微信公众号搜"智元新知"关注
微信扫一扫可直接关注哦!

Azure 隔离应用服务环境无法使用 Terraform 创建,并显示“发生错误”

分类:编程问答

如何解决Azure 隔离应用服务环境无法使用 Terraform 创建,并显示“发生错误”

我正在尝试使用 terraform 在 Azure 中创建一个独立的应用服务环境 (ASE)。我已经成功过一次并且有一个 ASE 正在运行。尝试在同一订阅中但在单独的资源组中创建第二个 ASE 失败。唯一可用的错误消息是“发生错误”。 Azure 监控中的调查显示,通过 ARM 模板传递的创建请求在创建 ASE 的过程中遇到了 500 错误(内部服务器错误)。但是,日志消息中没有提供任何详细信息来指示 Azure 在哪里/何时/如何遇到 500 错误

环境:

  • azure cli (2.26.1)
  • 地形(0.14.11)
  • hashicorp/azurerm 提供程序 (2.67.0)

详情

我正在为我的项目创建多个环境:开发、测试和暂存。它们分别位于同一 Azure 订阅内的不同资源组中。我的 terraform 中的所有资源都使用环境/资源组独有的名称构建。预期的生命周期是将基础架构更改部署到开发,然后进行测试,然后登台(最终在单独的订阅中创建生产环境)。对 dev 的初始配置和部署已成功。尝试部署到测试,或将不同的 ASE 部署到开发,都以极少的反馈而惨遭失败。

最初的开发 ASE 是 v1 ASE。我尝试使用相同的 terraform 代码在测试中创建第二个 ASE。我还尝试在 dev 中创建一个 v3 ASE(因为 v3 会更便宜)。如果 v3 ASE 部署成功,我将在 dev 中切换到它,并将其用作测试和阶段的基础,而不是 v1 ASE。无论是尝试将 v1 ASE 部署到单独的资源组,还是尝试将 v3 ASE 部署到与 v1 ASE 相同的资源组,我都会遇到相同的错误

这是 v1 ASE 的 terraform包括将托管它的子网:

resource "azurerm_subnet" "subnet" {
  name                                           = "${local.prefix}-subnet"
  resource_group_name                            = var.resource_group_name
  virtual_network_name                           = var.vnet_name
  address_prefixes                               = var.cidrs
  enforce_private_link_endpoint_network_policies = var.enforce_private_link_endpoint_network_policies
  enforce_private_link_service_network_policies  = var.enforce_private_link_service_network_policies

  dynamic "delegation" {
    for_each = var.delegations

    content {
      name = "${local.prefix}-delegation-${delegation.key}"
      service_delegation {
        name    = delegation.value.name
        actions = delegation.value.actions
      }
    }
  }

  // List of Service endpoints to associate with the subnet.
  service_endpoints = var.service_endpoints
}

resource "azurerm_network_security_group" "nsg" {
  name                = "${local.prefix}-nsg"
  location            = var.resource_group_location
  resource_group_name = var.resource_group_name

  tags = merge(map("Name","${local.prefix}-nsg"),local.tags)
}

resource "azurerm_subnet_network_security_group_association" "nsg_assoc" {
  subnet_id                 = azurerm_subnet.subnet.id
  network_security_group_id = azurerm_network_security_group.nsg.id
}

resource "azurerm_network_security_rule" "ase_mgmt" {
  name                        = "${local.prefix}-ase-mgmt"
  priority                    = 100 
  direction                   = "Inbound"
  access                      = "Allow"
  protocol                    = "*"
  source_port_range           = "*"
  source_address_prefix       = "AppServiceManagement"
  destination_port_range      = "454-455"
  destination_address_prefix  = var.subnet_cidr
  resource_group_name         = var.resource_group_name
  network_security_group_name = azurerm_network_security_group.nsg.name
}

resource "azurerm_network_security_rule" "ingress" {
  for_each                    = {
    for idx,cidr in var.ingress_cidrs : idx => cidr
  }

  name                        = "${local.prefix}-ingress-${each.key}"
  priority                    = 200 + each.key
  direction                   = "Inbound"
  access                      = "Allow"
  protocol                    = "*"
  source_port_range           = "*"
  source_address_prefix       = each.value
  destination_port_range      = "*"
  destination_address_prefix  = var.subnet_cidr
  resource_group_name         = var.resource_group_name
  network_security_group_name = azurerm_network_security_group.nsg.name
}

resource "azurerm_app_service_environment" "env" {
  name                         = "${local.prefix}-ase"
  subnet_id                    = azurerm_subnet.subnet.id
  pricing_tier                 = var.pricing_tier
  front_end_scale_factor       = var.front_scale_factor
  internal_load_balancing_mode = "Web,Publishing"
  allowed_user_ip_cidrs        = var.allowed_user_ip_cidrs

  cluster_setting {
    name  = "disableTls1.0"
    value = "1"
  }

  depends_on = [
    azurerm_network_security_rule.ase_mgmt
  ]
}

v3 ASE 的配置相同,除了 azurerm_app_service_environment.env 被替换为:

resource "azurerm_app_service_environment_v3" "env" {
  name                         = "${local.prefix}-ase-v3"
  resource_group_name          = var.resource_group_name
  subnet_id                    = azurerm_subnet.subnet.id

  cluster_setting {
    name  = "disableTls1.0"
    value = "1"
  }

  depends_on = [
    azurerm_network_security_rule.ase_mgmt
  ]
}

结果

  1. terraform 生成此 ARM 请求(标识符已被编辑):
2021/07/19 09:07:44 [TRACE] dag/walk: vertex "root" is waiting for "Meta.count-boundary (EachMode fixup)"
2021-07-19T09:07:45.121-0700 [DEBUG] plugin.terraform-provider-azurerm_v2.67.0_x5: AzureRM Request: 
PUT /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxxxx-dev-rg/providers/Microsoft.Web/hostingEnvironments/xxxxxxxx-dev-ase-v3?api-version=2020-06-01 HTTP/1.1
Host: management.azure.com
User-Agent: Go/go1.16.3 (amd64-darwin) go-autorest/v14.2.1 Azure-SDK-For-Go/v55.4.0 web/2020-06-01 HashiCorp terraform/0.14.11 (+https://www.terraform.io) terraform Plugin SDK/2.7.0 terraform-provider-azurerm/2.67.0 pid-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Content-Length: 382
Content-Type: application/json; charset=utf-8
X-Ms-Correlation-Request-Id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Accept-Encoding: gzip

{
  "kind":"ASEV3","location":"centralus","properties":
  {
    "clusterSettings":[{
      "name":"disableTls1.0","value":"1"
    }],"name":"xxxxxxxx-dev-ase-v3","virtualNetwork":{
      "id":"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxxxx-dev-rg/providers/Microsoft.Network/virtualNetworks/xxxxxxxx-dev-vnet/subnets/xxxxxxxx-dev-ase-v3-ase-subnet","subnet":"xxxxxxxx-dev-ase-v3-ase-subnet"
     }
  },"tags":{}
}
  1. terraform 最终报告的错误在调试输出中如下所示:
2021/07/19 09:13:53 [DEBUG] azurerm_app_service_environment_v3.env: apply errored,but we're indicating that via the Error pointer rather than returning it: creating App Service Environment: (Hosting Environment Name "xxxxxxxx-dev-ase-v3" / Resource Group "xxxxxxxx-dev-rg"): web.AppServiceEnvironmentsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="Failed" Message="The async operation Failed." AdditionalInfo=[{"Message":"An error has occurred."}]: creating App Service Environment: (Hosting Environment Name "xxxxxxxx-dev-ase-v3" / Resource Group "xxxxxxxx-dev-rg"): web.AppServiceEnvironmentsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="Failed" Message="The async operation Failed." AdditionalInfo=[{"Message":"An error has occurred."}]
  1. 查看 Azure Monitor 中的日志,我发现了一条类似的模糊错误消息。该消息总结为 InternalServerError。此处包含 JSON 详细信息以供参考:
{
    "authorization": {
        "action": "Microsoft.Web/hostingEnvironments/write","scope": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/resourceGroups/xxxxxxxx-dev-rg/providers/Microsoft.Web/hostingEnvironments/xxxxxxxx-dev-ase-v3"
    },"caller": "duffy.gillman@presencepg.com","channels": "Operation","claims": {
      //REDACTED
    },"correlationId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx","description": "","eventDataId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx","eventName": {
        "value": "EndRequest","localizedValue": "End request"
    },"category": {
        "value": "Administrative","localizedValue": "Administrative"
    },"eventTimestamp": "2021-07-19T15:51:45.4835627Z","id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/resourceGroups/xxxxxxxx-dev-rg/providers/Microsoft.Web/hostingEnvironments/xxxxxxxx-dev-ase-v3/events/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/ticks/637623067054835627","level": "Error","operationId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx","operationName": {
        "value": "Microsoft.Web/hostingEnvironments/write","localizedValue": "Create or Update App Service Environment"
    },"resourceGroupName": "xxxxxxxx-dev-rg","resourceProviderName": {
        "value": "Microsoft.Web","localizedValue": "Azure Web Sites"
    },"resourceType": {
        "value": "Microsoft.Web/hostingEnvironments","localizedValue": "Microsoft.Web/hostingEnvironments"
    },"resourceId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/resourceGroups/xxxxxxxx-dev-rg/providers/Microsoft.Web/hostingEnvironments/xxxxxxxx-dev-ase-v3","status": {
        "value": "Failed","localizedValue": "Failed"
    },"subStatus": {
        "value": "InternalServerError","localizedValue": "Internal Server Error (HTTP Status Code: 500)"
    },"submissionTimestamp": "2021-07-19T15:52:29.177138Z","subscriptionId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx","tenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx","properties": {
        "statusCode": "InternalServerError","serviceRequestId": null,"statusMessage": "{\"Message\":\"An error has occurred.\"}","eventCategory": "Administrative","entity": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/resourceGroups/xxxxxxxx-dev-rg/providers/Microsoft.Web/hostingEnvironments/xxxxxxxx-dev-ase-v3","message": "Microsoft.Web/hostingEnvironments/write","hierarchy": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
    },"relatedEvents": []
}

解决方法

在我看来,您似乎遇到了一些订阅限制。如果您尝试通过 Azure 门户创建相同的 ASE,它会为您提供服务吗?最好知道在尝试通过 UI 执行相同操作时是否出现错误,如果您确实在 GUI 中遇到了相同的错误,它将为您提供更好的错误消息。

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

苹果市值2025年有望达4万亿美元
pythonJavaScriptjavaHTMLPHPreactjsC#AndroidCSSNode.jssqlrpython-3.xMysqLjQueryc++pandasFlutterangularIOSdjangolinuxswifttypescript路由器JSON路由器设置无线路由器h3c华三华三路由器设置华三路由器电脑软件教程arraysdocker软件图文教程Cvue.jslaravelspring-boot