我已经使用 Terraform 几个星期了,它是一个很棒的工具。
然而,最近我在部署过程中遇到了很多错误。
我有一个基本的 Azure 部署 .tf 文件,它可以创建所有必需的组件。但是,出于某种原因,我一直收到 ResourceNotFound 错误。如果我重新运行该脚本,它就可以正常工作。
罪魁祸首是“azurerm_virtual_network”资源。任何依赖它的资源似乎都会失败,因为当虚拟网络尝试添加 NSG 规则或“azurerm_subnet”时,它仍处于“正在创建...”状态。
这不是一个大问题,而是一个烦恼!有没有什么方法可以避免这种错误?
另一方面:我似乎还必须在所有操作都应用后部署 NSG 规则,否则 NSG 规则似乎不会产生任何影响。我目前在不同的文件夹中有 2 个 .tf 文件,我按顺序运行它们,这样 NSG 规则就可以正常工作。但是,如果可能的话,我更希望将它们全部放在一个文件中?
// Virtual Network
resource "azurerm_virtual_network" "Prod_VirtualNetwork" {
name = "virtual-network"
address_space = ["10.1.0.0/16"]
location = "${var.azurerm_location}"
resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
}
// Subnet configurtion
resource "azurerm_subnet" "Prod_subnet" {
name = "${var.azurerm_prefix}-subnet"
resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
virtual_network_name = "virtual-network"
address_prefix = "10.1.12.0/24"
}
// Network Security group for Web Servers
resource "azurerm_network_security_group" "Prod_nsg_Webservers" {
name = "${var.azurerm_prefix}-nsg-web-01"
location = "${var.azurerm_location}"
resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
}
// Network Security group for DB Servers
resource "azurerm_network_security_group" "Prod_nsg_DBservers" {
name = "${var.azurerm_prefix}-nsg-db-01"
location = "${var.azurerm_location}"
resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
}
// Network Security group rule for RDP inbound to Web01
resource "azurerm_network_security_rule" "Prod_nsgrule_RDP_Web01" {
name = "Web-RDP-IN"
priority = 200
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "3389"
destination_port_range = "3389"
source_address_prefix = ""
destination_address_prefix = "10.1.12.5"
resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
network_security_group_name = "${var.azurerm_prefix}-nsg-web-01"
}
// Network Security group rule for web/80 inbound to Web01
resource "azurerm_network_security_rule" "Prod_nsgrule_http_Web01" {
name = "Web-HTTP-IN"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "80"
destination_port_range = "80"
source_address_prefix = "*"
destination_address_prefix = "10.1.12.5"
resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
network_security_group_name = "${var.azurerm_prefix}-nsg-web-01"
}
// Network Security group rule for Octopus Deploy inbound to Web01
resource "azurerm_network_security_rule" "Prod_nsgrule_octopus_Web01" {
name = "Web-Octo-IN"
priority = 110
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "10933"
destination_port_range = "10933"
source_address_prefix = ""
destination_address_prefix = "10.1.12.5"
resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
network_security_group_name = "${var.azurerm_prefix}-nsg-web-01"
}
// Network Security group rule for Octopus Deploy inbound to DB01
resource "azurerm_network_security_rule" "Prod_nsgrule_octopus_DB01" {
name = "DB-Octo-IN"
priority = 120
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "10933"
destination_port_range = "10933"
source_address_prefix = ""
destination_address_prefix = "10.1.12.4"
resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
network_security_group_name = "${var.azurerm_prefix}-nsg-db-01"
}
// Network Security group rule for RDP inbound to DB01
resource "azurerm_network_security_rule" "Prod_nsgrule_RDP_DB01" {
name = "DB-RDP-IN"
priority = 220
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "3389"
destination_port_range = "3389"
source_address_prefix = ""
destination_address_prefix = "10.1.12.4"
resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
network_security_group_name = "${var.azurerm_prefix}-nsg-db-01"
}
答案1
我没有看到您的虚拟网络和子网之间有任何明确的依赖关系,您已经对网络名称进行了硬编码,因此我认为 Terraform 不会创建依赖关系。
如果将子网定义更改为:
resource "azurerm_subnet" "Prod_subnet" {
name = "${var.azurerm_prefix}-subnet"
resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
virtual_network_name = "${azurerm_virtual_network.Prod_VirtualNetwork.name}"
address_prefix = "10.1.12.0/24"
}
这应该给 Terraform 一个线索,即需要先创建一个,然后再创建一个。