我一直在努力解决这个问题,所以现在看来主机项目已经存在。并且已经设置了所有VPN和网络。我希望通过Terraform创建一个新项目,并允许它使用宿主项目共享的VPC。
每次遇到一个问题并最终解决该问题时,我都会遇到另一个问题。
现在我看到:
google_compute_shared_vpc_service_project.project: googleapi: Error 404: The resource 'projects/intacct-staging-db3b7e7a' was not found, notFound
* google_compute_instance.dokku: 1 error(s) occurred:
以及:
google_compute_instance.dokku: Error loading zone 'europe-west2-a': googleapi: Error 404: Failed to find project intacct-staging, notFound
最初,我确信它正在排序,这就是为什么我使用depends_on配置来尝试排序的原因。那似乎还没有解决。
简单地讲,就google_compute_shared_vpc_service_project而言,google_compute_shared_vpc_service_project不存在。即使我已将以下内容添加到google_compute_shared_vpc_service_project:
depends_on = ["google_project.project",
"google_compute_shared_vpc_host_project.host_project",
]
也许是因为宿主项目已经存在,所以我应该使用data而不是resource来引用它吗?
我的完整TF文件在这里:
provider "google" {
region = "${var.gcp_region}"
credentials = "${file("./creds/serviceaccount.json")}"
}
resource "random_id" "id" {
byte_length = 4
prefix = "${var.project_name}-"
}
resource "google_project" "project" {
name = "${var.project_name}"
project_id = "${random_id.id.hex}"
billing_account = "${var.billing_account}"
org_id = "${var.org_id}"
}
resource "google_project_services" "project" {
project = "${google_project.project.project_id}"
services = [
"compute.googleapis.com"
]
depends_on = [ "google_project.project" ]
}
# resource "google_service_account" "service-account" {
# account_id = "intacct-staging-service"
# display_name = "Service Account for the intacct staging app"
# }
resource "google_compute_shared_vpc_host_project" "host_project" {
project = "${var.vpc_parent}"
}
resource "google_compute_shared_vpc_service_project" "project" {
host_project = "${google_compute_shared_vpc_host_project.host_project.project}"
service_project = "${google_project.project.project_id}"
depends_on = ["google_project.project",
"google_compute_shared_vpc_host_project.host_project",
]
}
resource "google_compute_address" "dokku" {
name = "fr-intacct-staging-ip"
address_type = "EXTERNAL"
project = "${google_project.project.project_id}"
depends_on = [ "google_project_services.project" ]
}
resource "google_compute_instance" "dokku" {
project = "${google_project.project.name}"
name = "dokku-host"
machine_type = "${var.comp_type}"
zone = "${var.gcp_zone}"
allow_stopping_for_update = "true"
tags = ["intacct"]
# Install Dokku
metadata_startup_script = <<SCRIPT
sed -i 's/PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config && service sshd restart
SCRIPT
boot_disk {
initialize_params {
image = "${var.compute_image}"
}
}
network_interface {
subnetwork = "${var.subnetwork}"
subnetwork_project = "${var.vpc_parent}"
access_config = {
nat_ip = "${google_compute_address.dokku.address}"
}
}
metadata {
sshKeys = "root:${file("./id_rsa.pub")}"
}
}
编辑:
如下所述,我可以通过将引用更改为project_id而不是name来解决后一个项目未找到的错误,因为名称不包含随机十六进制。
我现在也看到了另一个错误,涉及静态IP。网络接口配置为使用主机VPC中的子网...
network_interface {
subnetwork = "${var.subnetwork}"
subnetwork_project = "${var.vpc_parent}"
access_config = {
nat_ip = "${google_compute_address.dokku.address}"
}
}
此处已设置IP:
resource "google_compute_address" "dokku" {
name = "fr-intacct-staging-ip"
address_type = "EXTERNAL"
project = "${google_project.project.project_id}"
}
IP确实应该在我尝试过的宿主项目中。当我这样做时,我收到一条错误消息,指出该资源不允许跨项目。
当我更改为上面的内容时,也会错误地指出新项目现在能够处理API调用。我认为这很有意义,因为我只允许每个google_project_services资源进行计算API调用。
我将尝试允许网络API调用,看看是否可行,但是我认为外部IP必须位于宿主项目的共享VPC中?
答案 0 :(得分:0)
对于遇到相同问题的任何人,就我而言,仅通过启用Compute Engine API即可解决项目未找到错误。