IaC基础设施即代码:Terraform 连接 alicloud OSS 实现多资源管理
目录
一、实验
1.环境
2.Windows创建Terraform项目(后端)
3.Windows实例化Terraform项目(后端)
4.Windows给Terraform项目添加alicloud阿里云OSS (实现代码与资源分离)
5.Windows给Terraform项目添加封装的VPC模块
6.申请专有网络资源
7.Windows给Terraform项目添加封装的安全组模块
8.申请安全组资源
9.Windows给Terraform项目添加封装的ecs模块
10.申请ECS资源
11.ECS运行初始化脚本
12.Windows给Terraform项目添加封装的eip模块
13.Windows给Terraform项目添加封装的slb模块
14. service添加eip与slb配置文件
15.申请EIP与SLB资源
16.Windows给Terraform项目添加封装的dns模块
17 service添加dns配置文件
18.申请DNS资源
19.销毁资源
二、问题
1.Terraform 验证失败( Reference to undeclared input variable)
2.Terraform 验证失败(Module not installed)
3.Terraform 申请EIP资源报错
4.Terraform删除资源失败
5.Terraform连接alicloud的项目流程及架构
一、实验
1.环境
(1)主机
表1-1 主机
| 主机 | 系统 | 软件 | 工具 | 备注 |
| jia | Windows |
Terraform 1.6.6 | VS Code、 PowerShell、 Chocolatey | |
| pipepoint | Linux | Terraform 1.6.6 | SSH |
2.Windows创建Terraform项目(后端)
(1)创建项目
terraform-aliyun
(2)创建目录
env\dev存放实例的配置文件,global\backend存放后端配置文件,modules存放模块文件
(3)创建后端的主配置文件
main.tf
# Configure the Alicloud Provider 默认供应商
provider "alicloud" {
access_key = var.access_key
secret_key = var.secret_key
region = "cn-hangzhou"
}
# OSS
resource "alicloud_oss_bucket" "bucket-backenddev" {
bucket = "tf-backenddev"
acl = "private"
}
#tablestore
resource "alicloud_ots_instance" "tftabledev" {
name = "tftabledev"
description = "terraform tablestore"
accessed_by = "Any"
tags = {
Created = "TF"
For = "Building table"
}
}
resource "alicloud_ots_table" "basic" {
instance_name = alicloud_ots_instance.tftabledev.name
table_name = "tf_devops"
time_to_live = -1
max_version = 1
deviation_cell_version_in_sec = 1
primary_key {
name = "LockID"
type = "String"
}
}
(4)创建后端的变量配置文件
variables.tf
variable "access_key" {
description = "access_key"
}
variable "secret_key" {
description = "secret_key"
}
variable "region" {
type = string
description = "region name"
default = "cn-hangzhou"
sensitive = true
}
(5)创建后端的密钥配置文件
terraform.tfvars
access_key = "XXXXX"
secret_key = "XXXXX"
(6)查看当前目录
3.Windows实例化Terraform项目(后端)
(1)初始化
terraform init
(2)格式化代码
terraform fmt
(3)验证代码
terraform validate 
(4)计划与预览
terraform plan
(5)申请资源
terraform apply
yes
(6)展示资源
terraform show
(7)登录阿里云系统查看
①查看Bucket 列表
② 查看Tablestore
确认公网信息
数据表列表
4.Windows给Terraform项目添加alicloud阿里云OSS (实现代码与资源分离)
(1)创建后端配置文件
backend.tf
(2)创建输出配置文件
outputs.tf
(3)格式化代码
terraform fmt
(4) 初始化
terraform inityes,系统上传配置文件到阿里云OSS
(5)查看目录
(6)登录阿里云系统查看
①查看Bucket 列表
配置文件已上传
② 查看Tablestore
数据详情
(7)删除项目配置文件
5.Windows给Terraform项目添加封装的VPC模块
(1)添加VPC模块
查看目录
(2)模块内容
main.tf
//VPC 专有网络
resource "alicloud_vpc" "vpc" {
vpc_name = var.vpc_name
cidr_block = var.vpc_cidr_block
}
//switch 交换机
resource "alicloud_vswitch" "vsw" {
vpc_id = alicloud_vpc.vpc.id
cidr_block = var.vsw_cidr_block
zone_id = var.zone_id
}
outpus.tf
output "vsw_id" {
value = alicloud_vswitch.vsw.id
}
output "vpc_id" {
value = alicloud_vpc.vpc.id
}
variables.tf
variable "vpc_cidr_block" {
default = "172.16.0.0/12"
}
variable "vpc_name" {
default = "tf_test"
}
variable "vsw_cidr_block" {
default = "172.16.0.0/21"
}
variable "zone_id" {
default = "cn-hangzhou-j"
}
6.申请专有网络资源
(1)查看目录
env\dev下创建network存放网络资源实例的配置文件
(2)创建网络的主配置文件
main.tf
# Configure the Alicloud Provider 默认供应商
provider "alicloud" {
access_key = var.access_key
secret_key = var.secret_key
region = var.region
}
# 局部变量
locals {
vpc_cidr_block = "172.16.0.0/12"
vpc_name = "dev-vpc"
vsw_cidr_block = "172.16.0.0/21"
zone_id = "cn-hangzhou-j"
}
# 模块引用
module "devvpc" {
source = "../../../modules/vpc"
vpc_cidr_block = local.vpc_cidr_block
vpc_name = local.vpc_name
vsw_cidr_block = local.vsw_cidr_block
zone_id = local.zone_id
}
(3)创建网络的变量配置文件
variables.tf
variable "access_key" {
description = "access_key"
}
variable "secret_key" {
description = "secret_key"
}
variable "region" {
type = string
description = "region name"
default = "cn-hangzhou"
sensitive = true
}
(4)创建网络的版本配置文件
versions.tf
terraform {
required_version = "1.6.6"
required_providers {
alicloud = {
source = "hashicorp/alicloud"
version = "1.214.1"
}
}
}
(5)创建网络的后端配置文件
backend.tf
(6) 创建网络的输出配置文件
outputs.tf
output "vpc_id" {
value = module.devvpc.vpc_id
}
output "vsw_id" {
value = module.devvpc.vsw_id
}
(7) 创建网络的密钥配置文件
terraform.tfvars
access_key = "XXXXX"
secret_key = "XXXXX"
(8)格式化代码
terraform fmt
(4) 初始化
terraform init
(5)计划与预览
terraform plan
(6)申请资源
terraform apply
yes
(7) 登录阿里云系统查看
① 查看VPC与交换机
② 查看Bucket 列表
③查看Tablestore
数据表列表
详情
7.Windows给Terraform项目添加封装的安全组模块
(1)添加VPC模块
查看目录
(2)模块内容
main.tf
//security_group 安全组
resource "alicloud_security_group" "group" {
name = "demo-group"
vpc_id = var.vpc_id
security_group_type = "normal" //普通类型
}
//security_group_rule 规则(80端口)
resource "alicloud_security_group_rule" "allow_80_tcp" {
type = "ingress"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "80/80"
priority = 1
security_group_id = alicloud_security_group.group.id
cidr_ip = "0.0.0.0/0"
}
//security_group_rule 规则(22端口)
resource "alicloud_security_group_rule" "allow_22_tcp" {
type = "ingress"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "22/22"
priority = 1
security_group_id = alicloud_security_group.group.id
cidr_ip = "0.0.0.0/0"
}
outpus.tf
output "secgroup_id" {
value = alicloud_security_group.group.id
}
variables.tf
variable "vpc_id" {
}
8.申请安全组资源
(1)查看目录
env\dev下network存放网络资源实例的配置文件
(2)修改主配置文件(安全组附加到VPC)
main.tf
# Configure the Alicloud Provider 默认供应商
provider "alicloud" {
access_key = var.access_key
secret_key = var.secret_key
region = var.region
}
# 局部变量
locals {
vpc_cidr_block = "172.16.0.0/12"
vpc_name = "dev-vpc"
vsw_cidr_block = "172.16.0.0/21"
zone_id = "cn-hangzhou-j"
vpc_id = module.devvpc.vpc_id
}
# 模块引用
module "devvpc" {
source = "../../../modules/vpc"
vpc_cidr_block = local.vpc_cidr_block
vpc_name = local.vpc_name
vsw_cidr_block = local.vsw_cidr_block
zone_id = local.zone_id
}
module "devsecgroup" {
source = "../../../modules/secgroup"
vpc_id = local.vpc_id
}
(3)修改输出配置文件
outputs.tf
output "vpc_id" {
value = module.devvpc.vpc_id
}
output "vsw_id" {
value = module.devvpc.vsw_id
}
(4) 修改后端配置文件
backend.tf
(5) 密钥、变量、版本配置文件与global\backend相同
(6)格式化代码
terraform fmt
(7) 验证代码
terraform validate 
(8)初始化
terraform init
(9) 计划与预览
terraform plan显示1个安全组和2个安全组规则将要被添加
(10)申请资源
terraform apply
yes
(11) 登录阿里云系统查看
① 查看安全组
②查看安全组规则
9.Windows给Terraform项目添加封装的ecs模块
(1)添加ecs模块
查看目录
(2)模块内容
main.tf
//查询alicloud_images 镜像
data "alicloud_images" "images_ds" {
owners = "system"
name_regex = "^centos_7"
architecture = "x86_64"
status = "Available"
os_type = "linux"
output_file = "./outputs.json"
}
//alicloud_instance 实例
resource "alicloud_instance" "myecs" {
availability_zone = var.region
security_groups = [var.secgroup_id]
instance_type = var.instance_type
system_disk_category = "cloud_essd"
system_disk_name = "tf_system_disk_name"
system_disk_description = "tf_system_disk_description"
image_id = data.alicloud_images.images_ds.images[0].id
//引用局部变量
instance_name = var.instance_name
vswitch_id = var.vsw_id
internet_max_bandwidth_out = 1
internet_charge_type = "PayByTraffic"
password = "root@123"
}
outpus.tf
output "ecs_ip" {
value = alicloud_instance.myecs.public_ip
}
output "ecs_id" {
value =alicloud_instance.myecs.id
}
variables.tf
//变量 地域
variable "region" {
description = "阿里云地域"
type = string
}
variable "vsw_id" {
type = string
}
variable "secgroup_id" {
}
variable "instance_type" {
}
variable "instance_name" {
}
10.申请ECS资源
(1)查看目录
env\dev下ecs存放云主机资源实例的配置文件
(2)修改主配置文件
main.tf
(3)修改ecs配置文件
ecs.tf
# 局部变量
locals {
region = "cn-hangzhou-j"
vsw_id = data.terraform_remote_state.mydata.outputs.vsw_id
secgroup_id = data.terraform_remote_state.mydata.outputs.secgroup_id
instance_name = "myecsserver"
instance_type = "ecs.t6-c4m1.large"
counts = 2
}
# 模块引用
module "myecs" {
count = local.counts
source = "../../../modules/ecs"
region = local.region
vsw_id = local.vsw_id
secgroup_id = local.secgroup_id
instance_name = "${local.instance_name}-${count.index}"
instance_type = local.instance_type
}
(4)修改后端配置文件
(5)密钥、变量、版本配置文件与global\backend相同
(6)修改网络资源的输出配置文件(添加安全组id的输出)
outputs.tf
output "vpc_id" {
value = module.devvpc.vpc_id
}
output "vsw_id" {
value = module.devvpc.vsw_id
}
output "secgroup_id" {
value = module.devsecgroup.secgroup_id
}
(7)切换网络资源目录申请资源
terraform apply 
(8)再切换回ecs资源目录
(9)格式化代码
terraform fmt
(10)初始化
terraform init
(11) 验证代码
terraform validate 
(12) 计划与预览
terraform plan显示2个ECS实例资源将要被添加
(13)申请资源
terraform apply
yes
(14) 登录阿里云系统查看
① 查看ECS实例
②查看Bucket 列表
③ 查看Tablestore
11.ECS运行初始化脚本
(1)修改modules的ecs主配置文件
main.tf
添加初始化脚本
user_data = <<-EOF
#!/bin/bash
#until [[ -f /var/lib/cloud/instance/boot-finished ]] ;
# sleep 1
#done
yum -y install nginx
echo "myserver" >/usr/share/nginx/html/index.html
systemctl restart nginx
EOF
(2)申请资源
terraform apply显示将要给2个实例添加初始化脚本
(3)远程登录云主机测试
选择myserver-1
立即登录
nginx未启动
(4)销毁资源
terraform destroy
yes
(5) 重新申请资源
terraform apply
yes
(6)再次远程登录云主机测试
查看ECS实例
选择myserver-0
登录实例
查看nginx进程
ps aux | grep nginx
查看云主机实例的启动文件
cd /var/lib/cloud/instance
ls
查看启动完成时间
cat boot-finished
本地测试
curl http://127.0.0.1
12.Windows给Terraform项目添加封装的eip模块
(1)添加eip模块
查看目录
(2)模块内容
main.tf
resource "alicloud_eip_address" "eip" {
}
resource "alicloud_eip_association" "eip_asso" {
allocation_id = alicloud_eip_address.eip.id
instance_id = var.instance_id
}
outputs.tf
variables.tf
13.Windows给Terraform项目添加封装的slb模块
(1)添加slb模块
查看目录
(2)模块内容
main.tf
resource "alicloud_slb_load_balancer" "slb" {
load_balancer_name = var.slb_name
address_type = var.address_type
payment_type = var.payment_type
vswitch_id = var.vsw_id
load_balancer_spec = var.load_balancer_spec
}
resource "alicloud_slb_server_group" "webserver" {
load_balancer_id = alicloud_slb_load_balancer.slb.id
name = var.server_group_name
}
resource "alicloud_slb_server_group_server_attachment" "default" {
count = length(var.ecs_ids)
server_group_id = alicloud_slb_server_group.webserver.id
server_id = var.ecs_ids[count.index]
port = var.backend_port
weight = var.backend_weight
}
resource "alicloud_slb_listener" "default" {
load_balancer_id = alicloud_slb_load_balancer.slb.id
backend_port = var.backend_port
frontend_port = var.frontend_port
protocol = var.protocol
scheduler = var.scheduler
bandwidth = var.bandwidth
server_group_id = alicloud_slb_server_group.webserver.id
}
outputs.tf
output "slb_id" {
value = alicloud_slb_load_balancer.slb.id
}
variables.tf
variable "vsw_id" {
type = string
}
variable "slb_name" {
}
variable "address_type" {
}
variable "payment_type" {
}
variable "server_group_name" {
}
variable "ecs_ids" {
}
variable "backend_port" {
}
variable "backend_weight" {
}
variable "frontend_port" {
}
variable "protocol" {
}
variable "scheduler" {
}
variable "load_balancer_spec" {
}
variable "bandwidth" {
}
14. service添加eip与slb配置文件
(1)查看目录
(2)弹性公网IP 配置文件
eip.tf
locals {
instance_id = module.dev-slb.slb_id
}
module "dev-eip" {
source = "../../../modules/eip"
instance_id = local.instance_id
}
(3)弹性负载配置文件
slb.tf
locals {
address_type = "intranet"
slb_name = "dev-slb"
payment_type = "PayAsYouGo"
server_group_name = "webserver"
ecs_ids = module.myecs.*.ecs_id
backend_port = 80
backend_weight = 100
frontend_port = 80
protocol = "http"
scheduler = "rr"
load_balancer_spec = "slb.s1.small"
bandwidth = 10
}
module "dev-slb" {
source = "../../../modules/slb"
address_type = local.address_type
slb_name = local.slb_name
payment_type = local.payment_type
server_group_name = local.server_group_name
ecs_ids = local.ecs_ids
backend_port = local.backend_port
backend_weight = local.backend_weight
frontend_port = local.frontend_port
protocol = local.protocol
scheduler = local.scheduler
vsw_id = data.terraform_remote_state.mydata.outputs.vsw_id
load_balancer_spec = local.load_balancer_spec
bandwidth = local.bandwidth
}
15.申请EIP与SLB资源
(1) 初始化
terraform init
(2)格式化代码
terraform fmt
(3) 验证代码
terraform validate 
(9) 计划与预览
terraform plan显示slb和EIP将要被添加
(10)申请资源
terraform apply
yes
(11)登录阿里云系统查看
查看LB (负载均衡)
查看EIP (弹性公网IP)
(12)访问EIP
47.96.6.28
(13)查看ECS
(14)远程登录并修改云主机配置
修改主机server0
echo server0 >/usr/share/nginx/html/index.html
curl 172.16.6.81
curl 172.16.6.81
修改主机server1
echo server1 >/usr/share/nginx/html/index.html
curl 172.16.6.81
curl 172.16.6.81
(15)再次访问EIP并刷新页面
轮询显示成功
(16) 测试负载均衡
for i in `seq 1000`; do curl -s 172.16.6.81; done | sort | uniq -c主机server0测试访问,轮询次数基本接近
主机server1测试访问,轮询次数基本接近
16.Windows给Terraform项目添加封装的dns模块
(1)添加dns模块
查看目录
(2)模块内容
main.tf
# DNS
resource "alicloud_dns_record" "record" {
name = var.dns_zone_name
host_record = var.dns_record
type = var.record_type
value = var.eip
}
outputs.tf
output "dns_name" {
value = "${alicloud_dns_record.record.host_record}.${alicloud_dns_record.record.name}"
}
variables.tf
variable "eip" {
}
variable "dns_record" {
}
variable "record_type" {
}
variable "dns_zone_name" {
}
17 service添加dns配置文件
(1)查看目录
(2)弹性公网IP 配置文件
dns.tf
locals {
dns_zone_name = "maojing.site"
dns_record = "dev"
eip = module.dev-eip.eip
record_type = "A"
}
module "mydns" {
source = "../../../modules/dns"
dns_record = local.dns_record
dns_zone_name = local.dns_zone_name
eip = local.eip
record_type = local.record_type
}
18.申请DNS资源
(1) 初始化
terraform init
(2)格式化代码
terraform fmt
(3) 验证代码
terraform validate 
(4) 计划与预览
terraform plan显示DNS将要被添加
(10)申请资源
terraform apply
yes
(11) 阿里云系统查看DNS解析
(12) Linux主机 dig测试
dig dev.maojing.site
19.销毁资源
(1)查看当前目录
(2)销毁服务资源
terraform destroy
yes
(3)销毁网络资源
terraform destroy切换目录
销毁
yes
(4)销毁后端存储资源
terraform destroy切换目录
销毁
yes
Tablestore资源删除比较慢 (释放中)
用时大约8分钟完成删除
(5)登录阿里云系统查看
ECS实例已删除
Tablestore实例已删除
二、问题
1.Terraform 验证失败( Reference to undeclared input variable)
(1)报错
│ Error: Reference to undeclared input variable
│
│ on ..\..\..\modules\vpc\main.tf line 11, in resource "alicloud_vswitch" "vsw":
│ 11: zone_id = var.zone.id
│
│ An input variable with the name "zone" has not been declared. This variable can be declared with a variable "zone" {} block.
(2)原因分析
变量引用错误。
(3)解决方法
修改配置文件。
修改前:
修改后:
成功:
2.Terraform 验证失败(Module not installed)
(1)报错
│ Error: Module not installed
│
│ on main.tf line 26:
│ 26: module "devsecgroup" {
│
│ This module is not yet installed. Run "terraform init" to install all modules required by this configuration.
(2)原因分析
验证前如果添加了模块需要先初始化init。
(3)解决方法
初始化。
成功:
3.Terraform 申请EIP资源报错
(1)报错
│ Error: [ERROR] terraform-provider-alicloud/alicloud/resource_alicloud_eip_address.go:276: Resource alicloud_eip_address AllocateEipAddress Failed!!! [SDK alibaba-cloud-sdk-go ERROR]:
│ SDKError:
│ StatusCode: 400
│ Code: Forbidden.RAM
│ Message: code: 400, User not authorized to operate on the specified resource, or this API doesn't support RAM. request id: 45F211E8-2CFA-52FF-BCCA-8F38AE174AC8
│ Data: {"AccessDeniedDetail":{"AuthAction":"vpc:AllocateEipAddress","AuthPrincipalDisplayName":"205814005146961779","AuthPrincipalOwnerId":"1889388625243280","AuthPrincipalType":"SubUser","EncodedDiagnosticMessage":"AQIBIAAAAMoxWPYaeWN0+R1dcNYiXHOOWWgBbwBwd5pUbJ+NYNi20Abt3HqK404XfVKbu/REf7B/qcBfIuqzr0EpdGOJkVacyNi7ORLnqy6tGgiSTrOOQ9QsE3mCFDJ0bmYsKJtu15NrnzcAM0hDPd47U8aMmflvMg25aMi4/HVdSEOqju+t2vWdT9HhMGZDdhrSQNhwXq97sEqT6Z/6q1Ag3ApEkciUlBCcCjAISWqgfasQZ1z88U6mAhhPaMV0kk5JPSzOVD5LL14R5mwICvT1YBwLcmaBhFultKvypbIiIHBep9TrIXpe6LNaMSbaAlRuhvpUh+MRk7z2YI9Cjt0htXA+U87Tf5f8VpwlDBpr+KXCNkG3tK19qukIqL6qE1KTDFDExbL9177KnbpUBZs4yPu4yZedUN7jq5OupKErUSQmL6mIsJJWccZWMSdRM8tkt+Nty8UWvd08tCKQm9C07l3b22lu1Rzh2DJcxR9jY/HjoF9NQvN5ajc/Fwk7l0oY//PyXEzEZfY33koa7em7zre62iqK+j3RN/94+L7qew0QtqGHZ/OnNax3G07NaE0bWvTSJpMZKj/suErYoROqASEjH0DUGWWs6aOJyCTytSd7kehicojYu9Uh4KN3Ps6k/Z0GxU57mSMLOFP10hG86+j27z5P3ysskWvsjJ3p8qLeeA29tJvOoQeV2odLQxUAAJGyN+CiHr7ExtSuIhR865f0xh1sF4KXHFvCOECk7bW8uNhuJ3RjxS7vWv1QkvbSyaUS1DA0MqcapXJbKJzrJVS0FaJHYyi28m6yfFw+Fjr8bN2NlsY4VW/+ZKLoEAxysEOVymhC+P7UpnLOkPv/0Lg88G1HI0Z/Qzn860zc16CSCvutBXDdawxsGjVHpikpofHKLVh7V43ntGUZdS5K2m2A6Th/qXJCZYpqdjyN+casIs2y/PWEGuvFmL1+xYteHqW4j7jkifov8nEhgIDTrIQNlITK8TNOyrCv0h03ouTjBKVjldiNyRmhjfxjyByuSC8EtGWdwY+h/QOVUE2kVeRoGwB+pEwriQ/BEZoCEvuQKOuiljsxxzjU2U/OshQvR9K5IdCE71Tv51c3KwRqc5RuwJ4=","NoPermissionType":"ImplicitDeny","PolicyType":"ResourceGroupLevelIdentityBasedPolicy"},"Code":"Forbidden.RAM","HostId":"vpc.aliyuncs.com","Message":"User not authorized to operate on the specified resource, or this API doesn't support RAM.","Recommend":"https://api.aliyun.com/troubleshoot?q=Forbidden.RAM\u0026product=Vpc\u0026requestId=45F211E8-2CFA-52FF-BCCA-8F38AE174AC8","RequestId":"45F211E8-2CFA-52FF-BCCA-8F38AE174AC8"}
│
│
│ with module.dev-eip.alicloud_eip_address.eip,
│ on ..\..\..\modules\eip\main.tf line 1, in resource "alicloud_eip_address" "eip":
│ 1: resource "alicloud_eip_address" "eip" {
│
╵
╷
│ Error: [ERROR] terraform-provider-alicloud/alicloud/resource_alicloud_slb_load_balancer.go:337: Resource alicloud_slb_load_balancer CreateLoadBalancer Failed!!! [SDK alibaba-cloud-sdk-go ERROR]:
│ SDKError:
│ StatusCode: 403
│ Code: Forbidden
│ Message: code: 403, User not authorized to operate on the specified resource. request id: A04C50D0-DF67-57C8-B3B0-2D8E99C803C2
│ Data: {"AccessDeniedDetail":{"AuthAction":"slb:CreateLoadBalancer","AuthPrincipalDisplayName":"205814005146961779","AuthPrincipalOwnerId":"1889388625243280","AuthPrincipalType":"SubUser","EncodedDiagnosticMessage":"AQIBIAAAAJJQyIDQNDs9wAq3k/2cAU7kupLuObNz1qyvhzT51If1sZ97vBGm3c5ZjU1R7xx83ZVKqQEVMHYZH0hn4a38WqE4Y48LjQ94EZosoZCisOgEHt47s3ZzJgpKozGYyBTEkU7ERMSfQNy3/alb7rCRSJUXzeXqGgufLFWsDFKc6h3YVujbbZk3J2lorW+txHJs/571suzm3qGrlG2vBUrnVoxiBt7ozi1idmCNpSShaBrsyy+u/Wlhgr1vglsHRqODf13sfwxul2NKRMRUlvGGSsFILfEFflkkjvQwmsSOXYXooX7fvev3/TBfeJD1jrhX6nr1C8meXHad5kipWCc3/Z8ophpJ2Diy626muf/kiWsltOSTxSIjaqwFEe1bJlr5hoT0s9HGMCfxSLwHUzZSY7Ouu7Tjppapk1IQ1hzUbjqr3dnjgOopPf2mb6zbPIkO7RlKbwwKPvB8HQYcc8WsPNwJaEDQZttFxmiB00YZyW6jMtSOvrDHEXUUG/yb3+NuxuBeRJfNLrWi+ZCtKErIhgB7znM2DVvvHvn0oTz3Lnh8ePurqM1TeLS78Rhhxvkz3lgtXlmNxWYAruZ6qTPF00BvqtfT8xtEjIoP6LZFLOOfKHgFPc5YkyfuMvJ2cb4vc0mymfa2kOp9wuw/Ser6HJYNdvm8gkFoNprZtqmEJspYOV3mMxweOCcZTJRFUjuWrVIxtoPGsgsRIz1K740d2tCyR2XNdxOpfd+lTIPX+8JVNE8KgJdwTH3ey4UGZXUMHDD/TS8PL4rW1lnRYESkZxD3xDDeb8SssoW62gC/6gB6O1yjHFwqv23tZR2ddwikp2ZWvsUA88NGcGW9Rwj9sN9X6bc97gJjU+N5/0vzEoLydyMs69mFwRU/scwqiSjMD9qOP7wuYNwP75f/+HVO1oD8j5EuxQsR/+SUb1aGVJO6GksLt9f8KfylWdGGYQVtjvLa5IpVVwkyKNEePyr8ySMw4Kvxl0FfzaR7giquhlVTcTELxQHig3Ko30koCC9WJiUFPcXzbxNuBKWXfV7s9YFLy6SLWnOmFU71IIGvfnIF58dc2BNP+iyjW31QeC1MxUdip6FK8cL8Zcij108bolydo7U8sqyeg+7NDC2FoY6dkfDHUdx0R1vk43ZpHC1HPCYntKivS/bt6AtIFMMEI7FILvmJpvEFS8s1H8Qa9GRzpSemwF819zINyT5cbM0a2tPwVGK5EF8UF6bY1F8nCXm0DubKJTL+OgBRUpcg//w+yZB2yD6un5ZeTP2wCYsLgA==","NoPermissionType":"ImplicitDeny","PolicyType":"ResourceGroupLevelIdentityBasedPolicy"},"Code":"Forbidden","HostId":"slb.aliyuncs.com","Message":"User not authorized to operate on the specified resource.","Recommend":"https://api.aliyun.com/troubleshoot?q=Forbidden\u0026product=Slb\u0026requestId=A04C50D0-DF67-57C8-B3B0-2D8E99C803C2","RequestId":"A04C50D0-DF67-57C8-B3B0-2D8E99C803C2"}
│
│
│ with module.dev-slb.alicloud_slb_load_balancer.slb,
│ on ..\..\..\modules\slb\main.tf line 1, in resource "alicloud_slb_load_balancer" "slb":
│ 1: resource "alicloud_slb_load_balancer" "slb" {
│
(2)原因分析
RAM无EIP、SLB权限。
(3)解决方法
RAM添加EIP、SLB权限。
搜索EIP
授权成功
成功:
4.Terraform删除资源失败
(1)报错
│ Error: [ERROR] terraform-provider-alicloud/alicloud/resource_alicloud_oss_bucket.go:1703: Resource tf-backenddev DeleteBucket Failed!!! [SDK aliyun-oss-go-sdk ERROR]:
│ oss: service returned error: StatusCode=409, ErrorCode=BucketNotEmpty, ErrorMessage="The bucket has objects. Please delete them first.", RequestId=65A79A85E001B433358AB078, Ec=0015-00000301
│
│
╵
╷
│ Error: Error releasing the state lock
│
│ Error message: failed to retrieve lock info: OTSAuthFailed The instance is not running. 00060f20-cb58-28d5-1069-390a04b626c3
│
│ Terraform acquires a lock when accessing your state to prevent others
│ running Terraform to potentially modify the state at the same time. An
│ error occurred while releasing this lock. This could mean that the lock
│ did or did not release properly. If the lock didn't release properly,
│ Terraform may not be able to run future commands since it'll appear as if
│ the lock is held.
│
│ In this scenario, please call the "force-unlock" command to unlock the
│ state manually. This is a very dangerous operation since if it is done
│ erroneously it could result in two people modifying state at the same time.
│ Only call this command if you're certain that the unlock above failed and
│ that no one else is holding a lock.
(2)原因分析
删除不再需要的存储空间以免产生额外费用_对象存储(OSS)-阿里云帮助中心 (aliyun.com)
未删除Bucket的所有文件(Object)
(3)解决方法
① bucket中需要删除已有的对象文件
② 移除
③ 完成
④选中左侧列表最后的“删除Bucket”再点击右侧的“立即删除”
⑤ 确定删除
⑥删除成功
5.Terraform连接alicloud的项目流程及架构
(1)流程
(2)架构
