azureterraformterraform-provider-azure
Unable to ping azure vm1 to azure vm2
I am trying to implement hub and spoke POC in azure playground. However all resources got implemented but I still can't ping vm1 to vm2 or vice versa. Below is the code. Please note that I have as pic I have allowed wild card in both vms nsg ports in inbound port. I have deployed vm1 in subnet1 and vm2 in subnet2
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.115.0"
}
tls = {
source = "hashicorp/tls"
version = "~>4.0"
}
}
}
provider "azurerm" {
features {}
skip_provider_registration = true
}
data "azurerm_resource_group" "myrg" {
name = "1-cace0afe-playground-sandbox"
}
# Hub VNet
resource "azurerm_virtual_network" "hub_vnet" {
name = "hub-vnet"
address_space = ["10.0.0.0/16"]
location = data.azurerm_resource_group.myrg.location
resource_group_name = data.azurerm_resource_group.myrg.name
}
# Spoke 1 VNet
resource "azurerm_virtual_network" "spoke1_vnet" {
name = "spoke1-vnet"
address_space = ["10.1.0.0/16"]
location = data.azurerm_resource_group.myrg.location
resource_group_name = data.azurerm_resource_group.myrg.name
}
# Spoke 2 VNet
resource "azurerm_virtual_network" "spoke2_vnet" {
name = "spoke2-vnet"
address_space = ["10.2.0.0/16"]
location = data.azurerm_resource_group.myrg.location
resource_group_name = data.azurerm_resource_group.myrg.name
}
# Hub Subnet
resource "azurerm_subnet" "hub_subnet" {
name = "hub-subnet"
resource_group_name = data.azurerm_resource_group.myrg.name
virtual_network_name = azurerm_virtual_network.hub_vnet.name
address_prefixes = ["10.0.1.0/24"]
}
# Spoke 1 Subnet
resource "azurerm_subnet" "spoke1_subnet" {
name = "spoke1-subnet"
resource_group_name = data.azurerm_resource_group.myrg.name
virtual_network_name = azurerm_virtual_network.spoke1_vnet.name
address_prefixes = ["10.1.1.0/24"]
}
# Spoke 2 Subnet
resource "azurerm_subnet" "spoke2_subnet" {
name = "spoke2-subnet"
resource_group_name = data.azurerm_resource_group.myrg.name
virtual_network_name = azurerm_virtual_network.spoke2_vnet.name
address_prefixes = ["10.2.1.0/24"]
}
resource "azurerm_virtual_network_peering" "hub_to_spoke1" {
name = "hub-to-spoke1"
remote_virtual_network_id = azurerm_virtual_network.spoke1_vnet.id
virtual_network_name = azurerm_virtual_network.hub_vnet.name
resource_group_name = data.azurerm_resource_group.myrg.name
allow_virtual_network_access =true
allow_gateway_transit = true
allow_forwarded_traffic = true
use_remote_gateways = false
}
resource "azurerm_virtual_network_peering" "spoke1_to_hub" {
name = "spoke1-to-hub"
remote_virtual_network_id = azurerm_virtual_network.hub_vnet.id
virtual_network_name = azurerm_virtual_network.spoke1_vnet.name
resource_group_name = data.azurerm_resource_group.myrg.name
allow_virtual_network_access =true
allow_gateway_transit = false
allow_forwarded_traffic = true
use_remote_gateways = false
}
resource "azurerm_virtual_network_peering" "hub_to_spoke2" {
name = "hub-to-spoke2"
remote_virtual_network_id = azurerm_virtual_network.spoke2_vnet.id
virtual_network_name = azurerm_virtual_network.hub_vnet.name
resource_group_name = data.azurerm_resource_group.myrg.name
allow_virtual_network_access =true
allow_gateway_transit = true
allow_forwarded_traffic = true
use_remote_gateways = false
}
resource "azurerm_virtual_network_peering" "spoke2_to_hub" {
name = "spoke2-to-hub"
remote_virtual_network_id = azurerm_virtual_network.hub_vnet.id
virtual_network_name = azurerm_virtual_network.spoke2_vnet.name
resource_group_name = data.azurerm_resource_group.myrg.name
allow_virtual_network_access =true
allow_gateway_transit = false
allow_forwarded_traffic = true
use_remote_gateways = false
}
resource "azurerm_public_ip" "pipip1" {
allocation_method = "Static"
location = data.azurerm_resource_group.myrg.location
name = "pip1"
resource_group_name = data.azurerm_resource_group.myrg.name
}
resource "azurerm_public_ip" "pipip2" {
allocation_method = "Static"
location = data.azurerm_resource_group.myrg.location
name = "pip2"
resource_group_name = data.azurerm_resource_group.myrg.name
}
resource "azurerm_network_interface" "nic1" {
name = "nic1"
resource_group_name = data.azurerm_resource_group.myrg.name
location = data.azurerm_resource_group.myrg.location
ip_configuration {
name = "nic1-ip"
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.spoke1_subnet.id
public_ip_address_id = azurerm_public_ip.pipip1.id
}
}
resource "azurerm_network_interface" "nic2" {
name = "nic2"
resource_group_name = data.azurerm_resource_group.myrg.name
location = data.azurerm_resource_group.myrg.location
ip_configuration {
name = "nic2-ip"
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.spoke2_subnet.id
public_ip_address_id = azurerm_public_ip.pipip2.id
}
}
resource "azurerm_linux_virtual_machine" "vm1" {
name = "vm1"
resource_group_name = data.azurerm_resource_group.myrg.name
location = data.azurerm_resource_group.myrg.location
size = "Standard_B2s"
admin_username = "test"
network_interface_ids = [
azurerm_network_interface.nic1.id,
]
admin_ssh_key {
username = "sharat"
public_key = file("~/.ssh/id_rsa.pub")
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-jammy"
sku = "22_04-lts"
version = "latest"
}
}
resource "azurerm_linux_virtual_machine" "vm2" {
name = "vm2"
resource_group_name = data.azurerm_resource_group.myrg.name
location = data.azurerm_resource_group.myrg.location
size = "Standard_B2s"
admin_username = "test"
network_interface_ids = [
azurerm_network_interface.nic2.id,
]
admin_ssh_key {
username = "sharat"
public_key = file("~/.ssh/id_rsa.pub")
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-jammy"
sku = "22_04-lts"
version = "latest"
}
}
Solution
The reason VM1 and VM2 are not communicating is that they are in different VNets, and you haven't enabled peering between Spoke VNet1 and Spoke VNet2
To establish communication between VM1 and VM2, you need to create a peering between Spoke1 VNet and Spoke2 VNet. Only then will VM1 and VM2 be able to communicate with each other.
When I tried using the same Terraform configuration that you are using, I also got the same error.
Make sure to enable peering. Add the following Terraform code to your configuration to enable peering between Spoke VNet1 and Spoke VNet2.
resource "azurerm_virtual_network_peering" "spoke1-to-spoke2" {
name = "spoke1-to-spoke2"
resource_group_name = azurerm_resource_group.myrg.name
virtual_network_name = azurerm_virtual_network.spoke1_vnet.name
remote_virtual_network_id = azurerm_virtual_network.spoke2_vnet.id
allow_virtual_network_access =true
allow_gateway_transit = false
allow_forwarded_traffic = true
use_remote_gateways = false
}
resource "azurerm_virtual_network_peering" "spoke2-to-spoke1" {
name = "spoke2-to-spoke1"
resource_group_name = azurerm_resource_group.myrg.name
virtual_network_name = azurerm_virtual_network.spoke2_vnet.name
remote_virtual_network_id = azurerm_virtual_network.spoke1_vnet.id
allow_virtual_network_access =true
allow_gateway_transit = false
allow_forwarded_traffic = true
use_remote_gateways = false
}
Terraform Apply
After enabling the peering, the both the VM's are started communicating each other.
- Refresh an Azure search index
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- Query Azure SQL Database using Rest-API
- How to create a feature burndown chart in Azure DevOps?
- How to write a Bicep API Connection formrecognizer with api key
- Where can I find docker container logs for Azure App Service
- will looping GetBlobsAsync() but doing nothing in the loop body read the contents of the blob
- Connect to OneDrive using Python (msal) and client secret
- How to debug ServiceBus-triggered Azure Function locally?
- Does Azure Cognitive Services support (detect and compare) Handwritten Signatures and Stamps from two images?
- Modify ARM-Template for quick deployment
- Get request headers in azure functions NodeJs Http Trigger
- Filter specific items that are alone in an array of Collection String in Azure Search
- Azure Autoscaling Duration Time and Cool Down Time
- Partition Key for Cosmos DB
- How to extract TLS 1.X of all app services/web app running Azure
- VSTS Build Pipeline: Test fails connecting to Azure Key Vault
- How to Get BootStrapper.exe work in Windows Azure?
- Why Can't I See Roles Assigned to an App Registration in Azure?
- Email errors from all activities in ADF at once
- How can I ensure that Azure Text-to-Speech properly pronounces word-for-word translations?
- NGINX + Cloudflare SSL Certificate is not valid
- Error: AADSTS700213: No matching federated identity record found for presented assertion subject
- What the proper way to store PAT from azure registry for UV?
- Display Image stored in a sharepoint Site, on a pdf that i want to export
- Deploy Azure Initiative (set definition) with Azure PowerSHell
- Variables and Parameters in Azure Data Factory?
- Secret scoped role definition and assignment using bicep
- How to get the count of files inside a certain folder of container in Azure Blob storage in C#
- Getting Error while trying to do Terraform Import of Azure Disk Encryption Sets