Network is unreachable during download of bosh remote release
mdcarlson opened this issue · 5 comments
During the download of the bosh remote release, I am encountering a "Network is unreachable" error attempting to hit bosh.io. The bastion VM can ping bosh.io and a manual wget of the release seems to work.
Based on tips from other forums and mailing lists, I updated the network configuration of the nat server instance to disable source/destination checking as follows:
Click the nat server
Click actions-> Networking-> change source/dest checks
Disable source/dest checks
The nat VM instance is created by invoking https://github.com/cloudfoundry-community/terraform-aws-vpc/blob/master/aws-vpc.tf which contains this section:
resource "aws_instance" "nat" {
ami = "${lookup(var.aws_nat_ami, var.aws_region)}"
instance_type = "t2.small"
key_name = "${var.aws_key_name}"
security_groups = ["${aws_security_group.nat.id}"]
subnet_id = "${aws_subnet.bastion.id}"
associate_public_ip_address = true
source_dest_check = false
tags {
Name = "nat"
}
}
The "source_dest_check" attribute appears to be getting set correctly here, but for some reason this appears to not be honored. From a quick read of http://amzn.to/1IUuMPZ and http://amzn.to/1anfGXZ, this seems to be the correct way to set this attribute. Could this be a Terraform AWS provider issue?
About to test the theory that this issue is addressed in Terraform 0.4.0.
Using Terraform 0.4.0 does appear to address the source_dest_check issue discussed above.
However, Terraform 0.4.0 introduces a non-backwards compatible change for defining the block device mappings associated with AWS instances. (See http://bit.ly/1EQ3H1I). This manifests with the following error:
* aws_instance.bastion: "block_device": [REMOVED] Split out into three sub-types; see Changelog and Docs
This required a change to the aws-cf-install.tf script to replace "block_device" with "ebs_block_device" on the bastion server resource definition. http://bit.ly/19OjwYO
doh! we need to test this on 0.4.0 and fix things like this, mind making PR for this?
I just asked one of my guys to do a PR this morning.
PR submitted and approved.