I deployed vnet peerings with terraform. But it was stuck on initiated status. When i tried manually with same values there was no problem. How can i fix it?
resource "azurerm_virtual_network_peering" "spoke_aks_peering" {
virtual_network_name = azurerm_virtual_network.virtual_network_spoke.name
resource_group_name = azurerm_resource_group.resource-group_spoke.name
remote_virtual_network_id = azurerm_virtual_network.virtual_network_aks.id
name = "peerspoketoaks"
allow_virtual_network_access = true
allow_forwarded_traffic = true
}
I tried to reproduce the same in my environment to create a peering between 2 virtual networks:
Note: If the Peering Status is currently Initiated status in Vnet peering,kindly enable the peering on both Vnets to get the status connected.
To resolve the Issue, create peering on both the VNet, like below.
#Azure Virtual Network peering between Virtual Network stagingtotest and testtostaging
resource "azurerm_virtual_network_peering" "peeringconnection1" {
name = "stagingtotest"
resource_group_name = local.resource_group_name
virtual_network_name = azurerm_virtual_network.network["staging"].name
remote_virtual_network_id = azurerm_virtual_network.network["test"].id
}
#Azure Virtual Network peering between Virtual Network testtostaging and stagingtotest
resource "azurerm_virtual_network_peering" "peeringconnection2" {
name = "testtostaging"
resource_group_name = local.resource_group_name
virtual_network_name = azurerm_virtual_network.network["test"].name
remote_virtual_network_id = azurerm_virtual_network.network["staging"].id
}
After Terraform apply, Peering created on both the Vnets.
Refer the document here for more.
Related
I have a virtual network called vNetVPN-Dev and in that virtual network I have some other subnets
And now I want to create another subnet in the same virtual network vNetVPN-Dev.
Virtual network
resource "azurerm_virtual_network" "virtual_network" {
name = "vNetVPN-Dev"
location = var.resource_group_location_north_europe
resource_group_name = var.resource_group_name
address_space = ["10.1.16.0/23", "10.2.0.0/16", "172.16.100.0/24"]
subnet {
name = "snet-vgp-dev"
address_prefix = "10.2.1.0/24"
}
tags = {
environment = var.tag_dev
}
}
this is the subnet I want to provision
resource "azurerm_subnet" "subnet_internal" {
name = "snet-internal-vm"
resource_group_name = var.resource_group_name
virtual_network_name = azurerm_virtual_network.virtual_network.name
address_prefixes = ["10.2.10.0/24"]
}
and when I run the terraform apply command, it errors out that GatewaySubnet is in use.
creating/updating Virtual Network: (Name "vNetVPN-Dev" / Resource Group "rg-03-data-dev"): network.VirtualNetworksClient#CreateOrUpdate:
Failure sending request: StatusCode=400 --
Original Error: Code="InUseSubnetCannotBeDeleted"
Message="Subnet GatewaySubnet is in use by /subscriptions/XXXXXXXXXXXXXXX/resourceGroups/rg-03-data-dev/providers/Microsoft.Network/virtualNetworkGateways/vgw-vgp-dev/ipConfigurations/vpn_public_ip_address_vgtw and cannot be deleted.
In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet."
There is no way that I can stop the GatewaySubnet.
GatewaySubnet is for vpn.
Do I need to remove the GatewaySubnet in order to provision my other resources?
You can't use inline subnet of the azurerm_virtual_network and azurerm_subnet resource to declare subnets for the same vnet.
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet
To prevent terraform from trying to delete the gateway subnet which is already deployed, you should use only the in-line declaration
resource "azurerm_virtual_network" "virtual_network" {
name = "vNetVPN-Dev"
location = var.resource_group_location_north_europe
resource_group_name = var.resource_group_name
address_space = ["10.1.16.0/23", "10.2.0.0/16", "172.16.100.0/24"]
subnet {
name = "snet-vgp-dev"
address_prefix = "10.2.1.0/24"
}
subnet {
name = "snet-internal-vm"
address_prefix = "10.2.10.0/24"
}
tags = {
environment = var.tag_dev
}
}
Objective: I am trying to update existing address space (4 ranges) as it was wrong cidr range given when creating it orginally
Context: Existing vnet consists of address_space as
["xx.xxx.0.0/24","xx.xxx.0.0/20","xx.xxx.0.0/24","xx.xxx.0.0/20"]
Now, I changed this to
["xx.xxx.0.0/24","xx.xxx.0.0/24","xx.xxx.0.0/24","xx.xxx.0.0/20"]
But when I rerun my terraform, plan does not pick this up as change. By the way, this is not having any vnet peering
The code that I use for creating Vnet :
resource "azurerm_virtual_network" "vnet" {
name = var.hub_vnet_name
location = azurerm_resource_group.rg[0].location
resource_group_name = azurerm_resource_group.rg[0].name
address_space = var.vnet_address_space
dns_servers = var.dns_servers
tags = {
environment = "${var.env}"
costcentre = "xxx"
}
dynamic "ddos_protection_plan" {
for_each = local.if_ddos_enabled
content {
id = azurerm_network_ddos_protection_plan.ddos[0].id
enable = false
}
}
}
Varaibles.tf:
variable "vnet_address_space" {
description = "The address space to be used for the Azure virtual network."
default = ["xx.xxx.0.0/24","xx.xxx.0.0/24","xx.xxx.0.0/24","xx.xxx.0.0/20"]
}
Really not sure why terraform is not able to see this change, can some one guide
no there is no erros it says during the plan
I'm building a Terraform config for my infrastructure deployment, and trying to connect an azurerm_mariadb_server resource to an azurerm_subnet, using an azurerm_mariadb_virtual_network_rule, as per documentation.
The vnet, subnet, mariadb-server etc are all created, but I get the following when trying to create the vnet_rule.
Error: Error waiting for MariaDb Virtual Network Rule "vnet-rule" (MariaDb Server: "server", Resource Group: "rg")
to be created or updated: couldn't find resource (21 retries)
on main.tf line 86, in resource "azurerm_mariadb_virtual_network_rule" "vnet_rule":
86: resource "azurerm_mariadb_virtual_network_rule" "mariadb_vnet_rule" {
I can't determine which resource can't be found - all resources except the azurerm_mariadb_virtual_network_rule are created, according to both the bash shell output and Azure portal.
My config is below - details of some resources are omitted for brevity.
provider "azurerm" {
version = "~> 2.27.0"
features {}
}
resource "azurerm_resource_group" "rg" {
name = "${var.resource_group_name}-rg"
location = var.location
}
resource "azurerm_virtual_network" "vnet" {
resource_group_name = azurerm_resource_group.rg.name
name = "${var.prefix}Vnet"
address_space = ["10.0.0.0/16"]
location = var.location
}
resource "azurerm_subnet" "backend" {
resource_group_name = azurerm_resource_group.rg.name
name = "${var.prefix}backendSubnet"
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
service_endpoints = ["Microsoft.Sql"]
}
resource "azurerm_mariadb_server" "server" {
# DB server name can contain lower-case letters, numbers and dashes, NOTHING ELSE
resource_group_name = azurerm_resource_group.rg.name
name = "${var.prefix}-mariadb-server"
location = var.location
sku_name = "B_Gen5_2"
version = "10.3"
ssl_enforcement_enabled = true
}
resource "azurerm_mariadb_database" "mariadb_database" {
resource_group_name = azurerm_resource_group.rg.name
name = "${var.prefix}_mariadb_database"
server_name = azurerm_mariadb_server.server.name
charset = "utf8"
collation = "utf8_general_ci"
}
## Network Service Endpoint (add DB to subnet)
resource "azurerm_mariadb_virtual_network_rule" "vnet_rule" {
resource_group_name = azurerm_resource_group.rg.name
name = "${var.prefix}-mariadb-vnet-rule"
server_name = azurerm_mariadb_server.server.name
subnet_id = azurerm_subnet.backend.id
}
The issue looks to arise within 'func resourceArmMariaDbVirtualNetworkRuleCreateUpdate', but I don't know Go, so can't follow exactly what's causing it.
If anyone can see an issue, or knows how to get around this, please let me know!
Also, I'm not able to do it via the portal - step 3 here shows a section for configuring VNET rules, which is not present on my page for 'Azure database for mariaDB server'. I have the Global administrator role, so I don't think it's permissions-related.
From creating and manage Azure Database for MariaDB VNet service endpoints and VNet rules by using the Azure portal
The key point is that
Support for VNet service endpoints is only for General Purpose and
Memory Optimized servers.
So change the code sku_name = "B_Gen5_2" to sku_name = "GP_Gen5_2" or other eligible sku_name.
sku_name - (Required) Specifies the SKU Name for this MariaDB Server.
The name of the SKU, follows the tier + family + cores pattern (e.g.
B_Gen4_1, GP_Gen5_8). For more information see the product
documentation.
It takes a few minutes to deploy.
i would like to deploy Azure landingzone using terraform in multiple subscriptions, Hub network should have azure firewall in subscription1 and each spoke have different subscriptions, i need 4 spokes which would be deployed in 4 separate subscriptions.
can some one help me with logic, how to write terraform.
For your requirements, here is the architecture that you can follow. The Hub and the spoke are connected via the VNet Peering. According to the description:
The virtual networks can be in the same, or different subscriptions.
When you peer virtual networks in different subscriptions, both
subscriptions can be associated to the same or different Azure Active
Directory tenant.
So you can peer VNets in two different subscriptions. I assume you use the Azure CLI as the authentication your account already login and has enough permission in both two subscriptions. Here is an example code:
provider "azurerm" {
features {}
alias = "subscription1"
subscription_id = "xxxxxxx"
}
provider "azurerm" {
features {}
alias = "subscription2"
subscription_id = "xxxxxxx"
}
data "azurerm_virtual_network" "remote" {
provider = azurerm.subscription1
name = "remote_vnet_name"
resource_group_name = "remote_group_name"
}
data "azurerm_virtual_network" "vnet" {
provider = azurerm.subscription2
name = "vnet_name"
resource_group_name = "group_name"
}
resource "azurerm_virtual_network_peering" "peering" {
provider = azurerm.subscription2
name = "${data.azurerm_virtual_network.vnet.name}-to-${data.azurerm_virtual_network.remote.name}"
resource_group_name = "group_name"
virtual_network_name = data.azurerm_virtual_network.vnet.name
remote_virtual_network_id = data.azurerm_virtual_network.remote.id
allow_virtual_network_access = true
allow_forwarded_traffic = true
# `allow_gateway_transit` must be set to false for vnet Global Peering
allow_gateway_transit = false
}
resource "azurerm_virtual_network_peering" "peering1" {
provider = azurerm.subscription1
name = "${data.azurerm_virtual_network.remote.name}-to-${data.azurerm_virtual_network.vnet.name}"
resource_group_name = "remote_group_name"
virtual_network_name = data.azurerm_virtual_network.remote.name
remote_virtual_network_id = data.azurerm_virtual_network.vnet.id
allow_virtual_network_access = true
allow_forwarded_traffic = true
# `allow_gateway_transit` must be set to false for vnet Global Peering
allow_gateway_transit = false
}
The VNet peering always comes with a pair. So you need to create a peering for each VNet that in the different subscriptions in a peering. This example just shows you how to create a peering for the two VNets in different subscriptions. Then you can complete the whole architecture as you wish in Terraform.
I'm trying to create network Interface in Azure through terraform using below script :
resource "azurerm_subnet" "internal" {
name = "Subnet1"
resource_group_name = "${var.VNetResourceGroup}"
virtual_network_name = "${var.VNetName}"
address_prefix = "10.0.2.0/24"
}
resource "azurerm_network_interface" "main" {
name = "${var.prefix}-nic"
location = "${var.location}"
resource_group_name = "${var.resourceGroup}"
ip_configuration {
name = "ipconfig1"
subnet_id = "${azurerm_subnet.internal.id}"
private_ip_address_allocation = "dynamic"
}
}
This script creates the Subnet Subnet1 and assigning that Subnet.id in ipconfiguration.
But if I have to create another network interface again through another .tf file with the same Subnet1 , how to do I get the ${azurerm_subnet.internal.id} value again.
That is if the Subnet is already existing and I do not want to create it, how to I set those values and use them?
EDIT
I have figured out, in powershell this is the script used to determine Subnet id :
$vnetId= "[resourceId("VNetRG",'Microsoft.Network/virtualNetworks', "VNetName")]"
$subnetRef = "[concat($vnetId, '/subnets/', "Subnet1")]"
where VNetRG - resource group of VNet ,
VNetName - Name of VNet ,
Subnet1 - Name of Subnet.
Can anyone tell me what is the equivalent script in terraform?
Use a subnet data source:
data "azurerm_subnet" "subnet1" {
name = "Subnet1"
virtual_network_name = "${var.VNetName}"
resource_group_name = "${var.VNetResourceGroup}"
}
Then reference it in your NIC code with
subnet_id = "${data.azurerm_subnet.subnet1.id}"