使用 for_each 创建模块时传递模块的输出

Question

This links to my the previous question, click the link for the rest of my code and how it all fits together: Use output value from module that has a for_each set这链接到我的上一个问题，单击我的代码的 rest 的链接以及它们如何组合在一起：使用具有 for_each 集的模块中的 output 值

Whilst the answer was helpful in solving the issue and allowing me to run the pipeline, I think there is an error because of the way the VM is generated using the for_each on the module.虽然答案有助于解决问题并允许我运行管道，但我认为由于使用模块上的 for_each 生成 VM 的方式存在错误。 This results in the incorrect value being passed to the network_security_rule.这会导致传递给 network_security_rule 的值不正确。 Below is an example of the error:下面是一个错误示例：

Error: Error Creating/Updating Network Security Rule "nsr-sbox-http80" (NSG "module.fico_app_vm.linux_vm_nsg" / Resource Group "rg-sbox-app"): network.SecurityRulesClient#CreateOrUpdate: Failure sending request: StatusCode=404 -- Original Error: Code="ResourceNotFound" Message="The Resource 'Microsoft.Network/networkSecurityGroups/module.fico_app_vm.linux_vm_nsg' under resource group 'rg-sbox-app' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix"

  on main.tf line 58, in resource "azurerm_network_security_rule" "fico-app-sr-80":
  58: resource "azurerm_network_security_rule" "fico-app-sr-80" {

outputs.tf输出.tf

output "linux_vm_ips" {
  value = azurerm_network_interface.dwp_network_interface.private_ip_address
}

output "linux_vm_nsg" {
  value = azurerm_network_security_group.dwp_network_security_group.name
}

At first I thought it was because the NSG isn't being created, but I checked the console and it does create it.起初我以为是因为没有创建 NSG，但我检查了控制台，它确实创建了它。 The issue is the NSG is created in the module for each VM.问题是 NSG 是在每个 VM 的模块中创建的。 The VM's are created by looping over the variable in tfvars file.虚拟机是通过循环 tfvars 文件中的变量来创建的。 How do I pass the NSG name created in the module to the security rule which is outside of the module?:如何将模块中创建的 NSG 名称传递给模块外部的安全规则？：

resource "azurerm_network_security_rule" "fico-app-sr-80" {
  name                        = "nsr-${var.environment}-${var.directorate}-${var.business_unit}-${var.vm_identifier}${var.instance_number}-http80"
  priority                    = 100
  direction                   = "Inbound"
  access                      = "Allow"
  protocol                    = "*"
  source_port_range           = "*"
  destination_port_range      = "80"
  source_address_prefixes     = ["module.fico_web_vm.linux_vm_ips"]
  destination_address_prefix  = "VirtualNetwork"
  resource_group_name         = azurerm_resource_group.rg_fico_app.name
  network_security_group_name = "module.fico_app_vm.linux_vm_nsg"
}

# Network Security Group
resource "azurerm_network_security_group" "network_security_group" {
  name                = "nsg-${var.environment}-${var.directorate}-${var.business_unit}-${var.vm_identifier}-${var.vm_name}"
  resource_group_name = var.resource_group
  location            = var.location
}

Something to note as well, is that the var.vm_name iterates through the key of each map and this makes up part of the name of the NSG.还有一点需要注意的是，var.vm_name 遍历每个 map 的键，这构成了 NSG 名称的一部分。

module in main.tf: main.tf 中的模块：

module "fico_app_vm" {
  for_each                     = var.app_servers
  source                       = "../modules/compute/linux_vm"
  source_image_id              = var.app_image_id
  location                     = var.location
  vm_name                      = each.key
  vm_identifier                = "${var.vm_identifier}${var.instance_number}"
  vm                           = each.value
  disks                        = each.value["disks"]
  resource_group               = azurerm_resource_group.rg_fico_app.name
  directorate                  = var.directorate
  business_unit                = var.business_unit
  environment                  = var.environment
  network_rg_identifier        = var.network_rg_identifier
  subnet_name                  = "sub-${var.environment}-${var.directorate}-${var.business_unit}-be01"
  diag_storage_account_name    = var.diag_storage_account_name
  ansible_storage_account_name = var.ansible_storage_account_name
  ansible_storage_account_key  = var.ansible_storage_account_key
  log_analytics_workspace_name = var.log_analytics_workspace_name
  backup_policy_name           = var.backup_policy_name
  enable_management_locks      = true
}

tfvars:变量：

app_servers ={
  app-1 = {
    size           = "Standard_E2s_v3"
    admin_username = "xxx"
    public_key     = "xxx"
    disks          = [32, 32]
    zone_vm        = "1"
    zone_disk      = ["1"]
  }
}

Answer 1

I think it's the problem that you read the previous answer not carefully.我认为这是您不仔细阅读上一个答案的问题。 The answer shows you need to change the security group name like this:答案表明您需要像这样更改安全组名称：

network_security_group_name = module.fico_app_vm.linux_vm_nsg

There are no double-quotes.没有双引号。 Double-quotes means it's a string.双引号表示它是一个字符串。 But you need to use the module attribute, not a string with a value "module.fico_app_vm.linux_vm_nsg" .但是您需要使用模块属性，而不是值为"module.fico_app_vm.linux_vm_nsg"的字符串。 The error also shows it directly.错误也直接显示出来。

Answer 2

I realised what my error was.我意识到我的错误是什么。 I needed to change this:我需要改变这个：

network_security_group_name = "module.fico_app_vm.linux_vm_nsg"

to this对此

network_security_group_name = module.fico_app_vm[each.key].linux_vm_nsg

But I also needed to reference the value in the source address prefixes.但我还需要引用源地址前缀中的值。 So to reference the key I created another variable and changed this:因此，为了引用密钥，我创建了另一个变量并对其进行了更改：

source_address_prefixes     = ["module.fico_web_vm.linux_vm_ips"]

to this:对此：

source_address_prefix       = module.fico_web_vm[each.value.web_server].linux_vm_ip

I also had to change to source_address_prefix and thats why the type error was occurring!我还必须更改为 source_address_prefix ，这就是发生类型错误的原因！

The security rule now looks like this:安全规则现在如下所示：

resource "azurerm_network_security_rule" "fico-app-sr-80" {
  for_each                    = var.app_servers
  name                        = "nsr-${var.environment}-${var.directorate}-${var.business_unit}-${var.vm_identifier}${var.instance_number}-http80"
  priority                    = 100
  direction                   = "Inbound"
  access                      = "Allow"
  protocol                    = "*"
  source_port_range           = "*"
  destination_port_range      = "80"
  source_address_prefix       = module.fico_web_vm[each.value.web_server].linux_vm_ip
  destination_address_prefix  = "VirtualNetwork"
  resource_group_name         = azurerm_resource_group.rg_dwp_fico_app.name
  network_security_group_name = module.fico_app_vm[each.key].linux_vm_nsg

And variable looks like this:变量如下所示：

app_servers = {
  app-1 = {
    size           = "Standard_E2s_v3"
    admin_username = "azureuser"
    public_key     = xxxx
    disks          = [32, 32]
    zone_vm        = "1"
    zone_disk      = ["1"]
    web_server     = "web-1"
  }
}

使用 for_each 创建模块时传递模块的输出

问题描述

2 个解决方案

解决方案1
0 2021-01-18 01:52:21

解决方案2
0 已采纳 2021-01-25 13:38:28

使用 for_each 创建模块时传递模块的输出

问题描述

2 个解决方案

解决方案1 0 2021-01-18 01:52:21

解决方案2 0 已采纳 2021-01-25 13:38:28

解决方案1
0 2021-01-18 01:52:21

解决方案2
0 已采纳 2021-01-25 13:38:28