在通过terraform配置Composer时,我得到了下面的错误。
下面是代码片段:Error: Error waiting to create Environment: Error waiting for Creating Environment: Error waiting for Creating Environment: Error while finding operation: Get "https://composer.googleapis.com/v1beta1/projects/aayush-terraform/locations/us-central1/operations/ee459492-abb0-4646-893e-09d112219d79?alt=json&prettyPrint=false": write tcp 10.227.112.165:63811->142.251.12.95:443: write: broken pipe。初始环境正在创建或正在创建中,清理失败,错误:在等待环境完成创建时获取创建操作状态失败,但环境似乎仍处于"正在创建"状态。等待操作完成,手动删除环境或导入"projects/aayush-terraform/locations/us-central1/environments/example-composer- environment "进入你的状态
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~>3.0"
}
}
}
variable "gcp_region" {
type = string
description = "Region to use for GCP provider"
default = "us-central1"
}
variable "gcp_project" {
type = string
description = "Project to use for this config"
default = "aayush-terraform"
}
provider "google" {
region = var.gcp_region
project = var.gcp_project
}
resource "google_service_account" "test" {
account_id = "composer-env-account"
display_name = "Test Service Account for Composer Environment"
}
resource "google_project_iam_member" "composer-worker" {
role = "roles/composer.worker"
member = "serviceAccount:${google_service_account.test.email}"
}
resource "google_compute_network" "test" {
name = "composer-test-network"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "test" {
name = "composer-test-subnetwork"
ip_cidr_range = "10.2.0.0/16"
region = "us-central1"
network = google_compute_network.test.id
}
resource "google_composer_environment" "test" {
name = "example-composer-env"
region = "us-central1"
config {
node_count = 3
node_config {
zone = "us-central1-a"
machine_type = "n1-standard-1"
network = google_compute_network.test.id
subnetwork = google_compute_subnetwork.test.id
service_account = google_service_account.test.name
}
}
}
注意:即使在抛出此错误之后,也会创建Composer,并且我正在通过已授予所有者访问权限的服务帐户配置此Composer。
我遇到了同样的问题,我通过给"composer.operations.get来解决它">提供Composer的服务帐户的权限。此权限是作曲管理员的一部分。的角色。为了防止将来通过Terraform进行更新或删除等操作,我认为最好使用角色而不是单一权限。或者,如果你想让一些最小的特权工作,你可以先使用角色,然后删除你认为不需要的权限,并测试你的地形代码。