azure Terraform将IP_configuration添加到由另一个模块管理的现有NIC

46qrfjad  于 12个月前  发布在  其他
关注(0)|答案(1)|浏览(113)

我有一个配置如下的NIC

resource "azurerm_network_interface" "nic" {
  name                 = "nic1"
  location             = "West Europe"
  resource_group_name  = "MyRG"
  enable_ip_forwarding = true

  ip_configuration {
    name                          = "ipconfig1"
    subnet_id                     = azurerm_subnet.publicsubnet.id
    private_ip_address_allocation = "Static"
    private_ip_address            = "10.0.0.10"
    public_ip_address_id          = azurerm_public_ip.ClusterPublicIP.id
  }
}

字符串
已分配公共IP,并最终由Azure中的防火墙使用。但是,我希望向此NIC添加多个IP地址。创建应用程序时应添加IP地址。因此,我可以使用以下项创建公共IP:

resource "azurerm_public_ip" "pip" {
  allocation_method   = "Static"
  location            = "West Europe"
  name                = "pip-${var.appname}"
  resource_group_name = var.rgName
}


但是,我在azurerm provider中找不到任何允许我将其添加到先前定义的NIC的资源。ip_configuration块必须嵌入在azurerm_network_interface中。
因此,我尝试使用azapi provider,如下所示:

resource "azapi_update_resource" "add_pip_to_forti" {
  type        = "Microsoft.Network/networkInterfaces@2023-06-01"
  resource_id = var.nicResourceId

  body = jsonencode({
    properties = {
      ipConfigurations = [
        {
          name = "assignedByTF"
          etag = "W/\"50b5631e-6e90-4196-a2df-d5c280c41b73\""
          type = "Microsoft.Network/networkInterfaces/ipConfigurations"
          properties = {
            privateIPAddress          = "10.0.0.200"
            privateIPAllocationMethod = "Static"
            publicIPAddress = {
              id = azurerm_network_interface.nic.id
            }
            subnet = {
              id = "/subscriptions/my-sub/resourceGroups/my-rg/providers/Microsoft.Network/virtualNetworks/hub-europe/subnets/pubsub"
            }
            primary                 = false
            privateIPAddressVersion = "IPv4"
          }
        }
      ]
    }
  })
}


但是,这将删除NIC上得现有配置,并且会失败,因为无法删除主ip_configuration.

问题是:(如何)通过使用terraform,块resource "azapi_update_resource" "add_pip_to_forti"可以扩展数组并保留现有的值吗?

谢谢.

crcmnpdw

crcmnpdw1#

虽然不是一个很好的解决方案,但它确实有效。我最终做的是:

data "azurerm_network_interface" "nic_before_change" {
  name                 = "nic1"
  resource_group_name  = "MyRG"
}

resource "null_resource" "assign_ipconfig_to_nic" {
  depends_on = [data.azurerm_network_interface.nic_before_change]

  triggers = {
    "subscription_id"                    = "MySub"
    "ResourceGroup"                      = "MyRg"
    "nic_name"                           = "nic1"
    "public_ip_id"                       = azurerm_public_ip.pip.id    "ipconfig_name"                      = local.new_ip_config_name
    "evaluate_and_recreate_if_necessary" = length([for ipconfig in data.azurerm_network_interface.nic_before_change.ip_configuration : ipconfig.private_ip_address if ipconfig.name == local.new_ip_config_name]) == 1 # as this value is false in the first run, but true in all others (except if the resource was modified in the hub), the script must evaluate if the resource needs to be added again or not. Unfortunately, this will show a modification being made to this resource in the first two runs (or actually every two runs after which the ipconfig may have been removed from the nic for whichever reason). However, as the script handles the second run to do nothing, it's not an issue - while still not being nice.
  }

  provisioner "local-exec" {
    when    = create
    command = <<EOF
    az account set --subscription ${self.triggers.subscription_id}
    free_ip=$(az network vnet subnet list-available-ips --resource-group rg-hub-europe --vnet-name hub-europe -n publicSubnet --query "[0]" | grep -oP '(?<=\").*(?=\")') # Get free in the subnet
    recreate_resource=$(az network nic ip-config list -g rg-hub-europe --nic-name activeport2 --query "[].name" | grep ${self.triggers.ipconfig_name} -c)
    if [ "$recreate_resource" -eq 0 ] # only (re-)create if a config with the name does not already exist
    then
      az network nic ip-config create -g ${self.triggers.ResourceGroup} -n ${self.triggers.ipconfig_name} --nic-name ${self.triggers.nic_name} --make-primary false --public-ip-address ${self.triggers.public_ip_id} --private-ip-address-version IPv4 --private-ip-address $free_ip
    fi
    EOF

  }

  # There is a chance the resource was destroyed by other means - don't provoke an error when it's no longer there on resource destruction
  provisioner "local-exec" {
    when    = destroy
    command = <<EOF
    az account set --subscription ${self.triggers.subscription_id}
    resource_still_exists=$(az network nic ip-config list -g rg-hub-europe --nic-name activeport2 --query "[].name" | grep ${self.triggers.ipconfig_name} -c)
    if [ "$resource_still_exists" -eq 1 ]
    then
      az network nic ip-config delete -g ${self.triggers.ResourceGroup} -n ${self.triggers.ipconfig_name} --nic-name ${self.triggers.nic_name}
    fi
    EOF
  }
}

## thanks to the depends_on, the data is only loaded AFTER the null_resource scripts altered it, so we receive the most up to date information about the resource here.
data "azurerm_network_interface" "nic_after_change" {
  depends_on = [null_resource.assign_ipconfig_to_nic]
  name                 = "nic1"
  resource_group_name  = "MyRG"
}

字符串
发生的是,我加载当前资源状态到nic_before_change,然后通过null_resource.assign_ipconfig_to_nic中的自定义脚本分析网卡是否需要更改。在我的用例中,如果ipconfig必须出于任何原因添加。该资源也负责在销毁时删除它。
最后,为了能够引用nics的最新状态,我再次将其导入到nic_after_change。由于这依赖于null_resource.assign_ipconfig_tonic,因此资源显示最新状态。

相关问题