[AVM Module Issue]: avm-res-databricks-workspace

Question

[AVM Module Issue]: avm-res-databricks-workspace

Closed this issue 5 months ago · 7 comments

Dipak-Mistry-WTW commented 7 months ago

Check for previous/existing GitHub issues

I have checked for previous/existing GitHub issues

Issue Type?

Bug

(Optional) Module Version

0.1.0

(Optional) Correlation Id

No response

Description

The databricks workspace is not pulling the correct public and private CIDR range.


│ Error: creating/updating Workspace (Subscription: "************"
│ Resource Group Name: "emea-******-p-rgrp"
│ Workspace Name: "emea-******-p-dbx"): polling after CreateOrUpdate: polling failed: the Azure API returned the following error:
│
│ Status: "SubnetIsNotWithinVnetError"
│ Code: ""
│ Message: "The subnet privates CIDR range '<null>' is not within the Virtual Network CIDR range '172.16.1.0/24'"
│ Activity Id: ""
│
│ ---
│
│ API Response:
│
│ ----[start]----
│ {
│   "status": "Failed",
│   "error": {
│     "code": "SubnetIsNotWithinVnetError",
│     "message": "The subnet privates CIDR range '<null>' is not within the Virtual Network CIDR range '172.16.1.0/24'"
│   }
│ }
│ -----[end]-----
│
│
│   with module.databricks_workspace_emea.azurerm_databricks_workspace.this,
│   on .terraform\modules\databricks_workspace_emea\main.tf line 7, in resource "azurerm_databricks_workspace" "this":
│    7: resource "azurerm_databricks_workspace" "this" {

The subnets on the specified vnet are as follows.

vnet_emea = {
  address_space   = ["172.16.1.0/24"]
  endpoint_prefix = ["172.16.1.128/25"]
  private_prefix  = ["172.16.1.0/26"]
  public_prefix   = ["172.16.1.64/26"]
}

If I create the databricks workspace manually specifying the correct CIDR ranges (as in that list above) it creates without issue.

I don't know if this is relevant but this issue occurs since using the latest terraform-azurerm-avm-res-network-virtualnetwork module to create our vnets which had breaking changes and started using the azapi provider to create subnets and other elements.

Answer 1 · 2024-06-13T13:37:50.000Z

Issue seems to occur using the azurerm-provider as well. Due to landing zone policies, which require a nsg assigned to subnets during creation, we created subnets using the azapi_resource and avm-solution - the subnets created using those methods are causing the API error mentioned here.

Edit: I've created an issue in the terraform-provider-azurerm as it is the used module in avm-res-databricks-workspace.

Answer 2 · 2024-06-17T14:30:49.000Z

Hey @Dipak-Mistry-WTW ,

Today i just tested my setup and i resolved it by setting up the subnet correctly.

The issue on my site was that you have to specify "addressPrefix" and not just "addressPrefixes" when using the azapi_resource for your subnet creation:

# Create Subnet via azapi due Policy, which requires NSG during creation! 
resource "azapi_resource" "dbw_public_2" {
  type      = "Microsoft.Network/virtualNetworks/subnets@2023-11-01"
  name      = "dbw-public"
  parent_id = azurerm_virtual_network.vnet.id


  locks = [
    azurerm_virtual_network.vnet.id,
#    azapi_resource.dbw_private.id
  ]

  body = jsonencode({
    properties = {

      # List of Address prefixes in the subnet.
      addressPrefix = "10.10.1.0/24" ###### HERE WAS THE ISSUE WITH WRONG CIDR, IF NOT SPECIFIED #######
      addressPrefixes = ["10.10.1.0/24"]

      # Service delegations for the subnet.
      delegations = local.subnet_delegations

      # Service Endpoints for the subnet.
      #serviceEndpoints = local.subnet_serviceEndpoints

      # Conditionally include networkSecurityGroup
      networkSecurityGroup = {
        id = azurerm_network_security_group.dbw.id
      }
    }
  })
}

Answer 3 · 2024-07-25T22:27:46.000Z

Issue seems to occur using the azurerm-provider as well. Due to landing zone policies, which require a nsg assigned to subnets during creation, we created subnets using the azapi_resource and avm-solution - the subnets created using those methods are causing the API error mentioned here.

Edit: I've created an issue in the terraform-provider-azurerm as it is the used module in avm-res-databricks-workspace.

Thanks @Matze-Li do you mind referencing your issue here?

Answer 4 · 2024-07-25T22:28:39.000Z

Hey @Dipak-Mistry-WTW ,

Today i just tested my setup and i resolved it by setting up the subnet correctly.

The issue on my site was that you have to specify "addressPrefix" and not just "addressPrefixes" when using the azapi_resource for your subnet creation:

# Create Subnet via azapi due Policy, which requires NSG during creation! 
resource "azapi_resource" "dbw_public_2" {
  type      = "Microsoft.Network/virtualNetworks/subnets@2023-11-01"
  name      = "dbw-public"
  parent_id = azurerm_virtual_network.vnet.id


  locks = [
    azurerm_virtual_network.vnet.id,
#    azapi_resource.dbw_private.id
  ]

  body = jsonencode({
    properties = {

      # List of Address prefixes in the subnet.
      addressPrefix = "10.10.1.0/24" ###### HERE WAS THE ISSUE WITH WRONG CIDR, IF NOT SPECIFIED #######
      addressPrefixes = ["10.10.1.0/24"]

      # Service delegations for the subnet.
      delegations = local.subnet_delegations

      # Service Endpoints for the subnet.
      #serviceEndpoints = local.subnet_serviceEndpoints

      # Conditionally include networkSecurityGroup
      networkSecurityGroup = {
        id = azurerm_network_security_group.dbw.id
      }
    }
  })
}

Do we need to keep this issue open @Matze-Li ?

Answer 5 · 2024-08-15T09:23:07.000Z

This was the vnet module issue. Closing.

Answer 6 · 2024-08-15T12:08:39.000Z

I'm also seeing this when creating an azurerm_databricks_workspace against pre-existing subnet's using azurerm 3.113.0.

@Dipak-Mistry-WTW or @segraef Do you know what the solution is when you already have subnet's in-place which use addressPrefixes[]?

Answer 7 · 2024-08-15T14:46:52.000Z

@Philcartmell - I managed to convert mine to use AddressPrefix. Thankfully I don't have multiple address spaces for my subnets.