我在Terraform中遇到问题,子网是用错误的CIDR地址生成的。在Github提出问题之前,我只是想检查是否有人在我的工作中看到错误。
创建子网的代码是:
resource "aws_subnet" "public" {
vpc_id = "${aws_vpc.vpc.id}"
cidr_block = "${var.public_subnets[count.index]}"
availability_zone = "${var.azs[count.index]}"
count = "${length(var.public_subnets)}"
tags {
Name = "${var.name}-subnet-public-${element(var.azs, count.index)}"
env = "${var.env}"
role = "vpc-subnet-public"
terraform = "true"
}
map_public_ip_on_launch = "${var.map_public_ip_on_launch}"
}
resource "aws_subnet" "private-app" {
vpc_id = "${aws_vpc.vpc.id}"
cidr_block = "${var.private_subnets_app[count.index]}"
availability_zone = "${var.azs[count.index]}"
count = "${length(var.private_subnets_app)}"
tags {
Name = "${var.name}-subnet-private-app-${element(var.azs, count.index)}"
env = "${var.env}"
role = "vpc-subnet-private-app"
terraform = "true"
}
}
resource "aws_subnet" "private-data" {
vpc_id = "${aws_vpc.vpc.id}"
cidr_block = "${var.private_subnets_data[count.index]}"
availability_zone = "${var.azs[count.index]}"
count = "${length(var.private_subnets_data)}"
tags {
Name = "${var.name}-subnet-private-data-${element(var.azs, count.index)}"
env = "${var.env}"
role = "vpc-subnet-private-data"
terraform = "true"
}
}
使用该模块的代码是:
module "vpc" {
source = "../modules/vpc"
name = "vpc-${var.env}"
env = "${var.env}"
azs = "${var.azs}"
vpc_cidr_block = "${var.vpc_cidr_block}"
public_subnets = ["10.10.0.0/20", "10.10.64.0/20", "10.10.128.0/20"]
private_subnets_app = ["10.10.16.0/20", "10.10.68.0/20", "10.10.132.0/20"]
private_subnets_data = ["10.10.32.0/20", "10.10.72.0/20", "10.10.136.0/20"]
map_public_ip_on_launch = "true"
}
Terraform生成正确的计划:
Path: development.plan
+ module.vpc.aws_subnet.private-app.0
availability_zone: "eu-west-1a"
cidr_block: "10.10.16.0/20"
map_public_ip_on_launch: "false"
tags.%: "4"
tags.Name: "vpc-development-subnet-private-app-eu-west-1a"
tags.env: "development"
tags.role: "vpc-subnet-private-app"
tags.terraform: "true"
vpc_id: "vpc-e5200781"
+ module.vpc.aws_subnet.private-app.1
availability_zone: "eu-west-1b"
cidr_block: "10.10.68.0/20"
map_public_ip_on_launch: "false"
tags.%: "4"
tags.Name: "vpc-development-subnet-private-app-eu-west-1b"
tags.env: "development"
tags.role: "vpc-subnet-private-app"
tags.terraform: "true"
vpc_id: "vpc-e5200781"
+ module.vpc.aws_subnet.private-app.2
availability_zone: "eu-west-1c"
cidr_block: "10.10.132.0/20"
map_public_ip_on_launch: "false"
tags.%: "4"
tags.Name: "vpc-development-subnet-private-app-eu-west-1c"
tags.env: "development"
tags.role: "vpc-subnet-private-app"
tags.terraform: "true"
vpc_id: "vpc-e5200781"
+ module.vpc.aws_subnet.private-data.0
availability_zone: "eu-west-1a"
cidr_block: "10.10.32.0/20"
map_public_ip_on_launch: "false"
tags.%: "4"
tags.Name: "vpc-development-subnet-private-data-eu-west-1a"
tags.env: "development"
tags.role: "vpc-subnet-private-data"
tags.terraform: "true"
vpc_id: "vpc-e5200781"
+ module.vpc.aws_subnet.private-data.1
availability_zone: "eu-west-1b"
cidr_block: "10.10.72.0/20"
map_public_ip_on_launch: "false"
tags.%: "4"
tags.Name: "vpc-development-subnet-private-data-eu-west-1b"
tags.env: "development"
tags.role: "vpc-subnet-private-data"
tags.terraform: "true"
vpc_id: "vpc-e5200781"
+ module.vpc.aws_subnet.private-data.2
availability_zone: "eu-west-1c"
cidr_block: "10.10.136.0/20"
map_public_ip_on_launch: "false"
tags.%: "4"
tags.Name: "vpc-development-subnet-private-data-eu-west-1c"
tags.env: "development"
tags.role: "vpc-subnet-private-data"
tags.terraform: "true"
vpc_id: "vpc-e5200781"
+ module.vpc.aws_subnet.public.0
availability_zone: "eu-west-1a"
cidr_block: "10.10.0.0/20"
map_public_ip_on_launch: "true"
tags.%: "4"
tags.Name: "vpc-development-subnet-public-eu-west-1a"
tags.env: "development"
tags.role: "vpc-subnet-public"
tags.terraform: "true"
vpc_id: "vpc-e5200781"
+ module.vpc.aws_subnet.public.1
availability_zone: "eu-west-1b"
cidr_block: "10.10.64.0/20"
map_public_ip_on_launch: "true"
tags.%: "4"
tags.Name: "vpc-development-subnet-public-eu-west-1b"
tags.env: "development"
tags.role: "vpc-subnet-public"
tags.terraform: "true"
vpc_id: "vpc-e5200781"
+ module.vpc.aws_subnet.public.2
availability_zone: "eu-west-1c"
cidr_block: "10.10.128.0/20"
map_public_ip_on_launch: "true"
tags.%: "4"
tags.Name: "vpc-development-subnet-public-eu-west-1c"
tags.env: "development"
tags.role: "vpc-subnet-public"
tags.terraform: "true"
vpc_id: "vpc-e5200781"
Plan: 9 to add, 0 to change, 0 to destroy.
但是当我应用它时,会使用错误的CIDR地址创建一些子网,因此会导致冲突。这些是日志:
Error applying plan:
2017/01/16 17:04:58 [DEBUG] plugin: waiting for all plugin processes to complete...
4 error(s) occurred:
* aws_subnet.public.2: Error creating subnet: InvalidSubnet.Conflict: The CIDR '10.10.128.0/20' conflicts with another subnet
status code: 400, request id: e77f399d-1451-4fea-bffb-473386ee9398
* aws_subnet.private-app.1: Error creating subnet: InternalError: An internal error has occurred
status code: 500, request id: c0c09a05-a00b-4eda-987d-075447b0a183
* aws_subnet.private-data.1: Error creating subnet: InternalError: An internal error has occurred
status code: 500, request id: 6d989fc2-6dc3-4e24-a152-b2abac376046
* aws_subnet.private-data.2: Error creating subnet: InternalError: An internal error has occurred
status code: 500, request id: ecda81f9-12be-4ea3-b883-04e5f074ca87
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
如果我做一个terraform节目你可以看到其中一个私人子网的CIDR块不正确:
module.vpc.aws_subnet.private-app.0:
id = subnet-c1210bb7
availability_zone = eu-west-1a
cidr_block = 10.10.16.0/20
map_public_ip_on_launch = false
tags.% = 4
tags.Name = vpc-development-subnet-private-app-eu-west-1a
tags.env = development
tags.role = vpc-subnet-private-app
tags.terraform = true
vpc_id = vpc-e5200781
module.vpc.aws_subnet.private-app.2:
id = subnet-ebf4c28f
availability_zone = eu-west-1c
cidr_block = 10.10.128.0/20
map_public_ip_on_launch = false
tags.% = 4
tags.Name = vpc-development-subnet-private-app-eu-west-1c
tags.env = development
tags.role = vpc-subnet-private-app
tags.terraform = true
vpc_id = vpc-e5200781
module.vpc.aws_subnet.private-data.0:
id = subnet-ce210bb8
availability_zone = eu-west-1a
cidr_block = 10.10.32.0/20
map_public_ip_on_launch = false
tags.% = 4
tags.Name = vpc-development-subnet-private-data-eu-west-1a
tags.env = development
tags.role = vpc-subnet-private-data
tags.terraform = true
vpc_id = vpc-e5200781
module.vpc.aws_subnet.public.0:
id = subnet-c0210bb6
availability_zone = eu-west-1a
cidr_block = 10.10.0.0/20
map_public_ip_on_launch = true
tags.% = 4
tags.Name = vpc-development-subnet-public-eu-west-1a
tags.env = development
tags.role = vpc-subnet-public
tags.terraform = true
vpc_id = vpc-e5200781
module.vpc.aws_subnet.public.1:
id = subnet-a596e5fd
availability_zone = eu-west-1b
cidr_block = 10.10.64.0/20
map_public_ip_on_launch = true
tags.% = 4
tags.Name = vpc-development-subnet-public-eu-west-1b
tags.env = development
tags.role = vpc-subnet-public
tags.terraform = true
vpc_id = vpc-e5200781
module.vpc.aws_subnet.private-app.2的子网应为10.10.132.0/20。尝试运行时我也遇到500错误,但我不知道它是否相关。
如果有人能够确认他们之前是否已经看过这种行为,或者它是否看起来像是一个错误,我将不胜感激,在这种情况下我会在github上加注。
非常感谢