Terraform 扩展
Terraform Meta-Arguments 元参数
count创建相似的资源for_each创建相似的资源depends_on定义资源或者模块的依赖provider定义provider选项lifecycle资源的生命周期行为
| 参数 | 使用范围 | 备注 |
|---|---|---|
| count | resource module | 适用于创建多个相似的资源,使用索引count.index作为参数引用。如果资源存在区别,建议使用 for_each |
| for_each | resource module | for_each 它只能用于set(string) 或者map(string) |
| depends_on | resource module | 处理 Terraform 无法自动推断的资源或模块之间的依赖关系 |
| provider | resource module | 在资源中定义供应商,通常是 . ,模块中,如果子模块未定义providers则继承父模块 |
| lifecycle | resource module | 生命周期行为定义 |
Count 创建资源副本
count = num数值类型, 可以通过length()计算数量;count.index索引来遍历列表
示例: 创建三条 DNS 记录
Terraform 配置
## count.tf
locals {
zone = "evescn.com"
records = ["devops1","devops2","devops3"]
}
resource "alicloud_dns_record" "record" {
count = length(local.records)
name = local.zone
host_record = local.records[count.index]
type = "A"
value = "192.168.1.1"
}
## count.tf
locals {
zone = "evescn.com"
records = ["devops1","devops2","devops3"]
}
resource "alicloud_dns_record" "record" {
count = length(local.records)
name = local.zone
host_record = local.records[count.index]
type = "A"
value = "192.168.1.1"
}
创建 DNS 解析
evescn@evescndeMacBook-Pro count % terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/alicloud versions matching "1.164.0"...
- Installing hashicorp/alicloud v1.164.0...
- Installed hashicorp/alicloud v1.164.0 (signed by HashiCorp)
Terraform has been successfully initialized!
evescn@evescndeMacBook-Pro count % terraform fmt
count.tf
evescn@evescndeMacBook-Pro count % terraform validate
Success! The configuration is valid.
evescn@evescndeMacBook-Pro count % terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# alicloud_dns_record.record[0] will be created
+ resource "alicloud_dns_record" "record" {
+ host_record = "devops1"
+ id = (known after apply)
+ locked = (known after apply)
+ name = "evescn.com"
+ routing = "default"
+ status = (known after apply)
+ ttl = 600
+ type = "A"
+ value = "192.168.1.1"
}
# alicloud_dns_record.record[1] will be created
+ resource "alicloud_dns_record" "record" {
+ host_record = "devops2"
+ id = (known after apply)
+ locked = (known after apply)
+ name = "evescn.com"
+ routing = "default"
+ status = (known after apply)
+ ttl = 600
+ type = "A"
+ value = "192.168.1.1"
}
# alicloud_dns_record.record[2] will be created
+ resource "alicloud_dns_record" "record" {
+ host_record = "devops3"
+ id = (known after apply)
+ locked = (known after apply)
+ name = "evescn.com"
+ routing = "default"
+ status = (known after apply)
+ ttl = 600
+ type = "A"
+ value = "192.168.1.1"
}
Plan: 3 to add, 0 to change, 0 to destroy.
evescn@evescndeMacBook-Pro count % terraform apply --auto-approve
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# alicloud_dns_record.record[0] will be created
+ resource "alicloud_dns_record" "record" {
+ host_record = "devops1"
+ id = (known after apply)
+ locked = (known after apply)
+ name = "evescn.com"
+ routing = "default"
+ status = (known after apply)
+ ttl = 600
+ type = "A"
+ value = "192.168.1.1"
}
# alicloud_dns_record.record[1] will be created
+ resource "alicloud_dns_record" "record" {
+ host_record = "devops2"
+ id = (known after apply)
+ locked = (known after apply)
+ name = "evescn.com"
+ routing = "default"
+ status = (known after apply)
+ ttl = 600
+ type = "A"
+ value = "192.168.1.1"
}
# alicloud_dns_record.record[2] will be created
+ resource "alicloud_dns_record" "record" {
+ host_record = "devops3"
+ id = (known after apply)
+ locked = (known after apply)
+ name = "evescn.com"
+ routing = "default"
+ status = (known after apply)
+ ttl = 600
+ type = "A"
+ value = "192.168.1.1"
}
Plan: 3 to add, 0 to change, 0 to destroy.
alicloud_dns_record.record[1]: Creating...
alicloud_dns_record.record[0]: Creating...
alicloud_dns_record.record[2]: Creating...
alicloud_dns_record.record[0]: Creation complete after 1s [id=843289465596745728]
alicloud_dns_record.record[1]: Creation complete after 1s [id=843289465605112832]
alicloud_dns_record.record[2]: Creation complete after 1s [id=843289465619789824]
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
删除 devops2 记录,会成功运行?
locals {
zone = "evescn.com"
# records = ["devops1", "devops2", "devops3"]
records = ["devops1", "devops3"]
}
resource "alicloud_dns_record" "record" {
count = length(local.records)
name = local.zone
host_record = local.records[count.index]
type = "A"
value = "192.168.1.1"
}
执行部署
evescn@evescndeMacBook-Pro count % terraform plan
alicloud_dns_record.record[0]: Refreshing state... [id=843289465596745728]
alicloud_dns_record.record[2]: Refreshing state... [id=843289465619789824]
alicloud_dns_record.record[1]: Refreshing state... [id=843289465605112832]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
- destroy
Terraform will perform the following actions:
# alicloud_dns_record.record[1] will be updated in-place
~ resource "alicloud_dns_record" "record" {
~ host_record = "devops2" -> "devops3"
id = "843289465605112832"
name = "evescn.com"
# (7 unchanged attributes hidden)
}
# alicloud_dns_record.record[2] will be destroyed
# (because index [2] is out of range for count)
- resource "alicloud_dns_record" "record" {
- host_record = "devops3" -> null
- id = "843289465619789824" -> null
- locked = false -> null
- name = "evescn.com" -> null
- priority = 0 -> null
- routing = "default" -> null
- status = "ENABLE" -> null
- ttl = 600 -> null
- type = "A" -> null
- value = "192.168.1.1" -> null
}
Plan: 0 to add, 1 to change, 1 to destroy.
evescn@evescndeMacBook-Pro count % terraform apply --auto-approve
alicloud_dns_record.record[1]: Refreshing state... [id=843289465605112832]
alicloud_dns_record.record[0]: Refreshing state... [id=843289465596745728]
alicloud_dns_record.record[2]: Refreshing state... [id=843289465619789824]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
- destroy
Terraform will perform the following actions:
# alicloud_dns_record.record[1] will be updated in-place
~ resource "alicloud_dns_record" "record" {
~ host_record = "devops2" -> "devops3"
id = "843289465605112832"
name = "evescn.com"
# (7 unchanged attributes hidden)
}
# alicloud_dns_record.record[2] will be destroyed
# (because index [2] is out of range for count)
- resource "alicloud_dns_record" "record" {
- host_record = "devops3" -> null
- id = "843289465619789824" -> null
- locked = false -> null
- name = "evescn.com" -> null
- priority = 0 -> null
- routing = "default" -> null
- status = "ENABLE" -> null
- ttl = 600 -> null
- type = "A" -> null
- value = "192.168.1.1" -> null
}
Plan: 0 to add, 1 to change, 1 to destroy.
alicloud_dns_record.record[2]: Destroying... [id=843289465619789824]
alicloud_dns_record.record[1]: Modifying... [id=843289465605112832]
alicloud_dns_record.record[2]: Destruction complete after 1s
╷
│ Error: [ERROR] terraform-provider-alicloud/alicloud/resource_alicloud_dns_record.go:138: Resource 843289465605112832 UpdateDomainRecord Failed!!! [SDK alibaba-cloud-sdk-go ERROR]:
│ SDK.ServerError
│ ErrorCode: DomainRecordDuplicate
│ Recommend: https://api.aliyun.com/troubleshoot?q=DomainRecordDuplicate&product=Alidns
│ RequestId: 17F3D4A1-6E02-5F4E-AEA0-C04C583B9A9E
│ Message: The DNS record already exists.
│ RespHeaders: map[Access-Control-Allow-Origin:[*] Access-Control-Expose-Headers:[*] Connection:[keep-alive] Content-Length:[246] Content-Type:[application/json;charset=utf-8] Date:[Wed, 02 Aug 2023 03:39:11 GMT] Keep-Alive:[timeout=25] X-Acs-Request-Id:[17F3D4A1-6E02-5F4E-AEA0-C04C583B9A9E] X-Acs-Trace-Id:[df248ca1dac580f3e90c12bf599c4e1a]]
│
│ with alicloud_dns_record.record[1],
│ on count.tf line 7, in resource "alicloud_dns_record" "record":
│ 7: resource "alicloud_dns_record" "record" {
│
从 terraform 看,程序执行的操作步骤如下:
- update: server2 > server3
- destroy: server3
但是在执行过程中 count = length(local.records) 命令获取不了 [2] 这个下标程序出错,看看 DNS 解析记录
for_each 创建资源副本
-
for_each=set(string)map(string) -
for_each只能用于set(string)或者map(string),可以使用toset转换list为set数据 -
for_each=set(string)each.key=each.value
-
for_each=map(string)each.key=keyeach.value=value
示例: 创建三条 DNS 记录
Terraform 配置
## version.tf
terraform {
required_version = ">=1.1.9"
required_providers {
alicloud = {
source = "hashicorp/alicloud"
version = "1.164.0"
}
}
}
# Configure the Alicloud Provider
provider "alicloud" {
access_key = "xxxxxxxx"
secret_key = "xxxxxxxx"
}
## for_each.tf
locals {
zone = "evescn.com"
# records = ["devops1", "devops2", "devops3"]
records = ["devops1", "devops3"]
}
resource "alicloud_dns_record" "eachrecord" {
for_each = toset(local.records)
name = local.zone
host_record = each.value
type = "A"
value = "192.168.1.1"
}
创建 DNS 解析
evescn@evescndeMacBook-Pro for_each % terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/alicloud versions matching "1.164.0"...
- Installing hashicorp/alicloud v1.164.0...
- Installed hashicorp/alicloud v1.164.0 (signed by HashiCorp)
Terraform has been successfully initialized!
evescn@evescndeMacBook-Pro for_each % terraform fmt
for_each.tf
evescn@evescndeMacBook-Pro for_each % terraform validate
Success! The configuration is valid.
evescn@evescndeMacBook-Pro for_each % terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# alicloud_dns_record.eachrecord["devops1"] will be created
+ resource "alicloud_dns_record" "eachrecord" {
+ host_record = "devops1"
+ id = (known after apply)
+ locked = (known after apply)
+ name = "evescn.com"
+ routing = "default"
+ status = (known after apply)
+ ttl = 600
+ type = "A"
+ value = "192.168.1.1"
}
# alicloud_dns_record.eachrecord["devops2"] will be created
+ resource "alicloud_dns_record" "eachrecord" {
+ host_record = "devops2"
+ id = (known after apply)
+ locked = (known after apply)
+ name = "evescn.com"
+ routing = "default"
+ status = (known after apply)
+ ttl = 600
+ type = "A"
+ value = "192.168.1.1"
}
# alicloud_dns_record.eachrecord["devops3"] will be created
+ resource "alicloud_dns_record" "eachrecord" {
+ host_record = "devops3"
+ id = (known after apply)
+ locked = (known after apply)
+ name = "evescn.com"
+ routing = "default"
+ status = (known after apply)
+ ttl = 600
+ type = "A"
+ value = "192.168.1.1"
}
Plan: 3 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
alicloud_dns_record.eachrecord["devops1"]: Creating...
alicloud_dns_record.eachrecord["devops2"]: Creating...
alicloud_dns_record.eachrecord["devops3"]: Creating...
alicloud_dns_record.eachrecord["devops2"]: Creation complete after 0s [id=843317481926367232]
alicloud_dns_record.eachrecord["devops3"]: Creation complete after 0s [id=843317481928446976]
alicloud_dns_record.eachrecord["devops1"]: Creation complete after 0s [id=843317481953598464]
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
删除 devops2 记录,重新执行
## for_each.tf
locals {
zone = "evescn.com"
# records = ["devops1", "devops2", "devops3"]
records = ["devops1", "devops3"]
}
resource "alicloud_dns_record" "eachrecord" {
for_each = toset(local.records)
name = local.zone
host_record = each.value
type = "A"
value = "192.168.1.1"
}
执行部署
evescn@evescndeMacBook-Pro for_each % terraform apply
alicloud_dns_record.eachrecord["devops2"]: Refreshing state... [id=843317481926367232]
alicloud_dns_record.eachrecord["devops3"]: Refreshing state... [id=843317481928446976]
alicloud_dns_record.eachrecord["devops1"]: Refreshing state... [id=843317481953598464]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# alicloud_dns_record.eachrecord["devops2"] will be destroyed
# (because key ["devops2"] is not in for_each map)
- resource "alicloud_dns_record" "eachrecord" {
- host_record = "devops2" -> null
- id = "843317481926367232" -> null
- locked = false -> null
- name = "evescn.com" -> null
- priority = 0 -> null
- routing = "default" -> null
- status = "ENABLE" -> null
- ttl = 600 -> null
- type = "A" -> null
- value = "192.168.1.1" -> null
}
Plan: 0 to add, 0 to change, 1 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
alicloud_dns_record.eachrecord["devops2"]: Destroying... [id=843317481926367232]
alicloud_dns_record.eachrecord["devops2"]: Destruction complete after 0s
Apply complete! Resources: 0 added, 0 changed, 1 destroyed.
dynamic 动态的内联块
-
dynamic: 定义动态资源块,后面是label,默认为生成的语句块名称; -
for_each: 要进行迭代循环的对象(map、list、set); -
iterator: 临时的变量名称,如果未定义则使用label即ports; -
content: 要生成的语句块的内容部分;dynamic "label" {
# 支持 map list set 等数据
for_each = map | list | set
iterator = iterator_name
content {
key = iterator_name.value
}
}dynamic "ports" {
for_each = local.jenkins_ports
content {
internal = ports.value.internal
external = ports.value.external
ip = "0.0.0.0"
protocol = "tcp"
}
}
Docker 中的 ports{}
resource "docker_container" "jenkins" {
ports {
internal = 8080
external = 8080
ip = "0.0.0.0"
protocol = "tcp"
}
ports {
internal = 50000
external = 50000
ip = "0.0.0.0"
protocol = "tcp"
}
}
定义一个local变量;使用dynamic动态内联块
for_each遍历资源;ports.value引用遍历的资源
locals {
jenkins_ports = [
{
internal = 8080
external = 8080
},
{
internal = 50000
external = 50000
}
]
}
resource "docker_container" "jenkins" {
// 使用dynamic来实现动态
dynamic "ports" {
for_each = local.jenkins_ports
content {
internal = ports.value.internal
external = ports.value.external
ip = "0.0.0.0"
protocol = "tcp"
}
}
depends_on 依赖关系
处理 资源或模块之间的依赖关系。
resource "docker_image" "jenkins" {
name = "jenkins/jenkins:2.332.2-centos7-jdk8"
force_remove = false
keep_locally = true
}
resource "docker_container" "jenkins" {
image = docker_image.jenkins.name
name = "jenkins-demo"
# 依赖 docker_image 资源
depends_on = [
docker_image.jenkins
]
}
provider 自定义供应商
resource 覆盖资源中的 provider
例如:分别在 cn-beijing 和 cn-shanghai 区域分别创建1个实例。
provider "alicloud" {
alias = "north"
region = "cn-beijing"
access_key = "AKIR"
secret_key = "MJy5JXmZn"
}
provider "alicloud" {
region = "cn-shanghai"
access_key = "AK5R"
secret_key = "MJy5JX6HIqmZn"
}
resource "alicloud_instance" "ecs_demo_north" {
provider = alicloud.north
...
}
resource "alicloud_instance" "ecs_demo" {
...
}
module 默认子模块继承根模块的provider;
-
provider = map()
-
key: provider名称
-
value:
<provider>.<alias>provider "alicloud" {
alias = "north"
region = "cn-beijing"
}provider "alicloud" {
region = "cn-shanghai"
}module "example" {
source = "./example"
# module 中的 provider 配置
providers = {
alicloud = alicloud.north
}
}
lifecycle 生命周期
标记资源不被删除或者销毁前创建新的资源;
lifecycle {
xxx
}
-
create_before_destroy 先创建新的对象,再销毁旧的对象;
-
prevent_destroy 防止资源被销毁;
-
ignore_changes 忽略资源的差异;
-
replace_triggered_by 当指定的资源修改后替换当前资源;
-
precondition postcondition 条件检查
lifecycle {
create_before_destroy = true
# prevent_destroy = true
ignore_changes = [
tags, instance_name
]
replace_triggered_by = [
alicloud_vpc.vpc.vpc_name
]
}