Search code examples
oracle-cloud-infrastructureterraform-provider-oci

Create a Network Load Balancer on Oracle Cloud Infrastructure with a Reserved IP using Terraform

Using Terraform to set up a Network Load Balancer on Oracle Cloud Infrastructure, it works as expected if created with an ephemeral public IP, however one created using a reserved public IP does not respond. Here are the exact Terraform resourses used to create the load balancer:

resource "oci_core_public_ip" "ip" {
  for_each = { for lb in var.load_balancers: lb.subnet => lb if ! lb.private 
  compartment_id = local.compartment_ocid
  display_name   = "${var.name}-public-ip"
  lifetime       = "RESERVED"
  lifecycle {
    prevent_destroy = true
  }
}

resource "oci_network_load_balancer_network_load_balancer" "nlb" {
  for_each = { for lb in var.load_balancers: lb.subnet => lb if lb.type == "network" }
  compartment_id      = local.compartment_ocid
  display_name        = "${var.name}-network-load-balancer"
  subnet_id           = oci_core_subnet.s[each.value.subnet].id
  is_private          = each.value.private
 #reserved_ips {
 #  id = oci_core_public_ip.ip[each.value.subnet].id
 #}
}

All of the other resources: security list rules, listeners, backend set and backends, etc, etc, are created such that the above works. If, however I uncomment the assignment of reserved_ips to the network load balancer then it does not work: no response from the load balancer's public IP. Everything is the same except those three lines being uncommented.

Between each test I tear down everything and recreate with Terraform. It always works with an ephemeral IP and never works with the reserved IP. Why? What am I missing? Or does this just not work as advertised?

The Terraform version is v1.3.4 and the resource version is oracle/oci version 4.98.0.

Solution

  • The reserved IP is set up correctly however the terraform provider removes its association with the load balancer's private IP. Closer inspection of the Terraform output shows this

      ~ resource "oci_core_public_ip" "ip" {
        id                   = "ocid1.publicip.oc1.uk-london-1.ama...sta"
      - private_ip_id        = "ocid1.privateip.oc1.uk-london-1.abw...kya" -> null
        # (11 unchanged attributes hidden)
    }

    Manually replacing it fixes it (until the next tf run)

    $ oci network public-ip update --public-ip-id ocid1.publicip.oc1.uk-london-1.ama...rrq --private-ip-id ocid1.privateip.oc1.uk-london-1.abw...kya

    There is a bug ticket on Terraform's github.