vmware / terraform-provider-nsxt Goto Github PK
View Code? Open in Web Editor NEWTerraform VMware NSX-T provider
Home Page: https://www.terraform.io/docs/providers/nsxt/
License: Other
Terraform VMware NSX-T provider
Home Page: https://www.terraform.io/docs/providers/nsxt/
License: Other
Is there any plan for providing support for BGP configuration on T0 ?
Hello,
I probably missed something in the provider documentation, but how do I attach a VM on an existing NST-T logical switch / segment ? logical switch are only resources in the provider, not data.
So far NSX-T provider is great for configuring deploying NSX-T, but now I need it as data for provisioning VMs. Is it part of the roadmap ?
Thanks.
Is there any way to change pre-created NSX-T object tag via TF ?
As written in title I have imported a firewall section by id. It is an edge firewall on a T0
From my tfstate:
"nsxt_firewall_section.section_prod": {
"type": "nsxt_firewall_section",
"depends_on": [],
"primary": {
"id": "ewadwadwa",
"attributes": {
"applied_to.#": "1",
"applied_to.903722171.is_valid": "true",
"applied_to.903722171.target_display_name": "my_to",
"applied_to.903722171.target_id": "dwadwadwad",
"applied_to.903722171.target_type": "LogicalRouter",
"description": "",
"display_name": "Infrastructure",
"id": "dwadwadwadwad",
"is_default": "false",
"revision": "2", [...]
But as written in docs, target_type LogicalRouter does not seem supported, so if in my resource I do write
resource "nsxt_firewall_section" "section_prod" {
section_type = "LAYER3"
stateful = "true"
applied_to = {
target_id = "dwadwadwad",
target_type = "LogicalRouter"
}
}
it fails and tells me LogicalRouter is not supported. Am I missing something?
Curl'ing the API /firewall/sections it mixes DFW and EFW rules, so I would assume EFW could be created using the same framework.
EDIT: I was able to make it work by adding LogicalRouter to the array at https://github.com/terraform-providers/terraform-provider-nsxt/blob/master/nsxt/resource_nsxt_firewall_section.go#L103 - the API behind is the same so it's only a matter of internal validation.
Hello esteemed maintainers,
Could you please release a current version of the NSX-T provider? We would like to take advantage of the as-yet unreleased load balancer features. Thanks!
When trying to create various ICMP services where no icmp_code is provided, the terraform provider is automatically submitting an icmp_code of 0 when creating the service. The end result is a service created that is not the one which was intended to be created.
Here are some examples:
resource "nsxt_icmp_type_ns_service" "B012" {
display_name = "ICMP - Destination unreachable"
protocol = "ICMPv4"
icmp_type = "3"
}
resource "nsxt_icmp_type_ns_service" "B029" {
display_name = "ICMP - Parameter Problem: Bad IP header"
protocol = "ICMPv4"
icmp_type = "12"
}
resource "nsxt_icmp_type_ns_service" "B036" {
display_name = "ICMP - Redirect Message"
protocol = "ICMPv4"
icmp_type = "5"
}
resource "nsxt_icmp_type_ns_service" "B042" {
display_name = "ICMP - Time Exceeded"
protocol = "ICMPv4"
icmp_type = "11"
}
resource "nsxt_icmp_type_ns_service" "B001" {
display_name = "ICMP - All"
protocol = "ICMPv4"
}
Error message received
* nsxt_icmp_type_ns_service.B001: Error during NsService create: Status: 400 , Body: {
"httpStatus" : "BAD_REQUEST",
"error_code" : 25323,
"module_name" : "grouping-objects service",
"error_message" : "Invalid ICMP type, code combination. Type is mandatory, if code is specified."
}
When trying to create a service for echo-reply, which requires both icmp_type and icmp_code to be set to 0, an error is received.
resource "nsxt_icmp_type_ns_service" "B013" {
display_name = "ICMP - Echo reply"
protocol = "ICMPv4"
icmp_type = "0"
icmp_code = "0"
}
Error message received_
* nsxt_icmp_type_ns_service.B013: Error during NsService create: Status: 400 , Body: {
"httpStatus" : "BAD_REQUEST",
"error_code" : 25323,
"module_name" : "grouping-objects service",
"error_message" : "Invalid ICMP type, code combination. Type is mandatory, if code is specified."
}
Please provide a resource object to configure HA VIP for T0 Router. On GUI, it could be done via
Advanced Networking & Security > Router > T0 Router Name > Configuration > HA VIP
Is there any future considerations being given to expanding this provider to actually lay down the Manager, Controllers, and Edges or would the expectation be to use the vSphere provider?
If the latter, where would the logic go to connect the controllers and edges to the manager?
Thanks.
This module is using terraform version 0.12 syntax:
resource "nsxt_policy_dhcp_server" "dhcp" {
display_name = "dhcp-server-01"
description = "dhcp-server-01 provisioned by Terraform"
edge_cluster_path = var.edge_cluster_path
server_addresses = ["192.168.0.2/24"]
}
terraform apply -auto-approve
give me this error:
[ERROR]: Failed to create DhcpServer {uuid}: Json de-serialization error: property server_addresses is unrecognized. (code 287)
Support for IPAM objects such as block and subnet.
Terraform Version and vSphere Provider Version
vmware@rallyrunner:~/go/bin$ ./terraform version
Terraform v0.11.8
type=feature
Affected Resource(s) - nsxt_logical_dhcp_server
While adding DHCP server/update the DHCP server, there is no way to add ip pool for the DHCP service. Currently we need to add ip pool manually to the dhcp server, for client vm to get fixed ip.
The NSX api that we will need to support is POST /api/v1/dhcp/servers/ /ip-pools
Is there any plans for providing support for terraform cli 0.12.0?
I ran into the issue, where brew
installed terraform version 0.12.0
, and my terraform init
started to fail.
Upon scanning the release notes from hashicorp, I ran into this https://www.hashicorp.com/blog/releasing-terraform-0-12-0-rc1#provider-compatibility
and NSX-T is not available as a provider there.
As part of the preparation for Terraform v0.12, we would like to migrate all providers to use Go Modules. We plan to continue checking dependencies into vendor/ to remain compatible with existing tooling/CI for a period of time, however go modules will be used for management. Go Modules is the official solution for the go programming language, we understand some providers might not want this change yet, however we encourage providers to begin looking towards the switch as this is how we will be managing all Go projects in the future. Would maintainers please react with ๐ for support, or ๐ if you wish to have this provider omitted from the first wave of pull requests. If your provider is in support, we would ask that you avoid merging any pull requests that mutate the dependencies while the Go Modules PR is open (in fact a total codefreeze would be even more helpful), otherwise we will need to close that PR and re-run go mod init
. Once merged, dependencies can be added or updated as follows:
$ GO111MODULE=on go get github.com/some/module@master
$ GO111MODULE=on go mod tidy
$ GO111MODULE=on go mod vendor
GO111MODULE=on might be unnecessary depending on your environment, this example will fetch a module @ master and record it in your project's go.mod and go.sum files. It's a good idea to tidy up afterward and then copy the dependencies into vendor/. To remove dependencies from your project, simply remove all usage from your codebase and run:
$ GO111MODULE=on go mody tidy
$ GO111MODULE=on go mod vendor
Thank you sincerely for all your time, contributions, and cooperation!
I'm having a hard time to find the right resource to create an UPLINK router port for t0 router. All I see is centralized nsxt_logical_router_centralized_service_port
and downlink nsxt_logical_router_downlink_port
How do I create the uplink port?
When adding rules which have "applied to" defined (in my case, applied to logical swithc) , it won't implemented in NSX although the terraform suggest the change and no error during the implementation.
_nsxt_firewall_section.terraform: Modifying... (ID: 68faeb0e-616b-4de1-80f5-7e1119314dbc)
rule.0.applied_to.#: "0" => "1"
rule.0.applied_to.0.target_id: "" => "62fab32d-809c-4ce7-aaa6-831dc31a3544"
rule.0.applied_to.0.target_type: "" => "LogicalSwitch"
2018-09-20T23:53:25.401+1000 [DEBUG] plugin.terraform-provider-nsxt_v1.0.0_x4: 2018/09/20 23:53:25 [DEBUG] NSX version 2.2.0.0.0.8680778
nsxt_firewall_section.terraform: Modifications complete after 1s (ID: 68faeb0e-616b-4de1-80f5-7e1119314dbc)
2018/09/20 23:53:25 [DEBUG] plugin: waiting for all plugin processes to complete...
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
Outputs:
edge-cluster-deployment_type = VIRTUAL_MACHINE
edge-cluster-id = 78c9b238-c188-4b5f-9195-6b338826ce98
2018-09-20T23:53:25.582+1000 [DEBUG] plugin: plugin process exited: path=/root/terraform/.terraform/plugins/linux_amd64/terraform-provider-nsxt_v1.0.0_x4_
[root@networkauto terraform]#
Re-run again: terraform apply.
see the same
_provider.nsxt - *terraform.NodeApplyableProvider
2018/09/20 23:55:14 [TRACE] Graph after step *terraform.PruneProviderTransformer:
nsxt_firew
nsxt_firewall_section.terraform: Modifying... (ID: 68faeb0e-616b-4de1-80f5-7e1119314dbc)
rule.0.applied_to.#: "0" => "1"
rule.0.applied_to.0.target_id: "" => "62fab32d-809c-4ce7-aaa6-831dc31a3544"
rule.0.applied_to.0.target_type: "" => "LogicalSwitch"
2018-09-20T23:55:15.100+1000 [DEBUG] plugin.terraform-provider-nsxt_v1.0.0_x4: 2018/09/20 23:55:15 [DEBUG] NSX version 2.2.0.0.0.8680778
nsxt_firewall_section.terraform: Modifications complete after 0s (ID: 68faeb0e-616b-4de1-80f5-7e1119314dbc)
2018/09/20 23:55:15 [DEBUG] plugin: waiting for all plugin processes to complete...
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
Outputs:
edge-cluster-deployment_type = VIRTUAL_MACHINE
edge-cluster-id = 78c9b238-c188-4b5f-9195-6b338826ce98
2018-09-20T23:55:15.286+1000 [DEBUG] plugin: plugin process exited: path=/root/terraform/.terraform/plugins/linux_amd64/terraform-provider-nsxt_v1.0.0_x4
[root@networkauto terraform]#_
When will the DNS forwarder and DNS zone be supported?
Thanks.
Need the ability to create NAT rules on the T0 router, not just the T1.
So i was wondering if/when support for the declarative api with be added, from what i understand thats the preference and would like to use that along with the simplified UI over the Adv Networking and security UI
Terraform will perform the following actions:
~ nsxt_logical_switch.T0_UPLINK_VLAN_LS
replication_mode: "" => "MTEP"
If you submit another terraform apply it will try an update the LS with the replication mode again if nothing in the template has changed.
Since version v1.1.2 there is a datasource nsxt_ip_pool
. But in the nsxt-policy-support branch the corresponding datasource nsxt_policy_ip_pool
is missing. This prevents to lookup an IP pool by display name.
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
~ nsxt_logical_tier1_router.T1-K8S
failover_mode: "" => "PREEMPTIVE"
~ nsxt_logical_tier1_router.T1-MGMT
failover_mode: "" => "PREEMPTIVE"
If you submit another terraform apply it will try an update the T1 routers again even if nothing has changed.
Got the following error. I understand we can raise the limit on the nsx manager, but would think a rate limit on the nsxt provider would be beneficial.
Any thought or work along that line? Or raising the limit on the server is the only available choice?
* restapi_object.infrastructure-outbound: restapi_object.infrastructure-outbound: Unexpected response code '429': { "module_name" : "common-services", "error_message" : "Client 'admin' exceeded request rate of 100 per second", "error_code" : "102" }
Thanks
Yansheng
Will there be support for L2 VPN, IPsec VPN and SSL VPN in the future?
Thanks.
Can we add lb_service_id optional parameter in nsxt_lb_{http|tcp|udp}_virtual_server, so we can attach virtual servers to existing LBS?
It seems no matter what values I plug in, the system always kicks back an error about access_log_enabled property being set, but not expected by the API.
* nsxt_lb_tcp_virtual_server.test-vserver: Error during LbVirtualServer create: Status: 400 , Body: {
"httpStatus" : "BAD_REQUEST",
"error_code" : 287,
"module_name" : "common-services",
"error_message" : "Json de-serialization error: property access_log_enabled is unrecognized."
}
Indeed, when browsing the swagger spec for NSX-T API, this property didn't get added until 2.2 (I'm using 2.1). Is it intended for this provider to be only 2.2+ compatible?
A feature request to support the NSX load balancing feature.
When a previously created NAT rule is deleted and terraform apply
is run, the NAT rule is recreated.
When a previously created NAT rule is deleted and terraform apply
is run, terraform produces an error and refuses to continue. Produces error like this:
Error: Error refreshing state: 1 error(s) occurred:
* nsxt_nat_rule.pks-dnat-api: 1 error(s) occurred:
* nsxt_nat_rule.pks-dnat-api: nsxt_nat_rule.pks-dnat-api: Error during NatRule read: Status: 400 , Body: {
"httpStatus" : "BAD_REQUEST",
"error_code" : 11013,
"module_name" : "ROUTING",
"error_message" : "[Routing] Invalid resource NAT rule 1064 for the logical router 8b6dbd75-4820-426c-b754-abf0ae62102a."
}
terraform apply
against NSX-Tterraform apply
Somewhat similar to #107, this also occurs when multiple services are specified in a rule.
And to make sure that nothing is left out, the other field that can return multiple entries is the Applied To field of a rule.
Found the issue while using version 1.1.0 of the NSX-T Provider.
I have a NSX Manager and 1 nsx edge services gateway managed through Vcenter.
I have tested the nsx manager api for edge services and its returning me the right values.
Get api/4.0/edges
provider "nsxt" {
host = var.nsxt_manager
username = var.nsxt_username
password = var.nsxt_password
allow_unverified_ssl = true
max_retries = 10
retry_min_delay = 500
retry_max_delay = 5000
retry_on_status_codes = [429, 400]
}
#data "nsxt_edge_cluster" "edge_cluster1" {
#}
resource "nsxt_dhcp_server_profile" "prf" {
description = "dhcp_profile provisioned by Terraform"
display_name = "dhcp_profile"
edge_cluster_id = "domain-c7"
edge_cluster_member_indexes = [0]
tag {
scope = "env"
tag = "admin"
}
}
resource "nsxt_logical_dhcp_server" "logical_dhcp_server" {
display_name = "logical_dhcp_server"
dhcp_profile_id = "${nsxt_dhcp_server_profile.prf.id}"
dhcp_server_ip = "10.70.10.2/24"
gateway_ip = "10.70.10.253"
}
resource "nsxt_dhcp_server_ip_pool" "public_ip_pool" {
display_name = "ip pool"
description = "ip pool"
logical_dhcp_server_id = "${nsxt_logical_dhcp_server.logical_dhcp_server.id}"
gateway_ip = "10.70.10.253"
lease_time = 86400
error_threshold = 98
warning_threshold = 70
ip_range {
start = "10.70.10.1"
end = "10.70.10.252"
}
tag {
scope = "env"
tag = "admin"
}
}
can you let me know if this provider works on the above setup
create / delete switching profiles along with map them to a LS
Ability to modify the settings in the profile,
Thanks
Add ability to pull data for logical t1 router
Opening this issue here as a reference point. The issue is NOT observed with terraform v0.12 and will be closed when the module is pumped up to v0.12.
The issue can be seen in test TestAccResourceNsxtFirewallSection_ordered when ip_protocol is set to non-default value (f.e. "IPV4").
=== RUN TestAccResourceNsxtFirewallSection_ordered
--- FAIL: TestAccResourceNsxtFirewallSection_ordered (12.96s)
testing.go:538: Step 1 error: Error applying: 1 error occurred:
* nsxt_firewall_section.test2: nsxt_firewall_section.test2: diffs didn't match during apply. This is a bug with Terraform and should be reported as a GitHub Issue.
Please include the following information in your report:
Terraform Version: 0.11.14
Resource ID: nsxt_firewall_section.test2
Mismatch reason: attribute mismatch: rule.0.ip_protocol
Diff One (usually from plan): *terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{"display_name":*terraform.ResourceAttrDiff{Old:"s2", New:"s2", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "insert_before":*terraform.ResourceAttrDiff{Old:"8bf3a34f-ac3c-46b2-9b2f-2800c4b1eff6", New:"${nsxt_firewall_section.test1.id}", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, "is_default":*terraform.ResourceAttrDiff{Old:"false", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "revision":*terraform.ResourceAttrDiff{Old:"0", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "rule.#":*terraform.ResourceAttrDiff{Old:"1", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "rule.0.action":*terraform.ResourceAttrDiff{Old:"ALLOW", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "rule.0.direction":*terraform.ResourceAttrDiff{Old:"IN", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "rule.0.display_name":*terraform.ResourceAttrDiff{Old:"test", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "rule.0.ip_protocol":*terraform.ResourceAttrDiff{Old:"IPV4", New:"IPV4_IPV6", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "rule.0.logged":*terraform.ResourceAttrDiff{Old:"true", New:"false", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "section_type":*terraform.ResourceAttrDiff{Old:"LAYER3", New:"LAYER3", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "stateful":*terraform.ResourceAttrDiff{Old:"true", New:"true", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, Meta:map[string]interface {}(nil)}
Diff Two (usually from apply): *terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{"display_name":*terraform.ResourceAttrDiff{Old:"", New:"s2", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "insert_before":*terraform.ResourceAttrDiff{Old:"", New:"9f3e1070-be1c-4b21-bf52-82132b2f93a8", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, "is_default":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "revision":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "section_type":*terraform.ResourceAttrDiff{Old:"", New:"LAYER3", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "stateful":*terraform.ResourceAttrDiff{Old:"", New:"true", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, Meta:map[string]interface {}(nil)}
1 error(s) occurred:
nsxt_logical_switch.T0_UPLINK_VLAN_LS: 1 error(s) occurred:
nsxt_logical_switch.T0_UPLINK_VLAN_LS: Error during LogicalSwitch create: Status: 400 , Body: {
"httpStatus" : "BAD_REQUEST",
"error_code" : 8318,
"module_name" : "NsxSwitching service",
"error_message" : "The VLAN field must be specified in the logical switch configuration for logical switches in the VLAN Transport Zone."
}
Required for auto creation of FW sections and applying a specific NSGROUP on applied to.
Terraform Version
Terraform v0.11.7
Provider Version
โโโ provider.nsxt 1.0.0
โโโ provider.vsphere 1.3.3
go version go1.9.2 linux/amd64
stack@no:~/go/bin$ terraform providers
Affected Resource(s)
Please list the resources as a list, for example:
nsxt_logical_port
Terraform Configuration Files
Debug Output
:
nsxt_logical_port.LP1.69: unexpected EOF
2018/05/17 08:48:18 [TRACE] [walkApply] Exiting eval tree: nsxt_logical_port.LP1[69]
2018/05/17 08:48:18 [TRACE] root: eval: *terraform.EvalApplyPost
2018/05/17 08:48:18 [ERROR] root: eval: *terraform.EvalApplyPost, err: 1 error(s) occurred:
Panic Output
https://gist.github.com/ashishg29/9af88f467dd3c13b866a11bba3f0c529
Expected Behavior
What should have happened?
Proper reason for the crash should be provided for the user to debug the issue.
And during plan itself the check should be added.
Actual Behavior
What actually happened?
The template work in past multiple time but suddenly if fails with terraform crash error and this issue is not always seen.
Steps to Reproduce
Attaching the main.tf
https://gist.github.com/ashishg29/9af88f467dd3c13b866a11bba3f0c529
Please list the steps required to reproduce the issue, for example:
1.
./terraform apply -parallelism=100
On trying to create a resource of type nsxt_policy_dhcp_server
resource "nsxt_policy_dhcp_server" "dhcpserver" {
display_name = "test"
edge_cluster_path = "${data.nsxt_policy_edge_cluster.EC.path}"
server_addresses = ["192.168.255.1/24"]
lease_time = 7200
}
this error is returned.
Error: Failed to create DhcpServer f967f88d-6fdb-4c07-84bb-cc258b2d55a4: Json de-serialization error: property server_addresses is unrecognized. (code 287)
Creating a DHCP server with the same values in the NSX-T UI works without problems.
NSX-T Version: 2.5.0.0.0.14663974
I have a requirement for VM's to be multi-homed, but I only want one default gateway. According to https://www.terraform.io/docs/providers/nsxt/r/logical_dhcp_server.html the gateway property is required, but through the NSX-T CLI/API this is not the case:
Trying to specify a DHCP server without a gateway returns the following:
The argument "gateway_ip" is required, but no definition was found.
A feature request to support the NSX DHCP server platform feature.
Ability to pull port data source from NSX-T using filters
We are trying to create ns groups's based on membership criteria of tags assigned to virtual machines and tags assigned to IPSets.
This resource currently does not support IPSets as membership criteria however the GUI does.
Error: expected membership_criteria.0.target_type to be one of [LogicalPort LogicalSwitch VirtualMachine], got IPSet
Running NSX-T Data Center 2.4.2
In Edge Firewall update, I can't seem to be able to edit the imported bottom rule.
I get the following error from the NSX-T API in the end:
* nsxt_firewall_section.section_bottom: Error during FirewallSection 944eb72d-7a70-4086-9df6-f2bf26c334b5 update: Status: 400 , Body: {
"httpStatus" : "BAD_REQUEST",
"error_code" : 100077,
"module_name" : "NSX Firewall",
"error_message" : "Default rule found at invalid position: 944eb72d-7a70-4086-9df6-f2bf26c334b5, should be at end of list"
}
I would like to be able to change the default from ALLOW to DROP, no other changes whatsoever. Outcome of terraform apply
is
Terraform will perform the following actions:
~ nsxt_firewall_section.section_bottom
rule.0.action: "ALLOW" => "DROP"
I am trying to manage VMware NSX-T infrastructure from a system that allows outbound http/https connections using a proxy server. This fails with the following error
error(s) occurred:* provider.nsxt: Failed to create session: Post https://xxx/api/session/create: dial tcp xxx:443: getsockopt: no route to host.
It looks like the https://github.com/terraform-providers/terraform-provider-nsxt/blob/master/vendor/github.com/vmware/go-vmware-nsxt/api_client.go#L180 is missing Proxy: http.ProxyFromEnvironment. I am able to get it to work after I change the code to
transport := &http.Transport{Proxy: http.ProxyFromEnvironment,TLSClientConfig: tlsConfig}
The installation section was written for manual install of the provider. It now automatically installs using "terraform init". This section of the documentation needs to be updated to reflect the fact that the provider is now part of the Terraform ecosystem.
Please clarify in the documentation where "bottom_line" comes from in the insert_before rule and if there are any other special rule ID's that can be used.
This module is using nsxt-policy-support branch to use policy API.
data "nsxt_policy_edge_cluster" "EC_01" {
display_name = "Cluster-01"
}
data "nsxt_policy_tier0_gateway" "T0_01" {
display_name = "T0-Gateway-01"
}
resource "nsxt_policy_tier1_gateway" "T1_01" {
description = "T1 description"
display_name = "T1-Gateway-01"
edge_cluster_path = data.nsxt_policy_edge_cluster.EC_01.path
failover_mode = "NON_PREEMPTIVE"
default_rule_logging = "false"
enable_firewall = "true"
enable_standby_relocation = "false"
force_whitelisting = "true"
tier0_path = data.nsxt_policy_tier0_gateway.T0_01.path
route_advertisement_types = ["TIER1_STATIC_ROUTES", "TIER1_CONNECTED"]
tag {
scope = "${local.nsx_tag_scope}"
tag = "${local.nsx_tag}"
}
}
Unknown token: 4:31 IDENT data.nsxt_policy_edge_cluster.EC_01.path
It seems that it cannot resolve path
from edge_cluster, it also happens to path
in tier0 gateway. On tier0 gateway it also failed to resolve attribute edge_cluster_path
.
I follow manual installation as stated here https://github.com/terraform-providers/terraform-provider-nsxt/tree/nsxt-policy-support#manual-installation
When using the following sample Terraform file which creates a single firewall section with 2 rules, after the first time running terraform apply
, everything is created successgully, however for every subsequent time terraform apply
is run, it says that an update in-place
is required, even though nothing has changed.
A reasonable expectation is that if there are no changes, then there should be nothing to update. In this example, changes are actually submitted to the NSX Manager. I can provide the logs if required.
##########################################################################
# Begin terraform file
##########################################################################
resource "nsxt_firewall_section" "7b631ece-7557-4df0-96d3-7428d8c6e88b" {
description = "Provisioned by Terraform"
display_name = "DALES_TERRAFORM_TEST"
section_type = "LAYER3"
stateful = true
rule {
display_name = "c144a383-e915-4827-a570-fb33ed6e59c5"
description = ""
action = "ALLOW"
logged = false
disabled = false
sources_excluded = false
destinations_excluded = false
direction = "IN_OUT"
ip_protocol = "IPV4_IPV6"
source {
target_type = "IPSet"
target_id = "${nsxt_ip_set.e52edc8b-dc6f-4222-bf75-09b00febe99b.id}"
}
source {
target_type = "IPSet"
target_id = "${nsxt_ip_set.1a319382-fc62-487e-ae52-d4c913e9f09a.id}"
}
source {
target_type = "IPSet"
target_id = "${nsxt_ip_set.a8f99be0-da24-4b77-8590-810ca9adba41.id}"
}
source {
target_type = "IPSet"
target_id = "${nsxt_ip_set.20cc4c71-6d1a-478e-ab67-8e27885daa6c.id}"
}
source {
target_type = "IPSet"
target_id = "${nsxt_ip_set.0bcabc32-1005-496f-8e17-bbe994cef473.id}"
}
source {
target_type = "IPSet"
target_id = "${nsxt_ip_set.d6736ed6-10d8-41c9-8284-d2a6a13022ff.id}"
}
source {
target_type = "IPSet"
target_id = "${nsxt_ip_set.1ef4b586-9b7b-4ab6-892b-e4603cbe5b79.id}"
}
source {
target_type = "IPSet"
target_id = "${nsxt_ip_set.90d02d8b-ed4e-4aaa-9440-93e02bd80242.id}"
}
destination {
target_type = "IPSet"
target_id = "${nsxt_ip_set.7024fbb2-e859-46a6-a8b0-2f5604b505e8.id}"
}
destination {
target_type = "IPSet"
target_id = "${nsxt_ip_set.fe4eedd0-9fef-454b-b752-dc930b65a549.id}"
}
service {
target_type = "NSService"
target_id = "${nsxt_l4_port_set_ns_service.18ec9eaa-1657-4240-ab97-5f234623336b.id}"
}
}
rule {
display_name = "46a8cad8-1b97-47f8-be03-6d99d8c04bd1"
description = ""
action = "ALLOW"
logged = false
disabled = false
sources_excluded = false
destinations_excluded = false
direction = "IN_OUT"
ip_protocol = "IPV4_IPV6"
source {
target_type = "IPSet"
target_id = "${nsxt_ip_set.a8f99be0-da24-4b77-8590-810ca9adba41.id}"
}
source {
target_type = "IPSet"
target_id = "${nsxt_ip_set.20cc4c71-6d1a-478e-ab67-8e27885daa6c.id}"
}
source {
target_type = "IPSet"
target_id = "${nsxt_ip_set.0bcabc32-1005-496f-8e17-bbe994cef473.id}"
}
source {
target_type = "IPSet"
target_id = "${nsxt_ip_set.d6736ed6-10d8-41c9-8284-d2a6a13022ff.id}"
}
source {
target_type = "IPSet"
target_id = "${nsxt_ip_set.1ef4b586-9b7b-4ab6-892b-e4603cbe5b79.id}"
}
source {
target_type = "IPSet"
target_id = "${nsxt_ip_set.90d02d8b-ed4e-4aaa-9440-93e02bd80242.id}"
}
destination {
target_type = "IPSet"
target_id = "${nsxt_ip_set.7024fbb2-e859-46a6-a8b0-2f5604b505e8.id}"
}
destination {
target_type = "IPSet"
target_id = "${nsxt_ip_set.fe4eedd0-9fef-454b-b752-dc930b65a549.id}"
}
service {
target_type = "NSService"
target_id = "${nsxt_l4_port_set_ns_service.97aeb443-9aea-11d5-bd16-0090272ccb30.id}"
}
}
}
resource "nsxt_ip_set" "e52edc8b-dc6f-4222-bf75-09b00febe99b" {
display_name = "AAA-1"
ip_addresses = ["192.168.5.100"]
}
resource "nsxt_ip_set" "1a319382-fc62-487e-ae52-d4c913e9f09a" {
display_name = "AAA-2"
ip_addresses = ["192.168.5.101"]
}
resource "nsxt_ip_set" "a8f99be0-da24-4b77-8590-810ca9adba41" {
display_name = "AAA-3"
ip_addresses = ["192.168.31.35"]
}
resource "nsxt_ip_set" "20cc4c71-6d1a-478e-ab67-8e27885daa6c" {
display_name = "AAA-4"
ip_addresses = ["192.168.31.37"]
}
resource "nsxt_ip_set" "0bcabc32-1005-496f-8e17-bbe994cef473" {
display_name = "AAA-5"
ip_addresses = ["192.168.24.28"]
}
resource "nsxt_ip_set" "d6736ed6-10d8-41c9-8284-d2a6a13022ff" {
display_name = "AAA-6"
ip_addresses = ["192.168.31.31"]
}
resource "nsxt_ip_set" "1ef4b586-9b7b-4ab6-892b-e4603cbe5b79" {
display_name = "AAA-7"
ip_addresses = ["192.168.0.22"]
}
resource "nsxt_ip_set" "90d02d8b-ed4e-4aaa-9440-93e02bd80242" {
display_name = "AAA-8"
ip_addresses = ["192.168.5.69"]
}
resource "nsxt_ip_set" "7024fbb2-e859-46a6-a8b0-2f5604b505e8" {
display_name = "AAA-9"
ip_addresses = ["192.168.60.15"]
}
resource "nsxt_ip_set" "fe4eedd0-9fef-454b-b752-dc930b65a549" {
display_name = "AAA-10"
ip_addresses = ["192.168.130.115"]
}
resource "nsxt_l4_port_set_ns_service" "18ec9eaa-1657-4240-ab97-5f234623336b" {
description = "secure shell, encrypted and authenticated rsh"
display_name = "ssh"
protocol = "TCP"
destination_ports = ["22"]
}
resource "nsxt_l4_port_set_ns_service" "97aeb443-9aea-11d5-bd16-0090272ccb30" {
display_name = "https"
protocol = "TCP"
destination_ports = ["443"]
source_ports = ["1024-65535"]
}
##########################################################################
# End terraform file
##########################################################################
Here is the output from running terraform apply
for the first time.
$ terraform apply -var-file supersecret.tfvars -parallelism=30
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ nsxt_firewall_section.7b631ece-7557-4df0-96d3-7428d8c6e88b
id: <computed>
description: "Provisioned by Terraform"
display_name: "DALES_TERRAFORM_TEST"
is_default: <computed>
revision: <computed>
rule.#: "2"
rule.0.action: "ALLOW"
rule.0.destination.#: "2"
rule.0.destination.0.is_valid: <computed>
rule.0.destination.0.target_display_name: <computed>
rule.0.destination.0.target_id: "${nsxt_ip_set.7024fbb2-e859-46a6-a8b0-2f5604b505e8.id}"
rule.0.destination.0.target_type: "IPSet"
rule.0.destination.1.is_valid: <computed>
rule.0.destination.1.target_display_name: <computed>
rule.0.destination.1.target_id: "${nsxt_ip_set.fe4eedd0-9fef-454b-b752-dc930b65a549.id}"
rule.0.destination.1.target_type: "IPSet"
rule.0.destinations_excluded: "false"
rule.0.direction: "IN_OUT"
rule.0.disabled: "false"
rule.0.display_name: "c144a383-e915-4827-a570-fb33ed6e59c5"
rule.0.id: <computed>
rule.0.ip_protocol: "IPV4_IPV6"
rule.0.logged: "false"
rule.0.revision: <computed>
rule.0.service.#: "1"
rule.0.service.0.is_valid: <computed>
rule.0.service.0.target_display_name: <computed>
rule.0.service.0.target_id: "${nsxt_l4_port_set_ns_service.18ec9eaa-1657-4240-ab97-5f234623336b.id}"
rule.0.service.0.target_type: "NSService"
rule.0.source.#: "8"
rule.0.source.0.is_valid: <computed>
rule.0.source.0.target_display_name: <computed>
rule.0.source.0.target_id: "${nsxt_ip_set.e52edc8b-dc6f-4222-bf75-09b00febe99b.id}"
rule.0.source.0.target_type: "IPSet"
rule.0.source.1.is_valid: <computed>
rule.0.source.1.target_display_name: <computed>
rule.0.source.1.target_id: "${nsxt_ip_set.1a319382-fc62-487e-ae52-d4c913e9f09a.id}"
rule.0.source.1.target_type: "IPSet"
rule.0.source.2.is_valid: <computed>
rule.0.source.2.target_display_name: <computed>
rule.0.source.2.target_id: "${nsxt_ip_set.a8f99be0-da24-4b77-8590-810ca9adba41.id}"
rule.0.source.2.target_type: "IPSet"
rule.0.source.3.is_valid: <computed>
rule.0.source.3.target_display_name: <computed>
rule.0.source.3.target_id: "${nsxt_ip_set.20cc4c71-6d1a-478e-ab67-8e27885daa6c.id}"
rule.0.source.3.target_type: "IPSet"
rule.0.source.4.is_valid: <computed>
rule.0.source.4.target_display_name: <computed>
rule.0.source.4.target_id: "${nsxt_ip_set.0bcabc32-1005-496f-8e17-bbe994cef473.id}"
rule.0.source.4.target_type: "IPSet"
rule.0.source.5.is_valid: <computed>
rule.0.source.5.target_display_name: <computed>
rule.0.source.5.target_id: "${nsxt_ip_set.d6736ed6-10d8-41c9-8284-d2a6a13022ff.id}"
rule.0.source.5.target_type: "IPSet"
rule.0.source.6.is_valid: <computed>
rule.0.source.6.target_display_name: <computed>
rule.0.source.6.target_id: "${nsxt_ip_set.1ef4b586-9b7b-4ab6-892b-e4603cbe5b79.id}"
rule.0.source.6.target_type: "IPSet"
rule.0.source.7.is_valid: <computed>
rule.0.source.7.target_display_name: <computed>
rule.0.source.7.target_id: "${nsxt_ip_set.90d02d8b-ed4e-4aaa-9440-93e02bd80242.id}"
rule.0.source.7.target_type: "IPSet"
rule.0.sources_excluded: "false"
rule.1.action: "ALLOW"
rule.1.destination.#: "2"
rule.1.destination.0.is_valid: <computed>
rule.1.destination.0.target_display_name: <computed>
rule.1.destination.0.target_id: "${nsxt_ip_set.7024fbb2-e859-46a6-a8b0-2f5604b505e8.id}"
rule.1.destination.0.target_type: "IPSet"
rule.1.destination.1.is_valid: <computed>
rule.1.destination.1.target_display_name: <computed>
rule.1.destination.1.target_id: "${nsxt_ip_set.fe4eedd0-9fef-454b-b752-dc930b65a549.id}"
rule.1.destination.1.target_type: "IPSet"
rule.1.destinations_excluded: "false"
rule.1.direction: "IN_OUT"
rule.1.disabled: "false"
rule.1.display_name: "46a8cad8-1b97-47f8-be03-6d99d8c04bd1"
rule.1.id: <computed>
rule.1.ip_protocol: "IPV4_IPV6"
rule.1.logged: "false"
rule.1.revision: <computed>
rule.1.service.#: "1"
rule.1.service.0.is_valid: <computed>
rule.1.service.0.target_display_name: <computed>
rule.1.service.0.target_id: "${nsxt_l4_port_set_ns_service.97aeb443-9aea-11d5-bd16-0090272ccb30.id}"
rule.1.service.0.target_type: "NSService"
rule.1.source.#: "6"
rule.1.source.0.is_valid: <computed>
rule.1.source.0.target_display_name: <computed>
rule.1.source.0.target_id: "${nsxt_ip_set.a8f99be0-da24-4b77-8590-810ca9adba41.id}"
rule.1.source.0.target_type: "IPSet"
rule.1.source.1.is_valid: <computed>
rule.1.source.1.target_display_name: <computed>
rule.1.source.1.target_id: "${nsxt_ip_set.20cc4c71-6d1a-478e-ab67-8e27885daa6c.id}"
rule.1.source.1.target_type: "IPSet"
rule.1.source.2.is_valid: <computed>
rule.1.source.2.target_display_name: <computed>
rule.1.source.2.target_id: "${nsxt_ip_set.0bcabc32-1005-496f-8e17-bbe994cef473.id}"
rule.1.source.2.target_type: "IPSet"
rule.1.source.3.is_valid: <computed>
rule.1.source.3.target_display_name: <computed>
rule.1.source.3.target_id: "${nsxt_ip_set.d6736ed6-10d8-41c9-8284-d2a6a13022ff.id}"
rule.1.source.3.target_type: "IPSet"
rule.1.source.4.is_valid: <computed>
rule.1.source.4.target_display_name: <computed>
rule.1.source.4.target_id: "${nsxt_ip_set.1ef4b586-9b7b-4ab6-892b-e4603cbe5b79.id}"
rule.1.source.4.target_type: "IPSet"
rule.1.source.5.is_valid: <computed>
rule.1.source.5.target_display_name: <computed>
rule.1.source.5.target_id: "${nsxt_ip_set.90d02d8b-ed4e-4aaa-9440-93e02bd80242.id}"
rule.1.source.5.target_type: "IPSet"
rule.1.sources_excluded: "false"
section_type: "LAYER3"
stateful: "true"
+ nsxt_ip_set.0bcabc32-1005-496f-8e17-bbe994cef473
id: <computed>
display_name: "AAA-5"
ip_addresses.#: "1"
ip_addresses.2219010323: "192.168.24.28"
revision: <computed>
+ nsxt_ip_set.1a319382-fc62-487e-ae52-d4c913e9f09a
id: <computed>
display_name: "AAA-2"
ip_addresses.#: "1"
ip_addresses.1764425318: "192.168.5.101"
revision: <computed>
+ nsxt_ip_set.1ef4b586-9b7b-4ab6-892b-e4603cbe5b79
id: <computed>
display_name: "AAA-7"
ip_addresses.#: "1"
ip_addresses.991121979: "192.168.0.22"
revision: <computed>
+ nsxt_ip_set.20cc4c71-6d1a-478e-ab67-8e27885daa6c
id: <computed>
display_name: "AAA-4"
ip_addresses.#: "1"
ip_addresses.27607870: "192.168.31.37"
revision: <computed>
+ nsxt_ip_set.7024fbb2-e859-46a6-a8b0-2f5604b505e8
id: <computed>
display_name: "AAA-9"
ip_addresses.#: "1"
ip_addresses.1572490705: "192.168.60.15"
revision: <computed>
+ nsxt_ip_set.90d02d8b-ed4e-4aaa-9440-93e02bd80242
id: <computed>
display_name: "AAA-8"
ip_addresses.#: "1"
ip_addresses.386837596: "192.168.5.69"
revision: <computed>
+ nsxt_ip_set.a8f99be0-da24-4b77-8590-810ca9adba41
id: <computed>
display_name: "AAA-3"
ip_addresses.#: "1"
ip_addresses.865280444: "192.168.31.35"
revision: <computed>
+ nsxt_ip_set.d6736ed6-10d8-41c9-8284-d2a6a13022ff
id: <computed>
display_name: "AAA-6"
ip_addresses.#: "1"
ip_addresses.1476388024: "192.168.31.31"
revision: <computed>
+ nsxt_ip_set.e52edc8b-dc6f-4222-bf75-09b00febe99b
id: <computed>
display_name: "AAA-1"
ip_addresses.#: "1"
ip_addresses.1882312487: "192.168.5.100"
revision: <computed>
+ nsxt_ip_set.fe4eedd0-9fef-454b-b752-dc930b65a549
id: <computed>
display_name: "AAA-10"
ip_addresses.#: "1"
ip_addresses.2686045977: "192.168.130.115"
revision: <computed>
+ nsxt_l4_port_set_ns_service.18ec9eaa-1657-4240-ab97-5f234623336b
id: <computed>
default_service: <computed>
description: "secure shell, encrypted and authenticated rsh"
destination_ports.#: "1"
destination_ports.2228573625: "22"
display_name: "ssh"
protocol: "TCP"
revision: <computed>
+ nsxt_l4_port_set_ns_service.97aeb443-9aea-11d5-bd16-0090272ccb30
id: <computed>
default_service: <computed>
destination_ports.#: "1"
destination_ports.940536242: "443"
display_name: "https"
protocol: "TCP"
revision: <computed>
source_ports.#: "1"
source_ports.213573897: "1024-65535"
+ nsxt_l4_port_set_ns_service.Dummy-Service
id: <computed>
default_service: <computed>
description: "Service created as a placeholder within an empty service group"
destination_ports.#: "1"
destination_ports.1274546220: "4"
display_name: "AAA-Terraform-Dummy-Service"
protocol: "TCP"
revision: <computed>
Plan: 14 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
nsxt_ip_set.20cc4c71-6d1a-478e-ab67-8e27885daa6c: Creating...
display_name: "" => "AAA-4"
ip_addresses.#: "0" => "1"
ip_addresses.27607870: "" => "192.168.31.37"
revision: "" => "<computed>"
nsxt_ip_set.d6736ed6-10d8-41c9-8284-d2a6a13022ff: Creating...
display_name: "" => "AAA-6"
ip_addresses.#: "0" => "1"
ip_addresses.1476388024: "" => "192.168.31.31"
revision: "" => "<computed>"
nsxt_l4_port_set_ns_service.Dummy-Service: Creating...
default_service: "" => "<computed>"
description: "" => "Service created as a placeholder within an empty service group"
destination_ports.#: "0" => "1"
destination_ports.1274546220: "" => "4"
display_name: "" => "AAA-Terraform-Dummy-Service"
protocol: "" => "TCP"
revision: "" => "<computed>"
nsxt_l4_port_set_ns_service.18ec9eaa-1657-4240-ab97-5f234623336b: Creating...
default_service: "" => "<computed>"
description: "" => "secure shell, encrypted and authenticated rsh"
destination_ports.#: "0" => "1"
destination_ports.2228573625: "" => "22"
display_name: "" => "ssh"
protocol: "" => "TCP"
revision: "" => "<computed>"
nsxt_ip_set.90d02d8b-ed4e-4aaa-9440-93e02bd80242: Creating...
display_name: "" => "AAA-8"
ip_addresses.#: "0" => "1"
ip_addresses.386837596: "" => "192.168.5.69"
revision: "" => "<computed>"
nsxt_ip_set.7024fbb2-e859-46a6-a8b0-2f5604b505e8: Creating...
display_name: "" => "AAA-9"
ip_addresses.#: "0" => "1"
ip_addresses.1572490705: "" => "192.168.60.15"
revision: "" => "<computed>"
nsxt_ip_set.fe4eedd0-9fef-454b-b752-dc930b65a549: Creating...
display_name: "" => "AAA-10"
ip_addresses.#: "0" => "1"
ip_addresses.2686045977: "" => "192.168.130.115"
revision: "" => "<computed>"
nsxt_ip_set.1a319382-fc62-487e-ae52-d4c913e9f09a: Creating...
display_name: "" => "AAA-2"
ip_addresses.#: "0" => "1"
ip_addresses.1764425318: "" => "192.168.5.101"
revision: "" => "<computed>"
nsxt_ip_set.a8f99be0-da24-4b77-8590-810ca9adba41: Creating...
display_name: "" => "AAA-3"
ip_addresses.#: "0" => "1"
ip_addresses.865280444: "" => "192.168.31.35"
revision: "" => "<computed>"
nsxt_ip_set.1ef4b586-9b7b-4ab6-892b-e4603cbe5b79: Creating...
display_name: "" => "AAA-7"
ip_addresses.#: "0" => "1"
ip_addresses.991121979: "" => "192.168.0.22"
revision: "" => "<computed>"
nsxt_l4_port_set_ns_service.97aeb443-9aea-11d5-bd16-0090272ccb30: Creating...
default_service: "" => "<computed>"
destination_ports.#: "0" => "1"
destination_ports.940536242: "" => "443"
display_name: "" => "https"
protocol: "" => "TCP"
revision: "" => "<computed>"
source_ports.#: "0" => "1"
source_ports.213573897: "" => "1024-65535"
nsxt_ip_set.0bcabc32-1005-496f-8e17-bbe994cef473: Creating...
display_name: "" => "AAA-5"
ip_addresses.#: "0" => "1"
ip_addresses.2219010323: "" => "192.168.24.28"
revision: "" => "<computed>"
nsxt_ip_set.e52edc8b-dc6f-4222-bf75-09b00febe99b: Creating...
display_name: "" => "AAA-1"
ip_addresses.#: "0" => "1"
ip_addresses.1882312487: "" => "192.168.5.100"
revision: "" => "<computed>"
nsxt_ip_set.fe4eedd0-9fef-454b-b752-dc930b65a549: Creation complete after 1s (ID: 2ec2f460-7678-49fa-89cb-ae97ef532208)
nsxt_ip_set.90d02d8b-ed4e-4aaa-9440-93e02bd80242: Creation complete after 2s (ID: ab350c7c-74ed-4a4d-b6ec-0aaf3e647741)
nsxt_ip_set.a8f99be0-da24-4b77-8590-810ca9adba41: Creation complete after 2s (ID: c915c260-5ef2-4ef1-af44-dc8b417f25f0)
nsxt_ip_set.7024fbb2-e859-46a6-a8b0-2f5604b505e8: Creation complete after 2s (ID: dc56baf9-a028-4625-b1c8-40da76fd3e98)
nsxt_ip_set.e52edc8b-dc6f-4222-bf75-09b00febe99b: Creation complete after 2s (ID: bc756e37-d3ab-4bdd-ae71-43c27070d99e)
nsxt_ip_set.20cc4c71-6d1a-478e-ab67-8e27885daa6c: Creation complete after 2s (ID: c328a368-f8bd-4141-b084-1a11e069bb67)
nsxt_l4_port_set_ns_service.18ec9eaa-1657-4240-ab97-5f234623336b: Creation complete after 2s (ID: 5d2228ec-3733-43a4-af07-ae13c52490d7)
nsxt_l4_port_set_ns_service.97aeb443-9aea-11d5-bd16-0090272ccb30: Creation complete after 2s (ID: 16b00705-0c12-42a2-a8a0-0048639b0fc7)
nsxt_ip_set.0bcabc32-1005-496f-8e17-bbe994cef473: Creation complete after 2s (ID: dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8)
nsxt_l4_port_set_ns_service.Dummy-Service: Creation complete after 2s (ID: dc1dc0af-12bc-4a19-9be1-cdd46c4398ae)
nsxt_ip_set.d6736ed6-10d8-41c9-8284-d2a6a13022ff: Creation complete after 2s (ID: 12c71ee5-13ba-4b28-b093-ce81ba8a1bf1)
nsxt_ip_set.1ef4b586-9b7b-4ab6-892b-e4603cbe5b79: Creation complete after 2s (ID: 64f511f0-7464-40c1-8a7e-2a7c3ee6574c)
nsxt_ip_set.1a319382-fc62-487e-ae52-d4c913e9f09a: Creation complete after 2s (ID: 9b502edb-8cab-4732-b064-d4d3dfa6856e)
nsxt_firewall_section.7b631ece-7557-4df0-96d3-7428d8c6e88b: Creating...
description: "" => "Provisioned by Terraform"
display_name: "" => "DALES_TERRAFORM_TEST"
is_default: "" => "<computed>"
revision: "" => "<computed>"
rule.#: "" => "2"
rule.0.action: "" => "ALLOW"
rule.0.destination.#: "" => "2"
rule.0.destination.0.is_valid: "" => "<computed>"
rule.0.destination.0.target_display_name: "" => "<computed>"
rule.0.destination.0.target_id: "" => "dc56baf9-a028-4625-b1c8-40da76fd3e98"
rule.0.destination.0.target_type: "" => "IPSet"
rule.0.destination.1.is_valid: "" => "<computed>"
rule.0.destination.1.target_display_name: "" => "<computed>"
rule.0.destination.1.target_id: "" => "2ec2f460-7678-49fa-89cb-ae97ef532208"
rule.0.destination.1.target_type: "" => "IPSet"
rule.0.destinations_excluded: "" => "false"
rule.0.direction: "" => "IN_OUT"
rule.0.disabled: "" => "false"
rule.0.display_name: "" => "c144a383-e915-4827-a570-fb33ed6e59c5"
rule.0.id: "" => "<computed>"
rule.0.ip_protocol: "" => "IPV4_IPV6"
rule.0.logged: "" => "false"
rule.0.revision: "" => "<computed>"
rule.0.service.#: "" => "1"
rule.0.service.0.is_valid: "" => "<computed>"
rule.0.service.0.target_display_name: "" => "<computed>"
rule.0.service.0.target_id: "" => "5d2228ec-3733-43a4-af07-ae13c52490d7"
rule.0.service.0.target_type: "" => "NSService"
rule.0.source.#: "" => "8"
rule.0.source.0.is_valid: "" => "<computed>"
rule.0.source.0.target_display_name: "" => "<computed>"
rule.0.source.0.target_id: "" => "bc756e37-d3ab-4bdd-ae71-43c27070d99e"
rule.0.source.0.target_type: "" => "IPSet"
rule.0.source.1.is_valid: "" => "<computed>"
rule.0.source.1.target_display_name: "" => "<computed>"
rule.0.source.1.target_id: "" => "9b502edb-8cab-4732-b064-d4d3dfa6856e"
rule.0.source.1.target_type: "" => "IPSet"
rule.0.source.2.is_valid: "" => "<computed>"
rule.0.source.2.target_display_name: "" => "<computed>"
rule.0.source.2.target_id: "" => "c915c260-5ef2-4ef1-af44-dc8b417f25f0"
rule.0.source.2.target_type: "" => "IPSet"
rule.0.source.3.is_valid: "" => "<computed>"
rule.0.source.3.target_display_name: "" => "<computed>"
rule.0.source.3.target_id: "" => "c328a368-f8bd-4141-b084-1a11e069bb67"
rule.0.source.3.target_type: "" => "IPSet"
rule.0.source.4.is_valid: "" => "<computed>"
rule.0.source.4.target_display_name: "" => "<computed>"
rule.0.source.4.target_id: "" => "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8"
rule.0.source.4.target_type: "" => "IPSet"
rule.0.source.5.is_valid: "" => "<computed>"
rule.0.source.5.target_display_name: "" => "<computed>"
rule.0.source.5.target_id: "" => "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1"
rule.0.source.5.target_type: "" => "IPSet"
rule.0.source.6.is_valid: "" => "<computed>"
rule.0.source.6.target_display_name: "" => "<computed>"
rule.0.source.6.target_id: "" => "64f511f0-7464-40c1-8a7e-2a7c3ee6574c"
rule.0.source.6.target_type: "" => "IPSet"
rule.0.source.7.is_valid: "" => "<computed>"
rule.0.source.7.target_display_name: "" => "<computed>"
rule.0.source.7.target_id: "" => "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741"
rule.0.source.7.target_type: "" => "IPSet"
rule.0.sources_excluded: "" => "false"
rule.1.action: "" => "ALLOW"
rule.1.destination.#: "" => "2"
rule.1.destination.0.is_valid: "" => "<computed>"
rule.1.destination.0.target_display_name: "" => "<computed>"
rule.1.destination.0.target_id: "" => "dc56baf9-a028-4625-b1c8-40da76fd3e98"
rule.1.destination.0.target_type: "" => "IPSet"
rule.1.destination.1.is_valid: "" => "<computed>"
rule.1.destination.1.target_display_name: "" => "<computed>"
rule.1.destination.1.target_id: "" => "2ec2f460-7678-49fa-89cb-ae97ef532208"
rule.1.destination.1.target_type: "" => "IPSet"
rule.1.destinations_excluded: "" => "false"
rule.1.direction: "" => "IN_OUT"
rule.1.disabled: "" => "false"
rule.1.display_name: "" => "46a8cad8-1b97-47f8-be03-6d99d8c04bd1"
rule.1.id: "" => "<computed>"
rule.1.ip_protocol: "" => "IPV4_IPV6"
rule.1.logged: "" => "false"
rule.1.revision: "" => "<computed>"
rule.1.service.#: "" => "1"
rule.1.service.0.is_valid: "" => "<computed>"
rule.1.service.0.target_display_name: "" => "<computed>"
rule.1.service.0.target_id: "" => "16b00705-0c12-42a2-a8a0-0048639b0fc7"
rule.1.service.0.target_type: "" => "NSService"
rule.1.source.#: "" => "6"
rule.1.source.0.is_valid: "" => "<computed>"
rule.1.source.0.target_display_name: "" => "<computed>"
rule.1.source.0.target_id: "" => "c915c260-5ef2-4ef1-af44-dc8b417f25f0"
rule.1.source.0.target_type: "" => "IPSet"
rule.1.source.1.is_valid: "" => "<computed>"
rule.1.source.1.target_display_name: "" => "<computed>"
rule.1.source.1.target_id: "" => "c328a368-f8bd-4141-b084-1a11e069bb67"
rule.1.source.1.target_type: "" => "IPSet"
rule.1.source.2.is_valid: "" => "<computed>"
rule.1.source.2.target_display_name: "" => "<computed>"
rule.1.source.2.target_id: "" => "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8"
rule.1.source.2.target_type: "" => "IPSet"
rule.1.source.3.is_valid: "" => "<computed>"
rule.1.source.3.target_display_name: "" => "<computed>"
rule.1.source.3.target_id: "" => "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1"
rule.1.source.3.target_type: "" => "IPSet"
rule.1.source.4.is_valid: "" => "<computed>"
rule.1.source.4.target_display_name: "" => "<computed>"
rule.1.source.4.target_id: "" => "64f511f0-7464-40c1-8a7e-2a7c3ee6574c"
rule.1.source.4.target_type: "" => "IPSet"
rule.1.source.5.is_valid: "" => "<computed>"
rule.1.source.5.target_display_name: "" => "<computed>"
rule.1.source.5.target_id: "" => "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741"
rule.1.source.5.target_type: "" => "IPSet"
rule.1.sources_excluded: "" => "false"
section_type: "" => "LAYER3"
stateful: "" => "true"
nsxt_firewall_section.7b631ece-7557-4df0-96d3-7428d8c6e88b: Creation complete after 3s (ID: 4d834e3a-5caf-491e-8e7f-7015882fe8a2)
Apply complete! Resources: 14 added, 0 changed, 0 destroyed.
Run terraform apply
immediately afterwards (with no changes), and it says that updates are required.
$ terraform apply -var-file supersecret.tfvars -parallelism=30
nsxt_ip_set.fe4eedd0-9fef-454b-b752-dc930b65a549: Refreshing state... (ID: 2ec2f460-7678-49fa-89cb-ae97ef532208)
nsxt_ip_set.20cc4c71-6d1a-478e-ab67-8e27885daa6c: Refreshing state... (ID: c328a368-f8bd-4141-b084-1a11e069bb67)
nsxt_l4_port_set_ns_service.18ec9eaa-1657-4240-ab97-5f234623336b: Refreshing state... (ID: 5d2228ec-3733-43a4-af07-ae13c52490d7)
nsxt_l4_port_set_ns_service.97aeb443-9aea-11d5-bd16-0090272ccb30: Refreshing state... (ID: 16b00705-0c12-42a2-a8a0-0048639b0fc7)
nsxt_ip_set.1ef4b586-9b7b-4ab6-892b-e4603cbe5b79: Refreshing state... (ID: 64f511f0-7464-40c1-8a7e-2a7c3ee6574c)
nsxt_ip_set.a8f99be0-da24-4b77-8590-810ca9adba41: Refreshing state... (ID: c915c260-5ef2-4ef1-af44-dc8b417f25f0)
nsxt_ip_set.0bcabc32-1005-496f-8e17-bbe994cef473: Refreshing state... (ID: dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8)
nsxt_ip_set.7024fbb2-e859-46a6-a8b0-2f5604b505e8: Refreshing state... (ID: dc56baf9-a028-4625-b1c8-40da76fd3e98)
nsxt_ip_set.90d02d8b-ed4e-4aaa-9440-93e02bd80242: Refreshing state... (ID: ab350c7c-74ed-4a4d-b6ec-0aaf3e647741)
nsxt_ip_set.d6736ed6-10d8-41c9-8284-d2a6a13022ff: Refreshing state... (ID: 12c71ee5-13ba-4b28-b093-ce81ba8a1bf1)
nsxt_ip_set.1a319382-fc62-487e-ae52-d4c913e9f09a: Refreshing state... (ID: 9b502edb-8cab-4732-b064-d4d3dfa6856e)
nsxt_l4_port_set_ns_service.Dummy-Service: Refreshing state... (ID: dc1dc0af-12bc-4a19-9be1-cdd46c4398ae)
nsxt_ip_set.e52edc8b-dc6f-4222-bf75-09b00febe99b: Refreshing state... (ID: bc756e37-d3ab-4bdd-ae71-43c27070d99e)
nsxt_firewall_section.7b631ece-7557-4df0-96d3-7428d8c6e88b: Refreshing state... (ID: 4d834e3a-5caf-491e-8e7f-7015882fe8a2)
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
~ nsxt_firewall_section.7b631ece-7557-4df0-96d3-7428d8c6e88b
rule.0.source.0.target_id: "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741" => "bc756e37-d3ab-4bdd-ae71-43c27070d99e"
rule.0.source.1.target_id: "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1" => "9b502edb-8cab-4732-b064-d4d3dfa6856e"
rule.0.source.2.target_id: "64f511f0-7464-40c1-8a7e-2a7c3ee6574c" => "c915c260-5ef2-4ef1-af44-dc8b417f25f0"
rule.0.source.3.target_id: "9b502edb-8cab-4732-b064-d4d3dfa6856e" => "c328a368-f8bd-4141-b084-1a11e069bb67"
rule.0.source.4.target_id: "c328a368-f8bd-4141-b084-1a11e069bb67" => "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8"
rule.0.source.5.target_id: "bc756e37-d3ab-4bdd-ae71-43c27070d99e" => "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1"
rule.0.source.6.target_id: "c915c260-5ef2-4ef1-af44-dc8b417f25f0" => "64f511f0-7464-40c1-8a7e-2a7c3ee6574c"
rule.0.source.7.target_id: "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8" => "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741"
rule.1.source.0.target_id: "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741" => "c915c260-5ef2-4ef1-af44-dc8b417f25f0"
rule.1.source.1.target_id: "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1" => "c328a368-f8bd-4141-b084-1a11e069bb67"
rule.1.source.2.target_id: "64f511f0-7464-40c1-8a7e-2a7c3ee6574c" => "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8"
rule.1.source.3.target_id: "c328a368-f8bd-4141-b084-1a11e069bb67" => "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1"
rule.1.source.4.target_id: "c915c260-5ef2-4ef1-af44-dc8b417f25f0" => "64f511f0-7464-40c1-8a7e-2a7c3ee6574c"
rule.1.source.5.target_id: "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8" => "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741"
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
nsxt_firewall_section.7b631ece-7557-4df0-96d3-7428d8c6e88b: Modifying... (ID: 4d834e3a-5caf-491e-8e7f-7015882fe8a2)
rule.0.source.0.target_id: "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741" => "bc756e37-d3ab-4bdd-ae71-43c27070d99e"
rule.0.source.1.target_id: "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1" => "9b502edb-8cab-4732-b064-d4d3dfa6856e"
rule.0.source.2.target_id: "64f511f0-7464-40c1-8a7e-2a7c3ee6574c" => "c915c260-5ef2-4ef1-af44-dc8b417f25f0"
rule.0.source.3.target_id: "9b502edb-8cab-4732-b064-d4d3dfa6856e" => "c328a368-f8bd-4141-b084-1a11e069bb67"
rule.0.source.4.target_id: "c328a368-f8bd-4141-b084-1a11e069bb67" => "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8"
rule.0.source.5.target_id: "bc756e37-d3ab-4bdd-ae71-43c27070d99e" => "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1"
rule.0.source.6.target_id: "c915c260-5ef2-4ef1-af44-dc8b417f25f0" => "64f511f0-7464-40c1-8a7e-2a7c3ee6574c"
rule.0.source.7.target_id: "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8" => "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741"
rule.1.source.0.target_id: "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741" => "c915c260-5ef2-4ef1-af44-dc8b417f25f0"
rule.1.source.1.target_id: "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1" => "c328a368-f8bd-4141-b084-1a11e069bb67"
rule.1.source.2.target_id: "64f511f0-7464-40c1-8a7e-2a7c3ee6574c" => "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8"
rule.1.source.3.target_id: "c328a368-f8bd-4141-b084-1a11e069bb67" => "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1"
rule.1.source.4.target_id: "c915c260-5ef2-4ef1-af44-dc8b417f25f0" => "64f511f0-7464-40c1-8a7e-2a7c3ee6574c"
rule.1.source.5.target_id: "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8" => "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741"
nsxt_firewall_section.7b631ece-7557-4df0-96d3-7428d8c6e88b: Modifications complete after 3s (ID: 4d834e3a-5caf-491e-8e7f-7015882fe8a2)
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
And if you keep running terraform apply
, it keeps saying the same changes are required.
$ terraform apply -var-file supersecret.tfvars -parallelism=30
nsxt_ip_set.1a319382-fc62-487e-ae52-d4c913e9f09a: Refreshing state... (ID: 9b502edb-8cab-4732-b064-d4d3dfa6856e)
nsxt_ip_set.90d02d8b-ed4e-4aaa-9440-93e02bd80242: Refreshing state... (ID: ab350c7c-74ed-4a4d-b6ec-0aaf3e647741)
nsxt_ip_set.a8f99be0-da24-4b77-8590-810ca9adba41: Refreshing state... (ID: c915c260-5ef2-4ef1-af44-dc8b417f25f0)
nsxt_l4_port_set_ns_service.Dummy-Service: Refreshing state... (ID: dc1dc0af-12bc-4a19-9be1-cdd46c4398ae)
nsxt_ip_set.0bcabc32-1005-496f-8e17-bbe994cef473: Refreshing state... (ID: dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8)
nsxt_ip_set.1ef4b586-9b7b-4ab6-892b-e4603cbe5b79: Refreshing state... (ID: 64f511f0-7464-40c1-8a7e-2a7c3ee6574c)
nsxt_ip_set.e52edc8b-dc6f-4222-bf75-09b00febe99b: Refreshing state... (ID: bc756e37-d3ab-4bdd-ae71-43c27070d99e)
nsxt_ip_set.d6736ed6-10d8-41c9-8284-d2a6a13022ff: Refreshing state... (ID: 12c71ee5-13ba-4b28-b093-ce81ba8a1bf1)
nsxt_ip_set.7024fbb2-e859-46a6-a8b0-2f5604b505e8: Refreshing state... (ID: dc56baf9-a028-4625-b1c8-40da76fd3e98)
nsxt_ip_set.20cc4c71-6d1a-478e-ab67-8e27885daa6c: Refreshing state... (ID: c328a368-f8bd-4141-b084-1a11e069bb67)
nsxt_l4_port_set_ns_service.97aeb443-9aea-11d5-bd16-0090272ccb30: Refreshing state... (ID: 16b00705-0c12-42a2-a8a0-0048639b0fc7)
nsxt_l4_port_set_ns_service.18ec9eaa-1657-4240-ab97-5f234623336b: Refreshing state... (ID: 5d2228ec-3733-43a4-af07-ae13c52490d7)
nsxt_ip_set.fe4eedd0-9fef-454b-b752-dc930b65a549: Refreshing state... (ID: 2ec2f460-7678-49fa-89cb-ae97ef532208)
nsxt_firewall_section.7b631ece-7557-4df0-96d3-7428d8c6e88b: Refreshing state... (ID: 4d834e3a-5caf-491e-8e7f-7015882fe8a2)
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
~ nsxt_firewall_section.7b631ece-7557-4df0-96d3-7428d8c6e88b
rule.0.source.0.target_id: "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741" => "bc756e37-d3ab-4bdd-ae71-43c27070d99e"
rule.0.source.1.target_id: "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1" => "9b502edb-8cab-4732-b064-d4d3dfa6856e"
rule.0.source.2.target_id: "64f511f0-7464-40c1-8a7e-2a7c3ee6574c" => "c915c260-5ef2-4ef1-af44-dc8b417f25f0"
rule.0.source.3.target_id: "9b502edb-8cab-4732-b064-d4d3dfa6856e" => "c328a368-f8bd-4141-b084-1a11e069bb67"
rule.0.source.4.target_id: "c328a368-f8bd-4141-b084-1a11e069bb67" => "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8"
rule.0.source.5.target_id: "bc756e37-d3ab-4bdd-ae71-43c27070d99e" => "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1"
rule.0.source.6.target_id: "c915c260-5ef2-4ef1-af44-dc8b417f25f0" => "64f511f0-7464-40c1-8a7e-2a7c3ee6574c"
rule.0.source.7.target_id: "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8" => "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741"
rule.1.source.0.target_id: "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741" => "c915c260-5ef2-4ef1-af44-dc8b417f25f0"
rule.1.source.1.target_id: "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1" => "c328a368-f8bd-4141-b084-1a11e069bb67"
rule.1.source.2.target_id: "64f511f0-7464-40c1-8a7e-2a7c3ee6574c" => "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8"
rule.1.source.3.target_id: "c328a368-f8bd-4141-b084-1a11e069bb67" => "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1"
rule.1.source.4.target_id: "c915c260-5ef2-4ef1-af44-dc8b417f25f0" => "64f511f0-7464-40c1-8a7e-2a7c3ee6574c"
rule.1.source.5.target_id: "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8" => "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741"
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
nsxt_firewall_section.7b631ece-7557-4df0-96d3-7428d8c6e88b: Modifying... (ID: 4d834e3a-5caf-491e-8e7f-7015882fe8a2)
rule.0.source.0.target_id: "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741" => "bc756e37-d3ab-4bdd-ae71-43c27070d99e"
rule.0.source.1.target_id: "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1" => "9b502edb-8cab-4732-b064-d4d3dfa6856e"
rule.0.source.2.target_id: "64f511f0-7464-40c1-8a7e-2a7c3ee6574c" => "c915c260-5ef2-4ef1-af44-dc8b417f25f0"
rule.0.source.3.target_id: "9b502edb-8cab-4732-b064-d4d3dfa6856e" => "c328a368-f8bd-4141-b084-1a11e069bb67"
rule.0.source.4.target_id: "c328a368-f8bd-4141-b084-1a11e069bb67" => "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8"
rule.0.source.5.target_id: "bc756e37-d3ab-4bdd-ae71-43c27070d99e" => "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1"
rule.0.source.6.target_id: "c915c260-5ef2-4ef1-af44-dc8b417f25f0" => "64f511f0-7464-40c1-8a7e-2a7c3ee6574c"
rule.0.source.7.target_id: "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8" => "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741"
rule.1.source.0.target_id: "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741" => "c915c260-5ef2-4ef1-af44-dc8b417f25f0"
rule.1.source.1.target_id: "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1" => "c328a368-f8bd-4141-b084-1a11e069bb67"
rule.1.source.2.target_id: "64f511f0-7464-40c1-8a7e-2a7c3ee6574c" => "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8"
rule.1.source.3.target_id: "c328a368-f8bd-4141-b084-1a11e069bb67" => "12c71ee5-13ba-4b28-b093-ce81ba8a1bf1"
rule.1.source.4.target_id: "c915c260-5ef2-4ef1-af44-dc8b417f25f0" => "64f511f0-7464-40c1-8a7e-2a7c3ee6574c"
rule.1.source.5.target_id: "dcf5dcf9-ff34-4771-b02a-dde1ceeb2ee8" => "ab350c7c-74ed-4a4d-b6ec-0aaf3e647741"
nsxt_firewall_section.7b631ece-7557-4df0-96d3-7428d8c6e88b: Modifications complete after 3s (ID: 4d834e3a-5caf-491e-8e7f-7015882fe8a2)
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
When using the nsxt_lb_pool and creating a member group with a nsxt_ns_group dynamic member, the default for max_ip_list_size is getting set as zero instead of getting set as an empty value. We ran a few tests and verified this test matrix:
Given max_ip_list_size is empty or zero in NSX-T
When max_ip_list_size property is missing
Then terraform plan detects no changes
When max_ip_list_size property is set to zero
Then terraform plan detects no changes
When max_ip_list_size property is set greater than zero
Then terraform plan detects changes and sets the value
Given max_ip_list_size is set with a value greater than zero in NSX-T
When max_ip_list_size property is missing
Then terraform plan detects changes and sets the value to zero
When max_ip_list_size property is zero
Then terraform plan detects changes and sets the value to zero
When max_ip_list_size property is greater than zero
If the max_ip_list_size property value equals the existing value
Then terraform plan detects no changes
If the max_ip_list_size property value does not equal the existing vlaue
Then terraform plan detects changes
We expect this to behave like the api, when the property in the api is unset NSX-T will set the value to empty. Instead, it appears that terraform is setting it to the default value for an integer which is zero.
I noticed today while troubleshooting a newly recreated (with terraform) T1 router that has a loadbalancer on it that the "Advertise All LB VIP Routes" toggle is not set in the UI. I came to notice that this doesn't seem possible to set in the nsxt_logical_tier1_router
object so it must be manually toggled after the terraform configuration is implemented. It would be great if there could be an option for enabling this (similar to advertise_static_routes
, for example).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.