jon*_*mix -1 cloud google-cloud-platform terraform
我现在已经花了很长时间来解决这个问题..所以主机项目已经存在..并且已经设置了所有VPN和网络。我希望通过 Terraform 创建一个新项目,并允许它使用主机项目共享 VPC。
每当我遇到一个问题并最终解决它时,我就会遇到另一个问题。
现在我看到:
google_compute_shared_vpc_service_project.project: googleapi: Error 404: The resource 'projects/intacct-staging-db3b7e7a' was not found, notFound
* google_compute_instance.dokku: 1 error(s) occurred:
也:
google_compute_instance.dokku: Error loading zone 'europe-west2-a': googleapi: Error 404: Failed to find project intacct-staging, notFound
我最初确信它是排序的,这就是为什么我正在尝试配置depends_on,尝试整理顺序。这似乎还没有解决它。
简单地阅读它,google_compute_shared_vpc_service_project就其而言并不存在google_compute_shared_vpc_service_project。尽管我已添加以下内容google_compute_shared_vpc_service_project:
depends_on = ["google_project.project",
"google_compute_shared_vpc_host_project.host_project",
]
也许,因为宿主项目已经存在,我应该使用data它来引用它而不是resource?
我的完整 TF 文件在这里:
provider "google" {
region = "${var.gcp_region}"
credentials = "${file("./creds/serviceaccount.json")}"
}
resource "random_id" "id" {
byte_length = 4
prefix = "${var.project_name}-"
}
resource "google_project" "project" {
name = "${var.project_name}"
project_id = "${random_id.id.hex}"
billing_account = "${var.billing_account}"
org_id = "${var.org_id}"
}
resource "google_project_services" "project" {
project = "${google_project.project.project_id}"
services = [
"compute.googleapis.com"
]
depends_on = [ "google_project.project" ]
}
# resource "google_service_account" "service-account" {
# account_id = "intacct-staging-service"
# display_name = "Service Account for the intacct staging app"
# }
resource "google_compute_shared_vpc_host_project" "host_project" {
project = "${var.vpc_parent}"
}
resource "google_compute_shared_vpc_service_project" "project" {
host_project = "${google_compute_shared_vpc_host_project.host_project.project}"
service_project = "${google_project.project.project_id}"
depends_on = ["google_project.project",
"google_compute_shared_vpc_host_project.host_project",
]
}
resource "google_compute_address" "dokku" {
name = "fr-intacct-staging-ip"
address_type = "EXTERNAL"
project = "${google_project.project.project_id}"
depends_on = [ "google_project_services.project" ]
}
resource "google_compute_instance" "dokku" {
project = "${google_project.project.name}"
name = "dokku-host"
machine_type = "${var.comp_type}"
zone = "${var.gcp_zone}"
allow_stopping_for_update = "true"
tags = ["intacct"]
# Install Dokku
metadata_startup_script = <<SCRIPT
sed -i 's/PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config && service sshd restart
SCRIPT
boot_disk {
initialize_params {
image = "${var.compute_image}"
}
}
network_interface {
subnetwork = "${var.subnetwork}"
subnetwork_project = "${var.vpc_parent}"
access_config = {
nat_ip = "${google_compute_address.dokku.address}"
}
}
metadata {
sshKeys = "root:${file("./id_rsa.pub")}"
}
}
编辑:
如下所述,我能够通过将引用更改为project_id而不是name名称不包含随机十六进制来解决后一个项目未找到错误。
我现在还看到另一个错误,涉及静态 IP。网络接口配置为使用主机 VPC 中的子网...
network_interface {
subnetwork = "${var.subnetwork}"
subnetwork_project = "${var.vpc_parent}"
access_config = {
nat_ip = "${google_compute_address.dokku.address}"
}
}
IP在这里设置:
resource "google_compute_address" "dokku" {
name = "fr-intacct-staging-ip"
address_type = "EXTERNAL"
project = "${google_project.project.project_id}"
}
IP确实应该在主机项目中,我已经尝试过......当我这样做时,我收到一条错误消息,指出此资源不允许跨项目。
当我更改为上述内容时,它还会错误地指出新项目现在能够处理 API 调用。我认为这是有意义的,因为我只允许每个google_project_services资源进行计算 API 调用。
我将尝试允许网络 API 调用并查看是否有效,但我认为外部 IP 需要位于宿主项目的共享 VPC 中?
| 归档时间: |
|
| 查看次数: |
2158 次 |
| 最近记录: |