我已经使用Terraform几个星期了,这是一个很好的工具。
但是,到最近,我在部署过程中遇到了很多错误。
我有一个基本的Azure部署.tf文件,它创build所有必需的组件。 但是,由于某种原因,我不断收到ResourceNotFound。 如果我重新运行脚本,它工作正常。
主要的罪魁祸首是“azurerm_virtual_network”资源。 由于虚拟networking在尝试添加NSG规则或“azurerm_subnet”时仍处于“正在创build”状态,因此依赖于此的任何资源似乎都会失败。
这不是一个表演塞尔,更是一个烦恼! 有没有办法来防止这个错误?
另一方面,我似乎也不得不在一切都应用之后部署NSG规则,否则NSG规则似乎没有任何影响。 我目前在不同的文件夹中有2个.tf文件,我按顺序运行,NSG规则可以很好地工作。 尽pipe如果可能的话,我更喜欢把它全部放在一个文件中?
// Virtual Network resource "azurerm_virtual_network" "Prod_VirtualNetwork" { name = "virtual-network" address_space = ["10.1.0.0/16"] location = "${var.azurerm_location}" resource_group_name = "${azurerm_resource_group.Prod_RG.name}" } // Subnet configurtion resource "azurerm_subnet" "Prod_subnet" { name = "${var.azurerm_prefix}-subnet" resource_group_name = "${azurerm_resource_group.Prod_RG.name}" virtual_network_name = "virtual-network" address_prefix = "10.1.12.0/24" } // Network Security group for Web Servers resource "azurerm_network_security_group" "Prod_nsg_Webservers" { name = "${var.azurerm_prefix}-nsg-web-01" location = "${var.azurerm_location}" resource_group_name = "${azurerm_resource_group.Prod_RG.name}" } // Network Security group for DB Servers resource "azurerm_network_security_group" "Prod_nsg_DBservers" { name = "${var.azurerm_prefix}-nsg-db-01" location = "${var.azurerm_location}" resource_group_name = "${azurerm_resource_group.Prod_RG.name}" } // Network Security group rule for RDP inbound to Web01 resource "azurerm_network_security_rule" "Prod_nsgrule_RDP_Web01" { name = "Web-RDP-IN" priority = 200 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "3389" destination_port_range = "3389" source_address_prefix = "" destination_address_prefix = "10.1.12.5" resource_group_name = "${azurerm_resource_group.Prod_RG.name}" network_security_group_name = "${var.azurerm_prefix}-nsg-web-01" } // Network Security group rule for web/80 inbound to Web01 resource "azurerm_network_security_rule" "Prod_nsgrule_http_Web01" { name = "Web-HTTP-IN" priority = 100 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "80" destination_port_range = "80" source_address_prefix = "*" destination_address_prefix = "10.1.12.5" resource_group_name = "${azurerm_resource_group.Prod_RG.name}" network_security_group_name = "${var.azurerm_prefix}-nsg-web-01" } // Network Security group rule for Octopus Deploy inbound to Web01 resource "azurerm_network_security_rule" "Prod_nsgrule_octopus_Web01" { name = "Web-Octo-IN" priority = 110 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "10933" destination_port_range = "10933" source_address_prefix = "" destination_address_prefix = "10.1.12.5" resource_group_name = "${azurerm_resource_group.Prod_RG.name}" network_security_group_name = "${var.azurerm_prefix}-nsg-web-01" } // Network Security group rule for Octopus Deploy inbound to DB01 resource "azurerm_network_security_rule" "Prod_nsgrule_octopus_DB01" { name = "DB-Octo-IN" priority = 120 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "10933" destination_port_range = "10933" source_address_prefix = "" destination_address_prefix = "10.1.12.4" resource_group_name = "${azurerm_resource_group.Prod_RG.name}" network_security_group_name = "${var.azurerm_prefix}-nsg-db-01" } // Network Security group rule for RDP inbound to DB01 resource "azurerm_network_security_rule" "Prod_nsgrule_RDP_DB01" { name = "DB-RDP-IN" priority = 220 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "3389" destination_port_range = "3389" source_address_prefix = "" destination_address_prefix = "10.1.12.4" resource_group_name = "${azurerm_resource_group.Prod_RG.name}" network_security_group_name = "${var.azurerm_prefix}-nsg-db-01" } 我没有看到你的虚拟networking和子网之间的任何明确的依赖关系,你已经硬编码的networking名称,所以我不认为Terraform将创build一个依赖项。
如果您将您的子网定义更改为:
resource "azurerm_subnet" "Prod_subnet" { name = "${var.azurerm_prefix}-subnet" resource_group_name = "${azurerm_resource_group.Prod_RG.name}" virtual_network_name = "${azurerm_virtual_network.Prod_VirtualNetwork.name}" address_prefix = "10.1.12.0/24" }
这应该给Terraform提供一个需要在另一个之前创build的线索。