我已经成功使用Terraform创建了一个自动缩放组。我现在想找到一种基于索引值动态命名已配置实例的方法。
对于aws_instance类型,可以通过以下方法轻松完成:
resource "aws_instance" "bar" {
count = 3
tags {
Name = "${var.instance_name_gridNode}${count.index + 1}"
App-code = "${var.app-code}"
PC-code = "${var.pc-code}"
}
}
这将导致3个实例名为:
1)节点1
2)Node2
3)节点3
但是,正如aws_autoscaling_group动态预配的(对于放大和缩小情况),如何控制预配实例的命名约定?
resource "aws_autoscaling_group" "gridrouter_asg" {
name = "mygridrouter"
launch_configuration = "${aws_launch_configuration.gridGgr_lcfg.id}"
min_size = 1
max_size = 2
health_check_grace_period = 150
desired_capacity = 1
vpc_zone_identifier = ["${var.subnet_id}"]
health_check_type = "EC2"
tags = [
{
key = "Name"
value = "${var.instance_name_gridGgr_auto}"
propagate_at_launch = true
},
]
}
我在向 LB 侦听器添加证书时遇到问题。这是用于执行此操作的代码(注意这些是代码片段):
resource "aws_acm_certificate" "demo_cert_east" {
provider = "aws.east"
domain_name = "*.mydomain.com"
validation_method = "DNS"
tags {
Name = "demo certificate"
Environment = "demo"
}
lifecycle {
create_before_destroy = true
}
}
data "aws_acm_certificate" "demo_cert" {
domain = "*.mydomain.com"
statuses = ["ISSUED", "PENDING_VALIDATION"]
}
resource "aws_lb_listener" "wfe_demo_ssl" {
load_balancer_arn = "${aws_lb.wfe_demo.arn}"
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = "${data.aws_acm_certificate.demo_cert.arn}"
default_action {
target_group_arn = "${aws_lb_target_group.wfe_demo.arn}"
type = "forward"
}
}
我已经确保这两个资源都在 aws-east 区域。我收到错误:
创建 …
我有以下Terraform代码使用新的任务定义来更新服务:
resource "aws_ecs_task_definition" "app_definition" {
family = "my-family"
container_definitions = "${data.template_file.task_definition.rendered}"
network_mode = "bridge"
}
resource "aws_ecs_service" "app_service" {
name = "my-service"
cluster = "my-cluster"
task_definition = "${aws_ecs_task_definition.app_definition.arn}"
desired_count = "1"
iam_role = "my-iam-role"
}
更新我的服务时,我的任务定义的上一个修订版本无效。结果,在尝试在ECS控制台中手动回滚到以前的版本时,无法选择它:
Error: No active task definition found
理想情况下,我希望保持最近的X版本处于活动状态,以便在出现问题时始终可以通过控制台手动回滚。
我该如何实现?
我一直在寻找一种能够在Terraform中同时部署到多个AWS账户并且干dry的方法。AWS具有使用堆栈执行此操作的概念,但是我不确定Terraform中是否可以执行此操作?如果是这样,有什么解决方案?
您可以在此处阅读有关Cloudformation解决方案的更多信息。
我要让Terraform在另一个需要MFA的帐户中担任IAM角色真是太糟糕了。这是我的设置
AWS配置
[default]
region = us-west-2
output = json
[profile GEHC-000]
region = us-west-2
output = json
....
[profile GEHC-056]
source_profile = GEHC-000
role_arn = arn:aws:iam::~069:role/hc/hc-master
mfa_serial = arn:aws:iam::~183:mfa/username
external_id = ~069
AWS凭证
[default]
aws_access_key_id = xxx
aws_secret_access_key = xxx
[GEHC-000]
aws_access_key_id = same as above
aws_secret_access_key = same as above
分配给IAM用户的策略
STS政策
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AssumeRole",
"Effect": "Allow",
"Action": [
"sts:AssumeRole"
],
"Resource": [
"arn:aws:iam::*:role/hc/hc-master"
]
}
]
}
用户政策
{
"Statement": [
{
"Action": …amazon-web-services amazon-iam terraform terraform-provider-aws
我有一个脚本,需要在配置实例并附加卷后运行:
resource "aws_instance" "controller" {
...
provisioner "remote-exec" {
connection {
type = "ssh"
user = "centos"
}
inline = [
"download and run script to verify environment"
]
}
}
resource "aws_ebs_volume" "controller-ebs-sdb" {
...
}
resource "aws_volume_attachment" "controller-volume-attachment-sdb" {
device_name = "/dev/sdb"
volume_id = "${aws_ebs_volume.controller-ebs-sdb.id}"
instance_id = "${aws_instance.controller.id}"
}
目前,该脚本使环境失败,因为它运行时尚未附加卷。
是否可以仅在附加卷后运行远程执行脚本?
我正在为 AWS VPC 创建创建一个 Terraform 模块。
这是我的目录结构
? tree -L 3
.
??? main.tf
??? modules
? ??? subnets
? ? ??? main.tf
? ? ??? outputs.tf
? ? ??? variables.tf
? ??? vpc
? ??? main.tf
? ??? outputs.tf
? ??? variables.tf
??? variables.tf
3 directories, 12 files
在子网模块中,我想获取 vpc(子)模块的 vpc id。
在modules/vpc/outputs.tf我使用:
output "my_vpc_id" {
value = "${aws_vpc.my_vpc.id}"
}
这对我做以下事情就足够了modules/subnets/main.tf吗?
resource "aws_subnet" "env_vpc_sn" {
...
vpc_id = "${aws_vpc.my_vpc.id}"
}
我想metadata_startup_script在使用 Terraform 创建 GCE 实例时运行。
该脚本应该创建一个用户并为该用户分配一个随机密码。
我知道我可以在 Terraform 中创建一个随机字符串,例如:
resource "random_string" "pass" {
length = 20
}
我的startup.sh意志在某些时候是这样的:
resource "random_string" "pass" {
length = 20
}
如何random_string通过metadata_startup_script参数将资源生成与适当的脚本调用链接起来?
这是google_compute_instance资源定义:
resource "google_compute_instance" "coreos-host" {
name = "my-vm"
machine_type = "n1-stantard-2"
zone = "us-central1-a"
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
size = 20
type = "pd-standard"
}
}
network_interface {
network = "default"
access_config {
network_tier = "STANDARD"
}
}
metadata_startup_script = …我在 Terraform v0.12 模块中动态创建以下资源:
变量.tf:
variable "stages" {
type = list(string)
default = ["v1", "v2"]
}
variable "rest_api_id" {
description = "The ID of the associated REST API"
}
variable "api_root_resource_id" {
description = "The API resource ID"
}
variable "region" {
description = "The AWS region"
}
variable "method" {
description = "The HTTP method"
default = "GET"
variable "lambda" {
description = "The lambda name to invoke"
}
variable "account_id" {
description = "The AWS account ID"
} …我有一些带有 aaws_instance和 a 的Terraform 代码null_resource:
resource "aws_instance" "example" {
ami = data.aws_ami.server.id
instance_type = "t2.medium"
key_name = aws_key_pair.deployer.key_name
tags = {
name = "example"
}
vpc_security_group_ids = [aws_security_group.main.id]
}
resource "null_resource" "example" {
provisioner "local-exec" {
command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -T 300 -i ${aws_instance.example.public_dns}, --user centos --private-key files/id_rsa playbook.yml"
}
}
它有点工作,但有时会出现错误(可能是当实例处于挂起状态时)。当我重新运行 Terraform 时 - 它按预期工作。
问题:如何仅在实例运行并接受 SSH 连接时运行 local-exec?