我现有的 terraform 基础设施是由我之前的人创建的,他们使用计数创建了实例,我们想要删除计数,但 terraform 想要重建实例。
有没有办法可以删除计数而无需重建实例?
我想知道诸如 terraform state mv 之类的东西是否能够实现这一点,或者是否有其他可能。
提前致谢!
更新:示例如下所示
# module.compute.aws_kms_alias.kms-alias will be created
+ resource "aws_kms_alias" "kms-alias" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "alias/kms-eks"
+ name_prefix = (known after apply)
+ target_key_arn = (known after apply)
+ target_key_id = (known after apply)
}
# module.compute.aws_kms_alias.kms-alias[1] will be destroyed
- resource "aws_kms_alias" "kms-alias" {
- arn = "arn:aws:kms:::alias/kms-eks" -> null
- id = "alias/kms-eks" -> null …我正在尝试使用 Terraform 进行 azure 服务原理密码轮换,最新版本的 azuread 他们提供了此轮换功能,
resource "time_rotating" "test" {
rotation_years = 5
lifecycle {
create_before_destroy = true
}
}
resource "azuread_service_principal_password" "service_principal_password" {
service_principal_id = var.sp_internal_id
rotate_when_changed = {
rotation = time_rotating.test.id
}
lifecycle {
create_before_destroy = true
}
}
我只是想当我添加属性rotate_when_changed 时,它会根据我设置的时间戳创建一个新的密码资源吗?我想知道这是 Terraform 仅提供的功能还是 Azure AD 的功能?由于Azure AD不提供密钥轮换功能,我想知道Terraform是如何实现这种轮换的?
azure azure-active-directory terraform terraform-provider-azure
我有一个带有 for_each 循环条件的资源块,我想输出资源块的名称和地址前缀。
\n主要.tf:
\nresource "azurerm_subnet" "snets" {\n for_each = var.subnets\n name = each.key\n resource_group_name = azurerm_resource_group.rg.name\n virtual_network_name = azurerm_virtual_network.vnet.name\n address_prefixes = [each.value]\n}\n我尝试过类似的方法,但没有成功。
\n输出.tf
\noutput "azurerm-subnet" {\n value = azurerm_subnet.snets.*.name\n}\n错误:
\n\xe2\x94\x82 Error: Unsupported attribute\n\xe2\x94\x82\n\xe2\x94\x82 on output.tf line 2, in output "azurerm-subnet":\n\xe2\x94\x82 2: value = azurerm_subnet.snets.*.name\n\xe2\x94\x82\n\xe2\x94\x82 This object does not have an attribute named "name".\n如何用变量替换 terraform 脚本的整个块?例如,
resource "azurerm_data_factory_trigger_schedule" "sfa-data-project-agg-pipeline-trigger" {
name = "aggregations_pipeline_trigger"
data_factory_id = var.data_factory_resource_id
pipeline_name = "my-pipeline"
frequency = var.frequency
schedule {
hours = [var.adf_pipeline_schedule_hour]
minutes = [var.adf_pipeline_schedule_minute]
}
}
在上面的示例中,如何schedule使用 terraform 变量使整个块可配置?
我尝试过这个,但它不起作用。
schedule = var.schedule
我正在通过 Terraform 部署新的应用程序注册,然后将事件中心中的角色分配给该应用程序注册。
EG 部署应用程序注册
data "azuread_client_config" "current" {}
resource "azuread_application" "eventhub_auth" {
display_name = "AppReg"
sign_in_audience = "AzureADMyOrg"
owners = [data.azuread_client_config.current.object_id]
app_role {
allowed_member_types = ["User", "Application"]
description = "Admins can manage roles and perform all task actions"
display_name = "Admin"
enabled = true
id = uuid()
value = "admin"
}
app_role {
allowed_member_types = ["User"]
description = "ReadOnly roles have limited query access"
display_name = "ReadOnly"
enabled = true
id = uuid()
value = "User"
}
}
角色分配: …
我有以下目录/文件结构:
.
??? main.tf
??? modules
? ??? Resource_group
? ??? main.tf
? ??? vars.tf
配置文件
./main.tf
module "app-rg" {
source = "./modules/Resource_Group"
}
./modules/resource_group/main.tf
provider "azurerm" {
version = "=2.11.0"
features { }
}
resource "azurerm_resource_group" "rg" {
name = "${lookup(var.resource_group, var.env)}"
location = "${lookup(var.location, var.env)}"
}
./modules/resource_group/vars.tf
variable "env" {
description = "env : dev or prod"
}
variable "resource_group" {
type = "map"
default = {
dev = "rg-dev"
prod = "rg-prod"
}
}
variable "location" { …例如,在 variable.tf 文件中,我们有如下代码
variable "variable1" {
type = string
default = "ABC"
}
variable "variable2" {
type = string
default = "DEF"
}
variable "variable3" {
type = string
default = "$var.variable1-$var.variable2"
}
预期输出:
变量 3 = ABC-DEF
不久前,我使用该azurerm_sql_database块在 Terraform 中创建了一个无服务器 Azure SQL 资源。然后在 3 月,在 azurerm 2.3版中,他们推出了azurerm_mssql_database块,据我所知,它旨在取代azurerm_sql_database.
我需要更改auto_pause_delay_in_minutes设置,该设置仅适用于azurerm_mssql_database. 所以我想我现在需要升级,在有任何关于如何执行升级的官方指导(我能找到)之前。如果我执行这些步骤:
azurerm_sql_database为azurerm_mssql_databaseresource_group_namelocationrequested_service_objective_name为sku_nameserver_name为server_id然后 terraform 尝试删除我的数据库并创建一个新的数据库,我收到一条错误消息,例如“ID 为 [id] 的资源已经存在 - 要通过 Terraform 管理,该资源需要导入到状态中。”
如何在auto_pause_delay_in_minutes不删除数据库的情况下执行升级和设置?
当我尝试执行任何操作时出现此错误:
Error locking state: Error acquiring the state lock: state blob is already locked
如何列出当前拥有锁的人以及获得锁的时间?
我无法使用公共 IP 地址公开部署在 AKS 上的 k8s 集群。我正在使用 GitHub Actions 进行部署。以下是我的 .tf 和 deployment.yml 文件;
请参阅下面我面临的错误。
主文件
provider "azurerm" {
features {}
}
provider "azuread" {
version = "=0.7.0"
}
terraform {
backend "azurerm" {
resource_group_name = "tstate-rg"
storage_account_name = "tstateidentity11223"
container_name = "tstate"
access_key = "/qSJCUo..."
key = "terraform.tfstate"
}
}
# create resource group
resource "azurerm_resource_group" "aks" {
name = "${var.name_prefix}-rg"
location = var.location
}
}
aks-cluster.tf
resource "azurerm_kubernetes_cluster" "aks" {
name = "${var.name_prefix}-aks"
location = var.location
resource_group_name = …load-balancing kubernetes terraform-provider-azure azure-aks nginx-ingress