无法使用 Terraform 为 ElasticSearch 添加 2 个子网
Unable to add 2 subnets for an ElasticSearch with Terraform
我正在尝试使用 Terraform 构建 ElasticSearch 集群,但我无法分配超过 1 个子网!这真的很奇怪,因为文档中有这个:
https://www.terraform.io/docs/providers/aws/r/elasticsearch_domain.html#subnet_ids
subnet_ids - (Required) List of VPC Subnet IDs for the Elasticsearch
domain endpoints to be created in.
但是当我尝试这样做时,出现了这个错误:
Error: ValidationException: You must specify exactly one subnet
这是我的代码:
resource "aws_elasticsearch_domain" "es" {
domain_name = "${var.es_domain}-${var.environment}"
elasticsearch_version = "${var.es_version}"
cluster_config {
instance_type = "${var.es_instance_type}"
instance_count = "${var.es_instance_count}"
}
vpc_options {
subnet_ids = ["${data.aws_subnet.private_1.id}", "${data.aws_subnet.private_2.id}"]
security_group_ids = ["${aws_security_group.es.id}"]
}
snapshot_options { automated_snapshot_start_hour = "${var.es_automated_spanshot_start_hour}" }
ebs_options {
ebs_enabled = true
volume_type = "standard"
volume_size = "20"
}
access_policies = <<CONFIG
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "es:*",
"Principal": "*",
"Effect": "Allow",
"Resource": "arn:aws:es:${var.aws_region}:${data.aws_caller_identity.current.account_id}:domain/${var.es_domain}/*"
}
]
}
CONFIG
}
我正在使用 terraform v0.12.2
感谢您的帮助。
您在 cluster_config 中缺少 zone_awareness_enabled parameter,这是使用多 AZ Elasticsearch 集群时所必需的。
感谢@ydaetskcoR 指路。
我将分享我在配置 availability_zone_count 和 subnet_ids 时遇到的困难 - 希望它可以为其他人节省一些时间。
问题的一些上下文:
A) 我尝试创建一个多区域 ES 集群。
B) 我有 4 个数据层子网(也包含其他类型的数据库)并希望集群在当前区域(3 个 AZ)的可用 AZ 之间拆分 - 所以其中一个 AZ 将有 2 个子网和 2 个 ES 实例。
请注意:
1:zone_awareness_config 块下的 availability_zone_count 字段应具有与可用 AZ 相同的确切数量。
2:vpc_options 块下的 subnet_ids 字段应包含您在 availability_zone_count 下指定的相同数量的可用区。
所以,一句话:availability_zone_count == (available AZs) == length( subnet_ids)
下面是包含相关部分的代码片段(也请遵循评论 - 它可能还会为您节省一些时间):
resource "aws_elasticsearch_domain" "staging" {
domain_name = ...
vpc_options{
subnet_ids = "${local.subnet_ids}" # Instead of: [for s in aws_subnet.data_tier : s.id] which will lead to: Error creating ElasticSearch domain: ValidationException: You must specify exactly three subnets because you’ve set zone count to three.
}
cluster_config {
zone_awareness_enabled = true #If you ignore it you'll get: Error creating ElasticSearch domain: ValidationException: You must specify exactly one subnet
#Notice that there is no "=" Below - or you'll visit this thread: https://github.com/terraform-providers/terraform-provider-aws/issues/12365
zone_awareness_config {
availability_zone_count = "${length(var.region_azs)}"
}
}
.
.
}
#Take only X number of subnets where X is the number of available AZs)
locals {
subnet_ids = "${slice(aws_subnet.data_tier.*.id, 0, length(var.region_azs))}"
}
# Added this also due to: Error creating ElasticSearch domain: ValidationException: Before you can proceed, you must enable a service-linked role to give Amazon ES permissions to access your VPC.
# Solved with: (Terraform related Answer)
resource "aws_iam_service_linked_role" "es" {
aws_service_name = "es.amazonaws.com"
description = "Allows Amazon ES to manage AWS resources for a domain on your behalf."
}
我正在尝试使用 Terraform 构建 ElasticSearch 集群,但我无法分配超过 1 个子网!这真的很奇怪,因为文档中有这个:
https://www.terraform.io/docs/providers/aws/r/elasticsearch_domain.html#subnet_ids
subnet_ids - (Required) List of VPC Subnet IDs for the Elasticsearch domain endpoints to be created in.
但是当我尝试这样做时,出现了这个错误:
Error: ValidationException: You must specify exactly one subnet
这是我的代码:
resource "aws_elasticsearch_domain" "es" {
domain_name = "${var.es_domain}-${var.environment}"
elasticsearch_version = "${var.es_version}"
cluster_config {
instance_type = "${var.es_instance_type}"
instance_count = "${var.es_instance_count}"
}
vpc_options {
subnet_ids = ["${data.aws_subnet.private_1.id}", "${data.aws_subnet.private_2.id}"]
security_group_ids = ["${aws_security_group.es.id}"]
}
snapshot_options { automated_snapshot_start_hour = "${var.es_automated_spanshot_start_hour}" }
ebs_options {
ebs_enabled = true
volume_type = "standard"
volume_size = "20"
}
access_policies = <<CONFIG
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "es:*",
"Principal": "*",
"Effect": "Allow",
"Resource": "arn:aws:es:${var.aws_region}:${data.aws_caller_identity.current.account_id}:domain/${var.es_domain}/*"
}
]
}
CONFIG
}
我正在使用 terraform v0.12.2
感谢您的帮助。
您在 cluster_config 中缺少 zone_awareness_enabled parameter,这是使用多 AZ Elasticsearch 集群时所必需的。
感谢@ydaetskcoR 指路。
我将分享我在配置 availability_zone_count 和 subnet_ids 时遇到的困难 - 希望它可以为其他人节省一些时间。
问题的一些上下文:
A) 我尝试创建一个多区域 ES 集群。
B) 我有 4 个数据层子网(也包含其他类型的数据库)并希望集群在当前区域(3 个 AZ)的可用 AZ 之间拆分 - 所以其中一个 AZ 将有 2 个子网和 2 个 ES 实例。
请注意:
1:zone_awareness_config 块下的 availability_zone_count 字段应具有与可用 AZ 相同的确切数量。
2:vpc_options 块下的 subnet_ids 字段应包含您在 availability_zone_count 下指定的相同数量的可用区。
所以,一句话:availability_zone_count == (available AZs) == length( subnet_ids)
下面是包含相关部分的代码片段(也请遵循评论 - 它可能还会为您节省一些时间):
resource "aws_elasticsearch_domain" "staging" {
domain_name = ...
vpc_options{
subnet_ids = "${local.subnet_ids}" # Instead of: [for s in aws_subnet.data_tier : s.id] which will lead to: Error creating ElasticSearch domain: ValidationException: You must specify exactly three subnets because you’ve set zone count to three.
}
cluster_config {
zone_awareness_enabled = true #If you ignore it you'll get: Error creating ElasticSearch domain: ValidationException: You must specify exactly one subnet
#Notice that there is no "=" Below - or you'll visit this thread: https://github.com/terraform-providers/terraform-provider-aws/issues/12365
zone_awareness_config {
availability_zone_count = "${length(var.region_azs)}"
}
}
.
.
}
#Take only X number of subnets where X is the number of available AZs)
locals {
subnet_ids = "${slice(aws_subnet.data_tier.*.id, 0, length(var.region_azs))}"
}
# Added this also due to: Error creating ElasticSearch domain: ValidationException: Before you can proceed, you must enable a service-linked role to give Amazon ES permissions to access your VPC.
# Solved with: (Terraform related Answer)
resource "aws_iam_service_linked_role" "es" {
aws_service_name = "es.amazonaws.com"
description = "Allows Amazon ES to manage AWS resources for a domain on your behalf."
}