Hello,
I wrote a script which should create a project(module project-factory), vpc ( module network/google) and then peer with a existing network. Which worked great but then i added creating 2 manged dns zones. When i apply get this error message:
Error: Error adding network peering: googleapi: Error 400: There is a route operation in progress on the local or peer network. Try again later., badRequest
on main.tf line 76, in resource “google_compute_network_peering” “main_project”:
76: resource “google_compute_network_peering” “main_project” {
Error: Error adding network peering: googleapi: Error 400: There is a route operation in progress on the local or peer network. Try again later., badRequest
on main.tf line 84, in resource “google_compute_network_peering” “sub_project”:
84: resource “google_compute_network_peering” “sub_project” {
Then i apply again and it works. It seems like three is a timing issue but normal there should be an issue because the dns has a attribute from network so it should wait for it.
Here is an code snippet:
data “google_folder” “service_folder” {
folder = var.service_folder_id
lookup_organization = true
}
data “google_billing_account” “billing_account” {
display_name = var.billing_account_name
open = true
}
data “google_compute_network” “main_project” {
project = var.host_project_id
name = substr(var.ip_cidr_range, 0, 6) == “10.207” ? var.vpc_network_host_sz : var.vpc_network_host_hs
}
module “service_project” {
source = “./modules/project_factory”
credentials_path = “./account.json”
name = var.project_id
project_id = var.project_id
org_id = “”
folder_id = data.google_folder.service_folder.name
billing_account = data.google_billing_account.billing_account.id
auto_create_network = “true”
activate_apis = [“compute.googleapis.com”, “dns.googleapis.com”]
disable_dependent_services = “false”
disable_services_on_destroy = “false”
}
resource “google_project_iam_policy” “project” {
project = module.service_project.project_id
policy_data = data.google_iam_policy.owner.policy_data
}
data “google_iam_policy” “owner” {
binding {
role = “roles/owner”
members = [
"serviceAccount:sa-terraform-script-admin@x.iam.gserviceaccount.com",
]
}
binding {
role = “”
members = [
"group:${var.group_email}",
]
}
}
module “vpc” {
source = “./modules/network”
project_id = module.service_project.project_id
network_name = “vpc-{var.project_id}"
delete_default_internet_gateway_routes = "true"
subnets = [
{
subnet_name = "subnetz-{var.project_id}”
subnet_ip = var.ip_cidr_range
subnet_region = var.subnetwork_region
subnet_private_access = “true”
}
]
secondary_ranges = {
“subnetz-${var.project_id}” =
}
}
resource “google_compute_network_peering” “main_project” {
provider = “google-beta”
name = “peering-host-project-service-${var.project_id}”
network = data.google_compute_network.main_project.self_link
peer_network = module.vpc.network_self_link
export_custom_routes = “true”
}
resource “google_compute_network_peering” “sub_project” {
provider = “google-beta”
name = “peering-service-${var.project_id}-host-project”
network = module.vpc.network_self_link
peer_network = data.google_compute_network.main_project.self_link
import_custom_routes = “true”
}
resource “google_compute_firewall” “sub_project” {
project = module.service_project.project_id
name = “fw-allow-all-vpc-${var.project_id}”
network = module.vpc.network_self_link
direction = “INGRESS”
priority = “1000”
source_ranges = [“0.0.0.0/0”]
allow {
protocol = “all”
}
}
resource “google_dns_managed_zone” “gcr-zone” {
project = module.service_project.project_id
name = “gcr-zone”
dns_name = “gcr.io.”
description = “internal-to-gcr”
visibility = “private”
private_visibility_config {
networks {
network_url = module.vpc.network_self_link
}
}
}
resource “google_dns_record_set” “a-gcr” {
project = module.service_project.project_id
name = “${google_dns_managed_zone.gcr-zone.dns_name}”
type = “A”
ttl = 300
managed_zone = “${google_dns_managed_zone.gcr-zone.name}”
rrdatas = [
]
}
resource “google_dns_record_set” “cname-gcr” {
project = module.service_project.project_id
name = “*.{google_dns_managed_zone.gcr-zone.dns_name}"
managed_zone = "{google_dns_managed_zone.gcr-zone.name}”
type = “CNAME”
ttl = 300
rrdatas = [“gcr.io.”]
}
resource “google_compute_route” “default” {
project = module.service_project.project_id
name = “dns-route-to-google”
dest_range = “”
network = module.vpc.network_self_link
next_hop_gateway = “default-internet-gateway”
priority = 1000
}
resource “google_dns_managed_zone” “googleapi-zone” {
project = module.service_project.project_id
name = “googleapis-zone”
dns_name = “googleapis.com.”
description = “internal-to-googleapis”
visibility = “private”
private_visibility_config {
networks {
network_url = module.vpc.network_self_link
}
}
}
resource “google_dns_record_set” “a-googleapis” {
project = module.service_project.project_id
name = “restricted.${google_dns_managed_zone.googleapi-zone.dns_name}”
type = “A”
ttl = 300
managed_zone = “${google_dns_managed_zone.googleapi-zone.name}”
rrdatas = [
]
}
resource “google_dns_record_set” “cname-google-apis” {
project = module.service_project.project_id
name = “*.{google_dns_managed_zone.googleapi-zone.dns_name}"
managed_zone = "{google_dns_managed_zone.googleapi-zone.name}”
type = “CNAME”
ttl = 300
rrdatas = [“restricted.googleapis.com.”]
}
How can i avoid this?
Regards,