使用 TerraForm 创建 Azure Front Door 实例
Creating Azure Front Door instance with TerraForm
使用 Terraform 创建 Azure Front Door 实例时遇到问题。设置应该很基本,但找不到问题所在。
这是 terraform 脚本
resource "azurerm_frontdoor" "b2cfrontdoor" {
name = "fd-adpb2c-westeurope-dev"
resource_group_name = azurerm_resource_group.b2c.name
enforce_backend_pools_certificate_name_check = true
routing_rule {
name = "routingrule"
accepted_protocols = ["Http", "Https"]
patterns_to_match = ["/*"]
frontend_endpoints = ["b2c-frontdoor-endpoint-dev"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "b2-backend-pool-dev"
}
}
backend_pool_load_balancing {
name = "loadbalancingsettings"
}
backend_pool_health_probe {
name = "healthprobesettings"
enabled = false
probe_method = "HEAD"
}
backend_pool {
name = "b2-backend-pool-dev"
backend {
host_header = "xyz.b2clogin.com"
address = "xyz.b2clogin.com"
http_port = 80
https_port = 443
}
load_balancing_name = "loadbalancingsettings"
health_probe_name = "healthprobesettings"
}
frontend_endpoint {
name = "b2c-frontdoor-endpoint-dev"
host_name = "b2c-frontdoor-endpoint-dev.azurefd.net"
session_affinity_enabled = false
session_affinity_ttl_seconds = 0
}
}
返回的错误信息是
Error: creating Front Door "fd-adpb2c-westeurope-dev" (Resource Group "rg-adpb2c-westeurope-dev"): frontdoor.FrontDoorsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="BadRequest" Message="The frontend endpoint zone \"\" must only be used in the default CNAME entry."
on resource_frontdoor.tf line 1, in resource "azurerm_frontdoor" "b2cfrontdoor":
1: resource "azurerm_frontdoor" "b2cfrontdoor" {
对发送到 Azure 的请求进行了嗅探,发现了一个 PUT 请求到
使用此负载
{
"location": "Global",
"properties": {
"backendPools": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/backendPools/b2-backend-pool-dev",
"name": "b2-backend-pool-dev",
"properties": {
"backends": [
{
"address": "xyz.b2clogin.com",
"backendHostHeader": "xyz.b2clogin.com",
"enabledState": "Enabled",
"httpPort": 80,
"httpsPort": 443,
"priority": 1,
"weight": 50
}
],
"loadBalancingSettings": {
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/loadBalancingSettings/loadbalancingsettings"
},
"healthProbeSettings": {
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/healthProbeSettings/healthprobesettings"
}
}
}
],
"backendPoolsSettings": {
"enforceCertificateNameCheck": "Disabled",
"sendRecvTimeoutSeconds": 60
},
"enabledState": "Enabled",
"friendlyName": "",
"frontendEndpoints": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/frontendEndpoints/b2-frontdoor-endpoint-dev",
"name": "b2-frontdoor-endpoint-dev",
"properties": {
"hostName": "b2-frontdoor-endpoint-dev.azurefd.net",
"sessionAffinityEnabledState": "Disabled",
"sessionAffinityTtlSeconds": 0
}
}
],
"healthProbeSettings": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/healthProbeSettings/healthprobesettings",
"name": "healthprobesettings",
"properties": {
"path": "/",
"protocol": "Http",
"intervalInSeconds": 120,
"healthProbeMethod": "GET",
"enabledState": "Disabled"
}
}
],
"loadBalancingSettings": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/loadBalancingSettings/loadbalancingsettings",
"name": "loadbalancingsettings",
"properties": {
"sampleSize": 4,
"successfulSamplesRequired": 2,
"additionalLatencyMilliseconds": 0
}
}
],
"routingRules": [
{
"id": "",
"name": "routingrule",
"properties": {
"frontendEndpoints": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/frontendEndpoints/b2-frontdoor-endpoint-dev"
}
],
"acceptedProtocols": [
"Http",
"Https"
],
"patternsToMatch": [
"/*"
],
"enabledState": "Enabled",
"routeConfiguration": {
"@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration",
"backendPool": {
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/backendPools/b2-backend-pool-dev"
},
"forwardingProtocol": "MatchRequest"
}
}
}
]
},
"tags": {}
}
响应是
{
"error": {
"code": "BadRequest",
"message": "The frontend endpoint zone \"\" must only be used in the default CNAME entry."
}
}
TerraForm版本为0.14.10,azurerm版本为v2.56.0
有人知道这个问题吗?
谢谢
问题请参考以下步骤
resource "azurerm_frontdoor" "b2cfrontdoor" {
name = "b2c-frontdoor-endpoint-dev"
resource_group_name = azurerm_resource_group.b2c.name
enforce_backend_pools_certificate_name_check = true
routing_rule {
name = "routingrule"
accepted_protocols = ["Http", "Https"]
patterns_to_match = ["/*"]
frontend_endpoints = ["b2c-frontdoor-endpoint-dev"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "b2-backend-pool-dev"
}
}
backend_pool_load_balancing {
name = "loadbalancingsettings"
}
backend_pool_health_probe {
name = "healthprobesettings"
}
backend_pool {
name = "b2-backend-pool-dev"
backend {
host_header = "test.b2clogin.com"
address = "test.b2clogin.com"
http_port = 80
https_port = 443
}
load_balancing_name = "loadbalancingsettings"
health_probe_name = "healthprobesettings"
}
frontend_endpoint {
name = "b2c-frontdoor-endpoint-dev"
host_name = "b2c-frontdoor-endpoint-dev.azurefd.net"
session_affinity_enabled = false
session_affinity_ttl_seconds = 0
}
}
发现问题了(也是Jim Xu指出的)。资源名称 ("azurerm_frontdoor" "b2cfrontdoor") 和 frontend_endpoint 的名称必须相同。在 Azure 门户中创建 Front Door 实例时,系统不会要求您提供名称,Front Door 实例从前端的名称中获取它的名称。
resource "azurerm_frontdoor" "b2cfrontdoor" {
name = "b2c-frontdoor-endpoint-dev"
resource_group_name = azurerm_resource_group.b2c.name
enforce_backend_pools_certificate_name_check = true
routing_rule {
name = "routingrule"
accepted_protocols = ["Http", "Https"]
patterns_to_match = ["/*"]
frontend_endpoints = ["b2c-frontdoor-endpoint-dev"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "b2-backend-pool-dev"
}
}
backend_pool_load_balancing {
name = "loadbalancingsettings"
}
backend_pool_health_probe {
name = "healthprobesettings"
enabled = false
probe_method = "HEAD"
}
backend_pool {
name = "b2-backend-pool-dev"
backend {
host_header = "xyz.b2clogin.com"
address = "xyz.b2clogin.com"
http_port = 80
https_port = 443
}
load_balancing_name = "loadbalancingsettings"
health_probe_name = "healthprobesettings"
}
frontend_endpoint {
name = "b2c-frontdoor-endpoint-dev"
host_name = "b2c-frontdoor-endpoint-dev.azurefd.net"
session_affinity_enabled = false
session_affinity_ttl_seconds = 0
}
}
接受的答案不太正确。实际要求是前端端点的子域必须与为前门实例提供的名称相匹配。前端端点的名称可以与前门实例的名称完全无关。
$frontDoorName = "matters"
$frontendEndpoint = New-AzFrontDoorFrontendEndpointObject -Name "irrelevant" -HostName "$frontDoorName.azurefd.net"
$frontDoor = New-AzFrontDoor `
-ResourceGroupName $resourceGroupName `
-Name $frontDoorName `
-RoutingRule $routingRule `
-FrontendEndpoint $frontendEndpoint `
-BackendPool $backendPool `
-LoadBalancingSetting $loadBalancingSetting `
-HealthProbeSetting $healthProbeSetting
使用 Terraform 创建 Azure Front Door 实例时遇到问题。设置应该很基本,但找不到问题所在。
这是 terraform 脚本
resource "azurerm_frontdoor" "b2cfrontdoor" {
name = "fd-adpb2c-westeurope-dev"
resource_group_name = azurerm_resource_group.b2c.name
enforce_backend_pools_certificate_name_check = true
routing_rule {
name = "routingrule"
accepted_protocols = ["Http", "Https"]
patterns_to_match = ["/*"]
frontend_endpoints = ["b2c-frontdoor-endpoint-dev"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "b2-backend-pool-dev"
}
}
backend_pool_load_balancing {
name = "loadbalancingsettings"
}
backend_pool_health_probe {
name = "healthprobesettings"
enabled = false
probe_method = "HEAD"
}
backend_pool {
name = "b2-backend-pool-dev"
backend {
host_header = "xyz.b2clogin.com"
address = "xyz.b2clogin.com"
http_port = 80
https_port = 443
}
load_balancing_name = "loadbalancingsettings"
health_probe_name = "healthprobesettings"
}
frontend_endpoint {
name = "b2c-frontdoor-endpoint-dev"
host_name = "b2c-frontdoor-endpoint-dev.azurefd.net"
session_affinity_enabled = false
session_affinity_ttl_seconds = 0
}
}
返回的错误信息是
Error: creating Front Door "fd-adpb2c-westeurope-dev" (Resource Group "rg-adpb2c-westeurope-dev"): frontdoor.FrontDoorsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="BadRequest" Message="The frontend endpoint zone \"\" must only be used in the default CNAME entry."
on resource_frontdoor.tf line 1, in resource "azurerm_frontdoor" "b2cfrontdoor":
1: resource "azurerm_frontdoor" "b2cfrontdoor" {
对发送到 Azure 的请求进行了嗅探,发现了一个 PUT 请求到
使用此负载
{
"location": "Global",
"properties": {
"backendPools": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/backendPools/b2-backend-pool-dev",
"name": "b2-backend-pool-dev",
"properties": {
"backends": [
{
"address": "xyz.b2clogin.com",
"backendHostHeader": "xyz.b2clogin.com",
"enabledState": "Enabled",
"httpPort": 80,
"httpsPort": 443,
"priority": 1,
"weight": 50
}
],
"loadBalancingSettings": {
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/loadBalancingSettings/loadbalancingsettings"
},
"healthProbeSettings": {
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/healthProbeSettings/healthprobesettings"
}
}
}
],
"backendPoolsSettings": {
"enforceCertificateNameCheck": "Disabled",
"sendRecvTimeoutSeconds": 60
},
"enabledState": "Enabled",
"friendlyName": "",
"frontendEndpoints": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/frontendEndpoints/b2-frontdoor-endpoint-dev",
"name": "b2-frontdoor-endpoint-dev",
"properties": {
"hostName": "b2-frontdoor-endpoint-dev.azurefd.net",
"sessionAffinityEnabledState": "Disabled",
"sessionAffinityTtlSeconds": 0
}
}
],
"healthProbeSettings": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/healthProbeSettings/healthprobesettings",
"name": "healthprobesettings",
"properties": {
"path": "/",
"protocol": "Http",
"intervalInSeconds": 120,
"healthProbeMethod": "GET",
"enabledState": "Disabled"
}
}
],
"loadBalancingSettings": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/loadBalancingSettings/loadbalancingsettings",
"name": "loadbalancingsettings",
"properties": {
"sampleSize": 4,
"successfulSamplesRequired": 2,
"additionalLatencyMilliseconds": 0
}
}
],
"routingRules": [
{
"id": "",
"name": "routingrule",
"properties": {
"frontendEndpoints": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/frontendEndpoints/b2-frontdoor-endpoint-dev"
}
],
"acceptedProtocols": [
"Http",
"Https"
],
"patternsToMatch": [
"/*"
],
"enabledState": "Enabled",
"routeConfiguration": {
"@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration",
"backendPool": {
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/backendPools/b2-backend-pool-dev"
},
"forwardingProtocol": "MatchRequest"
}
}
}
]
},
"tags": {}
}
响应是
{
"error": {
"code": "BadRequest",
"message": "The frontend endpoint zone \"\" must only be used in the default CNAME entry."
}
}
TerraForm版本为0.14.10,azurerm版本为v2.56.0
有人知道这个问题吗?
谢谢
问题请参考以下步骤
resource "azurerm_frontdoor" "b2cfrontdoor" {
name = "b2c-frontdoor-endpoint-dev"
resource_group_name = azurerm_resource_group.b2c.name
enforce_backend_pools_certificate_name_check = true
routing_rule {
name = "routingrule"
accepted_protocols = ["Http", "Https"]
patterns_to_match = ["/*"]
frontend_endpoints = ["b2c-frontdoor-endpoint-dev"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "b2-backend-pool-dev"
}
}
backend_pool_load_balancing {
name = "loadbalancingsettings"
}
backend_pool_health_probe {
name = "healthprobesettings"
}
backend_pool {
name = "b2-backend-pool-dev"
backend {
host_header = "test.b2clogin.com"
address = "test.b2clogin.com"
http_port = 80
https_port = 443
}
load_balancing_name = "loadbalancingsettings"
health_probe_name = "healthprobesettings"
}
frontend_endpoint {
name = "b2c-frontdoor-endpoint-dev"
host_name = "b2c-frontdoor-endpoint-dev.azurefd.net"
session_affinity_enabled = false
session_affinity_ttl_seconds = 0
}
}
发现问题了(也是Jim Xu指出的)。资源名称 ("azurerm_frontdoor" "b2cfrontdoor") 和 frontend_endpoint 的名称必须相同。在 Azure 门户中创建 Front Door 实例时,系统不会要求您提供名称,Front Door 实例从前端的名称中获取它的名称。
resource "azurerm_frontdoor" "b2cfrontdoor" {
name = "b2c-frontdoor-endpoint-dev"
resource_group_name = azurerm_resource_group.b2c.name
enforce_backend_pools_certificate_name_check = true
routing_rule {
name = "routingrule"
accepted_protocols = ["Http", "Https"]
patterns_to_match = ["/*"]
frontend_endpoints = ["b2c-frontdoor-endpoint-dev"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "b2-backend-pool-dev"
}
}
backend_pool_load_balancing {
name = "loadbalancingsettings"
}
backend_pool_health_probe {
name = "healthprobesettings"
enabled = false
probe_method = "HEAD"
}
backend_pool {
name = "b2-backend-pool-dev"
backend {
host_header = "xyz.b2clogin.com"
address = "xyz.b2clogin.com"
http_port = 80
https_port = 443
}
load_balancing_name = "loadbalancingsettings"
health_probe_name = "healthprobesettings"
}
frontend_endpoint {
name = "b2c-frontdoor-endpoint-dev"
host_name = "b2c-frontdoor-endpoint-dev.azurefd.net"
session_affinity_enabled = false
session_affinity_ttl_seconds = 0
}
}
接受的答案不太正确。实际要求是前端端点的子域必须与为前门实例提供的名称相匹配。前端端点的名称可以与前门实例的名称完全无关。
$frontDoorName = "matters"
$frontendEndpoint = New-AzFrontDoorFrontendEndpointObject -Name "irrelevant" -HostName "$frontDoorName.azurefd.net"
$frontDoor = New-AzFrontDoor `
-ResourceGroupName $resourceGroupName `
-Name $frontDoorName `
-RoutingRule $routingRule `
-FrontendEndpoint $frontendEndpoint `
-BackendPool $backendPool `
-LoadBalancingSetting $loadBalancingSetting `
-HealthProbeSetting $healthProbeSetting