GCP Cloud SQL 未能删除实例,因为“deletion_protection”设置为 true
GCP Cloud SQL failed to delete instance because `deletion_protection` is set to true
我有一个用于配置云 SQL 实例的 tf 脚本,以及几个数据库和一个管理员用户。我已经重命名了实例,因此创建了一个新实例,但 terraform 在删除旧实例时遇到了问题。
Error: Error, failed to delete instance because deletion_protection is set to true. Set it to false to proceed with instance deletion
我曾尝试将 deletion_protection 设置为 false,但我总是遇到同样的错误。有没有办法检查哪些资源需要将 deletion_protection 设置为 false 才能删除?
我只将它添加到 google_sql_database_instance 资源中。
我的 tf 脚本:
// Provision the Cloud SQL Instance
resource "google_sql_database_instance" "instance-master" {
name = "instance-db-${random_id.random_suffix_id.hex}"
region = var.region
database_version = "POSTGRES_12"
project = var.project_id
settings {
availability_type = "REGIONAL"
tier = "db-f1-micro"
activation_policy = "ALWAYS"
disk_type = "PD_SSD"
ip_configuration {
ipv4_enabled = var.is_public ? true : false
private_network = var.network_self_link
require_ssl = true
dynamic "authorized_networks" {
for_each = toset(var.is_public ? [1] : [])
content {
name = "Public Internet"
value = "0.0.0.0/0"
}
}
}
backup_configuration {
enabled = true
}
maintenance_window {
day = 2
hour = 4
update_track = "stable"
}
dynamic "database_flags" {
iterator = flag
for_each = var.database_flags
content {
name = flag.key
value = flag.value
}
}
user_labels = var.default_labels
}
deletion_protection = false
depends_on = [google_service_networking_connection.cloudsql-peering-connection, google_project_service.enable-sqladmin-api]
}
// Provision the databases
resource "google_sql_database" "db" {
name = "orders-placement"
instance = google_sql_database_instance.instance-master.name
project = var.project_id
}
// Provision a super user
resource "google_sql_user" "admin-user" {
name = "admin-user"
instance = google_sql_database_instance.instance-master.name
password = random_password.user-password.result
project = var.project_id
}
// Get latest CA certificate
locals {
furthest_expiration_time = reverse(sort([for k, v in google_sql_database_instance.instance-master.server_ca_cert : v.expiration_time]))[0]
latest_ca_cert = [for v in google_sql_database_instance.instance-master.server_ca_cert : v.cert if v.expiration_time == local.furthest_expiration_time]
}
// Get SSL certificate
resource "google_sql_ssl_cert" "client_cert" {
common_name = "instance-master-client"
instance = google_sql_database_instance.instance-master.name
}
如果在创建数据库实例后google_sql_database_instance添加了deletion_protection,则需要在运行之前运行terraform apply[=13] =] 以便 deletion_protection 在数据库实例上设置为 false。
您的代码似乎要重新创建此 sql 实例。但是您当前的 tfstate 文件包含一个实例代码,其中 true 值为 deletion_protection 参数。在这种情况下,您需要首先在 tfstate 文件中手动将此参数的值更改为 false,或者通过在代码中添加 deletion_protection = true 然后使用 运行 terraform apply 命令(当心:您的代码不应该重新创建实例)。在这个操作之后,你可以用你的 SQL 实例做任何事情
您将必须设置 deletion_protection=false,应用它然后继续删除。
根据文档
On newer versions of the provider, you must explicitly set deletion_protection=false (and run terraform apply to write the field to state) in order to destroy an instance. It is recommended to not set this field (or set it to true) until you're ready to destroy the instance and its databases.
不建议直接/手动编辑 Terraform 状态文件
我有一个用于配置云 SQL 实例的 tf 脚本,以及几个数据库和一个管理员用户。我已经重命名了实例,因此创建了一个新实例,但 terraform 在删除旧实例时遇到了问题。
Error: Error, failed to delete instance because deletion_protection is set to true. Set it to false to proceed with instance deletion
我曾尝试将 deletion_protection 设置为 false,但我总是遇到同样的错误。有没有办法检查哪些资源需要将 deletion_protection 设置为 false 才能删除?
我只将它添加到 google_sql_database_instance 资源中。
我的 tf 脚本:
// Provision the Cloud SQL Instance
resource "google_sql_database_instance" "instance-master" {
name = "instance-db-${random_id.random_suffix_id.hex}"
region = var.region
database_version = "POSTGRES_12"
project = var.project_id
settings {
availability_type = "REGIONAL"
tier = "db-f1-micro"
activation_policy = "ALWAYS"
disk_type = "PD_SSD"
ip_configuration {
ipv4_enabled = var.is_public ? true : false
private_network = var.network_self_link
require_ssl = true
dynamic "authorized_networks" {
for_each = toset(var.is_public ? [1] : [])
content {
name = "Public Internet"
value = "0.0.0.0/0"
}
}
}
backup_configuration {
enabled = true
}
maintenance_window {
day = 2
hour = 4
update_track = "stable"
}
dynamic "database_flags" {
iterator = flag
for_each = var.database_flags
content {
name = flag.key
value = flag.value
}
}
user_labels = var.default_labels
}
deletion_protection = false
depends_on = [google_service_networking_connection.cloudsql-peering-connection, google_project_service.enable-sqladmin-api]
}
// Provision the databases
resource "google_sql_database" "db" {
name = "orders-placement"
instance = google_sql_database_instance.instance-master.name
project = var.project_id
}
// Provision a super user
resource "google_sql_user" "admin-user" {
name = "admin-user"
instance = google_sql_database_instance.instance-master.name
password = random_password.user-password.result
project = var.project_id
}
// Get latest CA certificate
locals {
furthest_expiration_time = reverse(sort([for k, v in google_sql_database_instance.instance-master.server_ca_cert : v.expiration_time]))[0]
latest_ca_cert = [for v in google_sql_database_instance.instance-master.server_ca_cert : v.cert if v.expiration_time == local.furthest_expiration_time]
}
// Get SSL certificate
resource "google_sql_ssl_cert" "client_cert" {
common_name = "instance-master-client"
instance = google_sql_database_instance.instance-master.name
}
如果在创建数据库实例后google_sql_database_instance添加了deletion_protection,则需要在运行之前运行terraform apply[=13] =] 以便 deletion_protection 在数据库实例上设置为 false。
您的代码似乎要重新创建此 sql 实例。但是您当前的 tfstate 文件包含一个实例代码,其中 true 值为 deletion_protection 参数。在这种情况下,您需要首先在 tfstate 文件中手动将此参数的值更改为 false,或者通过在代码中添加 deletion_protection = true 然后使用 运行 terraform apply 命令(当心:您的代码不应该重新创建实例)。在这个操作之后,你可以用你的 SQL 实例做任何事情
您将必须设置 deletion_protection=false,应用它然后继续删除。
根据文档
On newer versions of the provider, you must explicitly set deletion_protection=false (and run terraform apply to write the field to state) in order to destroy an instance. It is recommended to not set this field (or set it to true) until you're ready to destroy the instance and its databases.
不建议直接/手动编辑 Terraform 状态文件