我正在尝试使用 Terraform 在 Azure 中创建隔离应用服务环境 (ASE)。我已经成功了一次并且运行了一个 ASE。尝试在同一订阅中但在单独的资源组中创建第二个 ASE 失败。唯一可用的错误消息是“发生错误”。Azure Monitoring 中的调查显示,通过 ARM 模板传递的创建请求在创建 ASE 的过程中某处遇到了 500 错误(内部服务器错误)。但是,日志消息中没有详细信息可指示 Azure 在何处/何时/如何遇到 500 错误。
环境:
- 天蓝色 cli (2.26.1)
- 地形(0.14.11)
- hashcorp/azurerm 提供商 (2.67.0)
细节
我正在为我的项目创建多个环境:开发、测试和登台。它们各自位于同一 Azure 订阅中的不同资源组中。我的 terraform 中的所有资源都是使用环境/资源组独有的名称构建的。预期的生命周期是将基础架构更改部署到开发,然后测试,然后登台(最终在单独订阅中的生产环境)。对 dev 的初始配置和部署已成功。尝试部署以进行测试,或将不同的 ASE 部署到开发人员,都以非常少的反馈而失败。
最初的开发 ASE 是 v1 ASE。我尝试使用相同的 terraform 代码在测试中创建第二个 ASE。我还尝试在 dev 中创建 v3 ASE(因为 v3 会更便宜)。如果 v3 ASE 部署成功,我将在 dev 中切换到它,并将其用作测试和阶段的基础,而不是 v1 ASE。无论我尝试将 v1 ASE 部署到单独的资源组,还是尝试将 v3 ASE 部署到与 v1 ASE 相同的资源组,我都会收到相同的错误。
这是 v1 ASE 的 Terraform,包括将托管它的子网:
resource "azurerm_subnet" "subnet" {
name = "${local.prefix}-subnet"
resource_group_name = var.resource_group_name
virtual_network_name = var.vnet_name
address_prefixes = var.cidrs
enforce_private_link_endpoint_network_policies = var.enforce_private_link_endpoint_network_policies
enforce_private_link_service_network_policies = var.enforce_private_link_service_network_policies
dynamic "delegation" {
for_each = var.delegations
content {
name = "${local.prefix}-delegation-${delegation.key}"
service_delegation {
name = delegation.value.name
actions = delegation.value.actions
}
}
}
// List of Service endpoints to associate with the subnet.
service_endpoints = var.service_endpoints
}
resource "azurerm_network_security_group" "nsg" {
name = "${local.prefix}-nsg"
location = var.resource_group_location
resource_group_name = var.resource_group_name
tags = merge(map("Name", "${local.prefix}-nsg"), local.tags)
}
resource "azurerm_subnet_network_security_group_association" "nsg_assoc" {
subnet_id = azurerm_subnet.subnet.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
resource "azurerm_network_security_rule" "ase_mgmt" {
name = "${local.prefix}-ase-mgmt"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
source_address_prefix = "AppServiceManagement"
destination_port_range = "454-455"
destination_address_prefix = var.subnet_cidr
resource_group_name = var.resource_group_name
network_security_group_name = azurerm_network_security_group.nsg.name
}
resource "azurerm_network_security_rule" "ingress" {
for_each = {
for idx, cidr in var.ingress_cidrs : idx => cidr
}
name = "${local.prefix}-ingress-${each.key}"
priority = 200 + each.key
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
source_address_prefix = each.value
destination_port_range = "*"
destination_address_prefix = var.subnet_cidr
resource_group_name = var.resource_group_name
network_security_group_name = azurerm_network_security_group.nsg.name
}
resource "azurerm_app_service_environment" "env" {
name = "${local.prefix}-ase"
subnet_id = azurerm_subnet.subnet.id
pricing_tier = var.pricing_tier
front_end_scale_factor = var.front_scale_factor
internal_load_balancing_mode = "Web, Publishing"
allowed_user_ip_cidrs = var.allowed_user_ip_cidrs
cluster_setting {
name = "DisableTls1.0"
value = "1"
}
depends_on = [
azurerm_network_security_rule.ase_mgmt
]
}
v3 ASE 的配置相同,除了azurerm_app_service_environment.env替换为:
resource "azurerm_app_service_environment_v3" "env" {
name = "${local.prefix}-ase-v3"
resource_group_name = var.resource_group_name
subnet_id = azurerm_subnet.subnet.id
cluster_setting {
name = "DisableTls1.0"
value = "1"
}
depends_on = [
azurerm_network_security_rule.ase_mgmt
]
}
结果
- Terraform 生成此 ARM 请求(标识符已被编辑):
2021/07/19 09:07:44 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
2021-07-19T09:07:45.121-0700 [DEBUG] plugin.terraform-provider-azurerm_v2.67.0_x5: AzureRM Request:
PUT /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxxxx-dev-rg/providers/Microsoft.Web/hostingEnvironments/xxxxxxxx-dev-ase-v3?api-version=2020-06-01 HTTP/1.1
Host: management.azure.com
User-Agent: Go/go1.16.3 (amd64-darwin) go-autorest/v14.2.1 Azure-SDK-For-Go/v55.4.0 web/2020-06-01 HashiCorp Terraform/0.14.11 (+https://www.terraform.io) Terraform Plugin SDK/2.7.0 terraform-provider-azurerm/2.67.0 pid-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Content-Length: 382
Content-Type: application/json; charset=utf-8
X-Ms-Correlation-Request-Id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Accept-Encoding: gzip
{
"kind":"ASEV3",
"location":"centralus",
"properties":
{
"clusterSettings":[{
"name":"DisableTls1.0",
"value":"1"
}],
"name":"xxxxxxxx-dev-ase-v3",
"virtualNetwork":{
"id":"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxxxx-dev-rg/providers/Microsoft.Network/virtualNetworks/xxxxxxxx-dev-vnet/subnets/xxxxxxxx-dev-ase-v3-ase-subnet",
"subnet":"xxxxxxxx-dev-ase-v3-ase-subnet"
}
},
"tags":{}
}
- Terraform 最终报告的错误在调试输出中如下所示:
2021/07/19 09:13:53 [DEBUG] azurerm_app_service_environment_v3.env: apply errored, but we're indicating that via the Error pointer rather than returning it: creating App Service Environment: (Hosting Environment Name "xxxxxxxx-dev-ase-v3" / Resource Group "xxxxxxxx-dev-rg"): web.AppServiceEnvironmentsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="Failed" Message="The async operation failed." AdditionalInfo=[{"Message":"An error has occurred."}]: creating App Service Environment: (Hosting Environment Name "xxxxxxxx-dev-ase-v3" / Resource Group "xxxxxxxx-dev-rg"): web.AppServiceEnvironmentsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="Failed" Message="The async operation failed." AdditionalInfo=[{"Message":"An error has occurred."}]
- 查看 Azure Monitor 中的日志,我发现了类似的模糊错误消息。消息总结为
InternalServerError。此处包含 JSON 详细信息以供参考:
{
"authorization": {
"action": "Microsoft.Web/hostingEnvironments/write",
"scope": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/resourceGroups/xxxxxxxx-dev-rg/providers/Microsoft.Web/hostingEnvironments/xxxxxxxx-dev-ase-v3"
},
"caller": "duffy.gillman@presencepg.com",
"channels": "Operation",
"claims": {
//REDACTED
},
"correlationId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx",
"description": "",
"eventDataId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx",
"eventName": {
"value": "EndRequest",
"localizedValue": "End request"
},
"category": {
"value": "Administrative",
"localizedValue": "Administrative"
},
"eventTimestamp": "2021-07-19T15:51:45.4835627Z",
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/resourceGroups/xxxxxxxx-dev-rg/providers/Microsoft.Web/hostingEnvironments/xxxxxxxx-dev-ase-v3/events/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/ticks/637623067054835627",
"level": "Error",
"operationId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx",
"operationName": {
"value": "Microsoft.Web/hostingEnvironments/write",
"localizedValue": "Create or Update App Service Environment"
},
"resourceGroupName": "xxxxxxxx-dev-rg",
"resourceProviderName": {
"value": "Microsoft.Web",
"localizedValue": "Azure Web Sites"
},
"resourceType": {
"value": "Microsoft.Web/hostingEnvironments",
"localizedValue": "Microsoft.Web/hostingEnvironments"
},
"resourceId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/resourceGroups/xxxxxxxx-dev-rg/providers/Microsoft.Web/hostingEnvironments/xxxxxxxx-dev-ase-v3",
"status": {
"value": "Failed",
"localizedValue": "Failed"
},
"subStatus": {
"value": "InternalServerError",
"localizedValue": "Internal Server Error (HTTP Status Code: 500)"
},
"submissionTimestamp": "2021-07-19T15:52:29.177138Z",
"subscriptionId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx",
"tenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx",
"properties": {
"statusCode": "InternalServerError",
"serviceRequestId": null,
"statusMessage": "{\"Message\":\"An error has occurred.\"}",
"eventCategory": "Administrative",
"entity": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/resourceGroups/xxxxxxxx-dev-rg/providers/Microsoft.Web/hostingEnvironments/xxxxxxxx-dev-ase-v3",
"message": "Microsoft.Web/hostingEnvironments/write",
"hierarchy": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
},
"relatedEvents": []
}