+1 (binding)
I checked the source tarball checksum and gpg signature, and using the RC1
build was able to test a simple VM deployment in a zone in an isolated network
with some firewall rules applied, against a KVM based ACS 4.16.0.0 env.
(note: in my testing, in the first run the firewall application met with some
failure but on second try of terraform apply it worked, see run log below)
Source tarball verification:
gpg: Signature made Wed Jan 19 15:33:18 2022 IST
gpg: using RSA key 1031D6946F8A7C4B0C3E9EEFAEA5313845ADC482
gpg: Good signature from "Harikrishna Patnala (github gpg)
<harikrishna.patn...@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1031 D694 6F8A 7C4B 0C3E 9EEF AEA5 3138 45AD C482
Run log for reference:
# terraform apply
Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the
following symbols:
+ create
Terraform will perform the following actions:
# cloudstack_egress_firewall.default will be created
+ resource "cloudstack_egress_firewall" "default" {
+ id = (known after apply)
+ managed = false
+ network_id = (known after apply)
+ parallelism = 2
+ rule {
+ cidr_list = [
+ "10.200.0.0/24",
]
+ icmp_code = (known after apply)
+ icmp_type = (known after apply)
+ ports = [
+ "21",
+ "22",
+ "443",
+ "80",
]
+ protocol = "tcp"
+ uuids = (known after apply)
}
}
# cloudstack_firewall.default will be created
+ resource "cloudstack_firewall" "default" {
+ id = (known after apply)
+ ip_address_id = (known after apply)
+ managed = false
+ parallelism = 2
+ rule {
+ cidr_list = [
+ "0.0.0.0/0",
]
+ icmp_code = (known after apply)
+ icmp_type = (known after apply)
+ ports = [
+ "22",
+ "443",
+ "80",
]
+ protocol = "tcp"
+ uuids = (known after apply)
}
}
# cloudstack_instance.web will be created
+ resource "cloudstack_instance" "web" {
+ display_name = "VM1Test"
+ expunge = true
+ group = (known after apply)
+ id = (known after apply)
+ ip_address = (known after apply)
+ name = "VM1Test"
+ network_id = (known after apply)
+ project = (known after apply)
+ root_disk_size = (known after apply)
+ service_offering = "688de728-5d70-42b5-9913-someID"
+ start_vm = true
+ tags = (known after apply)
+ template = "someID-1d5b-4335-a9e7-someID"
+ zone = "someID-cf47-4b0b-8cf0-someID"
}
# cloudstack_ipaddress.newIP1 will be created
+ resource "cloudstack_ipaddress" "newIP1" {
+ id = (known after apply)
+ ip_address = (known after apply)
+ is_portable = false
+ is_source_nat = (known after apply)
+ network_id = (known after apply)
+ project = (known after apply)
+ tags = (known after apply)
}
# cloudstack_ipaddress.newIP2 will be created
+ resource "cloudstack_ipaddress" "newIP2" {
+ id = (known after apply)
+ ip_address = (known after apply)
+ is_portable = false
+ is_source_nat = (known after apply)
+ network_id = (known after apply)
+ project = (known after apply)
+ tags = (known after apply)
}
# cloudstack_network.N1 will be created
+ resource "cloudstack_network" "N1" {
+ acl_id = "none"
+ cidr = "10.200.0.0/24"
+ display_text = (known after apply)
+ endip = (known after apply)
+ gateway = (known after apply)
+ id = (known after apply)
+ name = "Network1"
+ network_domain = (known after apply)
+ network_offering = "DefaultIsolatedNetworkOfferingWithSourceNatService"
+ project = (known after apply)
+ source_nat_ip_id = (known after apply)
+ startip = (known after apply)
+ tags = (known after apply)
+ zone = "someID-cf47-4b0b-8cf0-e8256cea9bef"
}
# cloudstack_port_forward.default will be created
+ resource "cloudstack_port_forward" "default" {
+ id = (known after apply)
+ ip_address_id = (known after apply)
+ managed = false
+ forward {
+ private_port = 22
+ protocol = "tcp"
+ public_port = 22
+ uuid = (known after apply)
+ virtual_machine_id = (known after apply)
}
}
# cloudstack_static_nat.default will be created
+ resource "cloudstack_static_nat" "default" {
+ id = (known after apply)
+ ip_address_id = (known after apply)
+ project = (known after apply)
+ virtual_machine_id = (known after apply)
+ vm_guest_ip = (known after apply)
}
Plan: 8 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
cloudstack_network.N1: Creating...
cloudstack_network.N1: Creation complete after 1s
[id=e4f3d1b8-4fbb-49ec-8df9-76cb65c48129]
cloudstack_ipaddress.newIP1: Creating...
cloudstack_instance.web: Creating...
cloudstack_egress_firewall.default: Creating...
cloudstack_ipaddress.newIP1: Creation complete after 1s
[id=8d441288-1d8f-4fda-bdd8-e19e7fce6bd2]
cloudstack_ipaddress.newIP2: Creating...
cloudstack_firewall.default: Creating...
cloudstack_ipaddress.newIP2: Creation complete after 2s
[id=aa79d2fb-14eb-4bc9-a134-fc1f434e5a86]
cloudstack_instance.web: Still creating... [10s elapsed]
cloudstack_instance.web: Still creating... [20s elapsed]
cloudstack_instance.web: Still creating... [30s elapsed]
cloudstack_instance.web: Still creating... [40s elapsed]
cloudstack_instance.web: Still creating... [50s elapsed]
cloudstack_instance.web: Still creating... [1m0s elapsed]
cloudstack_instance.web: Still creating... [1m10s elapsed]
cloudstack_instance.web: Still creating... [1m20s elapsed]
cloudstack_instance.web: Still creating... [1m30s elapsed]
cloudstack_instance.web: Still creating... [1m40s elapsed]
cloudstack_instance.web: Still creating... [1m50s elapsed]
cloudstack_instance.web: Still creating... [2m0s elapsed]
cloudstack_instance.web: Still creating... [2m10s elapsed]
cloudstack_instance.web: Still creating... [2m20s elapsed]
cloudstack_instance.web: Still creating... [2m30s elapsed]
cloudstack_instance.web: Creation complete after 2m33s
[id=d6f87514-f7cd-4c47-9716-2a862486dea9]
cloudstack_static_nat.default: Creating...
cloudstack_port_forward.default: Creating...
cloudstack_port_forward.default: Creation complete after 8s
[id=8d441288-1d8f-4fda-bdd8-e19e7fce6bd2]
cloudstack_static_nat.default: Creation complete after 10s
[id=aa79d2fb-14eb-4bc9-a134-fc1f434e5a86]
╷
│ Error: 1 error occurred:
│ * Undefined error: {"errorcode":530,"errortext":"Failed to create firewall
rule"}
│
│
│
│ with cloudstack_firewall.default,
│ on config.tf line 119, in resource "cloudstack_firewall" "default":
│ 119: resource "cloudstack_firewall" "default" {
│
╵
╷
│ Error: 1 error occurred:
│ * Undefined error: {"errorcode":530,"errortext":"Failed to create firewall
rule"}
│
│
│
│ with cloudstack_egress_firewall.default,
│ on config.tf line 144, in resource "cloudstack_egress_firewall" "default":
│ 144: resource "cloudstack_egress_firewall" "default" {
│
╵
# terraform apply
cloudstack_network.N1: Refreshing state...
[id=e4f3d1b8-4fbb-49ec-8df9-76cb65c48129]
cloudstack_ipaddress.newIP1: Refreshing state...
[id=8d441288-1d8f-4fda-bdd8-e19e7fce6bd2]
cloudstack_instance.web: Refreshing state...
[id=d6f87514-f7cd-4c47-9716-2a862486dea9]
cloudstack_egress_firewall.default: Refreshing state...
[id=e4f3d1b8-4fbb-49ec-8df9-76cb65c48129]
cloudstack_ipaddress.newIP2: Refreshing state...
[id=aa79d2fb-14eb-4bc9-a134-fc1f434e5a86]
cloudstack_firewall.default: Refreshing state...
[id=8d441288-1d8f-4fda-bdd8-e19e7fce6bd2]
cloudstack_static_nat.default: Refreshing state...
[id=aa79d2fb-14eb-4bc9-a134-fc1f434e5a86]
cloudstack_port_forward.default: Refreshing state...
[id=8d441288-1d8f-4fda-bdd8-e19e7fce6bd2]
Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the
following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# cloudstack_egress_firewall.default is tainted, so must be replaced
-/+ resource "cloudstack_egress_firewall" "default" {
~ id = "e4f3d1b8-4fbb-49ec-8df9-76cb65c48129" -> (known after
apply)
# (3 unchanged attributes hidden)
- rule {
- cidr_list = [
- "10.200.0.0/24",
] -> null
- icmp_code = 0 -> null
- icmp_type = 0 -> null
- ports = [
- "22",
- "443",
- "80",
] -> null
- protocol = "tcp" -> null
- uuids = {
- "22" = "d1a666bc-13f0-41b7-a642-58c28031a1fb"
- "443" = "c323e6fb-65ae-4265-992f-3124736d38c6"
- "80" = "3ee81703-7c38-4d7c-b07f-e4546c1eeb11"
} -> null
}
+ rule {
+ cidr_list = [
+ "10.200.0.0/24",
]
+ icmp_code = (known after apply)
+ icmp_type = (known after apply)
+ ports = [
+ "21",
+ "22",
+ "443",
+ "80",
]
+ protocol = "tcp"
+ uuids = (known after apply)
}
}
# cloudstack_firewall.default is tainted, so must be replaced
-/+ resource "cloudstack_firewall" "default" {
~ id = "8d441288-1d8f-4fda-bdd8-e19e7fce6bd2" -> (known after
apply)
# (3 unchanged attributes hidden)
- rule {
- cidr_list = [
- "0.0.0.0/0",
] -> null
- icmp_code = 0 -> null
- icmp_type = 0 -> null
- ports = [
- "22",
- "80",
] -> null
- protocol = "tcp" -> null
- uuids = {
- "22" = "fd460768-8b97-4ee0-858c-ee5fb3193f75"
- "80" = "c21c86a3-d72e-4e73-b458-4e60d5b8f153"
} -> null
}
+ rule {
+ cidr_list = [
+ "0.0.0.0/0",
]
+ icmp_code = (known after apply)
+ icmp_type = (known after apply)
+ ports = [
+ "22",
+ "443",
+ "80",
]
+ protocol = "tcp"
+ uuids = (known after apply)
}
}
Plan: 2 to add, 0 to change, 2 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
cloudstack_firewall.default: Destroying...
[id=8d441288-1d8f-4fda-bdd8-e19e7fce6bd2]
cloudstack_egress_firewall.default: Destroying...
[id=e4f3d1b8-4fbb-49ec-8df9-76cb65c48129]
cloudstack_firewall.default: Destruction complete after 8s
cloudstack_firewall.default: Creating...
cloudstack_egress_firewall.default: Still destroying...
[id=e4f3d1b8-4fbb-49ec-8df9-76cb65c48129, 10s elapsed]
cloudstack_egress_firewall.default: Destruction complete after 15s
cloudstack_egress_firewall.default: Creating...
cloudstack_firewall.default: Still creating... [10s elapsed]
cloudstack_egress_firewall.default: Still creating... [10s elapsed]
cloudstack_firewall.default: Creation complete after 18s
[id=8d441288-1d8f-4fda-bdd8-e19e7fce6bd2]
cloudstack_egress_firewall.default: Creation complete after 18s
[id=e4f3d1b8-4fbb-49ec-8df9-76cb65c48129]
Apply complete! Resources: 2 added, 0 changed, 2 destroyed.
Regards.
________________________________
From: Harikrishna Patnala <harikrishna.patn...@shapeblue.com>
Sent: Wednesday, January 19, 2022 16:09
To: 'us...@cloudstack.apache.org' <us...@cloudstack.apache.org>;
dev@cloudstack.apache.org <dev@cloudstack.apache.org>
Subject: [VOTE] Release Apache CloudStack Terraform Provider v0.4.0
Hi All,
I've created a v0.4.0 release of CloudStack Terraform Provider, with the
following
artifacts up for a vote:
Link to the latest CloudStack Terraform Provider artifact with version
"0.4.0-RC1":
https://registry.terraform.io/providers/cloudstack/cloudstack/0.4.0-RC1
Git Branch and commit SHA:
https://github.com/cloudstack/terraform-provider-cloudstack/commit/9496d6a0d029a808dd8876c9119703d6b3bf8c9c
Commit:
9496d6a0d029a808dd8876c9119703d6b3bf8c9c
GitHub pre-release (for RC1 testing, contains changelog,
artifacts/binaries to test, checksums/usage details):
https://github.com/cloudstack/terraform-provider-cloudstack/releases/tag/v0.4.0-RC1
Source release (checksums and signatures are available at the same location):
https://dist.apache.org/repos/dist/dev/cloudstack/terraform-provider-0.4.0-RC1/
PGP release keys (signed using 1031D6946F8A7C4B0C3E9EEFAEA5313845ADC482)
https://dist.apache.org/repos/dist/release/cloudstack/KEYS
The vote will be open until January 31st, 2022.
For sanity in tallying the vote, can PMC members please be sure to
indicate "(binding)" with their vote?
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and the reason why)
Regards,
Harikrishna
