不使用 Terraform 文件配置器将本地文件部署到实例 [英] Deploy local files to instances without using Terraform file provisioners

问题描述

作为向 StackOverflow 发帖的其他几个用户，我遇到了文件配置器的问题，Terraform 文档说我们不应该依赖它们.

As several other users who have posted to StackOverflow, I ran into problems with file provisioners, and the Terraform documentation says we should not rely on them.

解决文件供应商的最佳方法是什么 - 特别是对于本地配置文件和脚本?

What's the best way to work around file provisioners - specifically for local config files and scripts?

推荐答案

一种效果很好且不需要直接连接到实例的解决方案是使用 userdata 作为钩子来安装"来自文件的 base64 版本.

One solution, which works very well and does not require a direct connection to the instance, is to use the userdata as a hook to "install" the files from the base64 version of the file(s).

我们实际上可以将文件作为 base64 字符串嵌入到用户数据初始化脚本中.这适用于 AWS 中的 Windows 和 Linux 实例，并且还与在启动时运行用户数据脚本兼容.

We can actually embed the files as base64 strings in the userdata initialization scripts. This works for both Windows and Linux instances in AWS, and is compatible also with having a userdata script run on startup.

1. 在terraform plan期间，使用terraform函数将您需要的任何本地文件编码为base64字符串base64encode(file("path/to/file")).
2. (可选)在用户数据执行开始时保存标记文件(_INIT_STARTED_)；此文件将具有 userdata 执行开始时的创建时间戳.
3. 在运行 actual 用户数据脚本之前，将 base64 字符串写入文本文件.(实际命令在 windows 和 linux 之间有所不同，请参见下面的示例.)
4. 运行 userdata 脚本本身(userdata_win.bat 或 userdata_lin.sh)
5. (可选)最后，保存第二个标记文件 (_INIT_COMPLETE_)，其中包含 userdata 脚本完成时的创建时间戳.(缺少此文件也有助于在登录实例后检测脚本故障和/或仍在运行的脚本.)

1. During terraform plan, encode whatever local files you need as base64 strings using terraform functions base64encode(file("path/to/file")).
2. (Optional) Save a marker file (_INIT_STARTED_) at the start of userdata execution; this file will have the creation timestamp of when the userdata execution started.
3. Before running the actual userdata script, write the base64 strings to text files. (The actual command varies between windows and linux, see examples below.)
4. Run the userdata script itself (userdata_win.bat or userdata_lin.sh)
5. (Optional) Finally, save a second marker file (_INIT_COMPLETE_) which will have the creation timestamp of when the userdata script completed. (The absence of this file is also helpful to detect script failures and/or still-running scripts after logging into the instance.)

对于 AWS Linux 实例:

data "template_file" "userdata_lin" {
  template = <<EOF
#!/bin/bash
mkdir -p /home/ubuntu/setup-scripts
cd /home/ubuntu/setup-scripts
touch _INIT_STARTED_
echo ${base64encode(file("${path.module}/userdata_lin.sh"))} | base64 --decode > userdata.sh
echo ${base64encode(file("${path.module}/config.json"))} | base64 --decode > config.json
${file("${path.module}/userdata_lin.sh")}
sudo chmod 777 *
touch _INIT_COMPLETE_
EOF
}

# ...

resource "aws_instance" "my_linux_instance" {
  # ...
  user_data = data.template_file.userdata_lin.rendered
}

对于 AWS Windows 实例:

data "template_file" "userdata_win" {
  template = <<EOF
<script>
mkdir C:\Users\Administrator\setup-scripts
cd C:\Users\Administrator\setup-scripts
echo "" > _INIT_STARTED_
echo ${base64encode(file("${path.module}/userdata_win.bat"))} > tmp1.b64 && certutil -decode tmp1.b64 userdata.bat
echo ${base64encode(file("${path.module}/config.json"))} > tmp2.b64 && certutil -decode tmp2.b64 config.json
${file("${path.module}/userdata_win.bat")}
echo "" > _INIT_COMPLETE_
</script>
<persist>false</persist>
EOF
}

# ...

resource "aws_instance" "my_windows_instance" {
  # ...
  user_data = data.template_file.userdata_win.rendered
}

这篇关于不使用 Terraform 文件配置器将本地文件部署到实例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！