私有 Link 和私有终结点 "Failed to refresh the collection list. Please try again later" 的 Azure Cosmos DB 错误

Question

我已经为我的 Azure Cosmos DB 启用了专用终结点。每次我去 Cosmos 时，我都会在顶部看到一面红旗，上面写着：Failed to refresh the collection list. Please try again later。我们使用 Terraform 来部署代码。

即使我在 Terraform 中有以下代码，我也没有看到任何容器被创建

resource "azurerm_cosmosdb_sql_container" "default" {
  resource_group_name = module.resourcegroup.resource_group.name

  account_name  = azurerm_cosmosdb_account.default.name
  database_name = azurerm_cosmosdb_sql_database.default.name
  name          = "cosmosdb_container"

  partition_key_path = "/definition/id"
  throughput         = 400
}

知道我该怎么做才能解决这个问题。当 Cosmos 不在私有端点和私有 link

后面时，我看不到这些问题

我的 TF 代码如下：

resource "azurerm_cosmosdb_account" "default" {
  resource_group_name = module.resourcegroup.resource_group.name
  location            = var.location

  name                                  = module.name_cosmosdb_account.location.cosmosdb_account.name_unique
  tags                                  = module.resourcegroup.resource_group.tags
  public_network_access_enabled         = false
  network_acl_bypass_for_azure_services = true
  enable_automatic_failover             = true
  is_virtual_network_filter_enabled     = true

  offer_type = "Standard"
  kind       = "GlobalDocumentDB"

  consistency_policy {
    consistency_level       = "Session"
    max_interval_in_seconds = 5
    max_staleness_prefix    = 100
  }

  geo_location {
    location          = module.resourcegroup.resource_group.location
    failover_priority = 0
  }
  geo_location {
    location          = "eastus2"
    failover_priority = 1
  }
}

resource "azurerm_cosmosdb_sql_database" "default" {
  resource_group_name = module.resourcegroup.resource_group.name

  account_name = azurerm_cosmosdb_account.default.name
  name         = "cosmosdb_db"
  throughput   = 400
}


resource "azurerm_cosmosdb_sql_container" "default" {
  resource_group_name = module.resourcegroup.resource_group.name

  account_name  = azurerm_cosmosdb_account.default.name
  database_name = azurerm_cosmosdb_sql_database.default.name
  name          = "cosmosdb_container"

  partition_key_path = "/definition/id"
  throughput         = 400
}

Answer 1

即使 Portal 出现错误，容器和资源也是从 terraform 创建的。您可以使用 Data explorer 查看从 terraform 创建的数据库和容器。

测试：

地形代码：

provider "azurerm" {
    features{}
}
data "azurerm_resource_group" "rg" {
  name     = "resourcegroup"
}

resource "azurerm_virtual_network" "example" {
  name                = "cosmos-network"
  address_space       = ["10.0.0.0/16"]
  location            = data.azurerm_resource_group.rg.location
  resource_group_name = data.azurerm_resource_group.rg.name
}

resource "azurerm_subnet" "example" {
  name                 = "cosmos-subnet"
  resource_group_name  = data.azurerm_resource_group.rg.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.1.0/24"]

  enforce_private_link_endpoint_network_policies = true
}
resource "azurerm_cosmosdb_account" "example" {
  name                = "ansuman-cosmosdb"
  location            = data.azurerm_resource_group.rg.location
  resource_group_name = data.azurerm_resource_group.rg.name
  offer_type          = "Standard"
  kind                = "GlobalDocumentDB"

  consistency_policy {
    consistency_level       = "BoundedStaleness"
    max_interval_in_seconds = 10
    max_staleness_prefix    = 200
  }

  geo_location {
    location          = data.azurerm_resource_group.rg.location
    failover_priority = 0
  }
}

resource "azurerm_private_endpoint" "example" {
  name                = "cosmosansuman-endpoint"
  location            = data.azurerm_resource_group.rg.location
  resource_group_name = data.azurerm_resource_group.rg.name
  subnet_id           = azurerm_subnet.example.id

  private_service_connection {
    name                           = "cosmosansuman-privateserviceconnection"
    private_connection_resource_id = azurerm_cosmosdb_account.example.id
    subresource_names              = [ "SQL" ]
    is_manual_connection           = false
  }
}

resource "azurerm_cosmosdb_sql_database" "example" {
  name                = "ansuman-cosmos-mongo-db"
  resource_group_name = data.azurerm_resource_group.rg.name
  account_name        = azurerm_cosmosdb_account.example.name
  throughput          = 400
}

resource "azurerm_cosmosdb_sql_container" "default" {
  resource_group_name = data.azurerm_resource_group.rg.name
  account_name  = azurerm_cosmosdb_account.example.name
  database_name = azurerm_cosmosdb_sql_database.example.name
  name          = "cosmosdb_container"

  partition_key_path = "/definition/id"
  throughput         = 400
}

输出：

更新： 根据讨论，错误 Failed to refresh the collection list. Please try again later. 在您的情况下是默认的，因为您已禁用 public 对 cosmosdb 的网络访问创建时的帐户。如果将其设置为禁用，public 网络流量甚至在创建专用端点之前就会被阻止。

因此，对于此错误，可能的解决方案是：

在从 terraform 创建 cosmosdb 帐户时启用 public 网络流量以访问该帐户。因为，即使您在为 cosmosdb 设置了私有端点后将其设置为 true，public 对 cosmosdb 的访问将被自动禁用，如果您转到防火墙和虚拟网络，您会看到允许从所有网络访问是灰色的.因此，您可以检查 allow access from portal 和 add your current IP 以获得仅对您的 public 网络的访问权限，如下所示。（注意：因为它的默认设置为 true，所以您不需要添加public_network_access_enabled = true 在代码中。）

您可以使用 Data Explorer 查看您已经验证过的容器。
您可以在端点所在的同一 vnet 上创建 VM，并且从门户本身的 VM 内部连接 cosmosdb。您可以参考此 Microsoft Document 了解更多详情。

私有 Link 和私有终结点 "Failed to refresh the collection list. Please try again later" 的 Azure Cosmos DB 错误

Azure Cosmos DB Error with Private Link and Private Endpoint "Failed to refresh the collection list. Please try again later"

terraform

azure-cosmosdb

terraform-provider-azure