Terraform Google Cloud:使 VM 实例 IP 公开

Posted

技术标签:

【中文标题】Terraform Google Cloud:使 VM 实例 IP 公开【英文标题】:Terraform Google Cloud: Making VM instance IP public 【发布时间】:2021-12-21 07:41:47 【问题描述】:

我已经为此苦苦挣扎了几个小时,所以我想我不妨寻求适当的帮助。 我正在尝试使用公共 IP 配置 VM 实例,但它似乎不起作用。配置后,如果我想导航到 IP,IP 会抛出 ERR_CONNECTION_REFUSED。我已经阅读了文档,但找不到任何有用的东西。这是我的大型配置:

provider "google" 
  credentials = file("...")
  project = var.gcp_project_id
  region = var.gcp_region
  zone = var.gcp_zone


resource "random_id" "name" 
  byte_length = 2


locals 
  # If name_override is specified, use that - otherwise use the name_prefix with a random string
  private_network_name = "test-private-network-$random_id.name.hex"
  private_ip_name      = "test-private-ip-$random_id.name.hex"


# IP ADDRESS
resource "google_compute_address" "ip_address" 
  project = var.gcp_project_id
  region = var.gcp_region
  name = "test-ip-$terraform.workspace"


## Private network
resource "google_compute_network" "test_network" 
  provider = google
  name     = local.private_network_name


# HTTP RULE
resource "google_compute_firewall" "test_http" 
  project = var.gcp_project_id
  name    = "test-http-$terraform.workspace"
  network = google_compute_network.test_network.self_link
  direction = "INGRESS"
  priority = 1000

  allow 
    protocol = "tcp"
    ports    = ["80", "5433", "8000", "9540", "9808"]
  

  source_ranges = ["0.0.0.0/0"]

  target_tags = ["test-http-$terraform.workspace"]


# HTTPS RULE
resource "google_compute_firewall" "test_https" 
  project = var.gcp_project_id
  name    = "test-https-$terraform.workspace"
  network = google_compute_network.test_network.self_link
  direction = "INGRESS"
  priority = 1000

  allow 
    protocol = "tcp"
    ports    = ["443"]
  

  source_ranges = ["0.0.0.0/0"]

  target_tags = ["test-https-$terraform.workspace"]


# SSH RULE
resource "google_compute_firewall" "test_ssh" 
  project = var.gcp_project_id
  name    = "test-ssh-$terraform.workspace"
  network = google_compute_network.test_network.self_link
  direction = "INGRESS"
  priority = 65534

  allow 
    protocol = "tcp"
    ports    = ["22"]
  

  source_ranges = ["0.0.0.0/0"]

  target_tags = ["test-ssh-$terraform.workspace"]


# ICMP RULE
resource "google_compute_firewall" "test_icmp" 
  project = var.gcp_project_id
  name    = "test-icmp-$terraform.workspace"
  network = google_compute_network.test_network.self_link
  direction = "INGRESS"
  priority = 65534

  allow 
    protocol = "icmp"
  

  source_ranges = ["0.0.0.0/0"]

  target_tags = ["test-icmp-$terraform.workspace"]


# INTERNAL RULE
resource "google_compute_firewall" "test_internal" 
  project = var.gcp_project_id
  name    = "test-internal-$terraform.workspace"
  network = google_compute_network.test_network.self_link
  direction = "INGRESS"
  priority = 65534

  allow 
    protocol = "tcp"
    ports = ["0-65535"]
  

  source_ranges = ["0.0.0.0/0"]

  target_tags = ["test-internal-$terraform.workspace"]


# RDP RULE
resource "google_compute_firewall" "test_rdp" 
  project = var.gcp_project_id
  name    = "test-rdp-$terraform.workspace"
  network = google_compute_network.test_network.self_link
  direction = "INGRESS"
  priority = 65534

  allow 
    protocol = "tcp"
    ports = ["3389"]
  

  source_ranges = ["0.0.0.0/0"]

  target_tags = ["test-rdp-$terraform.workspace"]


# Redis RULE
resource "google_compute_firewall" "test_redis" 
  project = var.gcp_project_id
  name    = "test-redis-$terraform.workspace"
  network = google_compute_network.test_network.self_link
  direction = "INGRESS"
  priority = 1000

  allow 
    protocol = "tcp"
    ports = ["6379"]
  

  source_ranges = ["0.0.0.0/0"]

  target_tags = ["test-redis-$terraform.workspace"]



# test COMPUTE ENGINE INSTANCE
resource "google_compute_instance" "vm_instance" 
  name = "$var.app_name-vm-$terraform.workspace"
  project = var.gcp_project_id
  machine_type = var.gcp_machine_type
  zone = var.gcp_zone
  tags = [
    "test-ssh-$terraform.workspace",
    "test-http-$terraform.workspace",
    "test-https-$terraform.workspace",
    "test-icmp-$terraform.workspace",
    "test-internal-$terraform.workspace",
    "test-rdp-$terraform.workspace",
    "test-redis-$terraform.workspace",

  ]

  boot_disk 
    initialize_params 
      image = "ubuntu-2004-focal-v20210927"
      size = 500
    
    auto_delete = true
  
  # Private
  network_interface 
    network = google_compute_network.test_network.self_link

    access_config 
      nat_ip = google_compute_address.ip_address.address
    
  

  metadata_startup_script = file("startup.sh")

  service_account 
    scopes = ["storage-ro"]

非常感谢!

【问题讨论】:

1) 你想连接什么,你使用什么命令? 2) 创建实例时,我没有看到 Web 服务器或其他应用程序的安装。 3) 提供startup..sh的内容。 4) 潜在问题。您正在将某些规则的防火墙规则优先级设置为 65534。它们必须是不同的数字。 @JohnHanley 我没有尝试连接任何东西,而是设置了一个具有公共 IP 的实例,该 IP 可以根据我的防火墙规则接收。 :) 这有意义吗? startup.sh 现在只是在文本文件中回显你好。我认为可以通过没有网络服务器的公共 ip 访问该实例,但这肯定没有意义.. :D 虚拟机是否被创建?你能ping通吗?你能以任何方式连接到它吗? 我的问题是你在实例内部连接什么(服务/端口号)。如果你想运行一个网络服务器,你必须安装和配置一个。 【参考方案1】:

SSH 到你的虚拟机并运行 curl localhost,如果你得到 200 响应,这意味着你的虚拟机或网络服务器没有问题。

下一步是检查防火墙和标签。检查您的防火墙是否真的针对您的实例。

您看到的错误记录在 here。如果您的 VM 中没有安装任何内容,您还可以查看同一文档中的 apache 服务器示例。

【讨论】:

以上是关于Terraform Google Cloud:使 VM 实例 IP 公开的主要内容,如果未能解决你的问题,请参考以下文章

带有 Terraform 的 Google Cloud 凭据

如何通过 terraform 使用服务帐户创建 google cloud pubsub pull 订阅?

使用 Google Cloud Platform 时 Terraform 状态锁定的机制是啥?

使用 Terraform 和启动脚本创建专用网络 - Google Cloud Platform

在 github 操作上将 terraform cloud 与 google 提供程序一起使用会出错

Kickstart Terraform on GCP with Google Cloud Shell