Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plan shows and apply does some changes to "network_interface.*" of most instances on every run, without change in the code #371

Closed
gdubicki opened this issue Aug 31, 2017 · 10 comments
Closed

Plan shows and apply does some changes to "network_interface.*" of most instances on every run, without change in the code #371

gdubicki opened this issue Aug 31, 2017 · 10 comments
Assignees
@paddycarver

Comments

@gdubicki
Copy link

Terraform Version

Terraform v0.10.2

Affected Resource(s)

  • google_compute_instance

Terraform Configuration Files

We are using old-style networks:

resource "google_compute_network" "mon" {
  name       = "mon"
  ipv4_range = "10.116.11.0/24"
}

And our nodes are defined like this:

resource "google_compute_instance" "gateway" {
  count = "${var.gateway_count}"

  name           = "mon-gateway0${count.index + 1}"
  machine_type   = "n1-standard-1"
  zone           = "${lookup(var.zones, count.index)}"
  tags           = ["gateway", "mon-allow-ssh", "mon-allow-https", "mon-allow-opentsdb-traffic", "mon-allow-http"]
  can_ip_forward = true

  lifecycle {
    prevent_destroy = true
    ignore_changes  = ["metadata_startup_script", "create_timeout", "disk"]
  }

  disk {
    image = "${var.centos_image}"
  }

  network_interface {
    network = "${google_compute_network.mon.name}"

    access_config {
      nat_ip = "${element(google_compute_address.gateway.*.address, count.index)}"
    }
  }

  metadata {
    puppet_master      = "${var.puppetmaster}"
    puppet_environment = "production"
  }

  metadata_startup_script = "${file("../common/scripts/bootstrap.sh")}"
}
}

Debug Output

(I am checking possibility to share it with the rest of my team.)

Expected Behavior

We are not changing tf code, so plan should return no changes. Apply should make no changes.

Actual Behavior

Plan returns some changes do be done.

Example for those changes for nodes with external IPs:

  ~ google_compute_instance.gateway[0]
      network_interface.#:                                 "1" => "1"
      network_interface.0.access_config.#:                 "1" => "1"
      network_interface.0.access_config.0.assigned_nat_ip: "xxx.yyy.zzz.vvv" => "<computed>"
      network_interface.0.access_config.0.nat_ip:          "xxx.yyy.zzz.vvv" => "xxx.yyy.zzz.vvv"
      network_interface.0.address:                         "10.116.11.3" => "<computed>"
      network_interface.0.name:                            "nic0" => "<computed>"
      network_interface.0.network:                         "https://www.googleapis.com/compute/v1/projects/my-project/global/networks/mon" => "mon"
      network_interface.0.subnetwork_project:              "" => "<computed>"

(Note that "xxx.yyy.zzz.vvv" is the same, current external IP in all 3 places above.)

Example for other nodes:

  ~ google_compute_instance.stack_graph_satellite[2]
      network_interface.#:                    "1" => "1"
      network_interface.0.address:            "10.116.11.4" => "<computed>"
      network_interface.0.name:               "nic0" => "<computed>"
      network_interface.0.network:            "https://www.googleapis.com/compute/v1/projects/my-project/global/networks/mon" => "mon"
      network_interface.0.subnetwork_project: "" => "<computed>"

Apply does those changes.

On the next run plan and apply to the same.

Steps to Reproduce

  1. terraform plan or terraform apply

Important Factoids

This has started to happen somewhere in the last few weeks, after some Terraform upgrade.

It also does not happen for new nodes, created within the last few weeks.
@gdubicki
Copy link
Author

Update to Terraform 0.10.3 didn't help.

@gdubicki
Copy link
Author

Upgrading to google provider v0.1.3 (I was using 0.1.0 before - I expected it to autoupdate/notify me about new version the same way Terraform itself does...) didn't help too.

@rosbo
Copy link
Contributor

rosbo commented Aug 31, 2017

Hum... In 0.1.3, we added a method to suppress the diff between a self-link and a name.

As a work-around, try using the self-link of the network instead of the name:

...
network_interface {
    network = "${google_compute_network.mon.self_link}"
    ...
}
...

Let me know if that fixes your problem.

@gdubicki
Copy link
Author

gdubicki commented Aug 31, 2017
edited

Yay! It helped. :)

(Note to self: I had to change it for google_compute_instances only because changing it in all my project files resulted in changing google_compute_firewalls too and that would recreate them.)

@rosbo
Copy link
Contributor

rosbo commented Aug 31, 2017
edited

I filed an issue (#377) to make sure google_compute_firewall support both name or self_link for its network field. Right now, only the name field works properly.

@paddycarver paddycarver self-assigned this Aug 31, 2017
@paddycarver
Copy link
Contributor

Hey @gdubicki, I'm building off 676a2a9 for the GCP provider and 9504d17 for Terraform, and I can't seem to recreate this. I've gotten a diff for the compute address region (weirdly enough) but never for the network interfaces.

Here's my minimal reproduction. Can you give it a try and see if it's reproducible for you?

resource "google_compute_instance" "gateway" {
  name           = "paddy-gcp-371-test"
  machine_type   = "n1-standard-1"
  zone           = "us-central1-b"
  tags           = ["gateway", "mon-allow-ssh", "mon-allow-https", "mon-allow-opentsdb-traffic", "mon-allow-http"]
  can_ip_forward = true

  lifecycle {
    ignore_changes = ["metadata_startup_script", "create_timeout", "disk"]
  }

  disk {
    image = "ubuntu-1404-trusty-v20170831"
  }

  network_interface {
    network = "${google_compute_network.default.name}"

    access_config {
      nat_ip = "${google_compute_address.gateway.address}"
    }
  }
}

resource "google_compute_address" "gateway" {
  name   = "paddy-gcp-371-test"
  region = "us-central1"
}

resource "google_compute_network" "default" {
  name       = "paddy-gcp-371-test"
  ipv4_range = "10.116.11.0/24"
}

@rileykarson
Copy link
Collaborator

@paddycarver: #375 may have fixed this by coincidence

@paddycarver
Copy link
Contributor

Good point. I'll do a before/after test and see if I can confirm that as the source of the fix. If so, I'll close this.

@paddycarver
Copy link
Contributor

Hmm, I'm not seeing this even on 9bd35d7, which is the commit before #375 was merged. I'm going to close this out as unreproducible, but if you're still seeing it @gdubicki, please feel free to comment on the issue again and we'll reopen it for investigation.

@mioi mioi mentioned this issue Feb 7, 2018
Closed
luis-silva pushed a commit to luis-silva/terraform-provider-google that referenced this issue May 21, 2019
@modular-magician @nat-henderson
add ForceNew to firewall direction field. (hashicorp#371)
87ee5a7 
Signed-off-by: Modular Magician <magic-modules@google.com>
@ghost
Copy link

ghost commented Mar 31, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

@hashicorp hashicorp locked and limited conversation to collaborators Mar 31, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@paddycarver paddycarver

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@paddycarver @gdubicki @rosbo @rileykarson