我不确定如何在模块中引用Azure网络安全组。我创建了一个模块,可以重复使用我创建的任何VM,除非我不确定如何为其分配网络安全组ID。以下是一个例子(稍微修改,我没有我的),它非常接近我所拥有的和基于的。
main.tf在root
module "vm1" {
source = "/modules/vm/"
NSG = ????
}
tfvars
nic_name = apache_vm_nic
location = West Europe
........
模块/vm/main.tf
.........
resource "azurerm_network_interface" "myterraformnic" {
name = "var.nic_name"
location = "var.location"
resource_group_name = "${azurerm_resource_group.myterraformgroup.name}"
network_security_group_id = { WHAT DO I PUT HERE? }
ip_configuration {
name = "myNicConfiguration"
subnet_id = "${azurerm_subnet.myterraformsubnet.id}"
private_ip_address_allocation = "dynamic"
public_ip_address_id = "${azurerm_public_ip.myterraformpublicip.id}"
}
}
resource "azurerm_network_security_group" "apache-nsg" {
name = "myNetworkSecurityGroup"
location = "eastus"
resource_group_name = "${azurerm_resource_group.myterraformgroup.name}"
security_rule {
name = "SSH"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_network_security_group" "nginx-nsg" {
name = "myNetworkSecurityGroup"
location = "eastus"
resource_group_name = "${azurerm_resource_group.myterraformgroup.name}"
security_rule {
name = "SSH"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
在network_security_group_id下的模块/main.tf文件中,我不能精确地放置$ {azurerm_network_security_group.apache-nsg.id}或$ {azurerm_network_security_group.ngroup.nginx-nsg.id}。那么我可以放置什么,以便我可以为所有VM重复使用此模块?
谢谢
您的问题对我来说尚不清楚,但我将假设您要创建一个要分配给VM模块多个实例的通用网络安全组。
如果要通过main.tf at root
传递安全组的ID,则要这样做:在模块之外创建网络安全组资源,例如在main.tf at root
内部,就像您在VM模块内创建了一些(对于Apache和Nginx)一样,因此main.tf at root
看起来像这样:
resource "azurerm_network_security_group" "some_generic_vm_nsg" {
....
}
module "vm1" {
source = "/modules/vm/"
NSG = "${azurerm_network_security_group.some_generic_vm_nsg.id}"
}
请注意,我们现在将NSG的ID传递给您的VM模块实例。但是,您的VM模块尚未声明NSG
变量。因此,创建文件modules/vm/variables.tf
并将其放入:
variable "NSG" {
type = "string"
}
和您的模块内,network_security_group_id = { WHAT DO I PUT HERE? }
变为:
network_security_group_id = "${var.NSG}"
这样,您可以将同一网络安全组分配给多个VM模块实例。
您可以研究此文档以获取更多详细的信息。