使用 TerraForm 创建 Azure Front Door 实例

Creating Azure Front Door instance with TerraForm

使用 Terraform 创建 Azure Front Door 实例时遇到问题。设置应该很基本,但找不到问题所在。

这是 terraform 脚本

resource "azurerm_frontdoor" "b2cfrontdoor" {
  name                                         = "fd-adpb2c-westeurope-dev"
  resource_group_name                          = azurerm_resource_group.b2c.name
  enforce_backend_pools_certificate_name_check = true

  routing_rule {
    name               = "routingrule"
    accepted_protocols = ["Http", "Https"]
    patterns_to_match  = ["/*"]
    frontend_endpoints = ["b2c-frontdoor-endpoint-dev"]
    forwarding_configuration {
      forwarding_protocol = "MatchRequest"
      backend_pool_name   = "b2-backend-pool-dev"
    }
  }

  backend_pool_load_balancing {
    name = "loadbalancingsettings"
  }

  backend_pool_health_probe {
    name    = "healthprobesettings"
    enabled = false
    probe_method = "HEAD"
  }

  backend_pool {
    name = "b2-backend-pool-dev"
    backend {
      host_header = "xyz.b2clogin.com"
      address     = "xyz.b2clogin.com"
      http_port   = 80
      https_port  = 443
    }
    load_balancing_name = "loadbalancingsettings"
    health_probe_name   = "healthprobesettings"
  }

  frontend_endpoint {
    name      = "b2c-frontdoor-endpoint-dev"
    host_name = "b2c-frontdoor-endpoint-dev.azurefd.net"
    session_affinity_enabled = false
    session_affinity_ttl_seconds = 0
  }
}

返回的错误信息是

Error: creating Front Door "fd-adpb2c-westeurope-dev" (Resource Group "rg-adpb2c-westeurope-dev"): frontdoor.FrontDoorsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="BadRequest" Message="The frontend endpoint zone \"\" must only be used in the default CNAME entry."

  on resource_frontdoor.tf line 1, in resource "azurerm_frontdoor" "b2cfrontdoor":
   1: resource "azurerm_frontdoor" "b2cfrontdoor" {

对发送到 Azure 的请求进行了嗅探,发现了一个 PUT 请求到

https://management.azure.com/subscriptions/*********************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev?api-version=2020-01-01

使用此负载

{
  "location": "Global",
  "properties": {
    "backendPools": [
      {
        "id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/backendPools/b2-backend-pool-dev",
        "name": "b2-backend-pool-dev",
        "properties": {
          "backends": [
            {
              "address": "xyz.b2clogin.com",
              "backendHostHeader": "xyz.b2clogin.com",
              "enabledState": "Enabled",
              "httpPort": 80,
              "httpsPort": 443,
              "priority": 1,
              "weight": 50
            }
          ],
          "loadBalancingSettings": {
            "id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/loadBalancingSettings/loadbalancingsettings"
          },
          "healthProbeSettings": {
            "id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/healthProbeSettings/healthprobesettings"
          }
        }
      }
    ],
    "backendPoolsSettings": {
      "enforceCertificateNameCheck": "Disabled",
      "sendRecvTimeoutSeconds": 60
    },
    "enabledState": "Enabled",
    "friendlyName": "",
    "frontendEndpoints": [
      {
        "id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/frontendEndpoints/b2-frontdoor-endpoint-dev",
        "name": "b2-frontdoor-endpoint-dev",
        "properties": {
          "hostName": "b2-frontdoor-endpoint-dev.azurefd.net",
          "sessionAffinityEnabledState": "Disabled",
          "sessionAffinityTtlSeconds": 0
        }
      }
    ],
    "healthProbeSettings": [
      {
        "id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/healthProbeSettings/healthprobesettings",
        "name": "healthprobesettings",
        "properties": {
          "path": "/",
          "protocol": "Http",
          "intervalInSeconds": 120,
          "healthProbeMethod": "GET",
          "enabledState": "Disabled"
        }
      }
    ],
    "loadBalancingSettings": [
      {
        "id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/loadBalancingSettings/loadbalancingsettings",
        "name": "loadbalancingsettings",
        "properties": {
          "sampleSize": 4,
          "successfulSamplesRequired": 2,
          "additionalLatencyMilliseconds": 0
        }
      }
    ],
    "routingRules": [
      {
        "id": "",
        "name": "routingrule",
        "properties": {
          "frontendEndpoints": [
            {
              "id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/frontendEndpoints/b2-frontdoor-endpoint-dev"
            }
          ],
          "acceptedProtocols": [
            "Http",
            "Https"
          ],
          "patternsToMatch": [
            "/*"
          ],
          "enabledState": "Enabled",
          "routeConfiguration": {
            "@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration",
            "backendPool": {
              "id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/backendPools/b2-backend-pool-dev"
            },
            "forwardingProtocol": "MatchRequest"
          }
        }
      }
    ]
  },
  "tags": {}
}

响应是

{
  "error": {
    "code": "BadRequest",
    "message": "The frontend endpoint zone \"\" must only be used in the default CNAME entry."
  }
}

TerraForm版本为0.14.10,azurerm版本为v2.56.0

有人知道这个问题吗?

谢谢

问题请参考以下步骤

resource "azurerm_frontdoor" "b2cfrontdoor" {
  name                                         = "b2c-frontdoor-endpoint-dev"
  resource_group_name                          = azurerm_resource_group.b2c.name
  enforce_backend_pools_certificate_name_check = true
  

  routing_rule {
    name               = "routingrule"
    accepted_protocols = ["Http", "Https"]
    patterns_to_match  = ["/*"]
    frontend_endpoints = ["b2c-frontdoor-endpoint-dev"]
    forwarding_configuration {
      forwarding_protocol = "MatchRequest"
      backend_pool_name   = "b2-backend-pool-dev"
    }
  }

  backend_pool_load_balancing {
    name = "loadbalancingsettings"
  }

  backend_pool_health_probe {
    name    = "healthprobesettings"
    
  }

  backend_pool {
    name = "b2-backend-pool-dev"
    backend {
      host_header = "test.b2clogin.com"
      address     = "test.b2clogin.com"
      http_port   = 80
      https_port  = 443
    }
    load_balancing_name = "loadbalancingsettings"
    health_probe_name   = "healthprobesettings"
  }

  frontend_endpoint {
    name      = "b2c-frontdoor-endpoint-dev"
    host_name = "b2c-frontdoor-endpoint-dev.azurefd.net"
    session_affinity_enabled = false
    session_affinity_ttl_seconds = 0
  }
}

发现问题了(也是Jim Xu指出的)。资源名称 ("azurerm_frontdoor" "b2cfrontdoor") 和 frontend_endpoint 的名称必须相同。在 Azure 门户中创建 Front Door 实例时,系统不会要求您提供名称,Front Door 实例从前端的名称中获取它的名称。

resource "azurerm_frontdoor" "b2cfrontdoor" {
      name                                         = "b2c-frontdoor-endpoint-dev"
      resource_group_name                          = azurerm_resource_group.b2c.name
      enforce_backend_pools_certificate_name_check = true
    
      routing_rule {
        name               = "routingrule"
        accepted_protocols = ["Http", "Https"]
        patterns_to_match  = ["/*"]
        frontend_endpoints = ["b2c-frontdoor-endpoint-dev"]
        forwarding_configuration {
          forwarding_protocol = "MatchRequest"
          backend_pool_name   = "b2-backend-pool-dev"
        }
      }
    
      backend_pool_load_balancing {
        name = "loadbalancingsettings"
      }
    
      backend_pool_health_probe {
        name    = "healthprobesettings"
        enabled = false
        probe_method = "HEAD"
      }
    
      backend_pool {
        name = "b2-backend-pool-dev"
        backend {
          host_header = "xyz.b2clogin.com"
          address     = "xyz.b2clogin.com"
          http_port   = 80
          https_port  = 443
        }
        load_balancing_name = "loadbalancingsettings"
        health_probe_name   = "healthprobesettings"
      }
    
      frontend_endpoint {
        name      = "b2c-frontdoor-endpoint-dev"
        host_name = "b2c-frontdoor-endpoint-dev.azurefd.net"
        session_affinity_enabled = false
        session_affinity_ttl_seconds = 0
      }
    }

接受的答案不太正确。实际要求是前端端点的子域必须与为前门实例提供的名称相匹配。前端端点的名称可以与前门实例的名称完全无关。

$frontDoorName = "matters"
$frontendEndpoint = New-AzFrontDoorFrontendEndpointObject -Name "irrelevant" -HostName "$frontDoorName.azurefd.net"
$frontDoor = New-AzFrontDoor `
    -ResourceGroupName $resourceGroupName `
    -Name $frontDoorName `
    -RoutingRule $routingRule `
    -FrontendEndpoint $frontendEndpoint `
    -BackendPool $backendPool `
    -LoadBalancingSetting $loadBalancingSetting `
    -HealthProbeSetting $healthProbeSetting