Azure Terraform虚拟Vetwork对等错误(对等两个现有vnet)

时间:2020-07-19 18:19:40

标签: azure terraform azure-virtual-network terraform-provider-azure

目标: 创建一个Terraform模块,该模块将跨区域对等两个现有vnet。

问题:当我执行Terraform应用时,收到此输出错误:

Error Output:
Error: network.VirtualNetworkPeeringsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="PeeringRemoteVnetIsSameAsParentVnet" Message="RemoteNetwork property of the peering /subscriptions/[REDACTED]/ cannot reference parent virtual network of the peering." Details=[]

  on main.tf line 12, in resource "azurerm_virtual_network_peering" "source-to-destination":
  12: resource "azurerm_virtual_network_peering" "source-to-destination" {


Error Output: 
network.VirtualNetworkPeeringsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="PeeringRemoteVnetIsSameAsParentVnet" Message="RemoteNetwork property of the peering /subscriptions/[REDACTED]/ cannot reference parent virtual network of the peering." Details=[]

  on main.tf line 25, in resource "azurerm_virtual_network_peering" "destination-to-source":
  25: resource "azurerm_virtual_network_peering" "destination-to-source" {

想法: 这个想法是创建一个terraform模块,以便当我们团队的其他成员需要对等两个现有vnet时,他们可以传递terraform.tfvars文件并部署vnet对等。

研究: 以下是我一直关注的文档参考: https://www.terraform.io/docs/providers/azurerm/r/virtual_network_peering.html https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network_peering

尚未发现对等两个现有vnet的示例。

//请参见下面的代码

我的main.tf文件

##
# This will Peer two existing VNets across regions 
##

provider "azurerm" {
   version = ">=2.0.0"
   features {}
   subscription_id = var.subscription_id
}

# initiates source to destination peering between to existing vnets
resource "azurerm_virtual_network_peering" "source-to-destination" {
  name                         = "peering-to-${var.destination_peer.virtual_network_name}"
  resource_group_name          = data.azurerm_virtual_network.existing_source_vnet.resource_group_name
  virtual_network_name         = data.azurerm_virtual_network.existing_source_vnet.name
  remote_virtual_network_id    = data.azurerm_virtual_network.existing_source_vnet.id
  allow_virtual_network_access = var.allow_virtual_network_access
  allow_forwarded_traffic      = var.allow_forwarded_traffic
  allow_gateway_transit        = var.allow_gateway_transit
  use_remote_gateways          = var.use_remote_gateways
  depends_on                   = [data.azurerm_virtual_network.existing_source_vnet]
}

# initiates destination to source peering between to existing vnets
resource "azurerm_virtual_network_peering" "destination-to-source" {
  name                         = "peering-from-${var.source_peer.virtual_network_name}"
  resource_group_name          = data.azurerm_virtual_network.existing_destination_vnet.resource_group_name
  virtual_network_name         = data.azurerm_virtual_network.existing_destination_vnet.name
  remote_virtual_network_id    = data.azurerm_virtual_network.existing_destination_vnet.id
  allow_virtual_network_access = var.allow_virtual_network_access
  allow_forwarded_traffic      = var.allow_forwarded_traffic
  allow_gateway_transit        = var.allow_gateway_transit
  use_remote_gateways          = var.use_remote_gateways
  depends_on                   = [data.azurerm_virtual_network.existing_destination_vnet]
}

我的data.tf文件

##
# Existing Vnet Data 
##


data "azurerm_virtual_network" "existing_source_vnet" {             
  resource_group_name = lookup(var.source_peer, "resource_group_name")
  name                = lookup(var.source_peer, "virtual_network_name")
}

data "azurerm_subnet" "src_subnet" {
  name                 = lookup(var.source_peer, "name")
  virtual_network_name = lookup(var.source_peer, "virtual_network_name")
  resource_group_name  = lookup(var.source_peer, "resource_group_name")
}

data "azurerm_virtual_network" "existing_destination_vnet" {
  resource_group_name = lookup(var.destination_peer, "resource_group_name")
  name                = lookup(var.destination_peer, "virtual_network_name")
}

data "azurerm_subnet" "dtn_subnet" {
  name                 = lookup(var.destination_peer, "name")
  virtual_network_name = lookup(var.destination_peer, "virtual_network_name")
  resource_group_name  = lookup(var.destination_peer, "resource_group_name")
}

我的variables.tf文件

# This will Peer two existing VNets across regions

##
# Account Inputs 
##

variable "subscription_id" {
  type = string
}

##
# Input 
##
variable "allow_gateway_transit" {
  type    = string
  default = false
}

variable "use_remote_gateways" {
  type    = string
  default = false
}

variable "allow_forwarded_traffic" {
  type    = string
  default = false
}

variable "allow_virtual_network_access" {
  type    = string
  default = true
}

variable "source_peer" {
 type = object({
    resource_group_name       = string
    virtual_network_name      = string
    remote_virtual_network_id = string
    name                      = string
  })
}

variable "destination_peer" {
 type = object({
    resource_group_name       = string
    virtual_network_name      = string
    remote_virtual_network_id = string
    name                      = string   
  })
}

我的output.tf文件

##
# Output Of Virtual Network ID 
##

output "virtual_network_id_src" {
  value = data.azurerm_virtual_network.existing_source_vnet.id
}

output "subnet_id_src" {
  value = data.azurerm_subnet.src_subnet.id
}

output "virtual_network_id_dtn" {
  value = data.azurerm_virtual_network.existing_destination_vnet.id
}

output "subnet_id_dtn" {
  value = data.azurerm_subnet.dtn_subnet.id
}

1 个答案:

答案 0 :(得分:0)

对于错误消息,这意味着您已将remote_virtual_network_id = data.azurerm_virtual_network.existing_source_vnet.id设置为VNet本身,而不是远程VNet。您应该像这样remote_virtual_network_id = data.azurerm_virtual_network.existing_destination_vnet.id

设置远程VNet。 
# initiates source to destination peering between to existing vnets
resource "azurerm_virtual_network_peering" "source-to-destination" {
  name                         = "peering-to-${var.destination_peer.virtual_network_name}"
  resource_group_name          = data.azurerm_virtual_network.existing_source_vnet.resource_group_name
  virtual_network_name         = data.azurerm_virtual_network.existing_source_vnet.name
  remote_virtual_network_id    = data.azurerm_virtual_network.existing_destination_vnet.id   #change here
  allow_virtual_network_access = var.allow_virtual_network_access
  allow_forwarded_traffic      = var.allow_forwarded_traffic
  allow_gateway_transit        = var.allow_gateway_transit
  use_remote_gateways          = var.use_remote_gateways
  //depends_on                   = [data.azurerm_virtual_network.existing_source_vnet]
}

# initiates destination to source peering between to existing vnets
resource "azurerm_virtual_network_peering" "destination-to-source" {
  name                         = "peering-from-${var.source_peer.virtual_network_name}"
  resource_group_name          = data.azurerm_virtual_network.existing_destination_vnet.resource_group_name
  virtual_network_name         = data.azurerm_virtual_network.existing_destination_vnet.name
  remote_virtual_network_id    = data.azurerm_virtual_network.existing_source_vnet.id #change here
  allow_virtual_network_access = var.allow_virtual_network_access
  allow_forwarded_traffic      = var.allow_forwarded_traffic
  allow_gateway_transit        = var.allow_gateway_transit
  use_remote_gateways          = var.use_remote_gateways
  //depends_on                   = [data.azurerm_virtual_network.existing_destination_vnet]
}

此外,VNet对等工作在VNet级别,除非您要输出子网,否则无需在代码中声明现有子网。

相关问题
最新问题