on modules/security_group/main.tf line 64, in resource "azurerm_network_interface_security_group_association" "primary":
64: resource "azurerm_network_interface_security_group_association" "primary" {
我使用"地形验证"命令获得上面的输出 以下是我用于地形的配置。 这是我作为模块工作的树
├── main.tf
└── modules
├── network
│ ├── main.tf
│ ├── variable.tf
│ └── variable.tfvars
├── resource
│ ├── main.tf
│ ├── variable.tf
│ └── variable.tfvars
├── security_group
│ ├── main.tf
│ ├── variable.tf
│ └── variable.tfvars
├── storage
│ ├── main.tf
│ ├── variable.tf
│ └── variable.tfvars
└── vm
├── main.tf
├── variable.tf
└── variable.tfvars
main.cf :
#Select provider
provider "azurerm" {
subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxx"
version = "~> 2.4"
features {}
}
module "resource" {
source = "./modules/resource"
resource_group_name = "devops_primary"
location = "southeastasia"
}
module "network" {
source = "./modules/network"
virtual_network = "primaryvnet"
subnet = "primarysubnet"
address_space = "192.168.0.0/16"
address_prefix = "192.168.1.0/24"
public_ip = "backendvmpip"
location = "southeastasia"
primary_nic = "backendvmnic"
primary_ip_conf = "backendvm"
resource_group_name = "devops_primary"
}
module "vm" {
source = "./modules/vm"
vm_name = "backendvm-primary"
vm_size = "standard_d2s_v3"
vm_storage_od_disk_name = "backend-vm-os-disk-primary"
computer_name = "backendserver"
username = "terraform"
ssh_key_path = "/home/terraform/.ssh/authorized_keys"
keys_data = "~/.ssh/id_rsa.pub"
}
module "security_group" {
source = "./modules/security_group"
sg_group_name = "primary_sg"
primary_nic_id = ["module.network.primary_nic_id"]
}
以下是资源的 main.cf 文件:
#Select provider
provider "azurerm" {
subscription_id = "xxxxxxxxxxxxxxxxxxxxxx"
version = "~> 2.2"
features {}
}
#Create Primary Resource Group
resource "azurerm_resource_group" "primary" {
name = "var.resource_group_name"
location = "var.location"
tags = {
environment = "Test"
}
}
output "devops_primary" {
value = "${azurerm_resource_group.primary.name}"
}
output "location" {
value = "${azurerm_resource_group.primary.location}"
}
这是网络的 main.cf 文件:
#Create public IP address
resource "azurerm_public_ip" "primary" {
name = "var.public_ip"
location = "module.resource.azurerm_resource_group.primary.location"
resource_group_name = "module.resource.azurerm_resource_group.primary.name"
allocation_method = "Dynamic"
tags = {
environment = "Test"
}
}
output "public_ip_id"{
value = azurerm_public_ip.primary.id
}
#Create Network Interface
resource "azurerm_network_interface" "primary" {
name = "var.primary_nic"
location = "module.resource.azurerm_resource_group.primary.location"
resource_group_name = "module.resource.azurerm_resource_group.primary.name"
resource_group_name = var.resource_group_name
ip_configuration {
name = "var.primary_ip_conf"
#subnet_id = "${azurerm_subnet.primary.id}"
subnet_id = azurerm_subnet.primary.id
private_ip_address_allocation = "Dynamic"
#public_ip_address_id = "${azurerm_public_ip.primary.id}"
public_ip_address_id = azurerm_public_ip.primary.id
#public_ip_address_allocation = "Dymanic"
}
tags = {
environment = "Test"
}
# depends_on = [var.subnet_id_primary]
#depends_on = [module.resource.azurerm_resource_group.name]
}
output "primary_nic_id"{
description = "Primary VNET NIC Id "
value = ["azurerm_network_interface.primary.id"]
}
output "private_ip" {
description = "private ip addresses of the vm nics"
value = "${azurerm_network_interface.primary.private_ip_address}"
}
下面是 VM 的 main.cf 文件:
#Create VM in Primary resource
resource "azurerm_virtual_machine" "primary" {
name = "var.vm_name"
location = "module.resource.azurerm_resource_group.primary.location"
resource_group_name = "module.resource.azurerm_resource_group.primary.name"
vm_size = "var.vm_size"
network_interface_ids = ["module.resource.azurerm_network_interface.primary.id"]
storage_os_disk {
name = "var.vm_storage_od_disk_name"
os_type = "Linux"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Premium_LRS"
}
storage_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
os_profile {
computer_name = "var.computer_name"
admin_username = "var.username"
}
os_profile_linux_config {
disable_password_authentication = true
ssh_keys {
path = "/home/terraform/.ssh/authorized_keys"
key_data = file("~/.ssh/id_rsa.pub")
}
}
tags = {
environment = "Test"
}
}
这是security_group main.cf 文件:
#Create Network Security Group
resource "azurerm_network_security_group" "primary" {
name = "var.sg_group_name"
#location = "module.resource.azurerm_resource_group.primary.location"
#resource_group_name = "module.resource.azurerm_resource_group.primary.name"
resource_group_name = "var.resource_group_name"
location = "var.location"
#Security Rules for Security Group
security_rule {
name = "SSH"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "AppOut"
priority = 1002
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "8040"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "MySql"
priority = 1003
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "3306"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "Redis"
priority = 1004
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "6379"
source_address_prefix = "*"
destination_address_prefix = "*"
}
tags = {
environment = "Test"
}
}
variable "primary_nic_id" {}
# Connect the security group to the network interface
resource "azurerm_network_interface_security_group_association" "primary" {
#network_interface_id = "${module.network.azurerm_network_interface.primary.id}"
network_interface_id = "module.network.azurerm_network_interface.primary.id"
network_security_group_id = "${azurerm_network_security_group.primary.id}"
#depends_on = ["module.network.primary_nic_id"]
#primary_nic_id = ["var.primary_nic_id"]
}
#depends_on = [module.network.primary_nic_id]
# Generate a new ID only when a new resource group is defined
resource "random_id" "randomId" {
keepers = {
resource_group_name = "module.resource.azurerm_resource_group.primary.name"
}
byte_length = 8
}
请查看我目前正在使用的代码,我是 terraform 的新手,刚刚开始还是学习者。
首先,您可以删除所有非常量表达式的引号并保留内部表达式。要开始升级配置,请运行terraform 0.12upgrade命令。
Terraform 0.11 及更早版本要求所有非常量表达式为 通过插值语法提供,但此模式现已弃用。 要使此警告静音,请从开头删除"${ 序列,然后 此表达式末尾的 }" 序列,仅保留 内心表达。
模板插值语法仍用于构造字符串 模板包含多个插值时的表达式 序列或文本字符串和插值的混合。这 弃用仅适用于完全由 单个插值序列。
调用子模块
调用模块意味着将该模块的内容包含在 使用其输入变量的特定值进行配置。模块 使用
module块从其他模块中调用:module "servers" { source = "./app-cluster" servers = 5 }
访问模块输出值
模块中定义的资源是封装的,因此调用 模块无法直接访问其属性。然而,孩子 模块可以声明输出值以有选择地导出某些值 由调用模块访问。
例如,如果
./app-cluster模块导出了output一个名为instance_ids然后召唤 模块可以使用表达式引用该结果module.servers.instance_ids:resource "aws_elb" "example" { # ... instances = module.servers.instance_ids }有关引用命名值的详细信息,请参阅表达式。
例如,在这种情况下,不能将模块中的值作为代码进行查询
network_interface_id = "module.network.azurerm_network_interface.primary.id"
正确的表达式是module.<MODULE NAME>.<OUTPUT NAME>。它是当前模块调用的子模块中指定output值的值。您应该像这样从network模块查询azurerm_network_interface.primary.idnetwork_interface_id = module.network.primary_nic_id
此外,由于模块块是在代码的根目录中声明的,因此不能直接从子模块配置文件中引用它们。您可以使用输入变量将值从根模块传递到子模块。请参阅输出值。
例如,在根目录中的模块network中,从模块network调用模块resource输出devops_primary,如下所示resource_group_name = module.resource.devops_primary
module "network" {
source = "./modules/network"
resource_group_name = module.resource.devops_primary
location = module.resource.location
virtual_network = "primaryvnet"
subnet = "primarysubnet"
address_space = ["192.168.0.0/16"]
...
}
在 ./modules.network 目录中,你有
#Create Virtual Network in Primary Resource Group
resource "azurerm_virtual_network" "primary" {
name = var.virtual_network
resource_group_name = var.resource_group_name
address_space = var.address_space
location = var.location
}
variable "resource_group_name" {
}
variable "location" {
}
您可以按照上述规则重新编辑配置文件。有关更多示例,可以搜索 azurerm 模块。