1

I have created an HDInsight cluster with kafka using azurerm_hdinsight_kafka_cluster on a VNet (azurerm_virtual_network) with terraform. Due to which I get instances of Azure's network interface created implicitly by Azure Management Service.

I have also created azurerm_public_ip resources which I intend to associate with the network interfaces which are created implicitly as mentioned above.

This means, I need to update the implicitly created azurerm_network_interface resource with the azurerm_public_ip IP address via public_ip_address_id attribute.

I searched online for any documentation on updating the ip_configuration nested attribute of azurerm_network_interface (created implicitly), but unfortunately, did not find any.

Could anyone help me on this? I have not found any other resource in azurerm as well which might help me achieve this.

I would appreciate if someone could point me to an azurerm resource by which i can associate this or any other way possible.

Thanks in advance :)

How can I update ip_configuration of an azurerm_network_interface to add azurerm_public_ip?

Dishant Kamble
  • 239
  • 2
  • 4
  • 11

1 Answers1

0

I probably found a solution:

Using a null_resource from terraform for execute a local_exec with an Azure CLI command should do the trick.

Note: Make sure the local system has azure cli installed as prequisite.

e.g.: 

resource "null_resource" "foo" {
  count = 3

  provisioner "local-exec" {
    command = <<EOT
      az --service-principal -u <USERNAME> -p '<PASSWORD>' --tenant <TENANT-ID>
      az network nic ip-config update --resource-group ${azurerm_resource_group.foo.name} --name ${azurerm_network_interface.foo[count.index].ip_configuration[0].name} --nic-name ${azurerm_network_interface.foo[count.index].name} --public-ip-address ${azurerm_public_ip.foo[count.index].id}
    EOT
  }
}

The command can be referred from the Azure documentation here.

Dishant Kamble
  • 239
  • 2
  • 4
  • 11
  • Glad to know that your issue has resolved. You can accept it as answer( click on the check mark beside the answer to toggle it from greyed out to filled in.). This can be beneficial to other community members. Thank you. – CHEEKATLAPRADEEP May 19 '20 at 06:31
  • I've removed my answer as it doesn't work for azurerm_hdinsight_kafka_cluster. I don't think what you are proposing will work reliably as there is no commitment from Azure not to replace the NICs in the cluster. Is there a reason you want a publicly accessible Kafka cluster? Wouldn't you normally go through a VPN or bastion host to access the cluster via its SSH or HTTPS endpoint? Exposing it to the Internet seems very risky. – Alain O'Dea May 19 '20 at 09:43
  • We are advertising kafka brokers over public IPs which we created using terraform so that the topics can be accessed by producer and/or consumer applications which are running in a different PAAS. HDInsights does not allow kafka broker access from public by default due to which we need this. accessing the cluster is possible via ambari api, but access brokers is not possible from public without this method, but if you have an alternate please share I would like a simpler approach if exists. :) – Dishant Kamble May 20 '20 at 10:03