我正在尝试使用Terraform(v 0.11.11)在Azure上部署MySQL数据库。我需要在main.tf文件中设置不同的部分:
目前,所有这些要求均有效,但最后一项除外,即 mysql虚拟网络规则3 。一切都在订阅A上创建,但是 mysql虚拟网络规则3 使用订阅B中包含的subnet_id。
这是问题所在,我该如何编写我的.tf文件以使用subnet_id来创建虚拟网络规则,该subnet_id的订阅不同于目前使用的订阅?
我尝试在Azure中手动进行操作,并且可以正常工作。在Azure门户上,即使它基于另一个订阅,我也可以选择子网。
#provider azurem.A is Subscription A in my text. Everything is created in this sub.
#prodiver azurem.B is Subscription B in my text. The subnet used to create vitual_network_rule_3 is in this subscription.
provider "azurerm" {
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
tenant_id = "${var.tenant_id}"
subscription_id = "${var.subscription}"
alias = "A"
}
provider "azurerm" {
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
tenant_id = "${var.tenant_id}"
subscription_id = "${var.subscription_B}"
alias = "B"
}
#Creating RG in Sub A.
resource "azurerm_resource_group" "rg" {
# attributes to create RG in Sub A. works well.
# ....
}
#Creating mysql server in Sub A.
resource "azurerm_mysql_server" "mysql_server" {
# attributes to create mysql server. works well.
# ....
}
#Creating mysql database in Sub A.
resource "azurerm_mysql_database" "mysql_db" {
# attributes to create mysql database. works well.
# ....
}
#Creating vnet rule using a subnet in Sub A. WORKING
resource "azurerm_mysql_virtual_network_rule" "mysql_vnet_1" {
count = "${var.vnet_one != "" ? 1 : 0}"
name = "subscription-peering-1"
resource_group_name = "${azurerm_resource_group.rg.name}"
server_name = "${azurerm_mysql_server.mysql_server.name}"
subnet_id = "${var.vnet_one}"
provider = "azurerm.A"
}
#Creating vnet rule using a subnet in Sub A. WORKING
resource "azurerm_mysql_virtual_network_rule" "mysql_vnet_2" {
count = "${var.vnet_two != "" ? 1 : 0}"
name = "subscription-peering-2"
resource_group_name = "${azurerm_resource_group.rg.name}"
server_name = "${azurerm_mysql_server.mysql_server.name}"
subnet_id = "${var.vnet_two}"
provider = "azurerm.A"
}
#Getting data to get the subnet in Subscription B in order to use it in "mysql_vnet_three".
#Uses the second provider, the one that contains Subcription B
data "azurerm_subnet" "subnet_data" {
name = "my-subB-subnet-name"
virtual_network_name = "my-subB-vnet-name"
resource_group_name = "my-subB-rg_name"
provider = "azurerm.B"
}
#Creating vnet rule using a subnet in Sub B. NOT WORKING
resource "azurerm_mysql_virtual_network_rule" "mysql_vnet_3" {
count = "${var.vnet_exploit != "" ? 1 : 0}"
name = "subscription-peering-3"
resource_group_name = "${azurerm_resource_group.rg.name}"
server_name = "${azurerm_mysql_server.mysql_server.name}"
subnet_id = "${data.azurerm_subnet.subnet_data.id}"
provider = "azurerm.A"
}
非常感谢!
答案 0 :(得分:0)
提供者不是 azurerm.B 吗?
#Creating vnet rule using a subnet in Sub B. NOT WORKING
resource "azurerm_mysql_virtual_network_rule" "mysql_vnet_3" {
count = "${var.vnet_exploit != "" ? 1 : 0}"
name = "subscription-peering-3"
resource_group_name = "${azurerm_resource_group.rg.name}"
server_name = "${azurerm_mysql_server.mysql_server.name}"
subnet_id = "${data.azurerm_subnet.subnet_data.id}"
provider = "azurerm.B"
}
答案 1 :(得分:0)
由于找不到使用TF资源的解决方案,因此我使用local-exec运行Az命令以创建vnet规则。
resource "null_resource" "create_vnet_rule_exploit_from_cli" {
count = "${var.vnet_exploit != "" ? 1 : 0}"
provisioner "local-exec" {
command = "az mysql server vnet-rule create --name subscription-peering-exploit
--server-name ${azurerm_mysql_server.mysql_server.name} --resource-group
${azurerm_resource_group.rg.name} --subnet ${var.vnet_exploit} --
subscription ${var.subscription}"
}
depends_on = ["azurerm_mysql_server.mysql_server"]
}