那些遇到过的问题

如何使用 Terraform 在 AWS 上配置跨区域 VPC 对等互连

rva*_*bdn 5 amazon-web-services amazon-vpc terraform vpc-peering

我正在尝试创建一个 terraform 配置来启动不同区域中的多个 VPC 并在它们之间创建 VPC 对等连接。

这是我的 VPC 模块

# Required Variables

variable "region" {}
variable "cluster_name" {}
variable "region_name" {}
variable "nb_nodes" {}
variable "vpc_cidr" {}

# Default Variables

variable "instance_type" {
    default = "t2.nano"
}

variable "public_key_path" {
    default = "id_rsa.pub"
}

variable "private_key_path" {
    default = "id_rsa"
}

variable "ami-username" {
    default = "ubuntu"
}

variable "ami" {
    type = "map"

    default = {
        us-east-1 = "ami-0f9cf087c1f27d9b1"
        us-east-2 = "ami-0653e888ec96eab9b"
    }
}

variable "availability_zone" {
    type = "map"

    default = {
        us-east-1 = "us-east-1a"
        us-east-2 = "us-east-2a"
    }
}

provider "aws" {
    region = "${var.region}"
}

# Network Resources

resource "aws_vpc" "vpc" {
    cidr_block = "${var.vpc_cidr}"
    enable_dns_hostnames = true

    tags {
        Name = "${var.cluster_name}-${var.region_name}-vpc"
    }
}

resource "aws_subnet" "subnet" {
    vpc_id = "${aws_vpc.vpc.id}"
    cidr_block = "${var.vpc_cidr}"
    availability_zone = "${lookup(var.availability_zone, var.region)}"

    tags {
        Name = "${var.cluster_name}-${var.region_name}-subnet"
    }
}

resource "aws_security_group" "sg" {
    name = "vpc_test"
    description = "Allow all"

    ingress {
        from_port   = 0
        to_port     = 0
        protocol    = "-1"
        cidr_blocks = ["0.0.0.0/0"]
    }

    egress {
        from_port   = 0
        to_port     = 0
        protocol    = "-1"
        cidr_blocks = ["0.0.0.0/0"]
    }

    vpc_id="${aws_vpc.vpc.id}"

    tags {
        Name = "${var.cluster_name}-${var.region_name}-security-group"
    }
}

resource "aws_internet_gateway" "gw" {
    vpc_id = "${aws_vpc.vpc.id}"

    tags {
        Name = "${var.cluster_name}-${var.region_name}-gateway"
    }
}

resource "aws_route_table" "public-rt" {
    vpc_id = "${aws_vpc.vpc.id}"

    route {
        cidr_block = "0.0.0.0/0"
        gateway_id = "${aws_internet_gateway.gw.id}"
    }

    tags {
        Name = "${var.cluster_name}-${var.region_name}-subnet-rt"
    }
}

resource "aws_route_table_association" "public-rt" {
    subnet_id = "${aws_subnet.subnet.id}"
    route_table_id = "${aws_route_table.public-rt.id}"
}


# Instance Resources

resource "aws_key_pair" "kp" {
    key_name = "${var.cluster_name}-${var.region_name}-key"
    public_key = "${file("${var.public_key_path}")}"
}

resource "aws_instance" "node" {
    ami = "${lookup(var.ami, var.region)}"
    instance_type = "${var.instance_type}"
    count = "${var.nb_nodes}"

    key_name = "${aws_key_pair.kp.id}"
    subnet_id = "${aws_subnet.subnet.id}"
    vpc_security_group_ids = ["${aws_security_group.sg.id}"]
    source_dest_check = false
    associate_public_ip_address = true

    root_block_device {
        volume_size = 20
    }

    tags {
        Name = "${var.cluster_name}-${var.region_name}-${count.index}"
    }
}

output "region" {
    value = "${var.region}"
}

output "vpc_id" {
    value = "${aws_vpc.vpc.id}"
}
Run Code Online (Sandbox Code Playgroud)

这是创建对等连接的模块

# Required Variables

variable "request_vpc_id" {}
variable "accept_vpc_id" {}
variable "request_region" {}
variable "accept_region" {}

data "aws_caller_identity" "current" {}

provider "aws" {
    region = "${var.request_region}"
}

resource "aws_vpc_peering_connection" "con" {
    peer_owner_id = "${data.aws_caller_identity.current.account_id}"
    vpc_id        = "${var.request_vpc_id}"
    peer_vpc_id   = "${var.accept_vpc_id}"
    auto_accept   = true
}
Run Code Online (Sandbox Code Playgroud)

如果我做这样的事情,在同一区域创建 2 个 VPC,它工作正常 

variable "cluster_name"{
    default = "aws-multi-region"
}

variable "nodes_per_region" {
    default = "1"
}

module "region-1" {
    source  = "./simple_region/"
    region = "us-east-1"
    cluster_name = "${var.cluster_name}"
    region_name = "east"
    vpc_cidr = "10.0.0.0/24"
    nb_nodes = "${var.nodes_per_region}"
}

module "region-2" {
    source  = "./simple_region/"
    region = "us-east-1"
    cluster_name = "${var.cluster_name}"
    region_name = "west"
    vpc_cidr = "11.1.1.0/24"
    nb_nodes = "${var.nodes_per_region}"
}

module "vpc_peer_1" {
    source  = "./vpc_peer/"
    request_region = "${module.region-1.region}"
    request_vpc_id = "${module.region-1.vpc_id}"
    accept_region = "${module.region-2.region}"
    accept_vpc_id = "${module.region-2.vpc_id}"
}
Run Code Online (Sandbox Code Playgroud)

如果我尝试在不同区域创建 VPC,问题就会出现

variable "cluster_name"{
    default = "aws-multi-region"
}

variable "nodes_per_region" {
    default = "1"
}

module "region-1" {
    source  = "./simple_region/"
    region = "us-east-1"
    cluster_name = "${var.cluster_name}"
    region_name = "east"
    vpc_cidr = "10.0.0.0/24"
    nb_nodes = "${var.nodes_per_region}"
}

module "region-2" {
    source  = "./simple_region/"
    region = "us-east-2"
    cluster_name = "${var.cluster_name}"
    region_name = "west"
    vpc_cidr = "11.1.1.0/24"
    nb_nodes = "${var.nodes_per_region}"
}

module "vpc_peer_1" {
    source  = "./vpc_peer/"
    request_region = "${module.region-1.region}"
    request_vpc_id = "${module.region-1.vpc_id}"
    accept_region = "${module.region-2.region}"
    accept_vpc_id = "${module.region-2.vpc_id}"
}
Run Code Online (Sandbox Code Playgroud)

我收到一个错误

Error: Error applying plan:

1 error(s) occurred:

* module.vpc_peer_1.aws_vpc_peering_connection.con: 1 error(s) occurred:

* aws_vpc_peering_connection.con: Error waiting for VPC Peering Connection to become available: Error waiting for VPC Peering Connection (pcx-0d423f938490fde63) to become available: Failed due to incorrect VPC-ID, Account ID, or overlapping CIDR range

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
Run Code Online (Sandbox Code Playgroud)

我已经尝试在 aws ui 中手动创建 vpc 连接并且工作正常,所以我想知道这是否是一个 terraform 错误,或者我是否需要对 vpc_peer 模块中的区域做一些事情。

rva*_*bdn 6

似乎这就是答案 

# Required Variables

variable "request_vpc_id" {}
variable "accept_vpc_id" {}
variable "request_region" {}
variable "accept_region" {}

data "aws_caller_identity" "current" {}

provider "aws" {
    region = "${var.request_region}"
}

provider "aws" {
  alias  = "peer"
  region = "${var.accept_region}"
}

# Requester's side of the connection.
resource "aws_vpc_peering_connection" "peer" {
  vpc_id        = "${var.request_vpc_id}"
  peer_vpc_id   = "${var.accept_vpc_id}"
  peer_owner_id = "${data.aws_caller_identity.current.account_id}"
  peer_region   = "${var.accept_region}"
  auto_accept   = false

  tags = {
    Side = "Requester"
  }
}

# Accepter's side of the connection.
resource "aws_vpc_peering_connection_accepter" "peer" {
  provider                  = "aws.peer"
  vpc_peering_connection_id = "${aws_vpc_peering_connection.peer.id}"
  auto_accept               = true

  tags = {
    Side = "Accepter"
  }
}
Run Code Online (Sandbox Code Playgroud)

归档时间:

查看次数:

1967 次

最近记录:

6 年,6 月 前
相关归档
AWS Fargate 服务:扩展到零? 15
EC2:一个实例的多个 ssh 密钥? 14
在 SSL 终止负载均衡器后面的 EC2 实例上的 SSL 重定向 11
AWS EC2 密钥对应该存储在哪里? 9
AWS yum 不适用于私有子网(适用于公共子网) 7
Terraform:如何在创建 NAT 网关之前防止 ASG ec2 实例出现 6
MySQL JDBC 强制忽略 AWS RDS 上的客户端证书 5
Cloudformation 内在函数 Fn::Sub 映射 5
CloudWatch InSights:如何以列表形式一次性提取/查询所有 JSON 数组元素 5
S3 是保留实时 linux 用户主目录的正确选择吗? 0
难疑归档
使用 CLI 工具显示远程 SSL 证书详细信息 321
是否可以将进程与其终端分离?(或者,“我应该使用屏幕!”) 162
如何重命名 Windows Server 2008 R2 上的任务计划中的任务 136
如何在 Linux 上监控硬盘负载? 115
您是否需要在 nginx 中使用单独的 IPv4 和 IPv6 侦听指令? 86
将电缆的两侧插入单个网络设备时会发生什么? 86
在 Ubuntu 上自动安装 postfix 74
Nginx 将一条路径重定向到另一条路径 70
向现有 SSH 公钥添加注释 69
具有并行处理功能的更好的 Unix 查找? 52