使用 terraform template_file 和 s3 到 bootstrap with s3
using terraform template_file and s3 to bootstrap with s3
我们正在尝试在 S3 中继续引导 user_data 配置文件。但是我们也需要为部分用户数据脚本变量和管理秘密。所以我的想法是创建一个存储桶,存储我们的脚本,然后使用 s3 中的 template_file。然后将呈现的模板推入我的 aws_launch_configuration 的 user_data。然而,人们并不仅仅这样做。
当我检查我的 aws 控制台时,我看到 user_data 只是作为存储桶文件的 url 出现。有没有办法我仍然可以完成此操作,或者是否有更好的方法从 s3 中提取 user_data 同时仍然能够传递变量?
以下是我目前失败的尝试;为简洁起见减少。
# Create folder and upload bootstrap files
resource "aws_s3_bucket_object" "bootstrap_config" {
for_each = "${fileset(var.bootstrapConfigPath, "*")}"
bucket = "${aws_s3_bucket.bootstrap_bucket.id}"
acl = "private"
key = "${each.value}"
source = "${var.bootstrapConfigPath}/${each.value}"
etag = filemd5("${var.bootstrapConfigPath}/${each.value}")
}
.
.in another module...
.
data "template_file" "user_data" {
template = "${join("", list(var.bootstrap_bucket, "/config/user_data.sh"))}"
vars = {
_port = "${var.port}"
_allowed_cidr = "${var.allowed_cidr}"
}
}
.
.
.
resource "aws_launch_configuration" "sample_thing" {
name_prefix = "sample-${var.environment}"
image_id = "${var.ami_id[var.aws_region]}"
instance_type = "${var.instance_type}"
associate_public_ip_address = "${var.ispublic}"
key_name = "${var.key_name}"
security_groups = ["${aws_security_group.instance.id}"]
iam_instance_profile = "${aws_iam_instance_profile.the_profile.arn}"
user_data = "${data.template_file.user_data.rendered}"
root_block_device {
encrypted = true
}
lifecycle {
create_before_destroy = true
}
}
好的,明白了。基于此博客 post
我所做的是将 user_data 脚本作为包含引导存储桶和对象的模块的数据输出。然后在启动配置中导入它并在我的 template_file
中使用它
# Create folder and upload bootstrap files
resource "aws_s3_bucket_object" "bootstrap_config" {
for_each = "${fileset(var.bootstrapConfigPath, "*")}"
bucket = "${aws_s3_bucket.bootstrap_bucket.id}"
acl = "private"
key = "${each.value}"
source = "${var.bootstrapConfigPath}/${each.value}"
etag = filemd5("${var.bootstrapConfigPath}/${each.value}")
}
data "aws_s3_bucket_object" "boot_config" {
bucket = "${aws_s3_bucket.bootstrap_bucket.id}"
key = "user_data.sh"
depends_on = [aws_s3_bucket_object.bootstrap_config]
}
output "boot_config" {
value = "${data.aws_s3_bucket_object.boot_config.body}"
}
.
.in another module...
.
data "template_file" "user_data" {
template = "${var.boot_config}" #<-Imported output variable
vars = {
_port = "${var._port}"
_allowed_cidr = "${var._allowed_cidr}"
}
}
.
.
.
resource "aws_launch_configuration" "sample_thing" {
name_prefix = "sample-${var.environment}"
image_id = "${var.ami_id[var.aws_region]}"
instance_type = "${var.instance_type}"
associate_public_ip_address = "${var.ispublic}"
key_name = "${var.key_name}"
security_groups = ["${aws_security_group.instance.id}"]
iam_instance_profile = "${aws_iam_instance_profile.the_profile.arn}"
user_data = "${data.template_file.user_data.rendered}"
root_block_device {
encrypted = true
}
lifecycle {
create_before_destroy = true
}
}
我们正在尝试在 S3 中继续引导 user_data 配置文件。但是我们也需要为部分用户数据脚本变量和管理秘密。所以我的想法是创建一个存储桶,存储我们的脚本,然后使用 s3 中的 template_file。然后将呈现的模板推入我的 aws_launch_configuration 的 user_data。然而,人们并不仅仅这样做。
当我检查我的 aws 控制台时,我看到 user_data 只是作为存储桶文件的 url 出现。有没有办法我仍然可以完成此操作,或者是否有更好的方法从 s3 中提取 user_data 同时仍然能够传递变量?
以下是我目前失败的尝试;为简洁起见减少。
# Create folder and upload bootstrap files
resource "aws_s3_bucket_object" "bootstrap_config" {
for_each = "${fileset(var.bootstrapConfigPath, "*")}"
bucket = "${aws_s3_bucket.bootstrap_bucket.id}"
acl = "private"
key = "${each.value}"
source = "${var.bootstrapConfigPath}/${each.value}"
etag = filemd5("${var.bootstrapConfigPath}/${each.value}")
}
.
.in another module...
.
data "template_file" "user_data" {
template = "${join("", list(var.bootstrap_bucket, "/config/user_data.sh"))}"
vars = {
_port = "${var.port}"
_allowed_cidr = "${var.allowed_cidr}"
}
}
.
.
.
resource "aws_launch_configuration" "sample_thing" {
name_prefix = "sample-${var.environment}"
image_id = "${var.ami_id[var.aws_region]}"
instance_type = "${var.instance_type}"
associate_public_ip_address = "${var.ispublic}"
key_name = "${var.key_name}"
security_groups = ["${aws_security_group.instance.id}"]
iam_instance_profile = "${aws_iam_instance_profile.the_profile.arn}"
user_data = "${data.template_file.user_data.rendered}"
root_block_device {
encrypted = true
}
lifecycle {
create_before_destroy = true
}
}
好的,明白了。基于此博客 post
我所做的是将 user_data 脚本作为包含引导存储桶和对象的模块的数据输出。然后在启动配置中导入它并在我的 template_file
# Create folder and upload bootstrap files
resource "aws_s3_bucket_object" "bootstrap_config" {
for_each = "${fileset(var.bootstrapConfigPath, "*")}"
bucket = "${aws_s3_bucket.bootstrap_bucket.id}"
acl = "private"
key = "${each.value}"
source = "${var.bootstrapConfigPath}/${each.value}"
etag = filemd5("${var.bootstrapConfigPath}/${each.value}")
}
data "aws_s3_bucket_object" "boot_config" {
bucket = "${aws_s3_bucket.bootstrap_bucket.id}"
key = "user_data.sh"
depends_on = [aws_s3_bucket_object.bootstrap_config]
}
output "boot_config" {
value = "${data.aws_s3_bucket_object.boot_config.body}"
}
.
.in another module...
.
data "template_file" "user_data" {
template = "${var.boot_config}" #<-Imported output variable
vars = {
_port = "${var._port}"
_allowed_cidr = "${var._allowed_cidr}"
}
}
.
.
.
resource "aws_launch_configuration" "sample_thing" {
name_prefix = "sample-${var.environment}"
image_id = "${var.ami_id[var.aws_region]}"
instance_type = "${var.instance_type}"
associate_public_ip_address = "${var.ispublic}"
key_name = "${var.key_name}"
security_groups = ["${aws_security_group.instance.id}"]
iam_instance_profile = "${aws_iam_instance_profile.the_profile.arn}"
user_data = "${data.template_file.user_data.rendered}"
root_block_device {
encrypted = true
}
lifecycle {
create_before_destroy = true
}
}