Terraform Azure:在另一个订阅上部署mysql网络规则
我正在尝试使用Terraform(V0.11.11)在Azure上部署MySQL数据库。我需要在main.tf文件中设置不同的部分:Terraform Azure:在另一个订阅上部署mysql网络规则,mysql,azure,terraform,Mysql,Azure,Terraform,我正在尝试使用Terraform(V0.11.11)在Azure上部署MySQL数据库。我需要在main.tf文件中设置不同的部分: 提供者 资源组 mysql服务器 mysql数据库 mysql虚拟网络规则1 mysql虚拟网络规则2 mysql虚拟网络规则3 目前,除了最后一条,mysql虚拟网络规则3,所有这些要求都有效。所有内容都是在订阅A上创建的,但mysql虚拟网络规则3使用订阅B中包含的子网id 问题是,如何编写.tf文件以使用子网id创建虚拟网络规则,该子网id的订阅与目前使
- 提供者
- 资源组
- mysql服务器
- mysql数据库
- mysql虚拟网络规则1
- mysql虚拟网络规则2
- mysql虚拟网络规则3
#provider azurem.A is Subscription A in my text. Everything is created in this sub.
#prodiver azurem.B is Subscription B in my text. The subnet used to create vitual_network_rule_3 is in this subscription.
provider "azurerm" {
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
tenant_id = "${var.tenant_id}"
subscription_id = "${var.subscription}"
alias = "A"
}
provider "azurerm" {
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
tenant_id = "${var.tenant_id}"
subscription_id = "${var.subscription_B}"
alias = "B"
}
#Creating RG in Sub A.
resource "azurerm_resource_group" "rg" {
# attributes to create RG in Sub A. works well.
# ....
}
#Creating mysql server in Sub A.
resource "azurerm_mysql_server" "mysql_server" {
# attributes to create mysql server. works well.
# ....
}
#Creating mysql database in Sub A.
resource "azurerm_mysql_database" "mysql_db" {
# attributes to create mysql database. works well.
# ....
}
#Creating vnet rule using a subnet in Sub A. WORKING
resource "azurerm_mysql_virtual_network_rule" "mysql_vnet_1" {
count = "${var.vnet_one != "" ? 1 : 0}"
name = "subscription-peering-1"
resource_group_name = "${azurerm_resource_group.rg.name}"
server_name = "${azurerm_mysql_server.mysql_server.name}"
subnet_id = "${var.vnet_one}"
provider = "azurerm.A"
}
#Creating vnet rule using a subnet in Sub A. WORKING
resource "azurerm_mysql_virtual_network_rule" "mysql_vnet_2" {
count = "${var.vnet_two != "" ? 1 : 0}"
name = "subscription-peering-2"
resource_group_name = "${azurerm_resource_group.rg.name}"
server_name = "${azurerm_mysql_server.mysql_server.name}"
subnet_id = "${var.vnet_two}"
provider = "azurerm.A"
}
#Getting data to get the subnet in Subscription B in order to use it in "mysql_vnet_three".
#Uses the second provider, the one that contains Subcription B
data "azurerm_subnet" "subnet_data" {
name = "my-subB-subnet-name"
virtual_network_name = "my-subB-vnet-name"
resource_group_name = "my-subB-rg_name"
provider = "azurerm.B"
}
#Creating vnet rule using a subnet in Sub B. NOT WORKING
resource "azurerm_mysql_virtual_network_rule" "mysql_vnet_3" {
count = "${var.vnet_exploit != "" ? 1 : 0}"
name = "subscription-peering-3"
resource_group_name = "${azurerm_resource_group.rg.name}"
server_name = "${azurerm_mysql_server.mysql_server.name}"
subnet_id = "${data.azurerm_subnet.subnet_data.id}"
provider = "azurerm.A"
}
非常感谢你 提供者是否应该是azurerm.B
#Creating vnet rule using a subnet in Sub B. NOT WORKING
resource "azurerm_mysql_virtual_network_rule" "mysql_vnet_3" {
count = "${var.vnet_exploit != "" ? 1 : 0}"
name = "subscription-peering-3"
resource_group_name = "${azurerm_resource_group.rg.name}"
server_name = "${azurerm_mysql_server.mysql_server.name}"
subnet_id = "${data.azurerm_subnet.subnet_data.id}"
provider = "azurerm.B"
}
提供者不应该是azurerm.B吗
#Creating vnet rule using a subnet in Sub B. NOT WORKING
resource "azurerm_mysql_virtual_network_rule" "mysql_vnet_3" {
count = "${var.vnet_exploit != "" ? 1 : 0}"
name = "subscription-peering-3"
resource_group_name = "${azurerm_resource_group.rg.name}"
server_name = "${azurerm_mysql_server.mysql_server.name}"
subnet_id = "${data.azurerm_subnet.subnet_data.id}"
provider = "azurerm.B"
}
由于我无法找到使用TF资源的解决方案,所以我使用LocalExec运行Az命令来创建vnet规则
resource "null_resource" "create_vnet_rule_exploit_from_cli" {
count = "${var.vnet_exploit != "" ? 1 : 0}"
provisioner "local-exec" {
command = "az mysql server vnet-rule create --name subscription-peering-exploit
--server-name ${azurerm_mysql_server.mysql_server.name} --resource-group
${azurerm_resource_group.rg.name} --subnet ${var.vnet_exploit} --
subscription ${var.subscription}"
}
depends_on = ["azurerm_mysql_server.mysql_server"]
}
由于我无法找到使用TF资源的解决方案,所以我使用LocalExec运行Az命令来创建vnet规则
resource "null_resource" "create_vnet_rule_exploit_from_cli" {
count = "${var.vnet_exploit != "" ? 1 : 0}"
provisioner "local-exec" {
command = "az mysql server vnet-rule create --name subscription-peering-exploit
--server-name ${azurerm_mysql_server.mysql_server.name} --resource-group
${azurerm_resource_group.rg.name} --subnet ${var.vnet_exploit} --
subscription ${var.subscription}"
}
depends_on = ["azurerm_mysql_server.mysql_server"]
}
我已经试过azurerm.B了。它不起作用,因为这个虚拟网络规则是在mysql服务器(在Sub.A中)中创建的。所以,如果我使用Sub.B,Azure将处理404错误,因为它找不到资源组和服务器名称(在Sub.a中)。在这种情况下,只有subnet_id来自Sub.B。感谢您抽出时间回答我的问题,这非常值得赞赏,我已经尝试使用azurerm.B。它不起作用,因为这个虚拟网络规则是在mysql服务器(在Sub.A中)中创建的。所以,如果我使用Sub.B,Azure将处理404错误,因为它找不到资源组和服务器名称(在Sub.a中)。在这种情况下,只有subnet_id来自Sub.B。感谢您抽出时间回答我,这是非常明显的。有两个问题需要澄清。这两个订阅是否在同一租户中?您对不同订阅中的子网有什么权限?1。两个订阅具有相同的租户。2.我对这两个订阅都有完全权限。这就是为什么我觉得很奇怪。。。我可以使用Az CLI或Azure portal创建vnet规则,但我不能使用Terraform…有两个问题需要澄清。这两个订阅是否在同一租户中?您对不同订阅中的子网有什么权限?1。两个订阅具有相同的租户。2.我对这两个订阅都有完全权限。这就是为什么我觉得很奇怪。。。我可以用Az CLI或Azure portal创建vnet规则,但不能使用Terraform。。。