Terraform 计划要销毁导入的 RDS 资源
Terraform plan wants to destroy imported RDS resource
我使用以下命令将之前部署的 RDS 实例替换为手动配置的 RDS 实例:
./terraform destroy -target aws_db_instance.my_db./terraform import aws_db_instance.my_db my-rds-instance
(在使用 import 之前必须销毁旧实例。)
当我现在 运行 ./terraform plan 时,terraform 想要销毁并重新创建 RDS 数据库:
-/+ aws_db_instance.my_db (new resource required)
id: "my-rds-instance" => <computed> (forces new resource)
address: "my-rds-instance.path.rds.amazonaws.com" => <computed>
allocated_storage: "100" => "100"
allow_major_version_upgrade: "false" => "false"
apply_immediately: "false" => "false"
arn: "arn:aws:rds:eu-central-1:123456789123:db:my-rds-instance" => <computed>
auto_minor_version_upgrade: "false" => "false"
availability_zone: "eu-central-1b" => <computed>
backup_retention_period: "7" => "7"
backup_window: "09:46-10:16" => "09:46-10:16"
ca_cert_identifier: "rds-ca-2015" => <computed>
character_set_name: "" => <computed>
copy_tags_to_snapshot: "false" => "false"
db_subnet_group_name: "bintu-ct6" => "bintu-ct6"
endpoint: "my-rds-db-manually.path.rds.amazonaws.com:5432" => <computed>
engine: "postgres" => "postgres"
engine_version: "10.6" => "10.6"
final_snapshot_identifier: "" => "my-rds-DbFinal"
hosted_zone_id: "Z1RLNUO7B9Q6NB" => <computed>
identifier: "my-rds-db-manually" => "my-rds-db-manually"
identifier_prefix: "my-rds-db-" => <computed>
instance_class: "db.m5.large" => "db.m5.xlarge"
kms_key_id: "arn:aws:kms:eu-central-1:123456789123:key/d123d45d-b678-9123-a1e9-c456d40d7be7" => <computed>
license_model: "postgresql-license" => <computed>
maintenance_window: "wed:00:53-wed:01:23" => "mon:00:00-mon:03:00"
monitoring_interval: "60" => "60"
monitoring_role_arn: "arn:aws:iam::123456789123:role/myRdsMonitoring" => "arn:aws:iam::123456789123:role/myRdsMonitoring"
multi_az: "true" => "true"
name: "mydb" => "mydb"
option_group_name: "default:postgres-10" => <computed>
parameter_group_name: "rds-my-group" => "rds-my-group"
password: <sensitive> => <sensitive> (attribute changed)
port: "5432" => <computed>
publicly_accessible: "false" => "false"
replicas.#: "0" => <computed>
resource_id: "db-ABCDEFGHIJKLMNOPQRSTUVW12" => <computed>
skip_final_snapshot: "true" => "false"
status: "available" => <computed>
storage_encrypted: "true" => "false" (forces new resource)
storage_type: "gp2" => "gp2"
tags.%: "1" => "0"
tags.workload-type: "production" => ""
timezone: "" => <computed>
username: "user" => "user"
vpc_security_group_ids.#: "1" => "1"
vpc_security_group_ids.1234563899: "sg-011d2e33a4464eb65" => "sg-011d2e33a4464eb65"
我预计"import"命令会将手动创建的RDS实例添加到config/state文件中,因此无需重新部署新的RDS实例即可使用。
使用terraform plan/apply时如何防止导入的RDS实例被破坏?
资源配置如下:
resource "aws_db_instance" "my_db" {
#identifier = "my-rds-db-manually"
identifier_prefix = "${var.db_instance_identifier_prefix}"
vpc_security_group_ids = ["${aws_security_group.my_db.id}"]
allocated_storage = "${var.db_allocated_storage}"
storage_type = "gp2"
engine = "postgres"
engine_version = "10.6"
instance_class = "${var.db_instance_type}"
monitoring_interval = "60"
monitoring_role_arn = "${aws_iam_role.my_rds_monitoring.arn}"
name = "${var.bintu_db_name}"
username = "${var.DB_USER}"
password = "${var.DB_PASS}"
allow_major_version_upgrade = false
apply_immediately = false
auto_minor_version_upgrade = false
backup_window = "${var.db_backup_window}"
maintenance_window = "${var.db_maintenance_window}"
db_subnet_group_name = "${aws_db_subnet_group.my_db.name}"
final_snapshot_identifier = "${var.db_final_snapshot_identifier}"
parameter_group_name = "${aws_db_parameter_group.my_db.name}"
multi_az = true
backup_retention_period = 7
lifecycle {
prevent_destroy = false
}
}
注意设置了prevent_destroy = false,否则计划会失败
您可能已经注意到,您必须自己找出与导入资源匹配的代码。
提供的输出包含一项重要信息:
storage_encrypted: "true" => "false" (forces new resource)
这意味着您的代码想要使用 storage_encrypted = false 设置 RDS 实例,而 state/reality 将其设置为 true。在您的代码中更改此设置,您的计划将为 non-destructive.
我还没有检查过其余差异是否匹配。如果不是,它会告诉你哪些具体设置与当前状态相反。
我使用以下命令将之前部署的 RDS 实例替换为手动配置的 RDS 实例:
./terraform destroy -target aws_db_instance.my_db./terraform import aws_db_instance.my_db my-rds-instance
(在使用 import 之前必须销毁旧实例。)
当我现在 运行 ./terraform plan 时,terraform 想要销毁并重新创建 RDS 数据库:
-/+ aws_db_instance.my_db (new resource required)
id: "my-rds-instance" => <computed> (forces new resource)
address: "my-rds-instance.path.rds.amazonaws.com" => <computed>
allocated_storage: "100" => "100"
allow_major_version_upgrade: "false" => "false"
apply_immediately: "false" => "false"
arn: "arn:aws:rds:eu-central-1:123456789123:db:my-rds-instance" => <computed>
auto_minor_version_upgrade: "false" => "false"
availability_zone: "eu-central-1b" => <computed>
backup_retention_period: "7" => "7"
backup_window: "09:46-10:16" => "09:46-10:16"
ca_cert_identifier: "rds-ca-2015" => <computed>
character_set_name: "" => <computed>
copy_tags_to_snapshot: "false" => "false"
db_subnet_group_name: "bintu-ct6" => "bintu-ct6"
endpoint: "my-rds-db-manually.path.rds.amazonaws.com:5432" => <computed>
engine: "postgres" => "postgres"
engine_version: "10.6" => "10.6"
final_snapshot_identifier: "" => "my-rds-DbFinal"
hosted_zone_id: "Z1RLNUO7B9Q6NB" => <computed>
identifier: "my-rds-db-manually" => "my-rds-db-manually"
identifier_prefix: "my-rds-db-" => <computed>
instance_class: "db.m5.large" => "db.m5.xlarge"
kms_key_id: "arn:aws:kms:eu-central-1:123456789123:key/d123d45d-b678-9123-a1e9-c456d40d7be7" => <computed>
license_model: "postgresql-license" => <computed>
maintenance_window: "wed:00:53-wed:01:23" => "mon:00:00-mon:03:00"
monitoring_interval: "60" => "60"
monitoring_role_arn: "arn:aws:iam::123456789123:role/myRdsMonitoring" => "arn:aws:iam::123456789123:role/myRdsMonitoring"
multi_az: "true" => "true"
name: "mydb" => "mydb"
option_group_name: "default:postgres-10" => <computed>
parameter_group_name: "rds-my-group" => "rds-my-group"
password: <sensitive> => <sensitive> (attribute changed)
port: "5432" => <computed>
publicly_accessible: "false" => "false"
replicas.#: "0" => <computed>
resource_id: "db-ABCDEFGHIJKLMNOPQRSTUVW12" => <computed>
skip_final_snapshot: "true" => "false"
status: "available" => <computed>
storage_encrypted: "true" => "false" (forces new resource)
storage_type: "gp2" => "gp2"
tags.%: "1" => "0"
tags.workload-type: "production" => ""
timezone: "" => <computed>
username: "user" => "user"
vpc_security_group_ids.#: "1" => "1"
vpc_security_group_ids.1234563899: "sg-011d2e33a4464eb65" => "sg-011d2e33a4464eb65"
我预计"import"命令会将手动创建的RDS实例添加到config/state文件中,因此无需重新部署新的RDS实例即可使用。
使用terraform plan/apply时如何防止导入的RDS实例被破坏?
资源配置如下:
resource "aws_db_instance" "my_db" {
#identifier = "my-rds-db-manually"
identifier_prefix = "${var.db_instance_identifier_prefix}"
vpc_security_group_ids = ["${aws_security_group.my_db.id}"]
allocated_storage = "${var.db_allocated_storage}"
storage_type = "gp2"
engine = "postgres"
engine_version = "10.6"
instance_class = "${var.db_instance_type}"
monitoring_interval = "60"
monitoring_role_arn = "${aws_iam_role.my_rds_monitoring.arn}"
name = "${var.bintu_db_name}"
username = "${var.DB_USER}"
password = "${var.DB_PASS}"
allow_major_version_upgrade = false
apply_immediately = false
auto_minor_version_upgrade = false
backup_window = "${var.db_backup_window}"
maintenance_window = "${var.db_maintenance_window}"
db_subnet_group_name = "${aws_db_subnet_group.my_db.name}"
final_snapshot_identifier = "${var.db_final_snapshot_identifier}"
parameter_group_name = "${aws_db_parameter_group.my_db.name}"
multi_az = true
backup_retention_period = 7
lifecycle {
prevent_destroy = false
}
}
注意设置了prevent_destroy = false,否则计划会失败
您可能已经注意到,您必须自己找出与导入资源匹配的代码。
提供的输出包含一项重要信息:
storage_encrypted: "true" => "false" (forces new resource)
这意味着您的代码想要使用 storage_encrypted = false 设置 RDS 实例,而 state/reality 将其设置为 true。在您的代码中更改此设置,您的计划将为 non-destructive.
我还没有检查过其余差异是否匹配。如果不是,它会告诉你哪些具体设置与当前状态相反。