amazon-web-services - Terraform 负载均衡器健康检查例如在 asg 中失败
问题描述
我在 asg 中启动了一个私有实例在公共场合我创建了一个应用程序负载均衡器来连接到私有实例问题:目标组显示为 asg 实例的健康检查失败问题:如何解决这个问题并使健康检查通过 请支持我来解决这个问题。因为使用浏览器访问时会发生超时
**alb.tf**
resource "aws_lb" "ops_manager_app_lb" {
name = "ops-manager-app-lb"
internal = false
security_groups = [ aws_security_group.ops_lb_sg.id ]
subnets = [ var.PUB_SUBNET_NAT, var.PUB_SUBNET_2 ]
}
resource "aws_lb_target_group" "opsmanager_target_group_8080" {
depends_on = [ aws_lb.ops_manager_app_lb ]
name = "opsmanager-target-group-8080"
port = 8080
protocol = "HTTP"
vpc_id = var.AWS_VPC
health_check {
path = "/"
port = 8080
protocol = "HTTP"
healthy_threshold = 3
unhealthy_threshold = 3
matcher = "200-499"
}
}
resource "aws_lb_listener" "ops_alb_listener_8080" {
load_balancer_arn = aws_lb.ops_manager_app_lb.arn
port = "8080"
protocol = "HTTP"
#certificate_arn = "${var.elk_cert_arn}"
default_action {
target_group_arn = aws_lb_target_group.opsmanager_target_group_8080.arn
type = "forward"
}
}
**sg.tf**
resource "aws_security_group" "ops_lb_sg" {
name = "opsmanager_app_lb"
description = "Security Group for OpsManager ALB"
vpc_id = var.AWS_VPC
ingress {
from_port = 8080
to_port = 8080
protocol = "tcp"
cidr_blocks = [ var.VPC_CIDR ]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
### OpsManager Application Server Security Group ###
resource "aws_security_group" "application_opsmanager_sg" {
name = "application_opsmanager_sg"
description = "Security Group for OpsManager Application Instance"
vpc_id = var.AWS_VPC
ingress {
description = "TCP port for HTTP service"
from_port = 8080
to_port = 8080
protocol = "tcp"
security_groups = [ aws_security_group.ops_lb_sg.id ]
#cidr_blocks = [var.VPC_CIDR]
}
}
**main.tf**
resource "aws_launch_configuration" "lc_opsmanager" {
name = "ops_manager_launch"
image_id = var.AMIS
instance_type = var.INSTANCE_TYPE["OPS_APP"]
iam_instance_profile = data.aws_iam_instance_profile.application_instance_profile.name
key_name = var.KEY_NAME
security_groups = [data.aws_security_group.application_sg.id, aws_security_group.ops_lb_sg.id ]
}
resource "aws_autoscaling_group" "asg_opsmanager" {
name = "asg-ops-manager"
max_size = 2
min_size = 1
desired_capacity = 1
#availability_zones = [ data.aws_availability_zone.az_primary.name ]
vpc_zone_identifier = [var.PRIV_SUBNET_OPS]
health_check_type = "EC2"
health_check_grace_period = 300
launch_configuration = aws_launch_configuration.lc_opsmanager.id
target_group_arns = [ aws_lb_target_group.opsmanager_target_group_8080.arn ]
tag {
key = "Name"
value = "ops_manager_application"
propagate_at_launch = true
}
}
解决方案
您的体系结构可能存在许多问题,但最终导致阻止访问 ALB 的问题是安全组不正确。
即,不允许互联网流量的 ALBops_lb_sg
的用途。相反,它只允许来自
var.VPC_CIDR
. 要允许互联网连接,它应该是:
cidr_blocks = [ "0.0.0.0/0" ]
或您的家庭/工作网络的 CIDR 范围。
推荐阅读
- c++ - 如何将一个特征张量乘以 C++ 中另一个特征张量的标量和?
- user-interface - Microfocus Cobol 所需的 GUI ScreenIO 的替代或等效产品
- css - 如何使用 css 样式标签更改 html 背景图像?
- javascript - jQuery/JSON 内容数据加载
- mysql - 如何屏蔽mysql中的信息
- php - php exec崩溃没有输出
- javascript - Redux thunk,将其用作列表或用作对象之间的区别
- c++ - 类错误中的 C++ 模板特化
- python - 图上的点不是在一条线上一一连接的
- php - 无法在 php 5 中查看 move_uploaded_file() 的错误输出