0

Looking for some help on importing FSxN ONTAP existing resources. I have everything identical to existing infrastructure at AWS, however while importing the resource to Terraform, It keeps on notifying to destroy and recreate resources.

The area where it says "forces replacement", was verified multiple times but I am out of idea what is wrong or terraform is looking differently.

Any help would be great.

  # module.fsxn05.aws_fsx_ontap_file_system.FsxnFs must be replaced
-/+ resource "aws_fsx_ontap_file_system" "FsxnFs" {
      ~ arn                               = "arn:aws:fsx:us-west-2:XXXXXXXXXX:file-system/fs-XXXXXXXXXX" -> (known after apply)
      + dns_name                          = (known after apply)
      + endpoint_ip_address_range         = (known after apply)
      ~ endpoints                         = [
          - {
              - intercluster = [
                  - {
                      - dns_name     = "intercluster.fs-XXXXXXXXXX.fsx.us-west-2.amazonaws.com"
                      - ip_addresses = [
                          - "XX.XX.XX.XX",
                          - "XX.XX.XX.XX",
                        ]
                    },
                ]
              - management   = [
                  - {
                      - dns_name     = "management.fs-XXXXXXXXXX.fsx.us-west-2.amazonaws.com"
                      - ip_addresses = [
                          - "XX.XX.XX.XX",
                        ]
                    },
                ]
            },
        ] -> (known after apply)
      + fsx_admin_password                = (sensitive value)
      ~ id                                = "fs-XXXXXXXXXX" -> (known after apply)
      ~ network_interface_ids             = [
          - "eni-XXXXXXXXXX",
          - "eni-XXXXXXXXXX",
        ] -> (known after apply)
      ~ owner_id                          = "XXXXXXXXXX" -> (known after apply)
      + security_group_ids                = [ # forces replacement
          + "sg-XXXXXXXXXX",
        ]
      ~ vpc_id                            = "vpc-XXXXXXXXXX" -> (known after apply)
      ~ weekly_maintenance_start_time     = "1:06:30" -> "6:07:00"
        # (8 unchanged attributes hidden)

      - disk_iops_configuration {
          - iops = 15372 -> null
          - mode = "AUTOMATIC" -> null
        }
    }

  # module.fsxn05.aws_fsx_ontap_storage_virtual_machine.FsxnSvm[0] must be replaced
-/+ resource "aws_fsx_ontap_storage_virtual_machine" "FsxnSvm" {
      ~ arn                        = "arn:aws:fsx:us-west-2:XXXXXXXXXX:storage-virtual-machine/fs-XXXXXXXXXX/svm-XXXXXXXXXX" -> (known after apply)
      ~ endpoints                  = [
          - {
              - iscsi      = [
                  - {
                      - dns_name     = "iscsi.svm-XXXXXXXXXX.fs-XXXXXXXXXX.fsx.us-west-2.amazonaws.com"
                      - ip_addresses = [
                          - "XX.XX.XX.XX",
                          - "XX.XX.XX.XX",
                        ]
                    },
                ]
              - management = [
                  - {
                      - dns_name     = "svm-XXXXXXXXXX.fs-XXXXXXXXXX.fsx.us-west-2.amazonaws.com"
                      - ip_addresses = [
                          - "XX.XX.XX.XX",
                        ]
                    },
                ]
              - nfs        = [
                  - {
                      - dns_name     = "svm-XXXXXXXXXX.fs-XXXXXXXXXX.fsx.us-west-2.amazonaws.com"
                      - ip_addresses = [
                          - "XX.XX.XX.XX",
                        ]
                    },
                ]
              - smb        = [
                  - {
                      - dns_name     = "<SVM-INSTANCE01.EXAMPLE.COM>"
                      - ip_addresses = [
                          - "XX.XX.XX.XX",
                        ]
                    },
                ]
            },
        ] -> (known after apply)
      ~ file_system_id             = "fs-XXXXXXXXXX" -> (known after apply)
      ~ id                         = "svm-XXXXXXXXXX" -> (known after apply)
        name                       = "<SVM-INSTANCE01>"
      + root_volume_security_style = "UNIX" # forces replacement
      ~ subtype                    = "DEFAULT" -> (known after apply)
      + svm_admin_password         = (sensitive value)
      ~ uuid                       = "XXXXXXXXXX-2cbb-11ee-a56a-XXXXXXXXXX" -> (known after apply)
    }

Please find my code below:

resource "aws_fsx_ontap_file_system" "FsxnFs" {

  subnet_ids          = var.private_subnet_ids
  preferred_subnet_id = var.private_subnet_ids[0]
  security_group_ids  = [data.aws_security_group.sg_fsxn.id]
  deployment_type     = var.deployment_type

  storage_type        = "SSD"
  storage_capacity    = var.storage_capacity
  throughput_capacity = var.throughput_capacity
  kms_key_id          = var.encryption_key

  fsx_admin_password            = data.aws_ssm_parameter.fsx_admin.value
  weekly_maintenance_start_time = "6:07:00"

  lifecycle {
    ignore_changes = [
      storage_capacity
    ]
  }

  tags = merge(
    local.common_tags, local.project_tags,
    {
      "Name" : "ONTAP-${upper(var.filesystem_name)}-${upper(var.env)}-${var.region}"
    }
  )
}

resource "aws_fsx_ontap_storage_virtual_machine" "FsxnSvm" {

  file_system_id = aws_fsx_ontap_file_system.FsxnFs.id
  count          = length(var.svm_names)
  name           = var.svm_names[count.index]

  root_volume_security_style = "UNIX"
  svm_admin_password         = data.aws_ssm_parameter.svm_admin.value
  active_directory_configuration {
    netbios_name = var.svm_names[count.index]

    self_managed_active_directory_configuration {
      dns_ips = [
        local.dns_primary,
        local.dns_secondary
      ]
      domain_name                            = upper("${local.dc_name}.example.com")
      organizational_unit_distinguished_name = "OU=AWSServers,OU=Servers,DC=${local.dc_name},DC=example,DC=com"

      username = "<SVC_UID>"
      password = data.aws_ssm_parameter.core_awsfsx_svc.value
    }
  }

  depends_on = [
    aws_fsx_ontap_file_system.FsxnFs
  ]

  tags = merge(
    local.common_tags, local.project_tags,
    {
      "Name" = var.svm_names[count.index]
    }
  )
}
Rio
  • 595
  • 1
  • 6
  • 27
  • Can you add the code to the question? – Marko E Aug 07 '23 at 18:30
  • Hi @MarkoE, Added my code as requested – Rio Aug 07 '23 at 18:47
  • Ok, so the security group parameter change is causing this. Can you add the value manually and test if that will work? – Marko E Aug 07 '23 at 18:52
  • I made sure the SG ID is what it is resolving from data block already. the existing resource is using same SG as in code its required to use. – Rio Aug 07 '23 at 18:54
  • If you look at the SVM, it says "UNIX" as file system type is getting force replacement. However the existing one has "UNIX" too. – Rio Aug 07 '23 at 18:55

0 Answers0