I'm trying to create a Terraform project to create everything I need in an Azure subscription, so resource groups, vnets, subnets and VM's.
However when I've run this once and try again, it states that it cannot delete a subnet that is in use. I haven't changed anything about the subnet or the VM connected to it.
Error: creating/updating Virtual Network: (Name "" / Resource Group ""): network.VirtualNetworksClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InUseSubnetCannotBeDeleted" Message="Subnet build-agent is in use by /subscriptions/mysub/resourceGroups/myrg/providers/Microsoft.Network/networkInterfaces/mynic/ipConfigurations/internal and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet." Details=[]
terraform {
required_version = ">= 1.1.0"
backend "azurerm" {
}
required_providers {
azurerm = {
version = "=3.5.0"
source = "hashicorp/azurerm" # https://registry.terraform.io/providers/hashicorp/azurerm/latest
}
}
}
# Configure the Microsoft Azure Provider
provider "azurerm" {
features {}
}
locals {
name_suffix = "<mysuffix>"
}
resource "azurerm_resource_group" "rg-infra" {
name = "rg-${local.name_suffix}"
location = "UK South"
}
resource "azurerm_virtual_network" "vnet-mgmt" {
name = "vnet-${local.name_suffix}"
location = azurerm_resource_group.rg-infra.location
resource_group_name = azurerm_resource_group.rg-infra.name
address_space = ["<myiprange>"]
subnet {
name = "virtual-machines"
address_prefix = "<myiprange>"
}
subnet {
name = "databases"
address_prefix = "<myiprange>"
}
}
data "azurerm_virtual_network" "network" {
name = "vnet-${local.name_suffix}"
resource_group_name = azurerm_resource_group.rg-infra.name
}
resource "azurerm_subnet" "sb-ansible" {
name = "build-agent"
resource_group_name = azurerm_resource_group.rg-infra.name
virtual_network_name = data.azurerm_virtual_network.network.name
address_prefixes = ["<myiprange>"]
depends_on = [azurerm_virtual_network.vnet-mgmt]
}
data "azurerm_subnet" "prd-subnet" {
name = "build-agent"
virtual_network_name = data.azurerm_virtual_network.network.name
resource_group_name = azurerm_resource_group.rg-infra.name
depends_on = [azurerm_subnet.sb-ansible]
}
resource "azurerm_network_interface" "ni-ansible" {
name = "nic-ansible-${local.name_suffix}"
location = azurerm_resource_group.rg-infra.location
resource_group_name = azurerm_resource_group.rg-infra.name
ip_configuration {
name = "internal"
subnet_id = data.azurerm_subnet.prd-subnet.id
private_ip_address_allocation = "Dynamic"
}
lifecycle {
ignore_changes = ["ip_configuration"]
}
depends_on = [azurerm_subnet.sb-ansible]
}
resource "azurerm_linux_virtual_machine" "ansible-vm" {
name = "ansible-build-agent"
resource_group_name = azurerm_resource_group.rg-infra.name
location = azurerm_resource_group.rg-infra.location
size = "Standard_D2as_v4"
admin_username = "myadminuser"
network_interface_ids = [
azurerm_network_interface.ni-ansible.id,
]
admin_ssh_key {
username = "myadminuser"
public_key = ""
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
lifecycle {
ignore_changes = ["source_image_reference"]
}
depends_on = [azurerm_network_interface.ni-ansible]
}
Any help on why it's behaving like this, or a workaround would be greatly appreciated!
Many thanks
Turns out you can't mix nested subnets in the vnet block with an explicitly defined azurerm_subnet
So
resource "azurerm_subnet" "example" {
and
resource "azurerm_virtual_network" "example" {
name = "example-network"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
dns_servers = ["10.0.0.4", "10.0.0.5"]
subnet {
name = "subnet1"
address_prefixes = ["10.0.1.0/24"]
}
cannot coexist. See note here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet