我正在尝试使用Ansible编辑apache.conf.这是我的conf的一部分:
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks …我想设置Terraform来管理dev/stage/prod环境.所有环境中的基础结构都是相同的,但每个环境中的变量都存在差异.
现在,在Terraform 0.10中引入了工作空间,理想的Terraform项目结构是什么样的?在命名/标记基础架构时如何引用工作区?
我想长时间创建保留实例,例如一年运行时间.有人知道Terraform是否允许在AWS中创建此类保留实例吗?
我现在可以在Terraform文档中找到任何内容.
我有一个Terraform脚本,它创建启动配置,自动缩放组,单个ALB,一个目标组和一个侦听器。使用自动扩展组启动实例。
如何在同一脚本中通过Terraform在目标组中添加新启动的实例?
resource "aws_launch_configuration" "CF2TF-LC" {
name = "CF2TF-LC"
depends_on = ["aws_iam_role_policy_attachment.CF2TF-IAM-PA", "aws_security_group.CF2TF-SG-Web"]
image_id = "ami-14c5486b"
instance_type = "t2.micro"
iam_instance_profile = "${aws_iam_instance_profile.CF2TF-IAM-IP.id}"
key_name = "CF2TF"
security_groups = ["${aws_security_group.CF2TF-SG-Web.id}"]
user_data = "${template_file.CF2TF-UserData.rendered}"
}
resource "aws_autoscaling_group" "CF2TF-ASG" {
name = "CF2TF-ASG"
depends_on = ["aws_launch_configuration.CF2TF-LC"]
vpc_zone_identifier = ["${aws_subnet.CF2TF-Subnet-1a.id}", "${aws_subnet.CF2TF-Subnet-1d.id}"]
max_size = 3
min_size = 2
health_check_grace_period = 300
health_check_type = "EC2"
desired_capacity = 2
force_delete = true
launch_configuration = "${aws_launch_configuration.CF2TF-LC.id}"
}
resource "aws_lb" "CF2TF-ALB" {
name = "CF2TF-ALB"
subnets = ["${aws_subnet.CF2TF-Subnet-1a.id}", "${aws_subnet.CF2TF-Subnet-1d.id}"]
internal …我尝试使用以下代码使用 Terraform 的外部数据源检索现有的 EKS 证书指纹:
指纹.sh
#!/bin/bash
THUMBPRINT=$(echo | openssl s_client -servername oidc.eks.${1}.amazonaws.com -showcerts -connect oidc.eks.${1}.amazonaws.com:443 2>&- | tac | sed -n '/-----END CERTIFICATE-----/,/-----BEGIN CERTIFICATE-----/p; /-----BEGIN CERTIFICATE-----/q' | tac | openssl x509 -fingerprint -noout | sed 's/://g' | awk -F= '{print tolower($2)}')
THUMBPRINT_JSON="{\"thumbprint\": \"${THUMBPRINT}\"}"
echo $THUMBPRINT_JSON
数据.tf
data "external" "thumbprint" {
program = ["${path.root}/scripts/thumbprint.sh", data.aws_region.current.name]
}
openid.tf
resource "aws_iam_openid_connect_provider" "openid" {
depends_on = [data.external.thumbprint]
client_id_list = ["sts.amazonaws.com"]
thumbprint_list = [data.external.thumbprint.result.thumbprint]
url = data.aws_eks_cluster.this.identity.0.oidc.0.issuer
}
并使用data.external.thumbprint.result.thumbprint.
主要问题是我很困惑,有时我从指纹中获取数据,有时 …
amazon-web-services openid-connect terraform terraform-provider-aws amazon-eks
所以我在我的电脑上运行Chromedriver(胜利,管理员模式)
chromedriver.exe --verbose --whitelisted-ips=
在我的服务器上,我有我想在自己的计算机上运行的测试.
所以我设置了远程Webdriver,测试似乎没有问题,但我没有看到Chromedriver在我的计算机上生成任何Chrome窗口,也没有看到任何日志消息.我的服务器上的测试最终超时并显示:
File "/server/tests/test.py", line 173, in test
browser = Browser(driver_name="remote",url="http://23.23.23.23:9515/wd/hub", browser='chrome',user_agent='test', desired_capabilities=options.to_capabilities())
File "/usr/local/lib/python2.7/dist-packages/splinter/browser.py", line 63, in Browser
return driver(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/splinter/driver/webdriver/remote.py", line 26, in __init__
self.driver = Remote(url, abilities)
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/webdriver.py", line 73, in __init__
self.start_session(desired_capabilities, browser_profile)
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/webdriver.py", line 121, in start_session
'desiredCapabilities': desired_capabilities,
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/webdriver.py", line 171, in execute
response = self.command_executor.execute(driver_command, params)
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/remote_connection.py", line 349, in execute
return self._request(command_info[0], url, body=data)
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/remote_connection.py", line 417, in _request
resp = …我正在尝试使用Terraform创建一个OpenStack实例,但是我收到以下错误:
Error applying plan:
1 error(s) occurred:
* openstack_compute_instance_v2.basic: Error creating OpenStack server: Invalid
request due to incorrect syntax or missing required parameters.
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
但是相同的Terraform代码在我的OpenStack帐户中成功创建了安全组,密钥对和卷
这是我的Terraform代码:
provider "openstack" {
user_name = "admin"
tenant_name = "admin"
password = "admin"
auth_url = "http://my_IP():5000/v2.0"
}
resource "openstack_blockstorage_volume_v1" "myvol" {
name = "myvol"
size = 1
}
resource "openstack_compute_instance_v2" "basic" {
name = "basic"
image_id …我制作了一个由 CloudFront 提供服务的静态网站托管 S3 存储桶。我想仅通过 Origin Access Identity 直接限制来自 CloudFront 的存储桶访问。
我尝试更新 S3 存储桶策略,但显示错误:
Error putting S3 policy: MalformedPolicy: Invalid principal in policy status code: 400, request id
我正在尝试使用以下政策:
resource "aws_s3_bucket_policy" "default" {
bucket = "${aws_s3_bucket.default.id}"
policy = <<EOF
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "2",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${aws_cloudfront_origin_access_identity.origin_access_identity.id}"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::$/*"
}
]
}
EOF
}
我是 Terraform 的新手,对id资源返回的属性感到困惑。
鉴于:
data "azurerm_subnet" "aas_mng_subnet" {
name = "${var.prefix}-${var.env_type}-subnet-${var.site_octet}.50.x"
virtual_network_name = "${data.azurerm_virtual_network.main.name}"
resource_group_name = "${var.prefix}-${var.env_type}"
}
和
subnet_id = "${data.azurerm_subnet.aas_mng_subnet.id}"
价值是多少subnet_id?我的意思是一般情况 - 不是特定于这个例子。.id该属性出现在每个地方的值是多少?
Terraform 文档试图解释这一点,但我不确定我是否仍然理解它:
数据源的属性
语法为 data.TYPE.NAME.ATTRIBUTE。例如。
${data.aws_ami.ubuntu.id}将从名为 的数据源插入id属性。如果数据源设置了计数属性,则可以使用从零开始的索引访问各个属性,例如 。您还可以使用 splat 语法来获取所有属性的列表: 。aws_amiubuntu${data.aws_subnet.example.0.cidr_block}${data.aws_subnet.example.*.cidr_block}
如果有人能用其他词语和/或例子向我解释,我将不胜感激。
我有一个我认为是带有 Redis 的 AWS ElastiCache 的简单 Terraform 配置:
resource "aws_elasticache_replication_group" "my_replication_group" {
replication_group_id = "my-rep-group",
replication_group_description = "eln00b"
node_type = "cache.m4.large"
port = 6379
parameter_group_name = "default.redis5.0.cluster.on"
snapshot_retention_limit = 1
snapshot_window = "00:00-05:00"
subnet_group_name = "${aws_elasticache_subnet_group.my_subnet_group.name}"
automatic_failover_enabled = true
cluster_mode {
num_node_groups = 1
replicas_per_node_group = 1
}
}
我尝试使用以下方法定义端点输出:
output "my_cache" {
value = "${aws_elasticache_replication_group.my_replication_group.primary_endpoint_address}"
}
当我通过 terragrunt 运行 apply 时,我得到:
错误:运行计划出错:发生 1 个错误:
module.mod.output.my_cache:资源“aws_elasticache_replication_group.my_replication_group”没有变量“aws_elasticache_replication_group.my_replication_group.primary_endpoint_address”的属性“primary_endpoint_address”
我在这里做错了什么?
amazon-web-services amazon-elasticache terraform redis-cluster