Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

After import command or block, unprivileged forces replacement #1406

Open
lingfish opened this issue Jun 25, 2024 · 2 comments
Open

After import command or block, unprivileged forces replacement #1406

lingfish opened this issue Jun 25, 2024 · 2 comments
Labels
🐛 bug Something isn't working

Comments

@lingfish
Copy link
Contributor

Describe the bug
I'm attempting to import an existing container, and no matter what is chosen for unprivileged, terraform insists on forcing replacement.

To Reproduce
Steps to reproduce the behavior:

  1. Create a import block:
import {
  to = proxmox_virtual_environment_container.airflow
  id = "pm/165"
}
  1. Run a plan, with -generate-config-out=
  2. Further plan runs insist that unprivileged forces replacement:
# proxmox_virtual_environment_container.airflow must be replaced
-/+ resource "proxmox_virtual_environment_container" "airflow" {
      ~ id             = "165" -> (known after apply)
      + start_on_boot  = false
        tags           = [
            "linux",
            "no-zabbix",
        ]
      + timeout_clone  = 1800
      + timeout_create = 1800
      + timeout_delete = 60
      + timeout_start  = 300
      + timeout_update = 1800
      + unprivileged   = false # forces replacement
      + vm_id          = 165

It doesn't matter which unprivileged setting is made in the tf file, I get the same result.

The same thing would happen with vm_id until I upgraded to 0.60.0. No issues when using the provider to create a container from scratch.

import {
  to = proxmox_virtual_environment_container.airflow
  id = "pm/165"
}
resource "proxmox_virtual_environment_container" "airflow" {
  node_name           = "pm"
  start_on_boot       = false
  started             = false
  template            = false
  unprivileged        = true
  vm_id               = "165"
        [ ... ]

Container config:

root@pm:/# cat /etc/pve/lxc/165.conf
arch: amd64
cores: 2
features: nesting=1
hostname: airflow
memory: 2048
net0: name=eth0,bridge=vmbr0,gw=x.x.x.x,hwaddr=*MAC*,ip=*IP*,ip6=auto,tag=1,type=veth
ostype: debian
rootfs: nvme:vm-165-disk-0,size=20G
swap: 2048
tags: linux;no-zabbix
unprivileged: 1

Expected behavior
No container replacement.

Additional context
Add any other context about the problem here.

  • Single or clustered Proxmox: single
  • Proxmox version: 8.1.4
  • Provider version (ideally it should be the latest version): 0.60.0
  • Terraform/OpenTofu version: Terraform v1.8.5
  • OS (where you run Terraform/OpenTofu from): Debian GNU/Linux 12 (bookworm)
  • Debug logs (TF_LOG=DEBUG terraform apply): As this outputs a lot of info (including a complete dump of inventory), would rather not post.
@lingfish lingfish added the 🐛 bug Something isn't working label Jun 25, 2024
@bpg
Copy link
Owner

bpg commented Jun 28, 2024
edited
Loading

It looks like the unprivileged attribute is not imported.

❯ tofu import proxmox_virtual_environment_container.test_container pve/100
proxmox_virtual_environment_container.test_container: Importing from ID "pve/100"...
proxmox_virtual_environment_container.test_container: Import prepared!
  Prepared proxmox_virtual_environment_container for import
proxmox_virtual_environment_container.test_container: Refreshing state... [id=100]

Import successful!

The resources that were imported are shown above. These resources are now in
your OpenTofu state and will henceforth be managed by OpenTofu.

❯ tofu state show proxmox_virtual_environment_container.test_container
# proxmox_virtual_environment_container.test_container:.test_container 
resource "proxmox_virtual_environment_container" "test_container" {
    id        = "100"
    node_name = "pve"
    started   = true
    tags      = []
    template  = false

    disk {
        datastore_id = "local-lvm"
        size         = 8
    }

    initialization {
        hostname = "test"
    }

    network_interface {
        bridge      = "vmbr0"
        enabled     = true
        firewall    = true
        mac_address = "BC:24:11:A9:5C:E2"
        mtu         = 0
        name        = "vmbr0"
        rate_limit  = 0
        vlan_id     = 0
    }

    operating_system {
        type = "ubuntu"
    }
}

unprivileged = false by default, so that's explainable.

But I'm not sure why the import block behaves differently:

❯ tofu plan -generate-config-out=plan.tf
proxmox_virtual_environment_container.test_container: Preparing import... [id=pve/100]
proxmox_virtual_environment_container.test_container: Refreshing state... [id=100]

OpenTofu used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

OpenTofu will perform the following actions:

  # proxmox_virtual_environment_container.test_container must be replaced
  # (imported from "pve/100")
  # Warning: this will destroy the imported resource
-/+ resource "proxmox_virtual_environment_container" "test_container" {
      ~ id             = "100" -> (known after apply)
        node_name      = "pve"
      + start_on_boot  = true
        started        = true
      - tags           = [] -> null
        template       = false
      + timeout_clone  = 1800
      + timeout_create = 1800
      + timeout_delete = 60
      + timeout_start  = 300
      + timeout_update = 1800
      + unprivileged   = false # forces replacement
      + vm_id          = (known after apply)

      - disk { # forces replacement
          - datastore_id = "local-lvm" -> null # forces replacement
          - size         = 8 -> null # forces replacement
        }

      - initialization {
          - hostname = "test" -> null
        }

      - network_interface {
          - bridge      = "vmbr0" -> null
          - enabled     = true -> null
          - firewall    = true -> null
          - mac_address = "BC:24:11:A9:5C:E2" -> null
          - mtu         = 0 -> null
          - name        = "vmbr0" -> null
          - rate_limit  = 0 -> null
          - vlan_id     = 0 -> null
        }

      - operating_system { # forces replacement
          - type = "ubuntu" -> null
        }
    }

Plan: 1 to import, 1 to add, 0 to change, 1 to destroy.

Regardless, the import is incomplete. For example, the operating_system block is missing the template_file_id attribute, which is mandatory, while it technically shouldn't be. And I guess there are other discrepancies.

Import is not something that I use often, so this functionality might be half-baked.

@lingfish
Copy link
Contributor Author

Thanks for your attention here, appreciate it.

My current use case is to migrate most/all of my infra to TF/Tofu, previously all created manually. I was hoping for a quicker/smoother/easier transition than basically bit-by-bit building tf files.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🐛 bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bpg @lingfish