Terraform Load Balancer 健康检查失败,例如在 asg 中
Terraform Load Balancer Health Check fails for instance in asg
我在 asg 中启动了一个私有实例
在 public 中,我创建了一个应用程序负载均衡器来连接到私有实例
Issue:Target 组显示为 asg 实例的健康检查失败
问题:如何解决这个问题并使健康检查通过
请支持我解决这个问题。
因此,使用浏览器访问时发生超时
**alb.tf**
resource "aws_lb" "ops_manager_app_lb" {
name = "ops-manager-app-lb"
internal = false
security_groups = [ aws_security_group.ops_lb_sg.id ]
subnets = [ var.PUB_SUBNET_NAT, var.PUB_SUBNET_2 ]
}
resource "aws_lb_target_group" "opsmanager_target_group_8080" {
depends_on = [ aws_lb.ops_manager_app_lb ]
name = "opsmanager-target-group-8080"
port = 8080
protocol = "HTTP"
vpc_id = var.AWS_VPC
health_check {
path = "/"
port = 8080
protocol = "HTTP"
healthy_threshold = 3
unhealthy_threshold = 3
matcher = "200-499"
}
}
resource "aws_lb_listener" "ops_alb_listener_8080" {
load_balancer_arn = aws_lb.ops_manager_app_lb.arn
port = "8080"
protocol = "HTTP"
#certificate_arn = "${var.elk_cert_arn}"
default_action {
target_group_arn = aws_lb_target_group.opsmanager_target_group_8080.arn
type = "forward"
}
}
**sg.tf**
resource "aws_security_group" "ops_lb_sg" {
name = "opsmanager_app_lb"
description = "Security Group for OpsManager ALB"
vpc_id = var.AWS_VPC
ingress {
from_port = 8080
to_port = 8080
protocol = "tcp"
cidr_blocks = [ var.VPC_CIDR ]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
### OpsManager Application Server Security Group ###
resource "aws_security_group" "application_opsmanager_sg" {
name = "application_opsmanager_sg"
description = "Security Group for OpsManager Application Instance"
vpc_id = var.AWS_VPC
ingress {
description = "TCP port for HTTP service"
from_port = 8080
to_port = 8080
protocol = "tcp"
security_groups = [ aws_security_group.ops_lb_sg.id ]
#cidr_blocks = [var.VPC_CIDR]
}
}
**main.tf**
resource "aws_launch_configuration" "lc_opsmanager" {
name = "ops_manager_launch"
image_id = var.AMIS
instance_type = var.INSTANCE_TYPE["OPS_APP"]
iam_instance_profile = data.aws_iam_instance_profile.application_instance_profile.name
key_name = var.KEY_NAME
security_groups = [data.aws_security_group.application_sg.id, aws_security_group.ops_lb_sg.id ]
}
resource "aws_autoscaling_group" "asg_opsmanager" {
name = "asg-ops-manager"
max_size = 2
min_size = 1
desired_capacity = 1
#availability_zones = [ data.aws_availability_zone.az_primary.name ]
vpc_zone_identifier = [var.PRIV_SUBNET_OPS]
health_check_type = "EC2"
health_check_grace_period = 300
launch_configuration = aws_launch_configuration.lc_opsmanager.id
target_group_arns = [ aws_lb_target_group.opsmanager_target_group_8080.arn ]
tag {
key = "Name"
value = "ops_manager_application"
propagate_at_launch = true
}
}
您的架构可能存在很多问题,
但是一个绝对负责的人
阻止访问您的 ALB 不正确
安全组.
也就是说,ALB 使用 ops_lb_sg 而 不允许
互联网流量。相反,它只允许来自
var.VPC_CIDR。要允许互联网连接,它应该是:
cidr_blocks = [ "0.0.0.0/0" ]
或您的 home/work 网络的 CIDR 范围。
我在 asg 中启动了一个私有实例 在 public 中,我创建了一个应用程序负载均衡器来连接到私有实例 Issue:Target 组显示为 asg 实例的健康检查失败 问题:如何解决这个问题并使健康检查通过 请支持我解决这个问题。 因此,使用浏览器访问时发生超时
**alb.tf**
resource "aws_lb" "ops_manager_app_lb" {
name = "ops-manager-app-lb"
internal = false
security_groups = [ aws_security_group.ops_lb_sg.id ]
subnets = [ var.PUB_SUBNET_NAT, var.PUB_SUBNET_2 ]
}
resource "aws_lb_target_group" "opsmanager_target_group_8080" {
depends_on = [ aws_lb.ops_manager_app_lb ]
name = "opsmanager-target-group-8080"
port = 8080
protocol = "HTTP"
vpc_id = var.AWS_VPC
health_check {
path = "/"
port = 8080
protocol = "HTTP"
healthy_threshold = 3
unhealthy_threshold = 3
matcher = "200-499"
}
}
resource "aws_lb_listener" "ops_alb_listener_8080" {
load_balancer_arn = aws_lb.ops_manager_app_lb.arn
port = "8080"
protocol = "HTTP"
#certificate_arn = "${var.elk_cert_arn}"
default_action {
target_group_arn = aws_lb_target_group.opsmanager_target_group_8080.arn
type = "forward"
}
}
**sg.tf**
resource "aws_security_group" "ops_lb_sg" {
name = "opsmanager_app_lb"
description = "Security Group for OpsManager ALB"
vpc_id = var.AWS_VPC
ingress {
from_port = 8080
to_port = 8080
protocol = "tcp"
cidr_blocks = [ var.VPC_CIDR ]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
### OpsManager Application Server Security Group ###
resource "aws_security_group" "application_opsmanager_sg" {
name = "application_opsmanager_sg"
description = "Security Group for OpsManager Application Instance"
vpc_id = var.AWS_VPC
ingress {
description = "TCP port for HTTP service"
from_port = 8080
to_port = 8080
protocol = "tcp"
security_groups = [ aws_security_group.ops_lb_sg.id ]
#cidr_blocks = [var.VPC_CIDR]
}
}
**main.tf**
resource "aws_launch_configuration" "lc_opsmanager" {
name = "ops_manager_launch"
image_id = var.AMIS
instance_type = var.INSTANCE_TYPE["OPS_APP"]
iam_instance_profile = data.aws_iam_instance_profile.application_instance_profile.name
key_name = var.KEY_NAME
security_groups = [data.aws_security_group.application_sg.id, aws_security_group.ops_lb_sg.id ]
}
resource "aws_autoscaling_group" "asg_opsmanager" {
name = "asg-ops-manager"
max_size = 2
min_size = 1
desired_capacity = 1
#availability_zones = [ data.aws_availability_zone.az_primary.name ]
vpc_zone_identifier = [var.PRIV_SUBNET_OPS]
health_check_type = "EC2"
health_check_grace_period = 300
launch_configuration = aws_launch_configuration.lc_opsmanager.id
target_group_arns = [ aws_lb_target_group.opsmanager_target_group_8080.arn ]
tag {
key = "Name"
value = "ops_manager_application"
propagate_at_launch = true
}
}
您的架构可能存在很多问题, 但是一个绝对负责的人 阻止访问您的 ALB 不正确 安全组.
也就是说,ALB 使用 ops_lb_sg 而 不允许
互联网流量。相反,它只允许来自
var.VPC_CIDR。要允许互联网连接,它应该是:
cidr_blocks = [ "0.0.0.0/0" ]
或您的 home/work 网络的 CIDR 范围。