Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use reserved public IP when creating instance #1565

Closed
OscarB7 opened this issue Apr 6, 2022 · 8 comments · May be fixed by #2203
Closed

Use reserved public IP when creating instance #1565

OscarB7 opened this issue Apr 6, 2022 · 8 comments · May be fixed by #2203
Labels
enhancement

Comments

@OscarB7
Copy link

OscarB7 commented Apr 6, 2022

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

I would like to use a reserved public IP for an instance to keep the same IP if the instance is re-created. I can create the reserved public IP with resource "oci_core_public_ip". Now for the instance, the block resource "oci_core_instance" does not have an option to attach or associate the existing VNIC.
Is there another resource block to attach the existing VNIC to the instance? I see the opcion in the OCI web console as explained in this article

New or Affected Resource(s)

resource "oci_core_instance" could be modified to allow this option. Maybe a new resource to assign and unassign public ip.

Potential Terraform Configuration

A new section that assign a VNIC. This would be the most basic since OCI allows more VNIC.

resource "oci_core_instance" "test_instance" {
    ...
    assign_vnic_details {
        public_ip = oci_core_public_ip.test_public_ip.id
        ...
    }
    ...
}

References
@dhoogfr
Copy link

dhoogfr commented Apr 6, 2022

@OscarB7

When reserving the public IP, you can assign it to a private IP (from the host).
So it works the other way around

example on how to attach a reserved public IP to the first private IP of a guest:

data "oci_core_private_ips" "bastion" {
  ip_address = oci_core_instance.bastion.private_ip
  subnet_id  = oci_core_subnet.bastion.id
}

resource "oci_core_public_ip" "bastion" {
  compartment_id = var.network_compartment_id != "" ? var.network_compartment_id : var.compartment_id
  display_name   = var.bastion_identifier != "" ? join("-", ["ip-bastion-pub", var.bastion_identifier]) : "ip-bastion-pub"
  lifetime       = "RESERVED"
  private_ip_id  = data.oci_core_private_ips.bastion.private_ips[0]["id"]

  defined_tags = var.defined_tags
}

@OscarB7
Copy link
Author

OscarB7 commented Apr 6, 2022

thank you, @dhoogfr ! I appreciate it. I will try that

@et304383
Copy link

et304383 commented Apr 7, 2022

I really wish this didn't work like this. Attaching a static IP should be a stand-alone operation. The way this works now creates an unfortunate dependency from the IP to the instance, which in turn means there's no way to inject said public IP into the user data of the instance via Terraform reference.

@OscarB7
Copy link
Author

OscarB7 commented Apr 12, 2022

@dhoogfr I implemented it and worked for my current use case.
This approach allows the instance to be re-created while keeping the same VNIC. Now if I destroy the instance, e.g., using terraform destroy --target oci_core_instance.bastion, the VNIC will be destroyed as well.
Is there a way to create the VNIC (reserved public IP) without this dependency on the instance it is attached to?

@dhoogfr
Copy link

dhoogfr commented Apr 13, 2022

@OscarB7
When I need to destroy the instance, I need to first change the oci_core_public_ip configuration to remove the private_ip_id relation.
After that the instance can be destroyed / recreated without destroying the reserved public IP.

To prevent accidental destruction you could try to add a lifecycle clause with "prevent_destroy = true" attribute to the oci_core_public_ip resource

resource "oci_core_public_ip" "bastion" {
  compartment_id = var.network_compartment_id != "" ? var.network_compartment_id : var.compartment_id
  display_name   = var.bastion_identifier != "" ? join("-", ["ip-bastion-pub", var.bastion_identifier]) : "ip-bastion-pub"
  lifetime       = "RESERVED"
  private_ip_id  = data.oci_core_private_ips.bastion.private_ips[0]["id"]

  defined_tags = var.defined_tags

  lifecycle {
    prevent_destroy = true
  }
}

But, I have not actually tried this myself.

@OscarB7
Copy link
Author

OscarB7 commented Apr 14, 2022

Thank you very much @dhoogfr !

@OscarB7 OscarB7 closed this as completed Apr 14, 2022
@dhoogfr dhoogfr mentioned this issue Dec 14, 2022
Open
@brokedba
Copy link

resource "oci_core_public_ip" "bastion" {
compartment_id = var.network_compartment_id != "" ? var.network_compartment_id : var.compartment_id
display_name = var.bastion_identifier != "" ? join("-", ["ip-bastion-pub", var.bastion_identifier]) : "ip-bastion-pub"
lifetime = "RESERVED"
private_ip_id = data.oci_core_private_ips.bastion.private_ips[0]["id"]

defined_tags = var.defined_tags

lifecycle {
prevent_destroy = true
}
}

I you apply and destroy 5 times , you will probably not reuse the public IP that you prevented from being destroyed. It will be a clutter of public IPs at the end .

@brokedba
Copy link

@dhoogfr , I can confirm that the destroy fails with prevent destroy clause .

│ Error: Instance cannot be destroyed
│
│   on compute.tf line 91:
│   91: resource "oci_core_public_ip" "untrust_public_ip" {
│
│ Resource oci_core_public_ip.untrust_public_ip has lifecycle.prevent_destroy set, but the plan calls for this resource to be destroyed. To
│ avoid this error and continue with the plan, either disable lifecycle.prevent_destroy or reduce the scope of the plan using the -target flag.

I am going to open an enhancement issue

@brokedba brokedba mentioned this issue Mar 10, 2023
Open
@NefixEstrada NefixEstrada mentioned this issue Oct 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(core_public_ip): add the attachment resource NefixEstrada/terraform-provider-oci
4 participants
@et304383 @dhoogfr @OscarB7 @brokedba