调试 Terraform AWS Application Load Balancer 验证错误的最佳方法是什么?

【问题标题】:What is the best way to debug Terraform AWS Application Load Balancer validation error?调试 Terraform AWS Application Load Balancer 验证错误的最佳方法是什么?
【发布时间】:2018-12-05 18:23:28
【问题描述】:

我正在尝试使用 Terraform 在 AWS 上预置演示 Web 服务,但遇到以下错误。

Error: Error applying plan:

2 error(s) occurred:

* module.prod.module.web.module.web.aws_alb_listener.frontend: 1 error(s) occurred:

* aws_alb_listener.frontend: Error creating LB Listener: ValidationError: 'arn:aws:elasticloadbalancing:us-west-2:114416042199:loadbalancer/app/demo-svc-prod-alb/2a5f486a7b9d265a' is not a valid target group ARN
  status code: 400, request id: e3819755-799c-11e8-ac82-43dfdd4e44d1
* module.prod.module.web.module.web.aws_autoscaling_group.backend: 1 error(s) occurred:

* aws_autoscaling_group.backend: Error creating AutoScaling Group: ValidationError: Provided Load Balancers may not be valid. Please ensure they exist and try again.
  status code: 400, request id: e37efee9-799c-11e8-955a-c50a9e447dfa

我不明白为什么 ARN 无效,因为它属于 Terraform 创建的资源。 ARN 引用elasticloadbalancing 似乎很可疑。使用 AWS 应用程序负载均衡器和 ASG 时是否需要注意任何问题?使用经典 ELB 时,我没有看到这个问题。有什么方法可以从 Terraform 中获取更多有用的信息?

引发错误的相关资源是:

resource "aws_alb_listener" "frontend" {
  load_balancer_arn       = "${aws_alb.frontend.arn}"
  port                    = "${local.https_port}"
  protocol                = "HTTPS"
  ssl_policy              = "ELBSecurityPolicy-TLS-1-2-2017-01"

  default_action {
    target_group_arn      = "${aws_alb.frontend.arn}"
    type                  = "forward"
  }
}


resource "aws_autoscaling_group" "backend" {
  name                    = "${local.cluster_name}-asg"
  launch_configuration    = "${aws_launch_configuration.backend.id}"
  availability_zones      = ["${data.aws_availability_zones.all.names}"]
  load_balancers          = ["${aws_alb.frontend.name}"]
  health_check_type       = "ELB"
  min_size                = "${var.min_size}"
  max_size                = "${var.max_size}"
  // This resource type uses different tags specification format.
  // A list comp over the locals tags map would sure come in handy to keep
  // things DRY.
  tags                    = [
    {
      key                 = "System"
      value               = "${var.tags["System"]}"
      propagate_at_launch = true
    },
    {
      key                 = "Environment"
      value               = "${local.tags["Environment"]}"
      propagate_at_launch = true
    },
    {
      key                 = "Owner"
      value               = "${local.tags["Owner"]}"
      propagate_at_launch = true
    },
    {
      key                 = "Description"
      value               = "${local.tags["Description"]}"
      propagate_at_launch = true
    }
  ]
}

完整代码可在https://github.com/mojochao/terraform-aws-web-stack/commit/a4bfe5d6362fddfb2934dc9a89344c304e59cef7获取。

【问题讨论】:

    标签: amazon-ec2 terraform


    【解决方案1】:

    您在这两种情况下都引用了错误的资源。

    第一个错误你的监听器被定义为:

    resource "aws_alb_listener" "frontend" {
  load_balancer_arn       = "${aws_alb.frontend.arn}"
  port                    = "${local.https_port}"
  protocol                = "HTTPS"
  ssl_policy              = "ELBSecurityPolicy-TLS-1-2-2017-01"

  default_action {
    target_group_arn      = "${aws_alb.frontend.arn}"
    type                  = "forward"
  }
}

    请注意default_action takes a target_group_arn,因此您需要将其指向您的目标组,而不是负载均衡器本身。

    所以你应该使用:

    resource "aws_alb_listener" "frontend" {
  load_balancer_arn       = "${aws_alb.frontend.arn}"
  port                    = "${local.https_port}"
  protocol                = "HTTPS"
  ssl_policy              = "ELBSecurityPolicy-TLS-1-2-2017-01"

  default_action {
    target_group_arn      = "${aws_alb_target_group.frontend.arn}"
    type                  = "forward"
  }
}

    因为您只定义了一个侦听器规则,您也可以删除aws_alb_listener_rule resource,因为无论如何它与侦听器上的默认操作执行相同的操作。如果您希望不同的流量(按主机或按路径)流向不同的目标组,您只需单独定义规则。

    您的第二个错误来自尝试通过using the load_balancers parameter 将自动缩放组附加到 ELB 经典。正如aws_autoscaling_group resource docs 提到的那样,您应该改用target_group_arns

    resource "aws_autoscaling_group" "backend" {
  name                    = "${local.cluster_name}-asg"
  launch_configuration    = "${aws_launch_configuration.backend.id}"
  availability_zones      = ["${data.aws_availability_zones.all.names}"]
  target_group_arns       = ["${aws_alb_target_group.frontend.arn}"]
  health_check_type       = "ELB"
  min_size                = "${var.min_size}"
  max_size                = "${var.max_size}"
  // This resource type uses different tags specification format.
  // A list comp over the locals tags map would sure come in handy to keep
  // things DRY.
  tags                    = [
    {
      key                 = "System"
      value               = "${var.tags["System"]}"
      propagate_at_launch = true
    },
    {
      key                 = "Environment"
      value               = "${local.tags["Environment"]}"
      propagate_at_launch = true
    },
    {
      key                 = "Owner"
      value               = "${local.tags["Owner"]}"
      propagate_at_launch = true
    },
    {
      key                 = "Description"
      value               = "${local.tags["Description"]}"
      propagate_at_launch = true
    }
  ]
}

    这将自动将自动缩放组附加到 ALB 目标组,因此您还可以摆脱正在做同样事情的 aws_autoscaling_attachment resource。如果您分别定义了 ALB 目标组和自动缩放组并且需要在它们之间进行链接,则通常只会使用 aws_autoscaling_attachment 资源。

    【讨论】:

    • 谢谢!那解决了它。我还必须更改这一点,因为我使用的是name 而不是arntarget_group_arns = ["${aws_alb_target_group.frontend.arn}"]
    • 天哪,非常感谢@ydaetskcoR,你拯救了我的周末;)
    猜你喜欢
    • 2019-05-11
    • 1970-01-01
    • 2022-06-17
    • 2021-01-21
    • 2019-07-08
    • 1970-01-01
    • 2017-07-30
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode