4

我们的云后端设置包含 5 个用于 Postgres 实例的 Cloud SQL。我们使用 Terraform 管理我们的基础设施。我们使用公共 IP 和Cloud SQL 容器从 GKE 连接它们。

为了简化我们的设置,我们希望通过移动到私有 IP 来摆脱代理容器。我尝试遵循Terraform 指南。虽然创建单个实例可以正常工作,但尝试同时创建 5 个实例会导致 4 个失败和一个成功: GCP 控制台中的失败实例列表

在失败实例上出现在 Google Clod 控制台中的错误是“发生未知错误”: 失败的实例在 GCP 控制台中显示错误消息

以下是重现它的代码。注意count = 5线:

resource "google_compute_network" "private_network" {
  provider = "google-beta"

  name = "private-network"
}

resource "google_compute_global_address" "private_ip_address" {
  provider = "google-beta"

  name = "private-ip-address"
  purpose = "VPC_PEERING"
  address_type = "INTERNAL"
  prefix_length = 16
  network = "${google_compute_network.private_network.self_link}"
}

resource "google_service_networking_connection" "private_vpc_connection" {
  provider = "google-beta"

  network = "${google_compute_network.private_network.self_link}"
  service = "servicenetworking.googleapis.com"
  reserved_peering_ranges = ["${google_compute_global_address.private_ip_address.name}"]
}

resource "google_sql_database_instance" "instance" {
  provider = "google-beta"
  count = 5

  name = "private-instance-${count.index}"
  database_version = "POSTGRES_9_6"

  depends_on = [
    "google_service_networking_connection.private_vpc_connection"
  ]

  settings {
    tier = "db-custom-1-3840"
    availability_type = "REGIONAL"
    ip_configuration {
      ipv4_enabled = "false"
      private_network = "${google_compute_network.private_network.self_link}"
    }
  }
}

provider "google-beta" {
  version = "~> 2.5"
  credentials = "credentials.json"
  project = "PROJECT_ID"
  region = "us-central1"
  zone = "us-central1-a"
}

我尝试了几种选择:

  • google_service_networking_connection创建然后同时创建所有实例后等待一分钟,但我得到了同样的错误。
  • 创建地址范围和google_service_networking_connection每个实例,但出现google_service_networking_connection无法同时创建的错误。
  • 为每个实例创建一个地址范围和一个google_service_networking_connection链接到所有实例的地址范围,但我遇到了同样的错误。
4

3 回答 3

4

找到了一个丑陋但有效的解决方案。GCP中有一个错误,尽管无法完成,但它不会阻止同时创建实例。既没有关于它的文档,也没有有意义的错误消息。它也出现在Terraform Google 提供商问题跟踪器中。

一种替代方法是在实例之间添加依赖关系。这允许他们的创建成功完成。但是,每个实例都需要几分钟才能创建。这累积到许多花费的分钟。如果我们在实例创建之间添加 60 秒的人为延迟,我们可以设法避免失败。笔记:

  • 延迟所需的秒数取决于实例层。例如,对于db-f1-micro,30 秒就足够了。他们还不够db-custom-1-3840
  • 我不确定 . 所需的确切秒数是多少db-custom-1-3840。30 秒还不够,60 秒还不够。

以下是解决问题的代码示例。它仅显示 2 个实例,因为由于depends_on限制我无法使用计数功能,并且显示 5 个实例的完整代码会很长。它适用于 5 个实例:

resource "google_compute_network" "private_network" {
  provider = "google-beta"

  name = "private-network"
}

resource "google_compute_global_address" "private_ip_address" {
  provider = "google-beta"

  name = "private-ip-address"
  purpose = "VPC_PEERING"
  address_type = "INTERNAL"
  prefix_length = 16
  network = "${google_compute_network.private_network.self_link}"
}

resource "google_service_networking_connection" "private_vpc_connection" {
  provider = "google-beta"

  network = "${google_compute_network.private_network.self_link}"
  service = "servicenetworking.googleapis.com"
  reserved_peering_ranges = ["${google_compute_global_address.private_ip_address.name}"]
}

locals {
  db_instance_creation_delay_factor_seconds = 60
}

resource "null_resource" "delayer_1" {
  depends_on = ["google_service_networking_connection.private_vpc_connection"]

  provisioner "local-exec" {
    command = "echo Gradual DB instance creation && sleep ${local.db_instance_creation_delay_factor_seconds * 0}"
  }
}

resource "google_sql_database_instance" "instance_1" {
  provider = "google-beta"

  name = "private-instance-delayed-1"
  database_version = "POSTGRES_9_6"

  depends_on = [
    "google_service_networking_connection.private_vpc_connection",
    "null_resource.delayer_1"
  ]

  settings {
    tier = "db-custom-1-3840"
    availability_type = "REGIONAL"
    ip_configuration {
      ipv4_enabled = "false"
      private_network = "${google_compute_network.private_network.self_link}"
    }
  }
}

resource "null_resource" "delayer_2" {
  depends_on = ["google_service_networking_connection.private_vpc_connection"]

  provisioner "local-exec" {
    command = "echo Gradual DB instance creation && sleep ${local.db_instance_creation_delay_factor_seconds * 1}"
  }
}

resource "google_sql_database_instance" "instance_2" {
  provider = "google-beta"

  name = "private-instance-delayed-2"
  database_version = "POSTGRES_9_6"

  depends_on = [
    "google_service_networking_connection.private_vpc_connection",
    "null_resource.delayer_2"
  ]

  settings {
    tier = "db-custom-1-3840"
    availability_type = "REGIONAL"
    ip_configuration {
      ipv4_enabled = "false"
      private_network = "${google_compute_network.private_network.self_link}"
    }
  }
}

provider "google-beta" {
  version = "~> 2.5"
  credentials = "credentials.json"
  project = "PROJECT_ID"
  region = "us-central1"
  zone = "us-central1-a"
}

provider "null" {
  version = "~> 1.0"
}
于 2019-05-05T12:18:03.513 回答
1

如果有人以稍微不同的情况登陆这里(在专用网络中创建google_sql_database_instance会导致“未知错误”):

  1. 手动启动一个 Cloud SQL 实例(这将为该项目启用servicenetworking.googleapis.com和其他一些 API)
  2. 运行你的清单
  3. 终止在步骤 1 中创建的实例。

之后为我工作

¯_(ツ)_/¯

于 2020-09-30T19:26:10.913 回答
0

我在这里的情况略有不同,与@Grigorash Vasilij 相同(在专用网络中创建 google_sql_database_instance 会导致“未知错误”)。

我正在使用 UI 在 private 上部署 SQL 实例VPC,出于某种原因,这也给我带来了“未知错误”。我终于用gcloud命令解决了(为什么它有效而没有 UI?IDK,也许 UI 与命令不一样)

gcloud --project=[PROJECT_ID] beta sql instances create [INSTANCE_ID]
       --network=[VPC_NETWORK_NAME]
       --no-assign-ip

请关注此以获取更多详细信息

于 2021-03-04T16:46:47.930 回答