https://pulumi.com logo
Join Slack
Powered by
Indeed works for a vnet where that subnet is not i...
# azure
c
Indeed works for a vnet where that subnet is not in use, but not where the subnet is in use.
e
Are you actually wanting to delete the subnet or just update it? (OK read it again and you just want to apply a tag - very surprised this would trigger a deletion and recreation of the subnet)
I have experienced; "statusMessage": "{\"error\":{\"code\":\"InUseSubnetCannotBeDeleted\",\"message\":\"Subnet GatewaySubnet is in use by /subscriptions/x/resourceGroups/vdc-rg-1b7ce3ef/providers/Microsoft.Network/virtualNetworkGateways/hub-vpn-gw-374360cb/ipConfigurations/hub-vpn-gw-ipconf and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet.\",\"details\":[]}}"     },
But I think that was an intentional deletion at the end of an experiment
Did you create GatewaySubnet along with ssvc-vnet-prod using subnets= or as a separate Subnet resource (or both)? "*NOTE on Virtual Networks and Subnet’s:* This provider currently provides both a standalone Subnet resource, and allows for Subnets to be defined in-line within the Virtual Network resource. At this time you cannot use a Virtual Network with in-line Subnets in conjunction with any Subnet resources. Doing so will cause a conflict of Subnet configurations and will overwrite Subnet’s."
https://www.pulumi.com/docs/reference/pkg/python/pulumi_azure/network/#pulumi_azure.network.Subnet name (pulumi.Input[str]) – The name of the subnet. Changing this forces a new resource to be created resource_group_name (pulumi.Input[str]) – The name of the resource group in which to create the subnet. Changing this forces a new resource to be created. virtual_network_name (pulumi.Input[str]) – The name of the virtual network to which to attach the subnet. Changing this forces a new resource to be created. But changing tags does not appear to force a new resource to be created. Similar for https://www.pulumi.com/docs/reference/pkg/python/pulumi_azure/network/#pulumi_azure.network.VirtualNetwork
c
yeah, so it seems like if I use the standalone subnet (terraform, and thus pulumi, doesn't say which way is the recommended way to create a subnet) then the 
PUT
to the azure resource provider contains an empty list of subnets, but the resource on ARM has the subnets as nested resources, hence it tries to delete the subnets (desired state and all). If I specify them inline then all is good.
e
Have you tried doing both - keeping them in sync would become an issue I guess: https://github.com/Azure/azure-quickstart-templates/issues/2786#issuecomment-585200802
c
I filed a bug here: https://github.com/pulumi/pulumi/issues/4260 Confirmed that it works in terraform.
terraform / pulumi only support one or the other, either nested or separate
e
I have reproduced this in my code https://github.com/pulumi/examples/pull/611 - adding one tag, it tries to delete the vnet but says the firewall subnet is being used. It managed to update the resource group and three public ips though. Commented on the issue
c
Thanks, we just hit this with another customer today that asked us to add new tags. We're now stuck on this. Customer is asking us to fix this. @tall-librarian-49374 any timeline on that issue? 🙂
t
I was looking it at just now
But so far my vnets are successfully updated… I’ll try your example 1-on-1
@colossal-room-15708
Copy code
import * as azure from "@pulumi/azure";
import * as pulumi from "@pulumi/pulumi";

const defaultTags = {
  "environment": "stack_name",
  "new": "tag",
};

const resourceGroup = new azure.core.ResourceGroup("rg", {
  tags: defaultTags,
});

const vnet = new azure.network.VirtualNetwork("server-network", {
  resourceGroupName: resourceGroup.name,
  name: "ssvc-net-stack-name",
  addressSpaces: ["10.0.0.0/16"],
  tags: defaultTags,
});

const subnetConfig = [
  ['AzureBastionSubnet', '10.0.1.0/27'], 
  ['GatewaySubnet', '10.0.2.0/27'], 
  ['AzureFirewallSubnet', '10.0.3.0/27'],
];

for (let subnet of subnetConfig) {
  const subnetResource = new azure.network.Subnet(subnet[0], {
    resourceGroupName: resourceGroup.name,
    name: subnet[0],
    addressPrefix: subnet[1],
    virtualNetworkName: vnet.name,
  });
}
This works fine for me: I update the tags, and 
pulumi up
succeeds
Do you see any difference to your case?
c
Yes, you now need to deploy something into one of the subnets, a firewall,a gateway, something. Then update something on the vnet, like a tag.
That will fail, @tall-librarian-49374
Right now, your subnets aren't in use
Still, looking at the actual API calls, you should also see that ARM redeployed your subnets.
t
I deployed a PIP and still able to update the vnet
c
Try creating a firewall or gateway?! Unless it's a TS v python issue, as @enough-oil-63049 was able to reproduce, see GitHub.
t
Would you be able to try my TS code?
A gateway takes like half-an-hour to provision
I’m basically trying to make the smallest repro possible
c
Not tonight, no. Already on my way to bed 😴 James's repro I think is the fastest to test. He's also put some more detail into his issue.
t
Okay, got it reproduced
e
Commented on https://github.com/pulumi/pulumi/issues/4260 to say that refreshing before updating worked for me
c
I think that should then be a default. At least I will now always run 
pulumi up -r
e
Me too. I guess there's a race condition lurking there? I also noticed that the order of outputs in a preview changed (all in red which is a bit disconcerting) but I believe this is currently being made deterministic
3 Views
Open in Slack
PreviousNext
Powered by