Terraform当分区兼容区域中未创建VM时，则使用可用性集。但是怎么做呢？

Question

我只想通过调用一个自写模块来部署一组资源：

module "transit-gateway-sea" {
  source             = "./modules/transit-gateway"
  location           = "southeastasia"
  vnet_address_space = [local.sea_vnet_address_space]
  subnet_address_spaces = {
    mgmt0 = [cidrsubnets(local.sea_vnet_address_space, 2, 2, 2, 2, )[0]]
    wan0  = [cidrsubnets(local.sea_vnet_address_space, 2, 2, 2, 2, )[1]]
    lan0  = [cidrsubnets(local.sea_vnet_address_space, 2, 2, 2, 2, )[2]]
  }
  bastion_subnet = [cidrsubnets(local.sea_vnet_address_space, 2, 2, 2, 2, )[3]]
  ha_enabled = true
}

在这个模块中会发生一些事情，但是要知道的是，基于区域，我为一个本地指定了一个值，如下所示：

locals {
  country_code = (var.location == "southeastasia" ? "-sea" :
    var.location == "westeurope" ? "-weu" :
    var.location == "northcentralus" ? "-ncus" :
    var.location == "brazilsouth" ? "-bs" :
    var.location == "northeurope" ? "-neu" :
    ""
  )
  primary_zone = (var.location == "southeastasia" ? "1" :
    var.location == "westeurope" ? "1" :
    var.location == "brazilsouth" ? "1" :
    var.location == "northeurope" ? "1" :
    null
  )
  secondary_zone = (var.location == "southeastasia" ? "2" :
    var.location == "westeurope" ? "2" :
    var.location == "brazilsouth" ? "2" :
    var.location == "northeurope" ? "2" :
    null
  )
}

请查找VM的代码以及下面的可用性集和区域。只有在模块调用期间ha_enabled变量为真时，才会部署辅助vm。同样的逻辑在某种程度上适用于可用性集，但这取决于该区域是否支持效用区域。如果没有，则应该部署效用集，并且两个VM都应该分配给这个效用集。

resource "azurerm_availability_set" "aset" {
  count = local.primary_zone != "1" ? 0 : 1

  name                = "silverpeak-sdwan${local.country_code}-aset"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name

  lifecycle {
    ignore_changes = [
      tags
    ]
  }
}

resource "azurerm_linux_virtual_machine" "primary-vm" {
  count               = 1
  name                = "silverpeak-sdwan${local.country_code}-primary-vm"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  size                = var.vm_size
  admin_username = "adminuser"
  admin_password = random_password.admin-password-primary.result
  disable_password_authentication = false
  zone                            = local.primary_zone
  encryption_at_host_enabled      = true
  allow_extension_operations      = false
  availability_set_id             = local.primary_zone != "1" ? azurerm_availability_set.aset[count.index].id : null

  network_interface_ids = [
    for nics in azurerm_network_interface.primary-nics : nics.id
  ]

  os_disk {
    name                 = "silverpeak-sdwan${local.country_code}-primary-vm-osdisk"
    caching              = "ReadWrite"
    storage_account_type = var.storage_account_type
  }

  source_image_reference {
    publisher = "silver-peak-systems"
    offer     = "silver_peak_edgeconnect_vwan"
    sku       = "silver_peak_edgeconnect_vwan_8_3_0_14"
    version   = "8.3.0"
  }
  plan {
    name      = "silver_peak_edgeconnect_vwan_8_3_0_14"
    publisher = "silver-peak-systems"
    product   = "silver_peak_edgeconnect_vwan"
  }

  lifecycle {
    ignore_changes = [
      tags
    ]
  }
}


resource "azurerm_linux_virtual_machine" "secondary-vm" {
  count               = var.ha_enabled ? 1 : 0
  name                = "silverpeak-sdwan${local.country_code}-secondary-vm"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  size                = var.vm_size
  admin_username = "adminuser"
  admin_password = random_password.admin-password-secondary.result
  disable_password_authentication = false
  zone                            = local.secondary_zone
  encryption_at_host_enabled      = true
  allow_extension_operations      = false
  availability_set_id             = local.secondary_zone != "2" ? azurerm_availability_set.aset[count.index].id : null

  network_interface_ids = [
    for nics in azurerm_network_interface.secondary-nics : nics.id
  ]

  os_disk {
    name                 = "silverpeak-sdwan${local.country_code}-secondary-vm-osdisk"
    caching              = "ReadWrite"
    storage_account_type = var.storage_account_type
  }

  source_image_reference {
    publisher = "silver-peak-systems"
    offer     = "silver_peak_edgeconnect_vwan"
    sku       = "silver_peak_edgeconnect_vwan_8_3_0_14"
    version   = "8.3.0"
  }
  plan {
    name      = "silver_peak_edgeconnect_vwan_8_3_0_14"
    publisher = "silver-peak-systems"
    product   = "silver_peak_edgeconnect_vwan"
  }

  lifecycle {
    ignore_changes = [
      tags
    ]
  }
}

因此，根据位置，我部署了可用性集或可用区域。从我的观点来看，这是绝对合理的，但我得到了错误信息，但我不明白。希望你们中的一些人能帮我。它看起来好像azurerm_availability_set.aset是空的，但是它不应该基于count参数中的条件。希望你们中的一些人能帮我。

│ Error: Invalid index
│ 
│   on modules/transit-gateway/vm.tf line 51, in resource "azurerm_linux_virtual_machine" "primary-vm":
│   51:   availability_set_id             = local.primary_zone != "1" ? azurerm_availability_set.aset[count.index].id : null
│     ├────────────────
│     │ azurerm_availability_set.aset is empty tuple
│     │ count.index is 0
│ 
│ The given key does not identify an element in this collection value: the
│ collection has no elements.
╵
╷
│ Error: Invalid index
│ 
│   on modules/transit-gateway/vm.tf line 97, in resource "azurerm_linux_virtual_machine" "secondary-vm":
│   97:   availability_set_id             = local.secondary_zone != "2" ? azurerm_availability_set.aset[count.index].id : null
│     ├────────────────
│     │ azurerm_availability_set.aset is empty tuple
│     │ count.index is 0
│ 
│ The given key does not identify an element in this collection value: the
│ collection has no elements.
╵
##[error]Error: Terraform Plan failed with exit code: 1

Answer 1

我发现密码出了什么问题。因此，使用其他或相同资源执行类似操作的其他人都要检查您的条件，并检查代码的逻辑。

对于可用性集资源，我执行了以下操作：count = local.primary_zone != "1" ? 0 : 1

但我应该这么做的：count = local.primary_zone == "1" ? 0 : 1

现在起作用了！现在，当某个区域中的可用性区域不可用时，会创建一个可用性集，并自动添加VM。