Terraform Google Cloud:使 VM 实例 IP 公开

【问题标题】:Terraform Google Cloud: Making VM instance IP publicTerraform Google Cloud:使 VM 实例 IP 公开
【发布时间】:2021-12-21 07:41:47
【问题描述】:

我已经为此苦苦挣扎了几个小时,所以我想我不妨寻求适当的帮助。 我正在尝试使用公共 IP 配置 VM 实例,但它似乎不起作用。配置后,如果我想导航到 IP,IP 会抛出 ERR_CONNECTION_REFUSED。我已经阅读了文档,但找不到任何有用的东西。这是我的大型配置:

provider "google" {
  credentials = file("...")
  project = var.gcp_project_id
  region = var.gcp_region
  zone = var.gcp_zone
}

resource "random_id" "name" {
  byte_length = 2
}

locals {
  # If name_override is specified, use that - otherwise use the name_prefix with a random string
  private_network_name = "test-private-network-${random_id.name.hex}"
  private_ip_name      = "test-private-ip-${random_id.name.hex}"
}

# IP ADDRESS
resource "google_compute_address" "ip_address" {
  project = var.gcp_project_id
  region = var.gcp_region
  name = "test-ip-${terraform.workspace}"
}

## Private network
resource "google_compute_network" "test_network" {
  provider = google
  name     = local.private_network_name
}

# HTTP RULE
resource "google_compute_firewall" "test_http" {
  project = var.gcp_project_id
  name    = "test-http-${terraform.workspace}"
  network = google_compute_network.test_network.self_link
  direction = "INGRESS"
  priority = 1000

  allow {
    protocol = "tcp"
    ports    = ["80", "5433", "8000", "9540", "9808"]
  }

  source_ranges = ["0.0.0.0/0"]

  target_tags = ["test-http-${terraform.workspace}"]
}

# HTTPS RULE
resource "google_compute_firewall" "test_https" {
  project = var.gcp_project_id
  name    = "test-https-${terraform.workspace}"
  network = google_compute_network.test_network.self_link
  direction = "INGRESS"
  priority = 1000

  allow {
    protocol = "tcp"
    ports    = ["443"]
  }

  source_ranges = ["0.0.0.0/0"]

  target_tags = ["test-https-${terraform.workspace}"]
}

# SSH RULE
resource "google_compute_firewall" "test_ssh" {
  project = var.gcp_project_id
  name    = "test-ssh-${terraform.workspace}"
  network = google_compute_network.test_network.self_link
  direction = "INGRESS"
  priority = 65534

  allow {
    protocol = "tcp"
    ports    = ["22"]
  }

  source_ranges = ["0.0.0.0/0"]

  target_tags = ["test-ssh-${terraform.workspace}"]
}

# ICMP RULE
resource "google_compute_firewall" "test_icmp" {
  project = var.gcp_project_id
  name    = "test-icmp-${terraform.workspace}"
  network = google_compute_network.test_network.self_link
  direction = "INGRESS"
  priority = 65534

  allow {
    protocol = "icmp"
  }

  source_ranges = ["0.0.0.0/0"]

  target_tags = ["test-icmp-${terraform.workspace}"]
}

# INTERNAL RULE
resource "google_compute_firewall" "test_internal" {
  project = var.gcp_project_id
  name    = "test-internal-${terraform.workspace}"
  network = google_compute_network.test_network.self_link
  direction = "INGRESS"
  priority = 65534

  allow {
    protocol = "tcp"
    ports = ["0-65535"]
  }

  source_ranges = ["0.0.0.0/0"]

  target_tags = ["test-internal-${terraform.workspace}"]
}

# RDP RULE
resource "google_compute_firewall" "test_rdp" {
  project = var.gcp_project_id
  name    = "test-rdp-${terraform.workspace}"
  network = google_compute_network.test_network.self_link
  direction = "INGRESS"
  priority = 65534

  allow {
    protocol = "tcp"
    ports = ["3389"]
  }

  source_ranges = ["0.0.0.0/0"]

  target_tags = ["test-rdp-${terraform.workspace}"]
}

# Redis RULE
resource "google_compute_firewall" "test_redis" {
  project = var.gcp_project_id
  name    = "test-redis-${terraform.workspace}"
  network = google_compute_network.test_network.self_link
  direction = "INGRESS"
  priority = 1000

  allow {
    protocol = "tcp"
    ports = ["6379"]
  }

  source_ranges = ["0.0.0.0/0"]

  target_tags = ["test-redis-${terraform.workspace}"]
}


# test COMPUTE ENGINE INSTANCE
resource "google_compute_instance" "vm_instance" {
  name = "${var.app_name}-vm-${terraform.workspace}"
  project = var.gcp_project_id
  machine_type = var.gcp_machine_type
  zone = var.gcp_zone
  tags = [
    "test-ssh-${terraform.workspace}",
    "test-http-${terraform.workspace}",
    "test-https-${terraform.workspace}",
    "test-icmp-${terraform.workspace}",
    "test-internal-${terraform.workspace}",
    "test-rdp-${terraform.workspace}",
    "test-redis-${terraform.workspace}",

  ]

  boot_disk {
    initialize_params {
      image = "ubuntu-2004-focal-v20210927"
      size = 500
    }
    auto_delete = true
  }
  # Private
  network_interface {
    network = google_compute_network.test_network.self_link

    access_config {
      nat_ip = google_compute_address.ip_address.address
    }
  }

  metadata_startup_script = file("startup.sh")

  service_account {
    scopes = ["storage-ro"]
  }
}

非常感谢!

【问题讨论】:

  • 1) 你想连接什么,你使用什么命令? 2) 创建实例时,我没有看到 Web 服务器或其他应用程序的安装。 3) 提供startup..sh的内容。 4) 潜在问题。您正在将某些规则的防火墙规则优先级设置为 65534。它们必须是不同的数字。
  • @JohnHanley 我没有尝试连接任何东西,而是设置了一个具有公共 IP 的实例,该 IP 可以根据我的防火墙规则接收。 :) 这有意义吗? startup.sh 现在只是在文本文件中回显你好。我认为可以通过没有网络服务器的公共 ip 访问该实例,但这肯定没有意义.. :D
  • 虚拟机是否被创建?你能ping通吗?你能以任何方式连接到它吗?
  • 我的问题是你在实例内部连接什么(服务/端口号)。如果你想运行一个网络服务器,你必须安装和配置一个。

标签: google-cloud-platform terraform terraform-provider-gcp


【解决方案1】:

SSH 到你的虚拟机并运行 curl localhost,如果你得到 200 响应,这意味着你的虚拟机或网络服务器没有问题。

下一步是检查防火墙和标签。检查您的防火墙是否真的针对您的实例。

您看到的错误记录在 here。如果您的 VM 中没有安装任何内容,您还可以查看同一文档中的 apache 服务器示例。

【讨论】:

    猜你喜欢
    • 2018-02-09
    • 2018-12-27
    • 1970-01-01
    • 1970-01-01
    • 2020-01-09
    • 2020-07-04
    • 1970-01-01
    • 1970-01-01
    • 2017-01-20
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode