Forum Discussion
Crossplane - failure to delete port resource in Claim
I have created a Claim that includes a Device, Port, PortVlanAttachment and a Vlan. In order to create the Port I have to pass the Device Eth1 port UUID to the 'spec.forProvider.portId' of the Port Kind. This works and picks up the vlan info, but upon deleting the claim, the port is not deleted automatically as expected. The following event messages can be seen:
Conflicting configuration arguments: "vlan_ids": conflicts with vxlan_ids
Warning CannotObserveExternalResource 8s (x10 over 6m27s) managed/metal.equinix.jet.crossplane.io/v1alpha1, kind=port cannot run refresh: refresh failed: Conflicting configuration arguments: "vlan_ids": conflicts with vxlan_ids
Conflicting configuration arguments: "vxlan_ids": conflicts with vlan_ids
The spec of the object looks like this:
Spec:
Deletion Policy: Delete
For Provider:
Bonded: false
Port Id: b561e487-fbb0-4a2c-98e7-22da331ed316
Vlan Ids:
73f648b5-9b6b-4076-a6ab-673aa45c7152
Vxlan Ids:
1000
Provider Config Ref:
Name: default
In order to resolve the issue I need to manually delete the resources finalizer.
- MarquesEquinix Employee
I created a separate issue https://github.com/crossplane-contrib/provider-jet-equinix/issues/54 to track what sounds like a conflicting LateInitialization definition of vlanIds and vxlanIds field in Port. I'm not sure how this would prevent deletion, it would prevent the resource from reaching `Ready` from what we've seen in other resources with a similar conflict.
- mmellinLevel 3
I'm definitely hitting this issue. I cannot tell if that is the reason for the following issue:
I can use a "Port" resource to "attach" a first vlan to the Device, but subsequent vlans added to the spec.forProvider.vlanIds array are not added to the Device. The message that shows in the condition is:
Message: observe failed: cannot run refresh: refresh failed: Conflicting configuration arguments: "vlan_ids": conflicts with vxlan_ids Conflicting configuration arguments: "vxlan_ids": conflicts with vlan_ids
Looking at the spec after this, the Port resource looks like this (not two UUIDs but only one Vxlan ID tag:
For Provider: Bonded: false Port Id: d07bd18c-641a-4f87-9d5b-b7ab1f9d2ec2 Reset On Delete: true Vlan Ids: 0d0f0d89-a54c-42eb-b16a-0630fe9b4159 22597c24-ac4e-4e0e-8802-16defe95deaa Vxlan Ids: 1000
The UI (Networking > VLANS) shows only the first Vlan attached to a device, the other shows as 0.
To be clear, here I am NOT using a portVlanAttachment - only Port as you've suggested. It looks as though I cannot add multiple vlans using this approach. I will try with portVlanAttachment and see if behavior is different.
- mmellinLevel 3
Using only a portVlanAttachment (and not a port) also does not work. I think this might be a bug? The condition event says this:
Last Transition Time: 2024-07-17T00:47:06Z Message: apply failed: POST https://api.equinix.com/metal/v1/ports/c6b1b719-5ea7-4509-8ede-ee46b05ce4d5/assign: 422 still bonded : Reason: ApplyFailure Status: False Type: LastAsyncOperation
My resource definition looks like this:
--- apiVersion: metal.equinix.jet.crossplane.io/v1alpha1 kind: PortVlanAttachment metadata: name: mmellinproj-equinix-sv-v1000 spec: forProvider: deviceIdSelector: matchLabels: jci.jnpr.net/equinix: device forceBond: False portName: eth1 vlanVnid: 1000
It seems that the unbonding only occurs when a "Port" resource is created, although it is clearly specified here in the API. Then to attach vlans I must use a PortVlanAttachment. No other combination has been successful for me.
- mmellinLevel 3
I am using both Port and PortVlanAttachment because that is how our year+ old terraform script was ensuring that the port was "unbonded" and traffic was tagged. What I really need is to create a device that is unbonded and add a vlan to the eth1 port and ensure that traffic is tagged to this port. We found that adding a second vlan tagged "turned on" the traffic tagging. Is this still the case?
My use case is that I will be attaching a fabric connection to this metal port and need it to be tagged. So the logic now is to:
1) create a vlan, create my nfv (metal device) with an unbonded Eth1 and associate the dummy vlan uuid with the UUID of the Eth1 port.
2) Associate a fabric Vlan with the metal device by creating a 2nd metal vlan, adding that vlan UUID to the same port (to the vlanIds array -this enables tagged traffic) and create a metal connection to associate this vlanUUID with the fabric one.
The problem I see here is that if I do NOT use a portVlanAttachment, then when I want to "offboard" my fabric Vlan I need to edit the Spec of the "Port" instead of just deleting the portVlanAttachment associated with the fabric onboarding. This is harder for me and not directly supported in any Crossplane composition. Perhaps the data models are not ideal here?
When I create the Port in the first place, I do not add a Vlan ID (tag or UUID). I let the portVlanAttachment object do that, so it seems that internally there is a conflict between the uuid and tag.
- MarquesEquinix Employee
> What I really need is to create a device that is unbonded and add a vlan to the eth1 port and ensure that traffic is tagged to this port. We found that adding a second vlan tagged "turned on" the traffic tagging. Is this still the case?
See the general overview in the docs for the network mode of your port configuration (https://deploy.equinix.com/developers/docs/metal/layer2-networking/).
Generally, if only one VLAN exists, it will be made the native (untagged) VLAN. Adding additional VLANs and denoting one of these as the `nativeVlanId` (or using the Ref/Selector fields) will ensure that the other VLANs are tagged. (https://marketplace.upbound.io/providers/equinix/provider-jet-equinix/v0.6.1/resources/metal.equinix.jet.crossplane.io/Port/v1alpha1).
If your additional VLANs may be deleted later, this would toggle the last remaining VLAN to become a Native VLAN. You may want to include an extra VLAN to act as a persistent native VLAN to prevent that.
Editing the Port spec, to modify the list of VLANs to remove a Fabric connected VLAN should be composable. Removing VLANs will update the resource in place and not destroy the resource or change the network mode unless explicitly changed.
The Port resource's VLAN fields are vlanIds or vxlandIds. Unlike nativeVlanIds, I see that the provider doesn't offer Ref and Selector variations for the vlanIds and vxlanIds fields. That could certainly be improved.
For full automation, where the device may also be destroyed, you may want to use the resetOnDelete flag so that VLANs and Ports can be deleted without dependency issues (prevent problems where a vlan can not be deleted because a port is bound to it).
- MarquesEquinix Employee
`PortVlanAttachment` shouldn't be needed if you have a `Port` resource. `Port` is preferable as it can be used to toggle the port's layer 2/3 settings, bonding, and VLAN attachments in one shot.
In the `Port` resource, you should only define `vlanIds` referencing the `.id` (UUID) of the `Vlan` resources. The `vxlanIds` field (and its API upstream equivalent) is for convenience and allows you to reference the VLANs by logical number (1000, 1001). Specifying both would trigger a conflict.
If you are already doing that, and have removed any `Port` redundant `PortVlanAttachment` resources and still getting this error, then we may have another example of https://github.com/crossplane-contrib/provider-jet-equinix/issues/50#issuecomment-2223332204, where conflicting parameters are LateInitialized from their computed values (the `Port` `vlanIds`, as read from the Equinix Metal API response, could be getting updated automatically in `spec` by the provider, creating the conflict).
If so, please open an issue on the repo.
Related Content
- 2 months ago