to AWS as the primary |
That does not work for a non-primary interface.
Not sure it always works for primary interface.
Sent from my ....
… On 12 Feb 2019, at 4:42 am, Yuri Niyazov ***@***.***> wrote:
If you include both the "private_ip" and "private_ips", and make sure that "private_ip" is included in the list of "private_ips", it does what you want.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Pull request #21306 has significantly refactored the AWS Provider codebase. As a result, most PRs opened prior to the refactor now have merge conflicts that must be resolved before proceeding. Specifically, PR #21306 relocated the code for all AWS resources and data sources from a single We recognize that many pull requests have been open for some time without yet being addressed by our maintainers. Therefore, we want to make it clear that resolving these conflicts in no way affects the prioritization of a particular pull request. Once a pull request has been prioritized for review, the necessary changes will be made by a maintainer -- either directly or in collaboration with the pull request author. For a more complete description of this refactor, including examples of how old filepaths and function names correspond to their new counterparts: please refer to issue #20000. For a quick guide on how to amend your pull request to resolve the merge conflicts resulting from this refactor and bring it in line with our new code patterns: please refer to our Service Package Refactor Pull Request Guide. |
This is obviated by #17846. Let us know if that does not solve for your situation. |
This functionality has been released in v3.74.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
This changes
private_ips
to List (instead of Set) for more intuitive/predictable behavior, which helps to solve issues #836 and #996.Before this change, there was no reliable way to configure the primary_ip --> you simply got the ip address whose string value's hash had the lowest lexical sort order. Deterministic, yes, but not determined by the order the ips were specified in the list :)