Terraform 重新部署 EC2 实例
Terraform redeploys EC2 instance
我相信这很容易解决。我在 AWS 中使用 Terraform,部署 VPC、子网、安全组(这看起来像问题)以及单个 EC2 实例。
症状
当第一次使用 terraform apply 部署时,一切都按预期创建,但是,立即跟进另一个 terraform apply 或 terraform plan 表明需要对 EC2 实例进行更改重新部署 EC2 实例。基础 Terraform 代码没有变化。
根据 terraform plan 的报告重新部署 EC2 实例。
我不希望在 运行 额外的 terraform apply 命令时重新部署每个 EC2 实例。我不确定这是否可能,但我确定这是否简单,我只是在文档中遗漏了一些东西。
Terraform 文件
vpc.tf
# Create a VPC
resource "aws_vpc" "vpcSandbox" {
cidr_block = var.vpcSandboxCIDR
tags = {
Name = "vpcSandbox"
Terraform = "True"
}
}
# Create DHCP Options for VPC
resource "aws_vpc_dhcp_options" "dhcpOptSandbox" {
domain_name = var.searchDomain
domain_name_servers = ["208.67.220.220", "208.67.222.222"]
tags = {
Name = "dhcpOptSandbox"
Terraform = "True"
}
}
# Associated DHCP Options for VPC
resource "aws_vpc_dhcp_options_association" "dhcpOptAssocSandbox" {
vpc_id = aws_vpc.vpcSandbox.id
dhcp_options_id = aws_vpc_dhcp_options.dhcpOptSandbox.id
}
# Create all Subnets
resource "aws_subnet" "sub-sandbox1a" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1a"
cidr_block = "10.11.1.0/24"
tags = {
Terraform = "True"
}
}
resource "aws_subnet" "sub-sandbox1b" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1b"
cidr_block = "10.11.2.0/24"
tags = {
Terraform = "True"
}
}
resource "aws_subnet" "sub-sandbox1c" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1c"
cidr_block = "10.11.3.0/24"
tags = {
Terraform = "True"
}
}
resource "aws_subnet" "sub-sandbox1d" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1d"
cidr_block = "10.11.4.0/24"
tags = {
Terraform = "True"
}
}
resource "aws_subnet" "sub-sandbox1e" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1e"
cidr_block = "10.11.5.0/24"
tags = {
Terraform = "True"
}
}
resource "aws_subnet" "sub-sandbox1f" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1f"
cidr_block = "10.11.6.0/24"
tags = {
Terraform = "True"
}
}
# Create Internet Gateway for VPC
resource "aws_internet_gateway" "gwSandbox" {
vpc_id = aws_vpc.vpcSandbox.id
tags = {
Name = "gwSandbox"
Terraform = "True"
}
}
# Adding some routes to the sandbox VPC
resource "aws_route" "default-v4-sandbox" {
route_table_id = aws_vpc.vpcSandbox.default_route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gwSandbox.id
}
resource "aws_route" "default-v6-sandbox" {
route_table_id = aws_vpc.vpcSandbox.default_route_table_id
destination_ipv6_cidr_block = "::/0"
gateway_id = aws_internet_gateway.gwSandbox.id
}
securitygroup.tf
# Create security groups for test server
resource "aws_security_group" "sandbox" {
name = "sandbox"
description = "Allow SSH inbound traffic from Trusted Internet Addresses and all Outbound Traffic"
vpc_id = aws_vpc.vpcSandbox.id
tags = {
Name = "sandbox"
Terraform = "True"
}
}
resource "aws_security_group_rule" "workHQOfficeInbound" {
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = [var.workOfficeWAN]
security_group_id = aws_security_group.sandbox.id
}
resource "aws_security_group_rule" "tgs_office_inbound" {
type = "ingress"
from_port = 0
to_port = 65535
protocol = "-1"
cidr_blocks = [var.devOfficeWAN]
security_group_id = aws_security_group.sandbox.id
}
resource "aws_security_group_rule" "alloutbound" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
security_group_id = aws_security_group.sandbox.id
}
ec2.tf
## Adding a test server
# Create a new Keypair
resource "aws_key_pair" "deployer" {
key_name = "deployer-key"
public_key = var.certDeployerPub
tags = {
Name = "deployer"
Terraform = "True"
}
}
# Creating an interface for the test server
resource "aws_network_interface" "int-tc-amazlinux" {
subnet_id = aws_subnet.sub-sandbox1a.id
# private_ips = ["172.16.10.100"]
tags = {
Name = "int-tc-amazlinux"
Terraform = "True"
}
}
# Adding a test Server
resource "aws_instance" "tc-amazlinux01" {
ami = "ami-0e341fcaad89c3650"
instance_type = "t4g.small"
key_name = aws_key_pair.deployer.key_name
subnet_id = aws_subnet.sub-sandbox1a.id
associate_public_ip_address = "true"
security_groups = [
aws_security_group.sandbox.id
]
tags = {
Name = "tc-amazlinux01"
Terraform = "True"
}
}
输出
以下是 运行 的输出示例,一个 terraform apply 紧接着另一个 terraform plan,没有对 terraform 文件进行任何修改。
为了篇幅,它在这里:
https://pastebin.com/raw/2Ly0NmVr
这可能是因为您的安全组不正确。
所以应该是:
resource "aws_instance" "tc-amazlinux01" {
ami = "ami-0e341fcaad89c3650"
instance_type = "t4g.small"
key_name = aws_key_pair.deployer.key_name
subnet_id = aws_subnet.sub-sandbox1a.id
associate_public_ip_address = "true"
vpc_security_group_ids = [
aws_security_group.sandbox.id
]
tags = {
Name = "tc-amazlinux01"
Terraform = "True"
}
}
我相信这很容易解决。我在 AWS 中使用 Terraform,部署 VPC、子网、安全组(这看起来像问题)以及单个 EC2 实例。
症状
当第一次使用 terraform apply 部署时,一切都按预期创建,但是,立即跟进另一个 terraform apply 或 terraform plan 表明需要对 EC2 实例进行更改重新部署 EC2 实例。基础 Terraform 代码没有变化。
根据 terraform plan 的报告重新部署 EC2 实例。
我不希望在 运行 额外的 terraform apply 命令时重新部署每个 EC2 实例。我不确定这是否可能,但我确定这是否简单,我只是在文档中遗漏了一些东西。
Terraform 文件
vpc.tf
# Create a VPC
resource "aws_vpc" "vpcSandbox" {
cidr_block = var.vpcSandboxCIDR
tags = {
Name = "vpcSandbox"
Terraform = "True"
}
}
# Create DHCP Options for VPC
resource "aws_vpc_dhcp_options" "dhcpOptSandbox" {
domain_name = var.searchDomain
domain_name_servers = ["208.67.220.220", "208.67.222.222"]
tags = {
Name = "dhcpOptSandbox"
Terraform = "True"
}
}
# Associated DHCP Options for VPC
resource "aws_vpc_dhcp_options_association" "dhcpOptAssocSandbox" {
vpc_id = aws_vpc.vpcSandbox.id
dhcp_options_id = aws_vpc_dhcp_options.dhcpOptSandbox.id
}
# Create all Subnets
resource "aws_subnet" "sub-sandbox1a" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1a"
cidr_block = "10.11.1.0/24"
tags = {
Terraform = "True"
}
}
resource "aws_subnet" "sub-sandbox1b" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1b"
cidr_block = "10.11.2.0/24"
tags = {
Terraform = "True"
}
}
resource "aws_subnet" "sub-sandbox1c" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1c"
cidr_block = "10.11.3.0/24"
tags = {
Terraform = "True"
}
}
resource "aws_subnet" "sub-sandbox1d" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1d"
cidr_block = "10.11.4.0/24"
tags = {
Terraform = "True"
}
}
resource "aws_subnet" "sub-sandbox1e" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1e"
cidr_block = "10.11.5.0/24"
tags = {
Terraform = "True"
}
}
resource "aws_subnet" "sub-sandbox1f" {
vpc_id = aws_vpc.vpcSandbox.id
availability_zone = "us-east-1f"
cidr_block = "10.11.6.0/24"
tags = {
Terraform = "True"
}
}
# Create Internet Gateway for VPC
resource "aws_internet_gateway" "gwSandbox" {
vpc_id = aws_vpc.vpcSandbox.id
tags = {
Name = "gwSandbox"
Terraform = "True"
}
}
# Adding some routes to the sandbox VPC
resource "aws_route" "default-v4-sandbox" {
route_table_id = aws_vpc.vpcSandbox.default_route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gwSandbox.id
}
resource "aws_route" "default-v6-sandbox" {
route_table_id = aws_vpc.vpcSandbox.default_route_table_id
destination_ipv6_cidr_block = "::/0"
gateway_id = aws_internet_gateway.gwSandbox.id
}
securitygroup.tf
# Create security groups for test server
resource "aws_security_group" "sandbox" {
name = "sandbox"
description = "Allow SSH inbound traffic from Trusted Internet Addresses and all Outbound Traffic"
vpc_id = aws_vpc.vpcSandbox.id
tags = {
Name = "sandbox"
Terraform = "True"
}
}
resource "aws_security_group_rule" "workHQOfficeInbound" {
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = [var.workOfficeWAN]
security_group_id = aws_security_group.sandbox.id
}
resource "aws_security_group_rule" "tgs_office_inbound" {
type = "ingress"
from_port = 0
to_port = 65535
protocol = "-1"
cidr_blocks = [var.devOfficeWAN]
security_group_id = aws_security_group.sandbox.id
}
resource "aws_security_group_rule" "alloutbound" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
security_group_id = aws_security_group.sandbox.id
}
ec2.tf
## Adding a test server
# Create a new Keypair
resource "aws_key_pair" "deployer" {
key_name = "deployer-key"
public_key = var.certDeployerPub
tags = {
Name = "deployer"
Terraform = "True"
}
}
# Creating an interface for the test server
resource "aws_network_interface" "int-tc-amazlinux" {
subnet_id = aws_subnet.sub-sandbox1a.id
# private_ips = ["172.16.10.100"]
tags = {
Name = "int-tc-amazlinux"
Terraform = "True"
}
}
# Adding a test Server
resource "aws_instance" "tc-amazlinux01" {
ami = "ami-0e341fcaad89c3650"
instance_type = "t4g.small"
key_name = aws_key_pair.deployer.key_name
subnet_id = aws_subnet.sub-sandbox1a.id
associate_public_ip_address = "true"
security_groups = [
aws_security_group.sandbox.id
]
tags = {
Name = "tc-amazlinux01"
Terraform = "True"
}
}
输出
以下是 运行 的输出示例,一个 terraform apply 紧接着另一个 terraform plan,没有对 terraform 文件进行任何修改。
为了篇幅,它在这里: https://pastebin.com/raw/2Ly0NmVr
这可能是因为您的安全组不正确。
所以应该是:
resource "aws_instance" "tc-amazlinux01" {
ami = "ami-0e341fcaad89c3650"
instance_type = "t4g.small"
key_name = aws_key_pair.deployer.key_name
subnet_id = aws_subnet.sub-sandbox1a.id
associate_public_ip_address = "true"
vpc_security_group_ids = [
aws_security_group.sandbox.id
]
tags = {
Name = "tc-amazlinux01"
Terraform = "True"
}
}