我正在尝试在 Azure 订阅上部署与 Vnet 集成的 Azure databricks 实例。 Vnet 已经存在

问题描述 投票:0回答:1

我有一个现有的 Vnet。我尝试遵循以下链接中的方法。通过 terraform 代码创建了两个子网(公共和私有)以及 NSG 和 NSG 关联,然后使用 custom_parameters 块提供网络 id 和 private_subnet_network_security_group_association_id。我正在部署来自 Azure DevOps 的代码。它给我带来了错误:

创建/更新工作空间(订阅:“xxxx-xxxx-xxx-xxx”资源组名称:“rg-xxxxx-test”工作空间名称:“xxxx-test-workspace”):CreateOrUpdate 后轮询:轮询失败:Azure API返回以下错误: 状态:“GatewayAuthenticationFailed” 代码:“” 消息:“无法准备子网 'xxxx-test-private'。请稍后重试。错误详细信息:'Microsoft.Network' 的网关身份验证失败。

关于上述错误有任何线索吗?

文字

我尝试了下面的 terraform 代码来创建两个子网

resource "azurerm_subnet" "public" {
    name = "${var.dbname}-public-subnet"
    resource_group_name = data.azurerm_resource_group.qa.name
    virtual_network_name = data.azurerm_virtual_network.vnet.name
    address_prefixes = ["1.2.3.4/24"]

    delegation {
        name = "databricks_public"
        service_delegation {
            name = "Microsoft.Databricks/workspaces"
        }
    }
}

resource "azurerm_network_security_group" "nsg" {
    name = "${var.dbname}-qa-databricks-nsg"
    resource_group_name = data.azurerm_resource_group.qa.name
    location= data.azurerm_resource_group.qa.location
}

resource "azurerm_subnet_network_security_group_association" "nsga_public" {
    network_security_group_id = azurerm_network_security_group.nsg.id
    subnet_id = azurerm_subnet.public.id
}

以及 databricks 工作区创建中的 custom_parameter 块。

 custom_parameters {
        public_subnet_name  = azurerm_subnet.public.name
        public_subnet_network_security_group_association_id = azurerm_subnet_network_security_group_association.nsga_public.id
        private_subnet_name = azurerm_subnet.private.name
        private_subnet_network_security_group_association_id = azurerm_subnet_network_security_group_association.nsga_private.id
        virtual_network_id  = data.azurerm_virtual_network.vnet.id
    }

我的子网正在创建,但在创建工作区时失败并出现错误。

azure-databricks terraform-provider-azure azure-virtual-network azure-nsg
1个回答
0
投票

我厌倦了尝试使用 terraform 在 Azure 订阅上部署与 Vnet 集成的 Azure databricks 实例,并且我能够成功配置要求

您遇到的错误“GatewayAuthenticationFailed”通常表示网络网关存在问题,例如 Azure 环境中的虚拟网络网关或应用程序网关。这可能是由于配置不正确、缺乏权限或服务本身故障造成的。

您正在设置子网并将它们与网络安全组 (NSG) 关联。对于创建子网和 NSG,代码结构似乎是正确的,但有几点需要考虑:

  1. 确保虚拟网络 (VNet) 存在并且由 Terraform 数据源正确引用。
  2. 验证子网的地址前缀是否位于 VNet 的地址空间内。
  3. 检查是否有任何其他服务(例如 VPN 网关或 ExpressRoute)与可能具有身份验证要求的子网关联。

我的地形配置:

main.tf:

provider "azurerm" {
    features {}
}

data "azurerm_resource_group" "example" {
  name     = "demorg-vk"
}

resource "azurerm_virtual_network" "example" {
  name                = "vnet-demovk"
  address_space       = ["10.0.0.0/16"]
  resource_group_name = data.azurerm_resource_group.example.name
  location            = data.azurerm_resource_group.example.location
}

resource "azurerm_subnet" "public" {
  name                 = "public-subnet-vk"
  resource_group_name  = data.azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.1.0/24"]

  service_endpoints = [
    "Microsoft.Storage",
    "Microsoft.Sql",
    "Microsoft.AzureActiveDirectory"
  ]

  delegation {
    name = "databricks_public"
    service_delegation {
      name    = "Microsoft.Databricks/workspaces"
      actions = ["Microsoft.Network/virtualNetworks/subnets/join/action"]
    }
  }
}

resource "azurerm_subnet" "private" {
  name                 = "private-subnet-vk"
  resource_group_name  = data.azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.2.0/24"]

  service_endpoints = [
    "Microsoft.Storage",
    "Microsoft.Sql"
  ]

  delegation {
    name = "databricks_private"
    service_delegation {
      name    = "Microsoft.Databricks/workspaces"
      actions = ["Microsoft.Network/virtualNetworks/subnets/join/action"]
    }
  }
}

resource "azurerm_network_security_group" "public_nsg" {
  name                = "nsg-public-demovk"
  resource_group_name = data.azurerm_resource_group.example.name
  location            = data.azurerm_resource_group.example.location
}

resource "azurerm_network_security_group" "private_nsg" {
  name                = "nsg-demovk"
  resource_group_name = data.azurerm_resource_group.example.name
  location            = data.azurerm_resource_group.example.location
}

resource "azurerm_subnet_network_security_group_association" "public_nsg_association" {
  subnet_id                 = azurerm_subnet.public.id
  network_security_group_id = azurerm_network_security_group.public_nsg.id
}

resource "azurerm_subnet_network_security_group_association" "private_nsg_association" {
  subnet_id                 = azurerm_subnet.private.id
  network_security_group_id = azurerm_network_security_group.private_nsg.id
}

resource "azurerm_databricks_workspace" "example" {
  name                = "databricks-example"
  resource_group_name = data.azurerm_resource_group.example.name
  location            = data.azurerm_resource_group.example.location
  sku                 = "standard"

  custom_parameters {
    no_public_ip                                  = false
    public_subnet_name                            = azurerm_subnet.public.name
    private_subnet_name                           = azurerm_subnet.private.name
    virtual_network_id                            = azurerm_virtual_network.example.id
    public_subnet_network_security_group_association_id = azurerm_subnet_network_security_group_association.public_nsg_association.id
    private_subnet_network_security_group_association_id = azurerm_subnet_network_security_group_association.private_nsg_association.id
  }
}

输出:

enter image description here

enter image description here

enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.