【发布时间】:2021-06-21 20:42:51
【问题描述】:
我无法使用 terraform 在 GCP 上创建 VM,我想在属性“kms_key_self_link”中附加一个 kms 密钥,但是当机器被创建时,时间过去了,在等待 2 分钟后(在每种情况下)出现错误 503。我要分享我的脚本,值得一提的是,禁用“kms_key_self_link”属性后,脚本运行正常。
data "google_compute_image" "tomcat_centos" {
name = var.vm_img_name
}
data "google_kms_key_ring" "keyring" {
name = "keyring-example"
location = "global"
}
data "google_kms_crypto_key" "cmek-key" {
name = "crypto-key-example"
key_ring = data.google_kms_key_ring.keyring.self_link
}
data "google_project" "project" {}
resource "google_kms_crypto_key_iam_member" "key_user" {
crypto_key_id = data.google_kms_crypto_key.cmek-key.id
role = "roles/owner"
member = "serviceAccount:service-${data.google_project.project.number}@compute-system.iam.gserviceaccount.com"
}
resource "google_compute_instance" "vm-hsbc" {
name = var.vm_name
machine_type = var.vm_machine_type
zone = var.zone
allow_stopping_for_update = true
can_ip_forward = false
deletion_protection = false
boot_disk {
kms_key_self_link = data.google_kms_crypto_key.cmek-key.self_link
initialize_params {
type = var.disk_type
#GCP-CE-CTRL-22
image = data.google_compute_image.tomcat_centos.self_link
}
}
network_interface {
network = var.network
}
#GCP-CE-CTRL-2-...-5, 7, 8
service_account {
email = var.service_account_email
scopes = var.scopes
}
#GCP-CE-CTRL-31
shielded_instance_config {
enable_secure_boot = true
enable_vtpm = true
enable_integrity_monitoring = true
}
}
这是完整的错误:
Error creating instance: googleapi: Error 503: Internal error. Please try again or contact Google Support. (Code: '5C54C97EB5265.AA25590.F4046F68'), backendError
【问题讨论】:
-
尝试创建一个新的服务帐户并将其用于您的部署或在新项目中尝试。
-
我不能这样做,但我已经用另一种方式解决了。谢谢你的回复:)
标签: google-cloud-platform terraform virtual-machine google-cloud-kms