小贝子编程

如何在Terraform中的模块中引用Azure网络安全ID



我不确定如何在模块中引用Azure网络安全组。我创建了一个模块,可以重复使用我创建的任何VM,除非我不确定如何为其分配网络安全组ID。以下是一个例子(稍微修改,我没有我的),它非常接近我所拥有的和基于的。

main.tf在root 

module "vm1" {
source = "/modules/vm/"
NSG = ????
}

tfvars 

nic_name = apache_vm_nic
location = West Europe
........

模块/vm/main.tf 

.........
resource "azurerm_network_interface" "myterraformnic" {
name                = "var.nic_name"
location            = "var.location"
resource_group_name = "${azurerm_resource_group.myterraformgroup.name}"
network_security_group_id = { WHAT DO I PUT HERE? }
ip_configuration {
    name                          = "myNicConfiguration"
    subnet_id                     = "${azurerm_subnet.myterraformsubnet.id}"
    private_ip_address_allocation = "dynamic"
    public_ip_address_id          = "${azurerm_public_ip.myterraformpublicip.id}"
}
}

resource "azurerm_network_security_group" "apache-nsg" {
name                = "myNetworkSecurityGroup"
location            = "eastus"
resource_group_name = "${azurerm_resource_group.myterraformgroup.name}"
security_rule {
    name                       = "SSH"
    priority                   = 1001
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "22"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
}
}
resource "azurerm_network_security_group" "nginx-nsg" {
name                = "myNetworkSecurityGroup"
location            = "eastus"
resource_group_name = "${azurerm_resource_group.myterraformgroup.name}"
security_rule {
    name                       = "SSH"
    priority                   = 1001
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "22"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
}
}

在network_security_group_id下的模块/main.tf文件中,我不能精确地放置$ {azurerm_network_security_group.apache-nsg.id}或$ {azurerm_network_security_group.ngroup.nginx-nsg.id}。那么我可以放置什么,以便我可以为所有VM重复使用此模块?

谢谢

您的问题对我来说尚不清楚,但我将假设您要创建一个要分配给VM模块多个实例的通用网络安全组。

如果要通过main.tf at root传递安全组的ID,则要这样做:在模块之外创建网络安全组资源,例如在main.tf at root内部,就像您在VM模块内创建了一些(对于Apache和Nginx)一样,因此main.tf at root看起来像这样:

resource "azurerm_network_security_group" "some_generic_vm_nsg" {
  ....
}
module "vm1" {
  source = "/modules/vm/"
  NSG = "${azurerm_network_security_group.some_generic_vm_nsg.id}"
}

请注意,我们现在将NSG的ID传递给您的VM模块实例。但是,您的VM模块尚未声明NSG变量。因此,创建文件modules/vm/variables.tf并将其放入:

variable "NSG" {
  type = "string"
}

和您的模块内,network_security_group_id = { WHAT DO I PUT HERE? }变为:

network_security_group_id = "${var.NSG}"

这样,您可以将同一网络安全组分配给多个VM模块实例。

您可以研究此文档以获取更多详细的信息。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium