地形远程状态
[英]terraform remote state
问题描述
We are trying to use terraform with a remote state stored in S3. 
我们正在尝试使用存储在S3中的远程状态的terraform。
The projects are being broken such as there is the “main” VPC project, which creates the network infra only (vpc, subnets, IGW, NAT, routes etc.), and the sub-projects, creating specific resources on top of the main vpc(subnets), ie ec2 nodes. 项目正在被打破,例如有“主”VPC项目,它只创建网络基础(vpc,子网,IGW,NAT,路由等)和子项目,在主要基础上创建特定资源vpc(子网),即ec2节点。
Project folders/files: 项目文件夹/文件:
.
├── modules/
│ └── mod-vpc/
│ ├── main.tf
│ ├── outputs.tf
│ └── variables.tf
├── projects/
│ └── top-level-project-name-goes-here/
│ ├── env-dev/
│ │ ├── globals.tf
│ │ ├── test/
│ │ │ ├── main.tf
│ │ │ └── variables.tf
│ │ └── vpc/
│ │ ├── main.tf
│ │ └── variables.tf
│ └── env-prod/
└── terraform.tfvars
Other than VPC project, all other projects use the vpc_id, CIDR etc. from remote state of VPC. 除了VPC项目之外,所有其他项目都使用来自远程VPC状态的vpc_id,CIDR等。 Here is how our process is defined: 以下是我们的流程定义方式:
Step 1: Create VPC. 第1步:创建VPC。
No issues here, the VPC gets created, and outputs are printed out, and stored to S3 bucket: 这里没有问题,VPC被创建,输出打印出来,并存储到S3存储桶:
$ terraform init -backend=s3 -backend-config="region= us-west-2" -backend-config="bucket=xxx" -backend-config="key=xxx" -backend-config="acl=bucket-owner-full-control" $project_path
$ terraform remote pull
$ terraform get $project_path
$ terraform apply
… ...
Outputs:
cidr_block = 10.198.0.0/16
private_subnet_ids = subnet-d3f5029a,subnet-fbeb369c,subnet-7ad88622
public_subnet_ids = subnet-54f5021d
region = us-west-2
vpc_id = vpc-b31ca3d4
vpc_name = main_vpc
Step 2: Create other resource groups : Using the output values from VPC remote state, trying to deploy ec2 nodes to already provisioned public subnet(s) (output of VPC project from step 1 above). 步骤2:创建其他资源组 :使用VPC远程状态的输出值,尝试将ec2节点部署到已配置的公共子网(上面步骤1中的VPC项目输出)。 Here are the steps/commands our script runs (first we copy all files to a /tmp/project/ working folder, and script is executed in this folder): 以下是我们的脚本运行的步骤/命令(首先我们将所有文件复制到/ tmp / project / working文件夹,脚本在此文件夹中执行):
$ terraform init -backend=s3 -backend-config="region= us-west-2" -backend-config="bucket=xxx" -backend-config="key=xxx" -backend-config="acl=bucket-owner-full-control" $project_path
$ terraform remote pull
$ terraform get $project_path
$ terraform apply
/tmp/project/ folder content: / tmp / project /文件夹内容:
Here is how the project file structure looks like (in /tmp/project/ folder): 以下是项目文件结构的样子(在/ tmp / project /文件夹中):
├── .terraform
│ ├── modules
│ │ ├── 7d29d4ce6c4f98d8bcaa8b3c0ca4f8f1 -> /pathto/modules/mod-cassandra
│ │ └── aa8ffe05b5d08913f821fdb23ccdfd95
│ └── terraform.tfstate
├── globals.tf
├── main.tf
├── terraform.tfvars
└── variables.tf
Here is how the main.tf file looks like for this project: 以下是此项目的main.tf文件的外观:
resource "aws_instance" "test" {
instance_type = "${var.instance_type}"
ami = "${var.ami}"
subnet_id = "${data.terraform_remote_state.vpc_main.public_subnet_ids}"
vpc_security_group_ids = ["${aws_security_group.http_ext.id}"]
}
Here is the definition for the above data.terraform_remote_state resource: 以下是data.terraform_remote_state资源的定义:
data "terraform_remote_state" "vpc_main" {
backend = "s3"
config {
region = "us-west-2"
bucket = "xxx"
key = "xxx/vpc.json"
}
}
Based on where (which file) we declare the “data.terraform_remote_state.vpc_main” resource we are getting different results: 根据我们声明“data.terraform_remote_state.vpc_main”资源的位置(哪个文件),我们得到的结果不同:
Option 1. If we have the “data.terraform_remote_state” declared in the same file within the “test” project (=main.tf), everything gets executed successfully. 选项1.如果我们在“test”项目(= main.tf)中的同一文件中声明了“data.terraform_remote_state”,则所有内容都会成功执行。
Option 2. If we move the data.terraform_remote_state.vpc_main to a separate file (=”globals.tf”), we get this error during the execution of [ terraform get $project_path ] step: 选项2.如果我们将data.terraform_remote_state.vpc_main移动到单独的文件(=“globals.tf”),我们会在执行[ terraform get $ project_path ]步骤时遇到此错误:
$ terraform init -backend=s3 -backend-config="region= us-west-2" -backend-config="bucket=xxx" -backend-config="key=xxx" -backend-config="acl=bucket-owner-full-control" $project_path
$ terraform remote pull
$ terraform get $project_path
Error loading Terraform: module root: 4 error(s) occurred:
* module 'cassandra': unknown resource 'data.terraform_remote_state.vpc_main' referenced in variable data.terraform_remote_state.vpc_main.cidr_block
* module 'cassandra': unknown resource 'data.terraform_remote_state.vpc_main' referenced in variable data.terraform_remote_state.vpc_main.region
* module 'cassandra': unknown resource 'data.terraform_remote_state.vpc_main' referenced in variable data.terraform_remote_state.vpc_main.vpc_id
* module 'cassandra': unknown resource 'data.terraform_remote_state.vpc_main' referenced in variable data.terraform_remote_state.vpc_main.public_subnet_ids
Which points out that Terraform for some reason was not able to resolve this data.terraform_remote_state.vpc_main resource. 由于某种原因,Terraform无法解析此data.terraform_remote_state.vpc_main资源。
Option 3. But when for testing purposes we enable both declarations (in the “globals.tf” and in the “main.tf”) we get this error during the execution of [ terraform apply ] step: 选项3.但是出于测试目的,我们启用两个声明(在“globals.tf”和“main.tf”中),我们在执行[ terraform apply ]步骤时遇到此错误:
$ terraform init -backend=s3 -backend-config="region= us-west-2" -backend-config="bucket=xxx" -backend-config="key=xxx" -backend-config="acl=bucket-owner-full-control" $project_path
$ terraform remote pull
$ terraform get $project_path
$ terraform apply
module root: 1 error(s) occurred:
2017/01/14 14:02:50 [DEBUG] plugin: waiting for all plugin processes to complete...
• data.terraform_remote_state.vpc_main: resource repeated multiple times
Which is a valid error, as we do have that same resource defined in two places now. 这是一个有效的错误,因为我们现在拥有在两个地方定义的相同资源。
But why Terraform was not able to resolve this resource properly, when we tried to put that into a separate file under Option 2 above? 但是,当我们尝试将其放入上面选项2下的单独文件时,为什么Terraform无法正确解析此资源?
Per terraform documentation all *.tf files are loaded and appended in alphabetical order, and the resource declaration order does not matter, as terraform configurations are declarative: 每个terraform文档所有* .tf文件都按字母顺序加载和追加,资源声明顺序无关紧要,因为terraform配置是声明性的:
https://www.terraform.io/docs/configuration/load.html https://www.terraform.io/docs/configuration/load.html
Which seems not to be the case above. 这似乎不是上面的情况。
We could go with “hardcoded” approach here, but is there a “legitimate” way in Terraform to make this work? 我们可以在这里使用“硬编码”方法,但Terraform中是否有一种“合法”的方式来实现这一目标?
2 个解决方案
解决方案1
1 已采纳 2017-11-06 16:41:05
Try use that commands for set remote state: 尝试使用该命令设置远程状态:
terraform_bucket_region='eu-west-1'
terraform_bucket_name='xxx'
terraform_file_name="terraform.tfstate"
export AWS_ACCESS_KEY_ID="xxx"
export AWS_SECRET_ACCESS_KEY="xxx"
[ -d .terraform ] && rm -rf .terraform
[ -f terraform.tfstate.backup ] && rm terraform.tfstate.backup
terraform remote config -backend=S3 -backend-config="region=${terraform_bucket_region}" -backend-config="bucket=${terraform_bucket_name}" -backend-config="key=${terraform_file_name}"
terraform get
I've set this up as a shell script called set-remote-tf.sh . 我把它设置为一个名为set-remote-tf.sh的shell脚本。
解决方案2
1 2019-05-19 17:45:08
I being using terraform remote state for a while. 我正在使用terraform远程状态一段时间。 I think your problem is a problem of organization on dependencies for terraform states. 我认为你的问题是关于terraform状态的依赖关系的组织问题。
you should run terraform for each folder. 你应该为每个文件夹运行terraform。 and have a config.tf for each too. 并且每个都有一个config.tf。
.
├── modules/
│ └── mod-vpc/
│ ├── main.tf
│ ├── outputs.tf
│ └── variables.tf
├── projects/
│ └── top-level-project-name-goes-here/
│ ├── env-dev/
│ │ ├── globals.tf
│ │ ├── test/
| | | |-- config.tf
│ │ │ ├── main.tf
│ │ │ └── variables.tf
| | | |-- terraform.tfvars
│ │ └── vpc/
| | |-- config.tf
│ │ ├── main.tf
│ │ └── variables.tf
| | |-- terraform.tfvars
│ └── env-prod/
# ../vpc/config.tf
terraform {
backend "s3" {
bucket = "my-infrastructure"
prefix = "vpc"
}
}
# ../test
terraform {
backend "s3" {
bucket = "my-infrastructure"
prefix = "test"
}
}
data "terraform_remote_state" "vpc_main" {
backend = "s3"
# workspace = "${terraform.workspace}" // optional
config {
bucket = "my-infrastructure"
prefix = "vpc"
}
}
data "terraform_remote_state" "other_terraform_state" {
backend = "s3"
workspace = "${terraform.workspace}"
config {
bucket = "my-infrastructure"
prefix = "other_terraform_state"
}
}
you can check an GCP example here https://github.com/abgm/gcp-terraform-example/tree/first-example 你可以在这里查看一个GCP示例https://github.com/abgm/gcp-terraform-example/tree/first-example
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.