Hi,
I detailed my issue in the following GitHub issue : All additional disks are in allowed to have · Issue #32524 · hashicorp/terraform · GitHub
Terraform Version
[cs-cfme-ro@vmiadev01 dev1gcesim86rhel6431]$ terraform --version Terraform v1.3.7 on linux_amd64 + provider Terraform Registry v4.48.0 + provider Terraform Registry v4.48.0
Terraform Configuration Files
variables.tf.txt
variables.tfvars.txt
versions.tf.txt
disks.tf.txt
instances.tf.txt
outputs.tf.txt
startup-script-custom.txt
Debug Output
All works fine, but I cannot have the additional disks as the boot_disk : auto_delete = var.auto_delete
Nothing in document to allow me to have additional disks with auto_delete = true
Expected Behavior
I want to have in resource “google_compute_disk” named “gce_disk” an additional option to allow auto_delete = true
Actual Behavior
The management wants us to move out from ansible to Terraform … Ansible playbook works fine for GCE but changes require from us to perform CLI or REST API calls
When I am doing a delete of my GCE instance by TF all works but by passing by GCP REST API calls it does not work fully : additional disks are not removed.
TF is not compliant with GCP usage here, I should have the possibility to put auto_deletation of the disks at the termination of the GCE instance. Even with Ansible module I can do it with the module gce_pd : community.google.gce_pd module – utilize GCE persistent disk resources — Ansible Documentation
Questions :
- Why it is not possible with TF ?
- How do the auto_deletation = true for the additional disks in resource “google_compute_disk” ?
Thanks in advance
Steps to Reproduce
alias apply=‘echo “terraform apply -var-file=“variables.tfvars” -auto-approve”; terraform apply -var-file=“variables.tfvars” -auto-approve’
alias destroy=‘echo “terraform destroy -var-file=“variables.tfvars” -auto-approve”; terraform destroy -var-file=“variables.tfvars” -auto-approve’
alias plan=‘echo “terraform plan -var-file=“variables.tfvars””; terraform plan -var-file=“variables.tfvars”’
alias show='echo "terraform show "; terraform show ’
alias tf=‘terraform’
alias gcurl=‘curl -H “Authorization: Bearer $(gcloud auth print-access-token)” -H “Content-Type: application/json” -f --request’
1. init
2. apply
3. call GCP REST API to delete the GCE instance
[cs-cfme-ro@vmiadev01 dev1gcesim86rhel6431]$ gcloud compute instances describe dev1gcesim86rhel6431
No zone specified. Using zone [europe-west3-c] for instance: [dev1gcesim86rhel6431].
canIpForward: false
cpuPlatform: Intel Broadwell
creationTimestamp: ‘2023-01-16T23:41:38.763-08:00’
deletionProtection: false
description: GCE Instance built from Image dbg-clearstream-sz-61064e0c/cs-sz-rhel86-image
disks:
- autoDelete: true
boot: true
deviceName: dev1gcesim86rhel6431-bootdisk
diskSizeGb: ‘65’
index: 0
interface: SCSI
kind: compute#attachedDisk
licenses:
-
https://www.googleapis.com/compute/v1/projects/rhel-cloud/global/licenses/rhel-8-byos
mode: READ_WRITE
source: https://www.googleapis.com/compute/v1/projects/dbg-clearstream-simu-fe9d0e70/zones/europe-west3-c/disks/dev1gcesim86rhel6431
type: PERSISTENT
- autoDelete: false
boot: false
deviceName: dev1gcesim86rhel6431-vgdocker
diskEncryptionKey:
kmsKeyName: projects/dbg-kms-admin/locations/europe/keyRings/dbg_kms_keyring_clearstream_simu/cryptoKeys/dbg_clearstream_generic_gen_key_1/cryptoKeyVersions/1
kmsKeyServiceAccount: ‘’
diskSizeGb: ‘10’
index: 1
interface: SCSI
kind: compute#attachedDisk
mode: READ_WRITE
source: https://www.googleapis.com/compute/v1/projects/dbg-clearstream-simu-fe9d0e70/zones/europe-west3-c/disks/dev1gcesim86rhel6431-vgdocker
type: PERSISTENT
- autoDelete: false
boot: false
deviceName: dev1gcesim86rhel6431-sysvgsystem
diskEncryptionKey:
kmsKeyName: projects/dbg-kms-admin/locations/europe/keyRings/dbg_kms_keyring_clearstream_simu/cryptoKeys/dbg_clearstream_generic_gen_key_1/cryptoKeyVersions/1
kmsKeyServiceAccount: ‘’
diskSizeGb: ‘30’
index: 2
interface: SCSI
kind: compute#attachedDisk
mode: READ_WRITE
source: https://www.googleapis.com/compute/v1/projects/dbg-clearstream-simu-fe9d0e70/zones/europe-west3-c/disks/dev1gcesim86rhel6431-sysvgsystem
type: PERSISTENT
- autoDelete: false
boot: false
deviceName: dev1gcesim86rhel6431-oradbms-data
diskEncryptionKey:
kmsKeyName: projects/dbg-kms-admin/locations/europe/keyRings/dbg_kms_keyring_clearstream_simu/cryptoKeys/dbg_clearstream_generic_gen_key_1/cryptoKeyVersions/1
kmsKeyServiceAccount: ‘’
diskSizeGb: ‘10’
index: 3
interface: SCSI
kind: compute#attachedDisk
mode: READ_WRITE
source: https://www.googleapis.com/compute/v1/projects/dbg-clearstream-simu-fe9d0e70/zones/europe-west3-c/disks/dev1gcesim86rhel6431-oradbms-data
type: PERSISTENT
fingerprint: a8LN7x0ehi4=
hostname: dev1gcesim86rhel6431.cedelgroup.com
id: ‘3824673040305483742’
kind: compute#instance
labelFingerprint: 6BR2kr4uJd0=
labels:
applicationcode: aid539
applicationcomponent: cs_rhel_86
applicationid: aid539
costcenter: 5120_b1-02153
creator: bc405
environment: simulation
iaas_scheduler: yes
name: dev1gcesim86rhel6431
orchestrator: cloudforms
owner: bc405
product: assetservicing
productlineid: ‘0001996373’
project: mm-bau-infra
supportgroupid: ‘0001993695’
testcycle: standalone
lastStartTimestamp: ‘2023-01-16T23:41:54.118-08:00’
machineType: https://www.googleapis.com/compute/v1/projects/dbg-clearstream-simu-fe9d0e70/zones/europe-west3-c/machineTypes/n1-standard-1
metadata:
fingerprint: Fogo0aKQ7lY=
items: - key: serial-port-enable
value: ‘False’ - key: ssh-keys
value: cloud-user:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbiCq/tIw9upjgyc3z9mpnc596gwbR+pw/nZQ6JBrCQzp84wRlTGX7mRzjj6WvFdzownWbiy7kqJ+l/8S3YOxFBTnzDEL7x7ImncvCha3sqh2E/MLHf0H90uWnwzTCsaR9v/Nu7doVhm0/MIz3qQ8+z5zZSBRNDjqm/TTYChCRpmUEQCo/3y7VLX8kh47ysIPBiW6L7BTPWC11mOwAhLcPVMyoR98Eh/9uRcW8f7WNlr5yN67TqODR2b58a+DUlTW+qwXb3sQLrjn9/+ZIcQWg+rgev1dCjwgYyLGp/XbBsp0hfi1vhMssh2UlTznZmUUUlSH1OCkYErXB5l4TC/nz - key: startup-script-custom
value: |+
#!/bin/bash
(
major_rel=uname -r | sed 's/^.*\(el[0-9]\+\).*$/\1/'
case major_rel in el8|el7) echo "{major_rel}"
interface=$(ip route show default 0.0.0.0/0 | awk '{print 5}') connection=(nmcli -t -f name,device connection show | grep :interface | cut -d: -f 1) nmcli con mod "{connection}" ipv4.dns-search “cedelgroup.com var_domainname”
nmcli con up “${connection}”
systemctl stop chronyd
chronyd -q ‘server metadata.google.internal iburst’
systemctl start chronyd
;;
*)
echo “not a redhat 6 or 7 or 8”
;;
esac
echo “preserve_hostname: true” >> /etc/cloud/cloud.cfg
echo “10.139.99.226 vmcloudcapsule.cedelgroup.com” >> /etc/hosts
echo “10.139.103.222 vmsimucapsule.cedelgroup.com” >> /etc/hosts
depmod
) 2>&1 | tee /tmp/user_data.log
kind: compute#metadata
name: dev1gcesim86rhel6431
networkInterfaces:
- fingerprint: pTusdgG8pU4=
kind: compute#networkInterface
name: nic0
network: https://www.googleapis.com/compute/v1/projects/dbg-network-simu-538b66c7/global/networks/vpc-shared-simu-538b66c7
networkIP: 10.134.75.201
stackType: IPV4_ONLY
subnetwork: https://www.googleapis.com/compute/v1/projects/dbg-network-simu-538b66c7/regions/europe-west3/subnetworks/europe-west3-simu-cbl-private-vm-bat-1
resourcePolicies: -
https://www.googleapis.com/compute/v1/projects/dbg-clearstream-simu-fe9d0e70/regions/europe-west3/resourcePolicies/iaas-scheduler
scheduling:
automaticRestart: true
onHostMaintenance: MIGRATE
preemptible: false
provisioningModel: STANDARD
selfLink: https://www.googleapis.com/compute/v1/projects/dbg-clearstream-simu-fe9d0e70/zones/europe-west3-c/instances/dev1gcesim86rhel6431
startRestricted: false
status: RUNNING
tags:
fingerprint: XiAKmV658ao=
items:- clearstream-simu-iaas-bastion-client
- clearstream-simu-netbackup-client
- clearstream-simu-oracle
- clearstream-simu-oracle-dataguard
zone: https://www.googleapis.com/compute/v1/projects/dbg-clearstream-simu-fe9d0e70/zones/europe-west3-c
[cs-cfme-ro@vmiadev01 dev1gcesim86rhel6431]$ gcurl DELETE https://www.googleapis.com/compute/v1/projects/dbg-clearstream-simu-fe9d0e70/zones/europe-west3-c/instances/dev1gcesim86rhel6431
{
“kind”: “compute#operation”,
“id”: “1649327497074697796”,
“name”: “operation-1673943210806-5f27146744e8c-243b2c23-aeb2fc90”,
“zone”: “https://www.googleapis.com/compute/v1/projects/dbg-clearstream-simu-fe9d0e70/zones/europe-west3-c”,
“operationType”: “delete”,
“targetLink”: “https://www.googleapis.com/compute/v1/projects/dbg-clearstream-simu-fe9d0e70/zones/europe-west3-c/instances/dev1gcesim86rhel6431”,
“targetId”: “3824673040305483742”,
“status”: “RUNNING”,
“user”: “svc-cs-deployment@dbg-clearstream-simu-fe9d0e70.iam.gserviceaccount.com”,
“progress”: 0,
“insertTime”: “2023-01-17T00:13:31.328-08:00”,
“startTime”: “2023-01-17T00:13:31.351-08:00”,
“selfLink”: “https://www.googleapis.com/compute/v1/projects/dbg-clearstream-simu-fe9d0e70/zones/europe-west3-c/operations/operation-1673943210806-5f27146744e8c-243b2c23-aeb2fc90”
}
gcloud compute disks list --filter=“(users = null)”
NAME LOCATION LOCATION_SCOPE SIZE_GB TYPE STATUS
dev1gcesim86rhel6431-oradbms-data europe-west3-c zone 10 pd-ssd READY
dev1gcesim86rhel6431-sysvgsystem europe-west3-c zone 30 pd-standard READY
dev1gcesim86rhel6431-vgdocker europe-west3-c zone 10 pd-ssd READY
All additional disks remain and became orphan disks, because they are in auto_delete = false. Need a TF option to switch them as the boot_disk auto_delete = true
Additional Context
- Management wants to move out from Ansible to TF. Who sells it if I cannot do what works previously with Ansible modules ?
- TF should be compliant by doing alignement with GCP. Meaning TF behaviour = GCP behaviour and GCP as lead, because here TF follows one way and GCP follows in another way.
References
I saw someone having the same issue : google cloud platform - How to set auto-delete option for additional attached_disk in gcp instance uing terraform? - Stack Overflow