目录
一、实验
1.环境
2.Terraform 创建网络资源
3.Terraform 进行 create_before_destroy(销毁前创建新资源)
4.Terraform 进行 prevent_destroy(防止资源被销毁)
5.Terraform 进行 ignore_changes(忽略资源的差异)
6.Terraform 进行 replace_triggered_by(当指定的资源修改后替换当前资源)
7.Terraform 销毁资源
二、问题
1.Terraform 开启replace_triggered_by预览失败
一、实验
1.环境
(1)主机
表1-1 主机
主机 | 系统 | 软件 | 工具 | 备注 |
jia | Windows | Terraform 1.6.6 | VS Code、 PowerShell、 Chocolatey |
2.Terraform 创建网络资源
(1)查看项目
(2)主配置文件
main.tf
# Configure the Alicloud Provider
provider "alicloud" {
access_key = var.access_key
secret_key = var.secret_key
region = var.region
}
//VPC 专有网络
resource "alicloud_vpc" "vpc" {
vpc_name = "tf_test"
cidr_block = "172.16.0.0/12"
}
//switch 交换机
resource "alicloud_vswitch" "vsw" {
vpc_id = alicloud_vpc.vpc.id
cidr_block = "172.16.0.0/21"
zone_id = "cn-hangzhou-j"
}
//security_group 安全组
resource "alicloud_security_group" "group" {
name = "demo-group"
vpc_id = alicloud_vpc.vpc.id
security_group_type = "normal" //普通类型
}
//security_group_rule 规则(80端口)
resource "alicloud_security_group_rule" "allow_80_tcp" {
type = "ingress"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "80/80"
priority = 1
security_group_id = alicloud_security_group.group.id
cidr_ip = "0.0.0.0/0"
}
//security_group_rule 规则(22端口)
resource "alicloud_security_group_rule" "allow_22_tcp" {
type = "ingress"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "22/22"
priority = 1
security_group_id = alicloud_security_group.group.id
cidr_ip = "0.0.0.0/0"
}
(3) 版本配置文件
versions.tf
terraform {
required_version = "1.6.6"
required_providers {
alicloud = {
source = "hashicorp/alicloud"
version = "1.214.1"
}
}
}
(4)变量配置文件
variables.tf
variable "access_key" {
description = "access_key"
}
variable "secret_key" {
description = "secret_key"
}
variable "region" {
type = string
description = "region name"
default = "cn-hangzhou"
sensitive = true
}
(5) 密钥配置文件
terraform.tfvars
(6)初始化
terraform init
(7)格式化代码
terraform fmt
(8)验证代码
terraform validate
(9)计划与预览
terraform plan
(10)申请资源
terraform apply
(11)登录阿里云系统查看VPC
VPC已新增1个 (cn-hangzhou)
交换机已新增1个 (cn-hangzhou)
安全组已新增1个 (cn-hangzhou)
3.Terraform 进行 create_before_destroy(销毁前创建新资源)
(1)查看项目
(2)主配置文件
main.tf , locals字段直接指定 vsw交换机和secgroup安全组
# Configure the Alicloud Provider 默认供应商
provider "alicloud" {
access_key = var.access_key
secret_key = var.secret_key
region = "cn-hangzhou"
}
locals {
region = "cn-hangzhou-j"
vsw_id = "vsw-bp1wiym3ekwsxouor6fii"
secgroup_id = "sg-bp108o98h69b4kb18eie"
instance_name = "myecsserver1"
instance_type = "ecs.t6-c4m1.large"
}
//查询alicloud_images 镜像
data "alicloud_images" "images_ds" {
owners = "system"
name_regex = "^centos_7"
architecture = "x86_64"
status = "Available"
os_type = "linux"
# output_file = "./outputs.json"
}
//alicloud_instance 实例
resource "alicloud_instance" "myecs" {
availability_zone = local.region
security_groups = [local.secgroup_id]
instance_type = local.instance_type
system_disk_category = "cloud_essd"
system_disk_name = "tf_system_disk_name"
system_disk_description = "tf_system_disk_description"
image_id = data.alicloud_images.images_ds.images[0].id
//引用局部变量
instance_name = local.instance_name
vswitch_id = local.vsw_id
internet_max_bandwidth_out = 0
internet_charge_type = "PayByTraffic"
password = "root@123"
}
(3) 版本配置文件
versions.tf
terraform {
required_version = "1.6.6"
required_providers {
alicloud = {
source = "hashicorp/alicloud"
version = "1.214.1"
}
}
}
(4)变量配置文件
variables.tf
variable "access_key" {
description = "access_key"
}
variable "secret_key" {
description = "secret_key"
}
variable "region" {
type = string
description = "region name"
default = "cn-hangzhou"
sensitive = true
}
(5) 密钥配置文件
terraform.tfvars
(6)初始化
terraform init
(7)格式化代码
terraform fmt
(8)验证代码
terraform validate
(9)计划与预览
terraform plan
(10)申请资源
terraform apply
yes
(11)登录阿里云系统查看ECS
ECS已新增1个 (cn-hangzhou)
(12) 修改主配置文件
main.tf ,添加如下代码,修改资源名称为myecs2并开启create_before_destroy(创建新增源,然后再销毁旧资源)
resource "alicloud_instance" "myecs2" {
……
lifecycle {
create_before_destroy = true
}
}
(13) 计划与预览
terraform plan
显示1个资源将要被添加,1个资源将要被销毁
(14)申请资源
terraform apply
yes
(15)登录阿里云系统观测ECS 变化
私有地址为172.16.4.216
私有地址变更为172.16.4.217
4.Terraform 进行 prevent_destroy(防止资源被销毁)
(1) 修改主配置文件
main.tf , 添加如下代码 ,开启prevent_destroy功能(防止资源销毁功能)
prevent_destroy = true
(2)销毁资源
terraform destroy
因开启了避免销毁的生命周期管理,销毁操作会报错
5.Terraform 进行 ignore_changes(忽略资源的差异)
(1)修改主配置文件
main.tf , 添加如下代码 ,开启标签
tags = {
env = "dev"
owner = "maojing"
}
(2) 计划与预览
terraform plan
(3) 申请资源
terraform apply
(4)登录阿里云系统查看ECS 的 tags
ECS已新增标签 (cn-hangzhou)
(5)删除标签
删除前
删除
完成
查看 (仅有1个标签)
(6) 计划与预览
terraform plan
显示有1个变动
(7)修改主配置文件
main.tf , 添加如下代码 ,开启ignore_changes功能(忽略资源的差异)
prevent_destroy = true
ignore_changes = [
tags
]
(8) 计划与预览
terraform plan
No changes显示无变动
(9)修改ECS 名称
修改
查看
(10) 计划与预览
terraform plan
显示有1个变动
(11) 修改主配置文件
main.tf , 添加如下代码 ,忽略instance_name
prevent_destroy = true
ignore_changes = [
tags,
instance_name
]
(12) 计划与预览
terraform plan
No changes显示无变动
6.Terraform 进行 replace_triggered_by(当指定的资源修改后替换当前资源)
(1) 修改主配置文件
main.tf ,新增如下代码,实现新增1个VPC
//VPC 专有网络
resource "alicloud_vpc" "vpc" {
vpc_name = "myvpc1"
cidr_block = "172.16.0.0/16"
}
(2) 计划与预览
terraform plan
(3) 申请资源
terraform apply
(4)阿里云查看VPC
新增1个VPC:myvpc1
(5)修改主配置文件
main.tf , 添加如下代码 ,开启replace_triggered_by(当指定的资源修改后替换当前资源)
replace_triggered_by = [
alicloud_vpc.vpc.vpc_name
]
main.tf , 修改VPC名称为myvpc2
vpc_name = "myvpc2"
(6)计划与预览
terraform plan
显示1个change变更,触发了1个新增ECS与销毁1个ECS
(7) 申请资源
terraform apply
yes
(8)登录阿里云系统观察ECS 变化
旧的1个实例
已新增1个实例
已销毁旧的实例
7.Terraform 销毁资源
(1)查看项目
(2)销毁服务资源 (切换create_before_destroy目录)
terraform destroy
yes
(3)登录阿里云系统查看ECS
ECS 已销毁
(4)销毁网络资源(切换lifecycle-network目录)
terraform destroy
yes
二、问题
1.Terraform 开启replace_triggered_by预览失败
(1)报错
│ Error: Instance cannot be destroyed
│
│ on main.tf line 33:
│ 33: resource "alicloud_instance" "myecs2" {
│
│ Resource alicloud_instance.myecs2 has lifecycle.prevent_destroy set, but the plan calls for this resource to be destroyed. To avoid this error and continue with the plan, either disable lifecycle.prevent_destroy or reduce the scope of the plan using the -target flag.
(2)原因分析
实例卡开启了prevent_destroy(防止资源被销毁)
(3)解决方法
因与replace_triggered_by功能冲突,需要关闭prevent_destroy功能。
修改前:
修改后:
成功