使用Terraform将OpenStack安全组添加到不受Terraform管理的实例
[英]Using Terraform to add OpenStack Security Group to instance not managed by Terraform
问题描述
I'm trying to add security groups and new rules to an instance by using Terraform. 
我正在尝试通过使用Terraform向实例添加安全组和新规则。 Note that this instance is not being managed by Terraform. 请注意,该实例不是由Terraform管理的。 The issue I run into is that when I apply it it creates a new instance. 我遇到的问题是,当我应用它时,它会创建一个新实例。
My Terraform code is as follows: 我的Terraform代码如下:
resource "openstack_compute_secgroup_v2" "secgroup_1" {
name = "my_secgroup"
region = "${var.region}"
description = "my security group"
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = "x.x.x.x/x"
}
rule {
from_port = 80
to_port = 80
ip_protocol = "tcp"
cidr = "x.x.x.x/x"
}
}
resource "openstack_compute_instance_v2" "myresource" {
name = "<Name of MY Instance>"
flavor_name = "m1.medium"
region = "${var.region}"
image_id = "<Image I.D of existing instance>"
security_groups = ["${openstack_compute_secgroup_v2.secgroup_1.name}"]
}
1 个解决方案
解决方案1
0 已采纳 2016-11-03 15:34:09
Your Terraform code is meant to be creating a new instance on your OpenStack cluster. 您的Terraform代码旨在在OpenStack集群上创建一个新实例。 To have Terraform manage a resource it must be included in its state file. 要让Terraform管理资源,必须将其包含在其状态文件中。 When you create a resource with Terraform then Terraform will automatically put it inside the state file and then begin to manage that resource. 当您使用Terraform创建资源时,Terraform会自动将其放入状态文件中,然后开始管理该资源。
Since Terraform 0.7 many resources can now be imported into the state file like this: 从Terraform 0.7开始,现在可以将许多资源导入状态文件,如下所示:
$ terraform import aws_instance.web i-12345678
If you had some Terraform code like this (from the aws_instance documentation ): 如果您有这样的Terraform代码(来自aws_instance文档 ):
provider "aws" {
region = "us-west-2"
}
data "aws_ami" "ubuntu" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["099720109477"] # Canonical
}
resource "aws_instance" "web" {
ami = "${data.aws_ami.ubuntu.id}"
instance_type = "t2.micro"
tags {
Name = "HelloWorld"
}
}
And already had a pre-existing instance with an instance id of i-12345678 then Terraform would have imported that instance and now running a plan of the above code should show no changes instead of creating the web instance. 并且已经有一个实例ID为i-12345678的现有实例,那么Terraform会导入该实例,现在运行上述代码的计划应该不显示任何更改,而不是创建web实例。
Unfortunately it looks like OpenStack support isn't as mature as AWS and so (as of 0.7.7) there is not currently any support for importing OpenStack instance resources directly using the import command. 不幸的是,看起来OpenStack支持不如AWS成熟,因此(从0.7.7版本开始)目前不支持直接使用import命令导入OpenStack实例资源。 However, the import command is simply making it easier to manipulate the state file without breaking things and so you can just edit the state file to include the resource. 但是, import命令只是使状态文件的操作变得更容易而又不会破坏事物,因此您可以编辑状态文件以包含资源。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.