-
Notifications
You must be signed in to change notification settings - Fork 359
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openstack_networking_port_v2 all_fixed_ips is empty after creation (first run) but filled after rm from state (second run) #1606
Comments
@frittentheke thanks for reporting this. I speculate that this is occuring because the Openstack api responds to the port creation before an ip gets allocated by the dhcp server, and also the following Get for the port happens also before an ip is allocated. Can you run the following scenario for me:
|
@nikParasyr thanks for the fast response! I did run the scenario you asked for. Full disclosure, there are quite a few resources spawned and the port for the instance running the VPN services is created by a terraform module .... but here we go:
so
But we dug a little deeper:
This is the terraform debug output / openstack API response to the port creation (initial terraform apply):
|
From neutron docs i see that port creation returns 201. Also, I am unable to reproduce this on my environment:
So fixed-ip is already populated in the response, and is written to the state correctly. @frittentheke what behavior do you get via the cli?
Also, are you aware if your openstack environment has any specific neutron/dhcp configuration? Anything that could make a port to get an ip after a delay? |
Maybe a few basics:
Looking at https://github.com/openstack/neutron/blob/5d97b13c7978c70673d1c886f0c49319076fdec5/neutron/db/models_v2.py#L110 makes me wonder if the port object might be returned without the Diving into how an API call to create a port is distributed is kind of a rabbit hole ...
There is just so much code dealing with ports and their IPs ...
any I believe some of this is done asynchronously racing the API response for the newly created port and its |
@nikParasyr Is there any way I could assist more with this issue? Is this potentially even a bug with Neutron returning the port creation response prematurely? |
@frittentheke I'm not sure how to tackle this tbh. I'm also busy with some personal stuff for the next 2 weeks.
It could be, but im not 100%. ( We also run l3_ha x3 in our site and i get an ip instantly) We could potentially add a wait till the fixed_ip is populated. @kayrus any ideas? |
@nikParasyr thanks again for digging into this issue! I raised a bug with Neutron https://bugs.launchpad.net/neutron/+bug/2035230 to ask if this behavior is expected. |
The bug you opened is a way. there is already a response. Otherwise IRC channels are also an option: https://docs.openstack.org/contributors/common/irc.html |
@nikParasyr ... did you see https://bugs.launchpad.net/neutron/+bug/2035230/comments/3 ? Do you see any chance this could be fixed? |
@frittentheke are you creating the subnet in the same run? and if so can you add a From their response this is expected if the subnet is not created. the above 2 options should force the port creation to happen after the subnet creation. In the meantime ill try to find some time to check whether we can/should add a "wait" to the port resource. |
@frittentheke were you successful when adding |
I think a reason for this could be if you use routed provider networks which delegate the selection of the IP address until it's scheduled. You'll see something like https://docs.openstack.org/neutron/latest/admin/config-routed-networks.html Could this be the case? |
@nikParasyr yes, we are creating a number of networking resources in a single run. So a router, multiple networks and subnets, ... The issue is not occurring 100% of the time. So it's a race condition. If it occurs it's enough to replace the port resource which then receives the "missing" all_fixed_ips" being the only resource to be created. So testing with
That be awesome.
@mnaser Thanks for diving into this issue! |
I think it will tackle the root cause which based on the neutron people from launchpad is:
I've actually had deployments where this behavior occurred. Explaining: Currently you have this code:
This only says to TF that the
If you add switch your port resource to:
This will make known to TF that the port resources is dependant of the subnet => the TF depedency graph will force the subnet creation to be done before it triggers the port creation. So this should remove the race condition. Your terraform apply logs will look like:
Given the neutron people input, similar behaviors i've noticed and your input (race condition + not using |
@nikParasyr sorry for the delay here. I added the subnet_id reference now and the issue seems to not occur anymore. Thanks for all your time and deep-diving into this mess ;-) |
Thank you as well for the patience. I’ve updated the docs so hopefully it will be clear for other users. |
Terraform Version
Terraform v1.5.5
Affected Resource(s)
Please list the resources as a list, for example:
Terraform Configuration Files
Debug Output
Panic Output
Expected Behavior
The
openstack_networking_port_v2
is used as interface for an instance providing a VPN service. I port is used in order to have a fixed / known IP address. I would expect the IP of the port_v2 to be returned as first element in theall_fixed_ips
array to then be used the next_hop for a static route.In short: I want to route the network behind the VPN to the corresponding instance via a static route.
Actual Behavior
There are two errors thrown in relation to the port just created:
causing the terraform run to abort with an error.
Steps to Reproduce
terraform apply
the error is reachedterraform state rm openstack_networking_port_v2.vpn
terraform apply
again and things work just fine.It seems the port resource takes longer to be fully created and initialized and the provider moves on too early.
Just a refresh on the just created resource? Or some other indication of the port being actually done provisioning has to be tracked via the API?
Important Factoids
References
The text was updated successfully, but these errors were encountered: