0

我正在执行 GCP 平台“使用部署管理器配置防火墙和启动脚本”的实验室,我为此代码更改了 qwicklabs.jinja:

 resources:
- name: default-allow-http
  type: compute.v1.firewall
  properties:
    targetTags: ["http"]
    sourceRanges: ["0.0.0.0/0"]
    allowed:
      - IPProtocol: TCP
        ports: ["80"]
- type: compute.v1.instance
  name: vm-test
  properties:
    zone: {{ properties["zone"] }}
    machineType: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/zones/{{ properties["zone"] }}/machineTypes/f1-micro
    # For examples on how to use startup scripts on an instance, see:
    #   https://cloud.google.com/compute/docs/startupscript
    tags:
        items: ["http"]
    metadata:
      items:
      - key: startup-script
        value: "apt-get update \n apt-get install -y apache2"
    disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        diskName: disk-{{ env["deployment"] }}
        sourceImage: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-9
    networkInterfaces:
    - network: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/global/networks/default
      # Access Config required to give the instance a public IP address
      accessConfigs:
      - name: External NAT
        type: ONE_TO_ONE_NAT

虚拟机和磁盘已成功制作,但我无法完成最后一个任务“检查部署管理器是否包含启动脚本和防火墙资源”,因为我在制作防火墙规则时遇到了问题:

ERROR: (gcloud.deployment-manager.deployments.create) Error in Operation [operation-1598852175371-5a
e25c7f61bda-1c55c951-22ca1242]: errors:
- code: RESOURCE_ERROR
  location: /deployments/deployment-templates/resources/http-firewall-rule
  message: '{"ResourceType":"compute.v1.firewall","ResourceErrorCode":"400","ResourceErrorMessage":{
"code":400,"message":"Request
    contains an invalid argument.","status":"INVALID_ARGUMENT","statusMessage":"Bad
    Request","requestPath":"https://compute.googleapis.com/compute/v1/projects/qwiklabs-gcp-01-888e7
df2843f/global/firewalls","httpMethod":"POST"}}'

有人可以帮我吗?我必须完成这个实验!

4

1 回答 1

0

由于某种原因,您的文件给了我“格式无效”错误,所以我创建了一个新的部署管理器配置文件;从这里获取 VM 模板,添加您的外部 IP 配置以及防火墙规则部分(没有任何更改)。

我的 yaml 文件看起来像这样(虽然我没有使用任何变量)。

resources:
- name: vm-created-by-deployment-manager
  type: compute.v1.instance
  properties:
    zone: us-central1-a
    machineType: zones/us-central1-a/machineTypes/n1-standard-1
    tags:
        items: ["http"]
    metadata:
      items:
      - key: startup-script
        value: "apt-get update \n apt-get install -y apache2"
    disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        sourceImage: projects/debian-cloud/global/images/family/debian-9
    networkInterfaces:
    - network: global/networks/default
      accessConfigs:
      - name: External NAT
        type: ONE_TO_ONE_NAT
- name: default-allow-http3
  type: compute.v1.firewall
  properties:
    targetTags: ["http"]
    sourceRanges: ["0.0.0.0/0"]
    allowed:
      - IPProtocol: TCP
        ports: ["80"]

当我运行文件时,一切都按预期工作:

wbogacz@cloudshell:~/fire (wojtek)$ gcloud deployment-manager deployments create test1 --config dm1.yaml
The fingerprint of the deployment is b'n63E-AtErTCKtWOvktfUsA=='
Waiting for create [operation-1599036146720-5ae5-----99-2a45880e-addbce89]...done.
Create operation operation-1599036146720-5ae-----99-2a45880e-addbce89 completed successfully.
NAME                              TYPE                 STATE      ERRORS  INTENT
default-allow-http3               compute.v1.firewall  COMPLETED  []
vm-created-by-deployment-manager  compute.v1.instance  COMPLETED  []

最后,我通过 SSH 登录到 VM 并验证启动脚本已执行 - 再次成功。

于 2020-09-02T08:51:43.893 回答