我已经使用 Terraform 设置了一个带有保留静态 IP 的计算引擎 VM 和一个带有
roles/cloudsql.editor
的服务帐户和一个 CloudSQL 实例作为数据库。目标是在 Compute Engine 实例上安装 LAMP 服务器。
启动脚本将安装运行 wordpress 网站所需的一切(它使用 vagrant 在本地 VM 上工作,它针对 GCP 进行了调整)。我面临的问题是我无法访问该站点。 http://{VM_IP} 只是将我重定向到 https://{VM_IP} 并抛出
ERR_CONNECTION_TIMED_OUT
错误。
虚拟机附有
http-server
标签。如果我在 index.html
中创建一个带有文本的 /var/www/html/
,那么我可以在 http://{VM_IP} 看到它,它不会将我重定向到 https。但它不会为我提供 .php 文件。
地形配置:
# This terraform file will create next resources:
# *static IP for VM
# *service account for VM (with SQL Editor role)
# *CloudSQL instance to use as the primary database (also create user and a database)
# The startup script will perform everything needed to install NoviNano. All you need to do is to auth with your GCP account (`gcloud auth application-default login`) from within the folder. Next do `terraform plan` and input the data variables. After that do `terraform apply`, input data variables (login, password, google project_id etc) and wait around 10-15 minutes for the resources to create. Go to Compute Engine and click on the external IP address of the newly created VM.
provider "google" {
project = var.project_id
region = var.compute_region
zone = var.compute_zone
}
########################## COMPUTE ##########################
resource "random_id" "vm_name_suffix" {
byte_length = 4
}
# reserve a static external IP
resource "google_compute_address" "static" {
name = "php-vm-external-ip"
}
# define what image to use in GCP Compute Engine
data "google_compute_image" "ubuntu_image" {
family = "ubuntu-2004-lts"
project = "ubuntu-os-cloud"
}
# bind apropriete role to service account
resource "google_project_iam_binding" "cloud_sql_editor" {
project = var.project_id
role = "roles/cloudsql.editor"
members = [
"serviceAccount:${google_service_account.service_account.email}"
]
}
# new service account
resource "google_service_account" "service_account" {
account_id = var.service_account_id
display_name = "PHP-VM-Service-Account"
}
# compute config
resource "google_compute_instance" "vm_instance" {
name = "php-vm-tr-${random_id.db_name_suffix.hex}"
machine_type = var.compute_machine_type
zone = var.compute_zone
# allow ingress 80 tcp
tags = ["http-server"]
# startup script
metadata_startup_script = file("${path.module}/scripts/wp-php.sh")
# we will pass arguments through custom metadata key-value pairs. This is absolute trash (we are passing sensitive data), but unfortunatly i didnt manage to find a better solution
metadata = {
SITE_V = var.site_v
DB_NAME = var.db_name
DB_HOST = google_sql_database_instance.instance.ip_address.0.ip_address
DB_PASS = var.sql_pass
DB_USER = var.sql_user
PHP_VM_IP = google_compute_address.static.address
ADMIN_LOGIN = var.admin_login
ADMIN_EMAIL = var.admin_email
ADMIN_PASS = var.admin_pass
}
boot_disk {
initialize_params {
# ubuntu 20.04
image = data.google_compute_image.ubuntu_image.self_link
}
}
network_interface {
network = "default"
access_config {
nat_ip = google_compute_address.static.address
}
}
service_account {
# Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
email = google_service_account.service_account.email
scopes = ["cloud-platform"]
}
# do not create vm instance before service account, static ip and db instance
depends_on = [google_service_account.service_account, google_compute_address.static, google_sql_database_instance.instance]
}
########################### COMPUTE ###########################
########################## CLOUD-SQL ##########################
resource "random_id" "db_name_suffix" {
byte_length = 4
}
# main database
resource "google_sql_database" "wp-php-db" {
name = var.db_name
instance = google_sql_database_instance.instance.name
}
# user for db
resource "google_sql_user" "admin_user" {
name = var.sql_user
instance = google_sql_database_instance.instance.name
host = google_compute_address.static.address
password = var.sql_pass
}
resource "google_sql_database_instance" "instance" {
name = "wp-db-instance-${random_id.db_name_suffix.hex}"
region = var.compute_region
database_version = "MYSQL_8_0"
settings {
# really small but enough. 0.6 GB of RAM
tier = "db-f1-micro"
availability_type = "ZONAL"
backup_configuration {
enabled = "false"
binary_log_enabled = "false"
}
ip_configuration {
ipv4_enabled = "true"
authorized_networks {
value = google_compute_address.static.address
}
}
}
deletion_protection = "false"
}
########################## CLOUD-SQL ##########################
虚拟机的启动脚本:
#!/bin/sh
# if everything is already done, dont do anything. Prevents running the script when the instance reboots
if [ -e /var/www/html/wp-config.php ]
then
echo "Everything seems fine"
exit 0
fi
# we will pass arguments through custom metadata key-value pairs. This is absolute trash (we are passing sensitive data), but unfortunatly i didnt manage to find a better solution
getMetadata() {
curl -fs http://metadata/computeMetadata/v1/instance/attributes/$1 \
-H "Metadata-Flavor: Google"
}
SITE_VERSION=`getMetadata SITE_V`
DB_NAME=`getMetadata DB_NAME`
DB_HOST=`getMetadata DB_HOST`
DB_PASS=`getMetadata DB_PASS`
DB_USER=`getMetadata DB_USER`
PHP_VM_IP=`getMetadata PHP_VM_IP`
ADMIN_LOGIN=`getMetadata ADMIN_LOGIN`
ADMIN_EMAIL=`getMetadata ADMIN_EMAIL`
ADMIN_PASS=`getMetadata ADMIN_PASS`
site_v="${SITE_VERSION}"
base_url=https://github.com/mplesha/NoviNano/releases/download/v1.0/
zip_base=20180706_novinano
case $site_v in
mt)
export ARCHIVE_NAME=${zip_base}_mt_b2a03d4e0cbc53e87026180706071957_archive.zip
export ARCHIVE_LINK=${base_url}${zip_base}_mt_b2a03d4e0cbc53e87026180706071957_archive.zip
;;
nk)
export ARCHIVE_NAME=${zip_base}_nk_71b6e5d0e46a01132850180706065954_archive.zip
export ARCHIVE_LINK=${base_url}${zip_base}_nk_71b6e5d0e46a01132850180706065954_archive.zip
;;
ns)
export ARCHIVE_NAME=${zip_base}_ns_896ead05e3b627043459180706065900_archive.zip
export ARCHIVE_LINK=${base_url}${zip_base}_ns_896ead05e3b627043459180706065900_archive.zip
;;
rs)
export ARCHIVE_NAME=${zip_base}_rs_9359544ad31107df3491180706065933_archive.zip
export ARCHIVE_LINK=${base_url}${zip_base}_rs_9359544ad31107df3491180706065933_archive.zip
;;
sv)
export ARCHIVE_NAME=${zip_base}_sv_0e61d66b99566e5c1751180706065615_archive.zip
export ARCHIVE_LINK=${base_url}${zip_base}_sv_0e61d66b99566e5c1751180706065615_archive.zip
;;
ts)
export ARCHIVE_NAME=${zip_base}_ts_976c110733e7eff58704180706072907_archive.zip
export ARCHIVE_LINK=${base_url}${zip_base}_ts_976c110733e7eff58704180706072907_archive.zip
;;
*)
export ARCHIVE_NAME=${zip_base}_ts_976c110733e7eff58704180706072907_archive.zip
export ARCHIVE_LINK=${base_url}${zip_base}_ts_976c110733e7eff58704180706072907_archive.zip
;;
esac
# install dependencies. Apache, php, mysql-client, unzip
sudo apt update && \
sudo apt-get install apache2 default-mysql-client unzip -y && \
sudo apt install php libapache2-mod-php php-mysql php-zip -y
# install WP-CLI
sudo wget https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/bin/wp && \
sudo chmod +x /usr/bin/wp
# download zip into /var/www/html/
sudo wget $ARCHIVE_LINK -P /var/www/html/
sudo unzip -q /var/www/html/$ARCHIVE_NAME -d /var/www/html/
# wordpress config for database
wp config create --dbname=$DB_NAME --dbuser=$DB_USER --dbhost=$DB_HOST --dbpass=$DB_PASS --force --path=/var/www/html/ --allow-root
# import the db and replace adresses
wp --quiet db import /var/www/html/database.sql --path=/var/www/html/ --allow-root
wp search-replace "/home/ubuntu/workspace/$SITE_VERSION" "/var/www/html" --path=/var/www/html/ --allow-root
wp search-replace "//novinano-tesp.c9users.io/$SITE_VERSION" "//$PHP_VM_IP" --path=/var/www/html --allow-root
wp search-replace "https://"PHP_VM_IP "http://$PHP_VM_IP" --path=/var/www/html --allow-root
# Create admin user
wp user create $ADMIN_LOGIN $ADMIN_EMAIL --role=administrator --user_pass=$ADMIN_PASS --path=/var/www/html/ --allow-root
# Remove sensitive and unneed data
sudo rm /var/www/html/database.sql /var/www/html/installer-backup.php /var/www/html/$ARCHIVE_NAME /var/www/html/index.html
# Allow only the PHP user to get access to files.
sudo chown www-data:www-data -R /var/www/html/
# Restart apache to apply plugins and changes
sudo systemctl reload apache2.service
echo -e "\033[0;32mAccess the site at ${PHP_VM_IP}. The Host for the database is ${DB_HOST}\033[0m"
我已经尝试了这些线程中提出的解决方案:“Google 云计算引擎 http 连接超时”和“ERR_CONNECTION_TIMED_OUT Wordpress 网站托管在 GCP”但不幸的是它们没有帮助。我的 VM 有一个静态 IP,附加了
http-server
标签,实例内部没有防火墙规则。
如果您需要更多信息,请发表评论。谢谢!
补充资料: