Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

can't create active-active vpngw #232

Closed
davidkarlsen opened this issue Dec 9, 2021 · 3 comments · Fixed by #345
Closed

can't create active-active vpngw #232

davidkarlsen opened this issue Dec 9, 2021 · 3 comments · Fixed by #345
Assignees
@krowlandson
Labels
enhancement New feature or request PR-merged
Milestone
v2.0.0 release

Comments

@davidkarlsen
Copy link

Versions

v1.1.0

terraform:
1.0.11

azure provider:
version = "~> 2.87"

module:

Description

As we want an active-active VPN gw, we configure two public IPs in order to pass these as ip_configuration to the module:

resource "azurerm_public_ip" "vpn_gw" {
  count               = 2
  allocation_method   = "Static"
  location            = var.default_location
  tags                = var.default_tags
  sku                 = "Standard"
  name                = "VpnGw${count.index}"
  resource_group_name = local.comms_resource_group_name
}

data "azurerm_subnet" "gateway_subnet" {
  name                 = "GatewaySubnet"
  resource_group_name  = local.comms_resource_group_name
  virtual_network_name = "es-hub-${var.default_location}"
}

...
 configure_connectivity_resources = {
    advanced = {
      custom_settings_by_resource_type = {
        azurerm_virtual_network_gateway = {
          connectivity = {
            vpngw = {
              (var.default_location) = {
                enable_bgp    = true
                active_active = true
                ip_configuration = [
                  {
                    name                          = "vnetGatewayConfig1"
                    public_ip_address_id          = azurerm_public_ip.vpn_gw[0].id
                    private_ip_address_allocation = "Dynamic"
                    subnet_id                     = data.azurerm_subnet.gateway_subnet.id
                  },
                  {
                    name                          = "vnetGatewayConfig2"
                    public_ip_address_id          = azurerm_public_ip.vpn_gw[1].id
                    private_ip_address_allocation = "Dynamic"
                    subnet_id                     = data.azurerm_subnet.gateway_subnet.id
                  }
                ]
              }
            }
          }
        }
      }
    }

But still the module will create a pip for the gateway, from terraform plan:

  # module.caf-enterprise-scale.azurerm_public_ip.connectivity["/subscriptions/mySub/resourceGroups/es-connectivity-myLocation/providers/Microsoft.Network/publicIPAddresses/es-vpngw-myLocation-pip"] will be created
  + resource "azurerm_public_ip" "connectivity" {
      + allocation_method       = "Static"
      + availability_zone       = "Zone-Redundant"
      + fqdn                    = (known after apply)
      + id                      = (known after apply)
      + idle_timeout_in_minutes = 4
      + ip_address              = (known after apply)
      + ip_version              = "IPv4"
      + location                = "myLocation"
      + name                    = "es-vpngw-myLocation-pip"
      + resource_group_name     = "es-connectivity-myLocation"
      + sku                     = "Standard"
      + sku_tier                = "Regional"
      + tags                    = {
          + "deployedBy" = "terraform/azure/caf-enterprise-scale/v1.1.0"
          + "terraform"  = "true"
        }
      + zones                   = (known after apply)
    }

Steps to Reproduce

  1. pass ip_configuration to the module
  2. observe that ip_configuration is used, but still a pip (which won't be needed or used) is also created

Screenshots
N/A

Additional context
N/A
@krowlandson krowlandson self-assigned this Dec 9, 2021
@krowlandson krowlandson added the enhancement New feature or request label Dec 9, 2021
@krowlandson
Copy link
Contributor

Great question @davidkarlsen. I'll have to look into whether it's possible to supress creation of the PIP in this scenario, but would it be more useful if we added a feature to the module to auto-create the second network interface and attach it to the firewall when active_active = true?

@davidkarlsen
Copy link
Author

davidkarlsen commented Dec 9, 2021
edited
Loading

Great question @davidkarlsen. I'll have to look into whether it's possible to supress creation of the PIP in this scenario, but would it be more useful if we added a feature to the module to auto-create the second network interface and attach it to the firewall when active_active = true?

creating a 2nd iface would be handy and can co-exist by leaving out any ip config if defined by user - that would provide a balance between flexibility and sane defaulting.

@krowlandson
Copy link
Contributor

Will look into this and get it prioritised on our development backlog... thank you for the feedback @davidkarlsen

@krowlandson krowlandson added this to the v1.2.0 release milestone Jan 27, 2022
@krowlandson krowlandson mentioned this issue Feb 1, 2022
Closed
krowlandson pushed a commit to krowlandson/terraform-azurerm-caf-enterprise-scale that referenced this issue Apr 21, 2022
Add advanced_vpn_settings
c6cfbfb 
- Fix Azure#232
- Fix Azure#334
@krowlandson krowlandson mentioned this issue Apr 21, 2022
Merged
6 tasks
@ghost ghost added the PR-referenced label Apr 21, 2022
krowlandson pushed a commit to krowlandson/terraform-azurerm-caf-enterprise-scale that referenced this issue Apr 22, 2022
Custom ip_configuration disables PIP creation
51a3f0c 
- Fix Azure#232
krowlandson pushed a commit that referenced this issue Apr 25, 2022
Fix multiple issues (#345)
246cf7d 
* Cast `tomap()` to fix #340

* Add advanced input to fix #342

* Add logic to handle VPN GW generation to fix #333

* Add `advanced_vpn_settings`
- Fix #232
- Fix #334

* Custom `ip_configuration` disables PIP creation
- Fix #232

* Update to support provider version `v3.0.2`

* Link `secondary_location` to settings module

* Update to test VPN gateway without AZ

* Update resource type in ID prefix

* Update baseline for `v3.0.2` provider support

* Fix sensitive values error

* Update strategy to test using Terraform `v1.1.x`

* Update OPA guidance
@ghost ghost added PR-merged and removed PR-referenced labels Apr 25, 2022
@ghost ghost locked as resolved and limited conversation to collaborators May 26, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@krowlandson krowlandson

Labels
enhancement New feature or request PR-merged
Projects
None yet
Milestone
v2.0.0 release
Development

Successfully merging a pull request may close this issue.

Fix multiple issues krowlandson/terraform-azurerm-caf-enterprise-scale
2 participants
@davidkarlsen @krowlandson