Google部署管理器:创建计算引擎实例时,相当于允许HTTP通信?

时间:2019-06-30 02:45:51

标签: google-cloud-platform google-compute-engine firewall google-deployment-manager

我尝试用sourceTags创建防火墙规则,并用http标记我的VM。但是它仍然不允许HTTP通信。这是为什么? 

resources:
- type: compute.v1.instance
  name: vm-test
  properties:
    zone: {{ properties["zone"] }}
    machineType: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/zones/{{ properties["zone"] }}/machineTypes/f1-micro
    # For examples on how to use startup scripts on an instance, see:
    #   https://cloud.google.com/compute/docs/startupscript
    disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        diskName: disk-{{ env["deployment"] }}
        sourceImage: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-9
    networkInterfaces:
    - network: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/global/networks/default
      # Access Config required to give the instance a public IP address
      accessConfigs:
      - name: External NAT
        type: ONE_TO_ONE_NAT
    metadata:
      items:
        - key: startup-script
          value: |
             #!/bin/bash
             apt-get update
             apt-get install -y apache2
    tags:
      items:
        - http

2 个答案:

答案 0 :(得分:0)

标签必须与附加的网络标签相同。默认的是“ http-server”或“ https-server”,因此脚本中应该显示以下内容:

tags    
  items
    - http-server
    - https-server

请记住还要正确配置防火墙规则,并检查http服务器是否正在运行并在该端口上侦听。

答案 1 :(得分:0)

您还需要在其中添加防火墙部分。这是为我工作的人:

resources:
- type: compute.v1.firewall
  name: tcp-firewall-rule
  properties:
    network: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/global/networks/default
    sourceRanges: ["0.0.0.0/0"]
    targetTags: ["http","http-server"]
    allowed:
     - IPProtocol: TCP
       ports: ["80"]
- type: compute.v1.instance
  name: vm-test
  properties:
    zone: {{ properties['zone'] }}
    machineType: https://www.googleapis.com/compute/v1/projects/{{ env['project'] }}/zones/{{ properties['zone'] }}/machineTypes/f1-micro
    tags:
     items: ["http","http-server"]
    metadata:
      items:
      # For more ways to use startup scripts on an instance, see:
      #   https://cloud.google.com/compute/docs/startupscript
      - key: startup-script
        value: |
          #!/bin/bash
          apt-get update
          apt-get install -y apache2
    disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        diskName: disk-{{ env["deployment"] }}
        sourceImage: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-9
    networkInterfaces:
    - network: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/global/networks/default
      # Access Config required to give the instance a public IP address
      accessConfigs:
      - name: External NAT
        type: ONE_TO_ONE_NAT
相关问题
最新问题