terraform-provider-azurerm: Subnets on same vnet fail due to parrallel setup

Community Note

  • Please vote on this issue by adding a ๐Ÿ‘ reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave โ€œ+1โ€ or โ€œme tooโ€ comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.12.3
+ provider.azurerm v1.31.0

Affected Resource(s)

  • azurerm_subnet
  • azurerm_subnet_network_security_group_association
  • Possibly azurerm_virtual_network_peering

Terraform Configuration Files

Iโ€™m not able to use the full configuration due to sensitive information in them. Please see this example:

resource azurerm_virtual_network vnet {
  name                = "my_vnet"
  location            = "northeurope"
  resource_group_name = "vnet_example"
  address_space       = ["10.0.0.0/24", ]
}

resource azurerm_subnet subnet1 {
  name                      = "subnet1"
  virtual_network_name      = "${azurerm_virtual_network.vnet.name}"
  resource_group_name       = "vnet_example"
  address_prefix            = "10.0.0.0/28"
}

resource azurerm_subnet subnet2 {
  name                      = "subnet2"
  virtual_network_name      = "${azurerm_virtual_network.vnet.name}"
  resource_group_name       = "vnet_example"
  address_prefix            = "10.0.0.64/28"
}

resource azurerm_subnet subnet3 {
  name                      = "subnet3"
  virtual_network_name      = "${azurerm_virtual_network.vnet.name}"
  resource_group_name       = "vnet_example"
  address_prefix            = "10.0.0.128/28"
}

Expected Behavior

The subnets and other configuration are created on the VNet.

Actual Behavior

Terraform seems to be attempting to apply the separate configurations to the VNet at the same time. Iโ€™ve tried adding dependencies between the subnets which solved the problem there, but it appeared again when attempting to use a azurerm_subnet_network_security_group_association resource:

Error: Error updating Route Table Association for Subnet "(redacted)" (Virtual Network "(redacted)" / Resource Group "(redacted)"): network.SubnetsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status=<nil> Code="AnotherOperationInProgress" Message="Another operation on this or dependent resource is in progress. To retrieve status of the operation use uri: https://management.azure.com/subscriptions/(redacted)." Details=[]

Important Factoids

In our configuration, each subnet, security group combination is in its own module. We have explored using dependencies to ensure they run sequentially but this is not possible with the azurerm_subnet_network_security_group_association resource.

References

Possibly related to these?

About this issue

  • Original URL
  • State: open
  • Created 5 years ago
  • Reactions: 56
  • Comments: 30 (12 by maintainers)

Most upvoted comments

This is still occurring with Provider 2.24. Is there a workaround?

+4
etaham on Sep 17, 2020

Anyone still having this? Iโ€™m using terraform 0.12.29 and azurerm 2.30.0.

Error: Error updating Subnet "subnet-name" (Virtual Network "vnet-name" / Resource Group "BI-Test"): network.SubnetsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status=<nil> Code="AnotherOperationInProgress" Message="Another operation on this or dependent resource is in progress. To retrieve status of the operation use uri: https://management.azure.com/subscriptions/<subscription-id>providers/Microsoft.Network/locations/brazilsouth/operations/<subscription-id>?api-version=2020-05-01." Details=[]

+3
grgouveia-everis on Oct 8, 2020

Still having the problem with TF 0.14.7 and azurerm version 2.50โ€ฆ

Need to have different subnets with serviceEndpoints and/or Delegations configured, which must be done in sequence as of ARM. AnotherOperationInProgress" Message="Another operation on this or dependent resource is in progress.

Only solution ATM using
depends_on = [azurerm_subnet.mysub]

+2
MmAtBosch on Mar 9, 2021

Getting same problems with azurerm 2.65

Found a workaround to use terraform apply --parallelism=1. Itโ€™s a lot slower but so far itโ€™s been working for me.

+1
hterik on Oct 18, 2021

๐Ÿ‘‹

The recent locking changes have been rolled back in #4320 which has been merged into master -so that bug will ship in version 1.34.0 of the Azure Provider. As such Iโ€™m going to hide the comments about this recent bug to be able to leave this issue focusing on the original issue here

Thanks!

+1
tombuildsstuff on Sep 16, 2019

For those running 1.33.1 and running into the AnotherOperationInProgress error while creating subnets, try pinning your terraform azurerm provider to 1.33.0 until the next version is released.

@tombuildsstuff

FWIW the SDK exposes the HTTP Status Codes so it should be possible to pull that information out/retry in the resources which need it.

That would be great. I still feel like the Azure API should be adding retry headers when these 409s are retryable, but adding code to the resources would be a much quicker short term fix.

+1
Moeser on Sep 12, 2019

UPDATE Iโ€™m able to replicate the problem even into Terraform 0.12.7 and AzureRM 1.33.1 with a minimal configuration.

Configuration

locals {

}

provider "azurerm" {

}

resource "azurerm_resource_group" "rg" {
  name     = "bug-3780-rg"
  location = "eastus"
}

resource "azurerm_virtual_network" "vnet" {
  name                = "bug-3780-vnet"
  location            = "eastus"
  resource_group_name = "bug-3780-rg"
  address_space       = ["192.168.14.0/24"]
}

resource "azurerm_subnet" "subnet1" {
  name                 = "bug-3780-subnet1"
  address_prefix       = "192.168.14.0/28"
  resource_group_name  = azurerm_resource_group.rg.name
  virtual_network_name = azurerm_virtual_network.vnet.name
}

resource "azurerm_subnet" "subnet2" {
  name                 = "bug-3780-subnet2"
  address_prefix       = "192.168.14.16/28"
  resource_group_name  = azurerm_resource_group.rg.name
  virtual_network_name = azurerm_virtual_network.vnet.name
}
resource "azurerm_subnet" "subnet3" {
  name                 = "bug-3780-subnet3"
  address_prefix       = "192.168.14.32/28"
  resource_group_name  = azurerm_resource_group.rg.name
  virtual_network_name = azurerm_virtual_network.vnet.name
}
resource "azurerm_subnet" "subnet4" {
  name                 = "bug-3780-subnet4"
  address_prefix       = "192.168.14.48/28"
  resource_group_name  = azurerm_resource_group.rg.name
  virtual_network_name = azurerm_virtual_network.vnet.name
}

Output

azurerm_subnet.subnet1: Creation complete after 2s [<Redacted>/resourceGroups/bug-3780-rg/providers/Microsoft.Network/virtualNetworks/bug-3780-vnet/subnets/bug-3780-subnet1]
azurerm_subnet.subnet2: Creation complete after 2s [<Redacted>/resourceGroups/bug-3780-rg/providers/Microsoft.Network/virtualNetworks/bug-3780-vnet/subnets/bug-3780-subnet2]
azurerm_subnet.subnet4: Still creating... [10s elapsed]
azurerm_subnet.subnet4: Creation complete after 12s [<Redacted>/resourceGroups/bug-3780-rg/providers/Microsoft.Network/virtualNetworks/bug-3780-vnet/subnets/bug-3780-subnet4]

Error: Error Creating/Updating Subnet "bug-3780-subnet3" (Virtual Network "bug-3780-vnet" / Resource Group "bug-3780-rg"): network.SubnetsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status=<nil> Code="AnotherOperationInProgress" Message="Another operation on this or dependent resource is in progress. To retrieve status of the operation use uri: *<Redacted>* Details=[]
+1
bcline760 on Sep 3, 2019
Read more comments on GitHub
← terraform-provider-azurerm: Starting with 3.0 key vault secrets data resource is attempting to use an invalid URL
terraform-provider-azurerm: Terraform detects and applies changes in azurerm_windows_web_app even though the configuration is not changed →