google-cloud-platform - 无法创建 Cloud Composer

Question

我在通过 terraform 配置 Composer 时收到以下错误。

Error: Error waiting to create Environment: Error waiting to create Environment: Error waiting for Creating Environment: error while retrieving operation: Get "https://composer.googleapis.com/v1beta1/projects/aayush-terraform/locations/us-central1/operations/ee459492-abb0-4646-893e-09d112219d79?alt=json&prettyPrint=false": write tcp 10.227.112.165:63811->142.251.12.95:443: write: broken pipe. An initial environment was or is still being created, and clean up failed with error: Getting creation operation state failed while waiting for environment to finish creating, but environment seems to still be in 'CREATING' state. Wait for operation to finish and either manually delete environment or import "projects/aayush-terraform/locations/us-central1/environments/example-composer-env" into your state.

下面是代码片段:

terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~>3.0"
    }
  }
}

variable "gcp_region" {
  type        = string
  description = "Region to use for GCP provider"
  default     = "us-central1"
}

variable "gcp_project" {
  type        = string
  description = "Project to use for this config"
  default     = "aayush-terraform"
}

provider "google" {
  region  = var.gcp_region
  project = var.gcp_project
}

resource "google_service_account" "test" {
  account_id   = "composer-env-account"
  display_name = "Test Service Account for Composer Environment"
}

resource "google_project_iam_member" "composer-worker" {
  role   = "roles/composer.worker"
  member = "serviceAccount:${google_service_account.test.email}"
}

resource "google_compute_network" "test" {
  name                    = "composer-test-network"
  auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "test" {
  name          = "composer-test-subnetwork"
  ip_cidr_range = "10.2.0.0/16"
  region        = "us-central1"
  network       = google_compute_network.test.id
}

resource "google_composer_environment" "test" {
  name   = "example-composer-env"
  region = "us-central1"
  config {
    node_count = 3

    node_config {
      zone         = "us-central1-a"
      machine_type = "n1-standard-1"

      network    = google_compute_network.test.id
      subnetwork = google_compute_subnetwork.test.id

      service_account = google_service_account.test.name
    }
  }
}

注意:即使抛出此错误，Composer 也会被创建，并且我通过已被授予所有者访问权限的服务帐户来配置此 Composer。

Answer 1

我遇到了同样的问题，我通过给出“composer.operations.get解决了它 “ 对配置 Composer 的服务帐户的权限。 此权限是Composer 管理员角色的一部分。 为了防止将来通过 Terraform 进行更新或删除等操作，我认为最好使用角色而不是单个权限。 或者，如果您想让一些最低权限发挥作用，您可以首先使用该角色，然后删除您认为不需要的权限并测试您的 terraform 代码。