Azure Terraform脚本创建虚拟机时出错

umuewwlo  于 12个月前  发布在  其他
关注(0)|答案(2)|浏览(115)

我在main.tf和outputs.tf中有一个terraform代码,我有一个关于密钥保管库的错误,这部分可以在我的Azure Jmeter 板上找到:

module.virtual_machine.azurerm_key_vault_secret.client_credentials_login: Still creating... [6m20s elapsed]
module.virtual_machine.azurerm_key_vault_secret.client_credentials_password: Still creating... [6m20s elapsed]

│ Error: checking for presence of existing Secret "toto-login" (Key Vault "https://kvapplitest2sbx.vault.azure.net/"): autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: Get "https://kvapplitest2sbx.vault.azure.net/secrets/toto-login/?api-version=7.4": dial tcp: lookup kvapplitest2sbx.vault.azure.net: no such host
│
│   with module.virtual_machine.azurerm_key_vault_secret.client_credentials_login,
│   on ..\..\modules\virtual_machine\14_keyvault.tf line 13, in resource "azurerm_key_vault_secret" "client_credentials_login":
│   13: resource "azurerm_key_vault_secret" "client_credentials_login" {
│

字符串
我的terraform main.tf文件是:

terraform {
  required_version = ">= 1.0.0"
}

provider "azurerm" {
  skip_provider_registration = true
  features {}
}

provider "azurerm" {
  skip_provider_registration = true
  alias                      = "gallery"
  subscription_id            = sort(data.azurerm_subscriptions.osfactory.subscriptions.*.subscription_id)[0]
  features {}
}

data "azurerm_subscriptions" "osfactory" {
  display_name_prefix = "Suez IT OSFactory"
}

data "azurerm_resource_group" "cloud_bundle_rg" {
  name = "rg-applitest2-sbx" # To be updated
}

module "virtual_machine" {
  source = "../../modules/virtual_machine"
  providers = {
    azurerm.gallery = azurerm.gallery
  }
  cloudbundle_info = data.azurerm_resource_group.cloud_bundle_rg
  index            = 123
  size             = "Standard_D2s_v3"
  os_disk_type     = "Standard_LRS"
  role             = "example"
  ad_domain        = "green.local"
  os = {
    type    = "Windows"
    version = "2022"
  }
}


我的文件outputs.tf是:

output "virtual_machine_outputs" {
  value       = module.virtual_machine
  description = "Virtual machine outputs."
}


你能告诉我为什么有一个错误,请,

fcipmucu

fcipmucu1#

我试图通过克服您提到的错误来提供您的需求我能够通过按预期配置资源来成功提供您的需求。
您在Terraform配置中遇到的错误似乎与Azure Key Vault有关,这表明在为Key Vault服务解析DNS时存在问题。
错误消息“没有这样的主机”通常意味着无法解析DNS名称kvapplitest2sbx.vault.azure.net。这可能是由于Key Vault URL中的拼写错误、DNS中的错误配置或网络连接问题。

我的地形配置:
main.tf:

provider "azurerm" {
    features {}
}

data "azurerm_resource_group" "cloud_bundle_rg" {
  name = "sakavya"
}

module "virtual_machine" {
  source              = "./modules/virtual_machine"
  resource_group_name = data.azurerm_resource_group.cloud_bundle_rg.name
  key_vault_name      = "kvapplitest2sbxvk"
  vm_size             = "Standard_D2s_v3"
  admin_username      = "adminuser"
  admin_password      = "P@ssword1234!"  # Please use a secure method to handle passwords
}

字符串

/modules/virtual_machine/main.tf:

resource "azurerm_virtual_network" "vm_vnet" {
  name                = "vmvkVnet"
  address_space       = ["10.0.0.0/16"]
  location            = "East US"
  resource_group_name = var.resource_group_name
}

resource "azurerm_subnet" "vm_subnet" {
  name                 = "internal"
  resource_group_name  = var.resource_group_name
  virtual_network_name = azurerm_virtual_network.vm_vnet.name
  address_prefixes     = ["10.0.2.0/24"]
}

resource "azurerm_network_interface" "vm_nic" {
  name                = "vmvkNic"
  location            = "East US"
  resource_group_name = var.resource_group_name

  ip_configuration {
    name                          = "internal"
    subnet_id                     = azurerm_subnet.vm_subnet.id
    private_ip_address_allocation = "Dynamic"
  }
}

resource "azurerm_linux_virtual_machine" "vm" {
  name                = "vk-VM"
  location            = "East US"
  resource_group_name = var.resource_group_name
  network_interface_ids = [azurerm_network_interface.vm_nic.id]
  size                = "Standard_DS1_v2"

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }

  source_image_reference {
    publisher = "Canonical"
    offer     = "UbuntuServer"
    sku       = "18.04-LTS"
    version   = "latest"
  }

  admin_username = "adminuser"
  admin_password = "Password1234!"
  disable_password_authentication = false
}

resource "azurerm_key_vault" "kv" {
  name                = var.key_vault_name
  location            = "East US"
  resource_group_name = var.resource_group_name
  tenant_id           = "Your Tenent ID"
  sku_name            = "standard"
}

resource "azurerm_key_vault_secret" "client_credentials_login" {
  name         = "totovk-login"
  value        = "Your strong password"
  key_vault_id = azurerm_key_vault.kv.id
}

/modules/virtual_machine/variables.tf:

variable "resource_group_name" {
  description = "The name of the resource group."
  type        = string
}

variable "key_vault_name" {
  description = "The name of the Azure Key Vault."
  type        = string
}

variable "vm_size" {
  description = "The size of the Azure VM."
  type        = string
}

variable "admin_username" {
  description = "The administrator username for the VM."
  type        = string
}

variable "admin_password" {
  description = "The administrator password for the VM."
  type        = string
}

输出:

x1c 0d1x的数据


wqsoz72f

wqsoz72f2#

您遇到的错误消息与使用Terraform在Azure Key Vault中创建秘密有关。Terraform似乎无法找到指定的Key Vault主机,如错误所示:dial tcp: lookup kvapplitest2sbx.vault.azure.net: no such host
以下是解决此问题的一些步骤和注意事项:
1.验证密钥库DNS名称:确保DNS名称kvapplitest2sbx.vault.azure.net正确,可能是密钥库名称有误或配置错误。
1.检查密钥保管库是否存在:验证密钥保管库kvapplitest2sbx是否存在于您的Azure环境中,并且可以访问。您可以通过Azure Portal或Azure CLI执行此操作。
1.网络问题:此错误可能是由于网络相关问题导致Terraform无法访问Key Vault URL。请检查是否有任何网络配置或防火墙设置可能阻止连接。
1.Azure提供程序配置:您的Terraform配置显示两个provider "azurerm"块,其中一个使用别名gallery。请确保在这些提供程序块设置为使用的订阅和上下文下可以访问Key Vault。
1.权限和访问策略:确保Terraform服务主体(或运行Terraform的账户)拥有访问和管理Key Vault中的密钥所需的权限,您需要在Key Vault中设置访问策略。
1.Terraform状态刷新:有时候Terraform的状态可能会不同步,您可以尝试使用terraform refresh命令刷新状态,看看是否可以解决问题。
1.Key Vault Secret资源配置:请检查您的14_keyvault.tf文件中的配置,确保资源azurerm_key_vault_secret设置正确,错误指向此配置。
1.查看Terraform版本和提供程序:您正在使用Terraform版本>= 1.0.0(目前最新版本为1.6.4)。请确保此版本与您的AzureRM提供程序版本和您正在使用的资源兼容。有时,更新到新版本可以解决不可预见的问题。
1.Azure Service Endpoints:如果您正在使用Azure Service Endpoints或Private Endpoints for Key Vault,请确保它们已正确配置,并且Terraform可以访问它们。
如果在检查这些方面后问题仍然存在,您可能需要查看更详细的日志或考虑联系Azure支持以获得更具体的指导,特别是如果它看起来像是网络或Azure服务相关的问题。

相关问题