UNAUTHORIZED Error When Applying Terraform Backup Between PubSub+ Trial Brokers

Solace Event Broker
1

Hi Support Team,

I’ve created two PubSub+ Cloud trial accounts for testing Pub/Sub functionality.In the first broker, I configured queues, ACL profiles, and client usernames, and then generated a backup using the Terraform Configuration Generator binary.

When I attempted to replicate this configuration to the second broker using Mission-Control Manager credentials, the restore process failed with an UNAUTHORIZED error.

Could you please help me understand why this is happening and guide me on the correct way to apply the backup to another broker instance?

Details:

Do you want to perform these actions?
Terraform will perform the actions described above.
Only ‘yes’ will be accepted to approve.

Enter a value: yes

solacebroker_msg_vpn.appleVPN: Creating…
╷
│ Error: SEMP call failed
│
│   with solacebroker_msg_vpn.appleVPN,
│   on 1.tf line 31, in resource “solacebroker_msg_vpn” “appleVPN”:
│   31: resource “solacebroker_msg_vpn” “SelfVPN” {
│
│ request failed for https://mr-connection-xxxxxxx.messaging.solace.cloud:943/SEMP/v2/config/msgVpns/xxxxx using PUT, Problem
│ with serviceAmqpMaxConnectionCount: Command prohibited due to Authorization Access Level., UNAUTHORIZED
╵
devops:~/apple/solace/terraform/g8dlj96s0b0$

Questions:

Are Mission-Control Manager credentials sufficient to perform broker configuration restore between trial brokers?

If not, what role or user permissions are required?

Is there a supported method to replicate configurations between two brokers?

Thanks

2

Hi there, I’m Solly AI, I generate responses to your questions using the power of the Solace Agent Mesh:

Please remember that AI technology can make mistakes so ensure that you read our Disclaimer.

AI Generated responses are a work in progress, your help in evaluating my response would be awesome! If my response makes sense, please mark it as a solution or give a :+1:. If my response doesn’t make sense for your topic, please react to it with a :shaking_face:.

Let me analyze how to replicate configurations between two PubSub+ Cloud brokers using Terraform and what permissions are required.

Reasoning:

  1. From the facts, there are two relevant Terraform providers:

    • Beta Solace Cloud Terraform provider for managing event broker services
    • Solace Event Broker provider for managing VPN level configuration

  2. The providers can be used together to:

    • Create and manage event broker services
    • Manage VPN level configurations
    • Backup and restore configurations

  3. Required permissions:

    • Need access to both source and target brokers
    • Need appropriate API tokens with permissions to manage broker services
    • Need permissions to manage VPN level configurations

Summary:
To replicate configurations between two PubSub+ Cloud brokers using Terraform:

  1. Use both Terraform providers:

    • Solace Cloud provider: registry.terraform.io/providers/SolaceProducts/solacecloud/latest
    • Event Broker provider: registry.terraform.io/providers/SolaceProducts/solacebroker/latest

  2. Required permissions:

    • API tokens with permissions to manage broker services
    • Permissions to manage VPN level configurations on both source and target brokers

  3. Process:

    • Use the Solace Cloud provider to manage the broker services
    • Use the Event Broker provider to export configurations from source broker
    • Use the Event Broker provider to import configurations to target broker

  4. The providers allow you to automate:

    • Creation and management of broker services
    • Backup and restore of configurations
    • VPN level configuration management

Relevant source links:

3

Hello suresh_nakeertha,

What size is each of your brokers in Solace cloud? The source and then the target brokers? This error appears because the terraform plan is attempting to modify the value for service_amqp_max_connection_count. For trial accounts this will be set to something like 100 because the trial brokers are 100 connection class brokers. There is no way to change this value, regardless of the permission level that you supply to terraform. The path forward is to ensure that both your brokers are the same connection class size or modify the .tf file to have the proper number of max_connection_count for your target system.

Thank you,
Jamieson

4

Many Thanks @JamiesonWalker

able to replicate now( updated .tf file)

Enter a value: yes

solacebroker_msg_vpn.appleVPN: Creating…
solacebroker_msg_vpn.appleVPN: Creation complete after 1s
solacebroker_msg_vpn_acl_profile.appleVPN_default: Creating…
solacebroker_msg_vpn_client_username.appleVPN_solace-cloud-client: Creating…
solacebroker_msg_vpn_client_username.appleVPN_default: Creating…
solacebroker_msg_vpn_jndi_connection_factory.appleVPN_-jms-cf-default: Creating…
solacebroker_msg_vpn_queue.appleVPN_python-Q1: Creating…
solacebroker_msg_vpn_client_profile.appleVPN_default: Creating…
solacebroker_msg_vpn_acl_profile.appleVPN_default: Creation complete after 0s
solacebroker_msg_vpn_client_username.appleVPN_default: Creation complete after 0s
solacebroker_msg_vpn_client_username.appleVPN_solace-cloud-client: Creation complete after 0s
solacebroker_msg_vpn_jndi_connection_factory.appleVPN_-jms-cf-default: Creation complete after 0s
solacebroker_msg_vpn_queue.appleVPN_python-Q1: Creation complete after 0s
solacebroker_msg_vpn_queue_subscription.appleVPN_python-Q1_python-T1-dir: Creating…
solacebroker_msg_vpn_client_profile.appleVPN_default: Creation complete after 0s
solacebroker_msg_vpn_queue_subscription.appleVPN_python-Q1_python-T1-dir: Creation complete after 0s

Apply complete! Resources: 8 added, 0 changed, 0 destroyed.
su20535774@L-911001071124:~/apple/solace/terraform/g8dlj96s0b0$
5

Great to know! Curious to know what was the fix?

6

Hello @Tamimi

When we took the backup of the entire configuration from Broker 1, some VPN-related attributes included specific connection count values, such as:

service_amqp_max_connection_count         = 100
service_mqtt_max_connection_count         = 1000
service_rest_incoming_max_connection_count = 1000
service_rest_outgoing_max_connection_count = 1000
service_smf_max_connection_count          = 100
service_web_max_connection_count          = 1000

However, while attempting to restore the configuration to Broker 2, we encountered the following error:

Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
solacebroker_msg_vpn.appleVPN: Creating…
╷
│ Error: SEMP call failed
│
│   with solacebroker_msg_vpn.appleVPN,
│   on 1.tf line 31, in resource "solacebroker_msg_vpn" "appleVPN":
│   31: resource "solacebroker_msg_vpn" "SelfVPN" {
│
│ request failed for https://mr-connection-xxxxxxx.messaging.solace.cloud:943/SEMP/v2/config/msgVpns/xxxxx using PUT,
│ Problem with serviceAmqpMaxConnectionCount: Command prohibited due to Authorization Access Level., UNAUTHORIZED

As suggested by @JamiesonWalker I modified the connection count values, and after making those adjustments, the process completed successfully.