Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The Cloudflare Tunnel Route fail to be created during boot time #14

Open
timoa opened this issue Jun 2, 2022 · 1 comment
Open

The Cloudflare Tunnel Route fail to be created during boot time #14

timoa opened this issue Jun 2, 2022 · 1 comment
Assignees
@timoa
Labels
bug Something isn't working

Comments

@timoa
Copy link
Owner

timoa commented Jun 2, 2022

On the first run, the provisioning of the instance is failing when Cloudflare Zero Trust is enabled due to the cloudflare_tunnel_route.cf_tunnel_route.

The error is triggered due to a network not being ready on the instance.

It can be because it tried to create the Tunnel route during the reboot of the instance if there are OS updates that needs a reboot (kernel updates for ex.) or the instance is just not ready.

The fix can be to use a depends_on resource like the null_resource.common_playbook or another resource that makes sure that the instance is up and running (after the 1st reboot).
@timoa timoa added the bug Something isn't working label Jun 2, 2022
@timoa timoa self-assigned this Jun 2, 2022
@timoa
Copy link
Owner Author

timoa commented Jun 3, 2022

From what I have investigated, the tunnel needs to be created when cloudflared has been installed and running.

I made a depends_on on the Cloudflare install script, but it seems that the Cloudflare provider is trying to change the wrong tunnel route since the private IP used as an ID is changing when the instance is replaced.

Example:

cloudflare_tunnel_route.cf_tunnel_route[0]: Modifying... [id=10.1.20.8/32]
[...]
│ Error: error updating Tunnel Route for Network "10.1.20.24/32": You are trying to modify the route for a network that isn't routed. Please add the network before modifying it. Or, check that you specified the correct network. (1015)

│   with cloudflare_tunnel_route.cf_tunnel_route[0],
│   on cloudflare.tf line 39, in resource "cloudflare_tunnel_route" "cf_tunnel_route":
│   39: resource "cloudflare_tunnel_route" "cf_tunnel_route" {

If reapply, the terraform apply will create the right tunnel route:

cloudflare_tunnel_route.cf_tunnel_route[0]: Refreshing state... [id=10.1.20.8/32]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # cloudflare_tunnel_route.cf_tunnel_route[0] will be created
  + resource "cloudflare_tunnel_route" "cf_tunnel_route" {
      + account_id = (sensitive)
      + comment    = "Tunnel Route for VSCode Server"
      + id         = (known after apply)
      + network    = "10.1.20.24/32"
      + tunnel_id  = "a2c43bab-e8bc-47e8-a9ed-dd3c0de84390"
    }

Plan: 1 to add, 0 to change, 0 to destroy.
cloudflare_tunnel_route.cf_tunnel_route[0]: Creating...
cloudflare_tunnel_route.cf_tunnel_route[0]: Creation complete after 2s [id=10.1.20.24/32]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@timoa timoa

Labels
bug Something isn't working
Projects
Terraform OCI VSCode Server
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
1 participant
@timoa