尝试在Terraform中运行多个区域时出现复制错误

时间:2018-09-25 14:31:31

标签: terraform

如果有人想要完整的代码,存储库就在这里

https://github.com/ehime/terraform-multiregion-openvpn

错误

Error: Error applying plan:

4 error(s) occurred:

* module.eu-west.aws_key_pair.terraformer: 1 error(s) occurred:

* aws_key_pair.terraformer: Error import KeyPair: InvalidKeyPair.Duplicate: The keypair 'openvpn-key' already exists.
    status code: 400, request id: 52818ed9-bfbf-4cd6-a301-bcb288450ce1
* module.eu-west.aws_security_group.openvpn: 1 error(s) occurred:

* aws_security_group.openvpn: Error creating Security Group: InvalidGroup.Duplicate: The security group 'openvpn' already exists for VPC 'vpc-bcbd13d4'
    status code: 400, request id: 6f950685-e810-4828-bb67-c057c0c2feae
* module.us-west.aws_security_group.openvpn: 1 error(s) occurred:

* aws_security_group.openvpn: Error creating Security Group: InvalidGroup.Duplicate: The security group 'openvpn' already exists for VPC 'vpc-eda4a294'
    status code: 400, request id: c3aa4e3b-5765-40c7-8dc6-8a208b9f39b6
* module.us-west.aws_key_pair.terraformer: 1 error(s) occurred:

* aws_key_pair.terraformer: Error import KeyPair: InvalidKeyPair.Duplicate: The keypair 'openvpn-key' already exists.
    status code: 400, request id: 057e0dc4-c757-4b54-b36a-5cbebd69cb2d

模块

data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  owners = ["099720109477"] # Canonical
}

data "aws_availability_zones" "current" {}

resource "aws_instance" "openvpn" {
  ami           = "${var.ami == "" ? data.aws_ami.ubuntu.id : var.ami}"
  instance_type = "${var.instance_type}"

  availability_zone = "${data.aws_availability_zones.current.id}"

  monitoring = false
  key_name   = "${aws_key_pair.terraformer.key_name}"

  tags {
    Name = "openvpn${var.deployment_suffix}"
  }

  security_groups = ["${aws_security_group.openvpn.name}"]
}

resource "aws_security_group" "openvpn" {
  name        = "openvpn${var.deployment_suffix}"
  description = "openvpn${var.deployment_suffix} security groups"
}

resource "aws_security_group_rule" "vpn-clients" {
  type              = "ingress"
  from_port         = 1194
  to_port           = 1194
  protocol          = "udp"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = "${aws_security_group.openvpn.id}"
}

resource "aws_security_group_rule" "main_egress" {
  type              = "egress"
  from_port         = 0
  to_port           = 0
  protocol          = "-1"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = "${aws_security_group.openvpn.id}"
}

resource "aws_security_group_rule" "ssh" {
  type              = "ingress"
  from_port         = 22
  to_port           = 22
  protocol          = "tcp"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = "${aws_security_group.openvpn.id}"
}

resource "aws_eip" "openvpn" {
  instance = "${aws_instance.openvpn.id}"
}

resource "aws_key_pair" "terraformer" {
  key_name   = "openvpn-key"
  public_key = "${file("${var.pub_key}")}"
}

output "ip" {
  value = "${aws_eip.openvpn.public_ip}"
}

主脚本

provider "aws" {
  alias                   = "eu-west"
  profile                 = "${var.aws_profile}"
  shared_credentials_file = "${pathexpand("~/.aws/config")}"
  region                  = "eu-west-2"
}

provider "aws" {
  alias                   = "us-west"
  profile                 = "${var.aws_profile}"
  shared_credentials_file = "${pathexpand("~/.aws/config")}"
  region                  = "us-west-2"
}

module "eu-west" {
  providers = {
    "aws" = "aws.eu-west"
  }

  source        = "modules/openvpn"
  aws_profile   = "${var.aws_profile}"
  aws_region    = "eu-west-2"
  instance_type = "t2.micro"
  ami           = "${var.ami}"
  pub_key       = "${var.pub_key}"
}

output "eu-west-ip" {
  value = "${module.eu-west.ip}"
}

module "us-west" {
  providers = {
    "aws" = "aws.us-west"
  }

  source        = "modules/openvpn"
  instance_type = "t2.micro"
  aws_profile   = "${var.aws_profile}"
  aws_region    = "us-west-2"
  ami           = "${var.ami}"
  pub_key       = "${var.pub_key}"
}

output "us-west-ip" {
  value = "${module.us-west.ip}"
}

这是奔跑

bash-4.4$ unset TF_LOG
bash-4.4$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.aws_availability_zones.current: Refreshing state...
data.aws_ami.ubuntu: Refreshing state...
data.aws_availability_zones.current: Refreshing state...
data.aws_ami.ubuntu: Refreshing state...

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + module.eu-west.aws_eip.openvpn
      id:                           <computed>
      allocation_id:                <computed>
      association_id:               <computed>
      domain:                       <computed>
      instance:                     "${aws_instance.openvpn.id}"
      network_interface:            <computed>
      private_ip:                   <computed>
      public_ip:                    <computed>
      vpc:                          <computed>

  + module.eu-west.aws_instance.openvpn
      id:                           <computed>
      ami:                          "ami-06dcf6f1d32fee1f5"
      arn:                          <computed>
      associate_public_ip_address:  <computed>
      availability_zone:            "2018-09-25 14:12:32.778713 +0000 UTC"
      cpu_core_count:               <computed>
      cpu_threads_per_core:         <computed>
      ebs_block_device.#:           <computed>
      ephemeral_block_device.#:     <computed>
      get_password_data:            "false"
      instance_state:               <computed>
      instance_type:                "t2.micro"
      ipv6_address_count:           <computed>
      ipv6_addresses.#:             <computed>
      key_name:                     "openvpn-key"
      monitoring:                   "false"
      network_interface.#:          <computed>
      network_interface_id:         <computed>
      password_data:                <computed>
      placement_group:              <computed>
      primary_network_interface_id: <computed>
      private_dns:                  <computed>
      private_ip:                   <computed>
      public_dns:                   <computed>
      public_ip:                    <computed>
      root_block_device.#:          <computed>
      security_groups.#:            "1"
      security_groups.3033708533:   "openvpn"
      source_dest_check:            "true"
      subnet_id:                    <computed>
      tags.%:                       "1"
      tags.Name:                    "openvpn"
      tenancy:                      <computed>
      volume_tags.%:                <computed>
      vpc_security_group_ids.#:     <computed>

  + module.eu-west.aws_key_pair.terraformer
      id:                           <computed>
      fingerprint:                  <computed>
      key_name:                     "openvpn-key"
      public_key:                   "ssh-rsa .... user@email"

  + module.eu-west.aws_security_group.openvpn
      id:                           <computed>
      arn:                          <computed>
      description:                  "openvpn security groups"
      egress.#:                     <computed>
      ingress.#:                    <computed>
      name:                         "openvpn"
      owner_id:                     <computed>
      revoke_rules_on_delete:       "false"
      vpc_id:                       <computed>

  + module.eu-west.aws_security_group_rule.main_egress
      id:                           <computed>
      cidr_blocks.#:                "1"
      cidr_blocks.0:                "0.0.0.0/0"
      from_port:                    "0"
      protocol:                     "-1"
      security_group_id:            "${aws_security_group.openvpn.id}"
      self:                         "false"
      source_security_group_id:     <computed>
      to_port:                      "0"
      type:                         "egress"

  + module.eu-west.aws_security_group_rule.ssh
      id:                           <computed>
      cidr_blocks.#:                "1"
      cidr_blocks.0:                "0.0.0.0/0"
      from_port:                    "22"
      protocol:                     "tcp"
      security_group_id:            "${aws_security_group.openvpn.id}"
      self:                         "false"
      source_security_group_id:     <computed>
      to_port:                      "22"
      type:                         "ingress"

  + module.eu-west.aws_security_group_rule.vpn-clients
      id:                           <computed>
      cidr_blocks.#:                "1"
      cidr_blocks.0:                "0.0.0.0/0"
      from_port:                    "1194"
      protocol:                     "udp"
      security_group_id:            "${aws_security_group.openvpn.id}"
      self:                         "false"
      source_security_group_id:     <computed>
      to_port:                      "1194"
      type:                         "ingress"

  + module.us-west.aws_eip.openvpn
      id:                           <computed>
      allocation_id:                <computed>
      association_id:               <computed>
      domain:                       <computed>
      instance:                     "${aws_instance.openvpn.id}"
      network_interface:            <computed>
      private_ip:                   <computed>
      public_ip:                    <computed>
      vpc:                          <computed>

  + module.us-west.aws_instance.openvpn
      id:                           <computed>
      ami:                          "ami-09bfeda7337019518"
      arn:                          <computed>
      associate_public_ip_address:  <computed>
      availability_zone:            "2018-09-25 14:12:32.005232 +0000 UTC"
      cpu_core_count:               <computed>
      cpu_threads_per_core:         <computed>
      ebs_block_device.#:           <computed>
      ephemeral_block_device.#:     <computed>
      get_password_data:            "false"
      instance_state:               <computed>
      instance_type:                "t2.micro"
      ipv6_address_count:           <computed>
      ipv6_addresses.#:             <computed>
      key_name:                     "openvpn-key"
      monitoring:                   "false"
      network_interface.#:          <computed>
      network_interface_id:         <computed>
      password_data:                <computed>
      placement_group:              <computed>
      primary_network_interface_id: <computed>
      private_dns:                  <computed>
      private_ip:                   <computed>
      public_dns:                   <computed>
      public_ip:                    <computed>
      root_block_device.#:          <computed>
      security_groups.#:            "1"
      security_groups.3033708533:   "openvpn"
      source_dest_check:            "true"
      subnet_id:                    <computed>
      tags.%:                       "1"
      tags.Name:                    "openvpn"
      tenancy:                      <computed>
      volume_tags.%:                <computed>
      vpc_security_group_ids.#:     <computed>

  + module.us-west.aws_key_pair.terraformer
      id:                           <computed>
      fingerprint:                  <computed>
      key_name:                     "openvpn-key"
      public_key:                   "ssh-rsa .... user@email"

  + module.us-west.aws_security_group.openvpn
      id:                           <computed>
      arn:                          <computed>
      description:                  "openvpn security groups"
      egress.#:                     <computed>
      ingress.#:                    <computed>
      name:                         "openvpn"
      owner_id:                     <computed>
      revoke_rules_on_delete:       "false"
      vpc_id:                       <computed>

  + module.us-west.aws_security_group_rule.main_egress
      id:                           <computed>
      cidr_blocks.#:                "1"
      cidr_blocks.0:                "0.0.0.0/0"
      from_port:                    "0"
      protocol:                     "-1"
      security_group_id:            "${aws_security_group.openvpn.id}"
      self:                         "false"
      source_security_group_id:     <computed>
      to_port:                      "0"
      type:                         "egress"

  + module.us-west.aws_security_group_rule.ssh
      id:                           <computed>
      cidr_blocks.#:                "1"
      cidr_blocks.0:                "0.0.0.0/0"
      from_port:                    "22"
      protocol:                     "tcp"
      security_group_id:            "${aws_security_group.openvpn.id}"
      self:                         "false"
      source_security_group_id:     <computed>
      to_port:                      "22"
      type:                         "ingress"

  + module.us-west.aws_security_group_rule.vpn-clients
      id:                           <computed>
      cidr_blocks.#:                "1"
      cidr_blocks.0:                "0.0.0.0/0"
      from_port:                    "1194"
      protocol:                     "udp"
      security_group_id:            "${aws_security_group.openvpn.id}"
      self:                         "false"
      source_security_group_id:     <computed>
      to_port:                      "1194"
      type:                         "ingress"


Plan: 14 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

1 个答案:

答案 0 :(得分:0)

就像以前的部署一样,这些工件没有清理