You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Suresh Anaparti <Su...@shapeblue.com> on 2022/02/01 07:49:42 UTC
Re: [VOTE] Release Apache CloudStack Terraform Provider v0.4.0
+1
Performed some VM and Network operations on KVM in ACS 4.16.0, works fine.
I've noticed same issue as Rohit, first run failed to create firewall rules and the management server log indicates that the router is still starting (so need to wait a while before applying the firewall rules).
Regards,
Suresh
On 31/01/22, 1:12 PM, "Pearl d'Silva" <pe...@shapeblue.com> wrote:
+1
Did some basic lifecycle operations on a VM, network - such as creation, update and destroy, adding secondary IP to a VM.
Performed the operations as an admin and a user.
Did similar operations in a project as a user. Also attempted resetting the VMs SSH key.
Encountered a small issue with respect to adding a secondary IP to a NIC for a VM deployed in a project, but I wouldn't categorize it as a blocker and can be addressed in the next release.
Thanks,
Pearl
________________________________
From: Daan Hoogland <da...@gmail.com>
Sent: Friday, January 28, 2022 9:29 PM
To: dev <de...@cloudstack.apache.org>
Cc: users@cloudstack.apache.org <us...@cloudstack.apache.org>
Subject: Re: [VOTE] Release Apache CloudStack Terraform Provider v0.4.0
+1 (binding)
performed similar tests as Rohit but in a dual zone and with a vpc in one
of the zones. Two different configurations one with one zone and one with
both. destroy went fine ;) in the vpc firewall rules would not create. I am
not sure this is a known issue, but the error message is clear, so I'm not
calling it a bug:
"Unable to create firewall rule for the IP address ID=204 as IP is not
associated with any network and no networkId is passed in"
The only weird thing is that the network is not an allowed parameter.
On Fri, Jan 28, 2022 at 9:55 AM Rohit Yadav <ro...@shapeblue.com>
wrote:
> +1 (binding)
>
> I checked the source tarball checksum and gpg signature, and using the RC1
> build was able to test a simple VM deployment in a zone in an isolated
> network with some firewall rules applied, against a KVM based ACS 4.16.0.0
> env.
>
> (note: in my testing, in the first run the firewall application met with
> some failure but on second try of terraform apply it worked, see run log
> below)
>
> Source tarball verification:
> gpg: Signature made Wed Jan 19 15:33:18 2022 IST
> gpg: using RSA key 1031D6946F8A7C4B0C3E9EEFAEA5313845ADC482
> gpg: Good signature from "Harikrishna Patnala (github gpg) <
> harikrishna.patnala@gmail.com>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: 1031 D694 6F8A 7C4B 0C3E 9EEF AEA5 3138 45AD C482
>
> Run log for reference:
>
> # terraform apply
>
> Terraform used the selected providers to generate the following execution
> plan. Resource actions are indicated with the
> following symbols:
> + create
>
> Terraform will perform the following actions:
>
> # cloudstack_egress_firewall.default will be created
> + resource "cloudstack_egress_firewall" "default" {
> + id = (known after apply)
> + managed = false
> + network_id = (known after apply)
> + parallelism = 2
>
> + rule {
> + cidr_list = [
> + "10.200.0.0/24",
> ]
> + icmp_code = (known after apply)
> + icmp_type = (known after apply)
> + ports = [
> + "21",
> + "22",
> + "443",
> + "80",
> ]
> + protocol = "tcp"
> + uuids = (known after apply)
> }
> }
>
> # cloudstack_firewall.default will be created
> + resource "cloudstack_firewall" "default" {
> + id = (known after apply)
> + ip_address_id = (known after apply)
> + managed = false
> + parallelism = 2
>
> + rule {
> + cidr_list = [
> + "0.0.0.0/0",
> ]
> + icmp_code = (known after apply)
> + icmp_type = (known after apply)
> + ports = [
> + "22",
> + "443",
> + "80",
> ]
> + protocol = "tcp"
> + uuids = (known after apply)
> }
> }
>
> # cloudstack_instance.web will be created
> + resource "cloudstack_instance" "web" {
> + display_name = "VM1Test"
> + expunge = true
> + group = (known after apply)
> + id = (known after apply)
> + ip_address = (known after apply)
> + name = "VM1Test"
> + network_id = (known after apply)
> + project = (known after apply)
> + root_disk_size = (known after apply)
> + service_offering = "688de728-5d70-42b5-9913-someID"
> + start_vm = true
> + tags = (known after apply)
> + template = "someID-1d5b-4335-a9e7-someID"
> + zone = "someID-cf47-4b0b-8cf0-someID"
> }
>
> # cloudstack_ipaddress.newIP1 will be created
> + resource "cloudstack_ipaddress" "newIP1" {
> + id = (known after apply)
> + ip_address = (known after apply)
> + is_portable = false
> + is_source_nat = (known after apply)
> + network_id = (known after apply)
> + project = (known after apply)
> + tags = (known after apply)
> }
>
> # cloudstack_ipaddress.newIP2 will be created
> + resource "cloudstack_ipaddress" "newIP2" {
> + id = (known after apply)
> + ip_address = (known after apply)
> + is_portable = false
> + is_source_nat = (known after apply)
> + network_id = (known after apply)
> + project = (known after apply)
> + tags = (known after apply)
> }
>
> # cloudstack_network.N1 will be created
> + resource "cloudstack_network" "N1" {
> + acl_id = "none"
> + cidr = "10.200.0.0/24"
> + display_text = (known after apply)
> + endip = (known after apply)
> + gateway = (known after apply)
> + id = (known after apply)
> + name = "Network1"
> + network_domain = (known after apply)
> + network_offering =
> "DefaultIsolatedNetworkOfferingWithSourceNatService"
> + project = (known after apply)
> + source_nat_ip_id = (known after apply)
> + startip = (known after apply)
> + tags = (known after apply)
> + zone = "someID-cf47-4b0b-8cf0-e8256cea9bef"
> }
>
> # cloudstack_port_forward.default will be created
> + resource "cloudstack_port_forward" "default" {
> + id = (known after apply)
> + ip_address_id = (known after apply)
> + managed = false
>
> + forward {
> + private_port = 22
> + protocol = "tcp"
> + public_port = 22
> + uuid = (known after apply)
> + virtual_machine_id = (known after apply)
> }
> }
>
> # cloudstack_static_nat.default will be created
> + resource "cloudstack_static_nat" "default" {
> + id = (known after apply)
> + ip_address_id = (known after apply)
> + project = (known after apply)
> + virtual_machine_id = (known after apply)
> + vm_guest_ip = (known after apply)
> }
>
> Plan: 8 to add, 0 to change, 0 to destroy.
>
> Do you want to perform these actions?
> Terraform will perform the actions described above.
> Only 'yes' will be accepted to approve.
>
> Enter a value: yes
>
> cloudstack_network.N1: Creating...
> cloudstack_network.N1: Creation complete after 1s
> [id=e4f3d1b8-4fbb-49ec-8df9-76cb65c48129]
> cloudstack_ipaddress.newIP1: Creating...
> cloudstack_instance.web: Creating...
> cloudstack_egress_firewall.default: Creating...
> cloudstack_ipaddress.newIP1: Creation complete after 1s
> [id=8d441288-1d8f-4fda-bdd8-e19e7fce6bd2]
> cloudstack_ipaddress.newIP2: Creating...
> cloudstack_firewall.default: Creating...
> cloudstack_ipaddress.newIP2: Creation complete after 2s
> [id=aa79d2fb-14eb-4bc9-a134-fc1f434e5a86]
> cloudstack_instance.web: Still creating... [10s elapsed]
> cloudstack_instance.web: Still creating... [20s elapsed]
> cloudstack_instance.web: Still creating... [30s elapsed]
> cloudstack_instance.web: Still creating... [40s elapsed]
> cloudstack_instance.web: Still creating... [50s elapsed]
> cloudstack_instance.web: Still creating... [1m0s elapsed]
> cloudstack_instance.web: Still creating... [1m10s elapsed]
> cloudstack_instance.web: Still creating... [1m20s elapsed]
> cloudstack_instance.web: Still creating... [1m30s elapsed]
> cloudstack_instance.web: Still creating... [1m40s elapsed]
> cloudstack_instance.web: Still creating... [1m50s elapsed]
> cloudstack_instance.web: Still creating... [2m0s elapsed]
> cloudstack_instance.web: Still creating... [2m10s elapsed]
> cloudstack_instance.web: Still creating... [2m20s elapsed]
> cloudstack_instance.web: Still creating... [2m30s elapsed]
> cloudstack_instance.web: Creation complete after 2m33s
> [id=d6f87514-f7cd-4c47-9716-2a862486dea9]
> cloudstack_static_nat.default: Creating...
> cloudstack_port_forward.default: Creating...
> cloudstack_port_forward.default: Creation complete after 8s
> [id=8d441288-1d8f-4fda-bdd8-e19e7fce6bd2]
> cloudstack_static_nat.default: Creation complete after 10s
> [id=aa79d2fb-14eb-4bc9-a134-fc1f434e5a86]
> ╷
> │ Error: 1 error occurred:
> │ * Undefined error: {"errorcode":530,"errortext":"Failed to create
> firewall rule"}
> │
> │
> │
> │ with cloudstack_firewall.default,
> │ on config.tf line 119, in resource "cloudstack_firewall" "default":
> │ 119: resource "cloudstack_firewall" "default" {
> │
> ╵
> ╷
> │ Error: 1 error occurred:
> │ * Undefined error: {"errorcode":530,"errortext":"Failed to create
> firewall rule"}
> │
> │
> │
> │ with cloudstack_egress_firewall.default,
> │ on config.tf line 144, in resource "cloudstack_egress_firewall"
> "default":
> │ 144: resource "cloudstack_egress_firewall" "default" {
> │
> ╵
> # terraform apply
> cloudstack_network.N1: Refreshing state...
> [id=e4f3d1b8-4fbb-49ec-8df9-76cb65c48129]
> cloudstack_ipaddress.newIP1: Refreshing state...
> [id=8d441288-1d8f-4fda-bdd8-e19e7fce6bd2]
> cloudstack_instance.web: Refreshing state...
> [id=d6f87514-f7cd-4c47-9716-2a862486dea9]
> cloudstack_egress_firewall.default: Refreshing state...
> [id=e4f3d1b8-4fbb-49ec-8df9-76cb65c48129]
> cloudstack_ipaddress.newIP2: Refreshing state...
> [id=aa79d2fb-14eb-4bc9-a134-fc1f434e5a86]
> cloudstack_firewall.default: Refreshing state...
> [id=8d441288-1d8f-4fda-bdd8-e19e7fce6bd2]
> cloudstack_static_nat.default: Refreshing state...
> [id=aa79d2fb-14eb-4bc9-a134-fc1f434e5a86]
> cloudstack_port_forward.default: Refreshing state...
> [id=8d441288-1d8f-4fda-bdd8-e19e7fce6bd2]
>
> Terraform used the selected providers to generate the following execution
> plan. Resource actions are indicated with the
> following symbols:
> -/+ destroy and then create replacement
>
> Terraform will perform the following actions:
>
> # cloudstack_egress_firewall.default is tainted, so must be replaced
> -/+ resource "cloudstack_egress_firewall" "default" {
> ~ id = "e4f3d1b8-4fbb-49ec-8df9-76cb65c48129" -> (known
> after apply)
> # (3 unchanged attributes hidden)
>
> - rule {
> - cidr_list = [
> - "10.200.0.0/24",
> ] -> null
> - icmp_code = 0 -> null
> - icmp_type = 0 -> null
> - ports = [
> - "22",
> - "443",
> - "80",
> ] -> null
> - protocol = "tcp" -> null
> - uuids = {
> - "22" = "d1a666bc-13f0-41b7-a642-58c28031a1fb"
> - "443" = "c323e6fb-65ae-4265-992f-3124736d38c6"
> - "80" = "3ee81703-7c38-4d7c-b07f-e4546c1eeb11"
> } -> null
> }
> + rule {
> + cidr_list = [
> + "10.200.0.0/24",
> ]
> + icmp_code = (known after apply)
> + icmp_type = (known after apply)
> + ports = [
> + "21",
> + "22",
> + "443",
> + "80",
> ]
> + protocol = "tcp"
> + uuids = (known after apply)
> }
> }
>
> # cloudstack_firewall.default is tainted, so must be replaced
> -/+ resource "cloudstack_firewall" "default" {
> ~ id = "8d441288-1d8f-4fda-bdd8-e19e7fce6bd2" -> (known
> after apply)
> # (3 unchanged attributes hidden)
>
> - rule {
> - cidr_list = [
> - "0.0.0.0/0",
> ] -> null
> - icmp_code = 0 -> null
> - icmp_type = 0 -> null
> - ports = [
> - "22",
> - "80",
> ] -> null
> - protocol = "tcp" -> null
> - uuids = {
> - "22" = "fd460768-8b97-4ee0-858c-ee5fb3193f75"
> - "80" = "c21c86a3-d72e-4e73-b458-4e60d5b8f153"
> } -> null
> }
> + rule {
> + cidr_list = [
> + "0.0.0.0/0",
> ]
> + icmp_code = (known after apply)
> + icmp_type = (known after apply)
> + ports = [
> + "22",
> + "443",
> + "80",
> ]
> + protocol = "tcp"
> + uuids = (known after apply)
> }
> }
>
> Plan: 2 to add, 0 to change, 2 to destroy.
>
> Do you want to perform these actions?
> Terraform will perform the actions described above.
> Only 'yes' will be accepted to approve.
>
> Enter a value: yes
>
> cloudstack_firewall.default: Destroying...
> [id=8d441288-1d8f-4fda-bdd8-e19e7fce6bd2]
> cloudstack_egress_firewall.default: Destroying...
> [id=e4f3d1b8-4fbb-49ec-8df9-76cb65c48129]
> cloudstack_firewall.default: Destruction complete after 8s
> cloudstack_firewall.default: Creating...
> cloudstack_egress_firewall.default: Still destroying...
> [id=e4f3d1b8-4fbb-49ec-8df9-76cb65c48129, 10s elapsed]
> cloudstack_egress_firewall.default: Destruction complete after 15s
> cloudstack_egress_firewall.default: Creating...
> cloudstack_firewall.default: Still creating... [10s elapsed]
> cloudstack_egress_firewall.default: Still creating... [10s elapsed]
> cloudstack_firewall.default: Creation complete after 18s
> [id=8d441288-1d8f-4fda-bdd8-e19e7fce6bd2]
> cloudstack_egress_firewall.default: Creation complete after 18s
> [id=e4f3d1b8-4fbb-49ec-8df9-76cb65c48129]
>
> Apply complete! Resources: 2 added, 0 changed, 2 destroyed.
>
>
> Regards.
>
> ________________________________
> From: Harikrishna Patnala <Ha...@shapeblue.com>
> Sent: Wednesday, January 19, 2022 16:09
> To: 'users@cloudstack.apache.org' <us...@cloudstack.apache.org>;
> dev@cloudstack.apache.org <de...@cloudstack.apache.org>
> Subject: [VOTE] Release Apache CloudStack Terraform Provider v0.4.0
>
> Hi All,
>
>
> I've created a v0.4.0 release of CloudStack Terraform Provider, with the
> following
> artifacts up for a vote:
>
>
> Link to the latest CloudStack Terraform Provider artifact with version
> "0.4.0-RC1":
> https://registry.terraform.io/providers/cloudstack/cloudstack/0.4.0-RC1
>
>
> Git Branch and commit SHA:
>
> https://github.com/cloudstack/terraform-provider-cloudstack/commit/9496d6a0d029a808dd8876c9119703d6b3bf8c9c
>
>
> Commit:
> 9496d6a0d029a808dd8876c9119703d6b3bf8c9c
>
>
> GitHub pre-release (for RC1 testing, contains changelog,
> artifacts/binaries to test, checksums/usage details):
>
> https://github.com/cloudstack/terraform-provider-cloudstack/releases/tag/v0.4.0-RC1
>
>
> Source release (checksums and signatures are available at the same
> location):
>
> https://dist.apache.org/repos/dist/dev/cloudstack/terraform-provider-0.4.0-RC1/
>
>
> PGP release keys (signed using 1031D6946F8A7C4B0C3E9EEFAEA5313845ADC482)
> https://dist.apache.org/repos/dist/release/cloudstack/KEYS
>
>
>
> The vote will be open until January 31st, 2022.
>
>
> For sanity in tallying the vote, can PMC members please be sure to
> indicate "(binding)" with their vote?
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove (and the reason why)
>
>
> Regards,
> Harikrishna
>
>
>
>
>
>
>
--
Daan