We are using a public NLB as our (private) SMTP servers endpoint (port 25). We have Source Header Preservation Enabled and we have been using this NLB since our Production migration, without any issues.
When we create it using Terraform/Terragrunt we can’t establish a connection from the Internet (for instance on port 25) but the Health check is OK.
Both NLBs seem the same but in the terraform one the backend sets are added as IP addresses and without Availability Domain information. This seems to be the only visible difference but after changing it manually (to match the functioning/manually created NLB) the problem persists.
Software versions:
Terraform v0.12.31
Terragrunt v0.23.27
OCI Terraform provider 4.37.0
Configuration files:
public_NLB_smtp.hcl
terraform {
source = format("git::ssh://git@repo.com/.../modules/network_loadbalancer", local.moduls_git_tag)
}
include {
path = find_in_parent_folders("root-terragrunt.hcl")
}
inputs = {
is_private = false
preserve_source_ip = true
reserved_ips_OCID = "ocid1.publicip.oc1.eu-frankfurt-1.ABC"
backend_sets = [
{ name = "smtp", protocol = "TCP", port = 25, retries = 3, return_code = 200, url_path = "/", policy = "FIVE_TUPLE"},
]
backends = [
{ backendset_name = "smtp", ip_address = "X.X.X.X", port = 25},
{ backendset_name = "smtp", ip_address = "Y.Y.Y.Y", port = 25},
]
listeners = [
{ backendset_name = "smtp", name = "SMTP", port = 25, protocol = "TCP"},
]
}
modules/network_loadbalancer/main.tf
source = "../../components/network_loadbalancer"
is_private = var.is_private
reserved_ips_OCID = var.reserved_ips_OCID
backend_sets = var.backend_sets
backends = var.backends
listeners = var.listeners
preserve_source_destination = var.preserve_source_ip
components/network_loadbalancer/main.tf
# Create a Backend-Set
resource "oci_network_load_balancer_backend_set" "backend_sets" {
count = length (var.backend_sets)
health_checker {
protocol = var.backend_sets[count.index].protocol
port = var.backend_sets[count.index].port
retries = var.backend_sets[count.index].retries
return_code = var.backend_sets[count.index].return_code
url_path = var.backend_sets[count.index].url_path
}
network_load_balancer_id = oci_network_load_balancer_network_load_balancer.network_load_balancer.id
name = var.backend_sets[count.index].name
policy = var.backend_sets[count.index].policy
}
# Add Backends (Servers) to Backend-Set
resource "oci_network_load_balancer_backend" "backends" {
count = length (var.backends)
backend_set_name = var.backends[count.index].backendset_name
ip_address = var.backends[count.index].ip_address
network_load_balancer_id = oci_network_load_balancer_network_load_balancer.network_load_balancer.id
port = var.backends[count.index].port
depends_on = [oci_network_load_balancer_backend_set.backend_sets]
}
# Add Listener
resource "oci_network_load_balancer_listener" "listener" {
count = length (var.listeners)
default_backend_set_name = var.listeners[count.index].backendset_name
network_load_balancer_id = oci_network_load_balancer_network_load_balancer.network_load_balancer.id
name = var.listeners[count.index].name
port = var.listeners[count.index].port
protocol = var.listeners[count.index].protocol
depends_on = [oci_network_load_balancer_backend.backends]
}
I have created GitHub/terraform-provider-oci issue #1427 (Public NLB different behaviour when created using Terragrunt · Issue #1427 · terraform-providers/terraform-provider-oci · GitHub), in case it’s a bug.
If it’s not, help understanding what I am doing wrong would be much appreciated.