Terraform 重新部署 EC2 实例
[英]Terraform redeploys EC2 instance
问题描述
我相信这是一个简单的修复。 我正在 AWS 中使用 Terraform,部署 VPC、子网、安全组(这看起来像问题)以及单个 EC2 实例。
症状
当第一次使用terraform apply部署时,一切都按预期创建,但是,立即跟进另一个terraform apply或terraform plan表明 EC2 实例发生了变化,需要重新部署 EC2 实例。 底层 Terraform 代码没有变化。
再次申请时,EC2 实例将按照terraform plan报告重新部署。
我希望在运行其他terraform apply命令时不会重新部署每个 EC2 实例。 我不确定这是否可能,但我确定这是否很简单,我只是在文档中遗漏了它。
地形文件
vpc.tf
# Create a VPC
resource "aws_vpc" "vpcSandbox" {
cidr_block = var.vpcSandboxCIDR
tags = {
Name = "vpcSandbox"
Terraform = "True"
}
}
# Create DHCP Options for VPC
resource "aws_vpc_dhcp_options" "dhcpOptSandbox" {
domain_name = var.searchDomain
domain_name_servers = ["208.67.220.220", "208.67.222.222"]
tags = {
Name = "dhcpOptSandbox"
Terraform = "True"
}
}
# Associated DHCP Options for VPC
resource "aws_vpc_dhcp_options_association" "dhcpOptAssocSandbox" {
vpc_id = aws_vpc.vpcSandbox.id
dhcp_options_id = aws_vpc_dhcp_options.dhcpOptSandbox.id
}
# Create all Subnets
resource "aws_subnet" "sub-sandbox1a" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1a"
cidr_block = "10.11.1.0/24"
tags = {
Terraform = "True"
}
}
resource "aws_subnet" "sub-sandbox1b" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1b"
cidr_block = "10.11.2.0/24"
tags = {
Terraform = "True"
}
}
resource "aws_subnet" "sub-sandbox1c" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1c"
cidr_block = "10.11.3.0/24"
tags = {
Terraform = "True"
}
}
resource "aws_subnet" "sub-sandbox1d" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1d"
cidr_block = "10.11.4.0/24"
tags = {
Terraform = "True"
}
}
resource "aws_subnet" "sub-sandbox1e" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1e"
cidr_block = "10.11.5.0/24"
tags = {
Terraform = "True"
}
}
resource "aws_subnet" "sub-sandbox1f" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1f"
cidr_block = "10.11.6.0/24"
tags = {
Terraform = "True"
}
}
# Create Internet Gateway for VPC
resource "aws_internet_gateway" "gwSandbox" {
vpc_id = aws_vpc.vpcSandbox.id
tags = {
Name = "gwSandbox"
Terraform = "True"
}
}
# Adding some routes to the sandbox VPC
resource "aws_route" "default-v4-sandbox" {
route_table_id = aws_vpc.vpcSandbox.default_route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gwSandbox.id
}
resource "aws_route" "default-v6-sandbox" {
route_table_id = aws_vpc.vpcSandbox.default_route_table_id
destination_ipv6_cidr_block = "::/0"
gateway_id = aws_internet_gateway.gwSandbox.id
}
安全组.tf
# Create security groups for test server
resource "aws_security_group" "sandbox" {
name = "sandbox"
description = "Allow SSH inbound traffic from Trusted Internet Addresses and all Outbound Traffic"
vpc_id = aws_vpc.vpcSandbox.id
tags = {
Name = "sandbox"
Terraform = "True"
}
}
resource "aws_security_group_rule" "workHQOfficeInbound" {
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = [var.workOfficeWAN]
security_group_id = aws_security_group.sandbox.id
}
resource "aws_security_group_rule" "tgs_office_inbound" {
type = "ingress"
from_port = 0
to_port = 65535
protocol = "-1"
cidr_blocks = [var.devOfficeWAN]
security_group_id = aws_security_group.sandbox.id
}
resource "aws_security_group_rule" "alloutbound" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
security_group_id = aws_security_group.sandbox.id
}
ec2.tf
## Adding a test server
# Create a new Keypair
resource "aws_key_pair" "deployer" {
key_name = "deployer-key"
public_key = var.certDeployerPub
tags = {
Name = "deployer"
Terraform = "True"
}
}
# Creating an interface for the test server
resource "aws_network_interface" "int-tc-amazlinux" {
subnet_id = aws_subnet.sub-sandbox1a.id
# private_ips = ["172.16.10.100"]
tags = {
Name = "int-tc-amazlinux"
Terraform = "True"
}
}
# Adding a test Server
resource "aws_instance" "tc-amazlinux01" {
ami = "ami-0e341fcaad89c3650"
instance_type = "t4g.small"
key_name = aws_key_pair.deployer.key_name
subnet_id = aws_subnet.sub-sandbox1a.id
associate_public_ip_address = "true"
security_groups = [
aws_security_group.sandbox.id
]
tags = {
Name = "tc-amazlinux01"
Terraform = "True"
}
}
输出
以下是运行terraform apply立即运行另一个terraform plan的输出示例,而无需对 terraform 文件进行任何修改。
为了篇幅,它在这里: https : //pastebin.com/raw/2Ly0NmVr
1 个解决方案
解决方案1
0 2021-10-22 00:28:30
这可能是因为您的安全组不正确。
所以应该是:
resource "aws_instance" "tc-amazlinux01" {
ami = "ami-0e341fcaad89c3650"
instance_type = "t4g.small"
key_name = aws_key_pair.deployer.key_name
subnet_id = aws_subnet.sub-sandbox1a.id
associate_public_ip_address = "true"
vpc_security_group_ids = [
aws_security_group.sandbox.id
]
tags = {
Name = "tc-amazlinux01"
Terraform = "True"
}
}
使用Terraform如何使EC2引用Cloudformation Datomic实例
[英]Using Terraform how to get EC2 to reference a Cloudformation Datomic instance
为什么 ansible 没有安装在通过 terraform 配置的 EC2 实例上?
[英]why is ansible not being installed on an EC2 instance that is provisioned through terraform?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
在 Terraform 中销毁一个 EC2 实例?
从 terraform 的现有 ec2 实例创建 Ec2
如何使用 terraform 在 LocalStack 上创建 EC2 实例?
terraform 在 ec2 实例上运行 ansible
通过 terraform 在 EC2 实例中的 httpserver
Terraform-将多个子网分配给EC2实例
Terraform 一个 EC2 实例,两个子网
使用Terraform如何使EC2引用Cloudformation Datomic实例
Terraform EC2 实例导入 - 用户数据不同
为什么 ansible 没有安装在通过 terraform 配置的 EC2 实例上?
相关标签