捕获 Terraform 供应商输出? [英] Capture Terraform provisioner output?
问题描述
用例
尝试配置一个(Docker Swarm 或 Consul)集群,其中初始化集群首先发生在一个节点上,这会生成一些令牌,然后需要由加入集群的其他节点使用.关键是节点 1 和 2 在节点 0 生成加入密钥之前不应尝试加入集群.
Trying to provision a (Docker Swarm or Consul) cluster where initializing the cluster first occurs on one node, which generates some token, which then needs to be used by other nodes joining the cluster. Key thing being that nodes 1 and 2 shouldn't attempt to join the cluster until the join key has been generated by node 0.
例如.在节点 0 上,运行 docker swarm init ... 将返回一个 join token.然后在节点 1 和 2 上,您需要将该令牌传递给相同的命令,例如 docker swarm init ${JOIN_TOKEN} ${NODE_0_IP_ADDRESS}:{SOME_PORT}.还有魔法,你有一个整洁的小集群......
Eg. on node 0, running docker swarm init ... will return a join token. Then on nodes 1 and 2, you'd need to pass that token to the same command, like docker swarm init ${JOIN_TOKEN} ${NODE_0_IP_ADDRESS}:{SOME_PORT}. And magic, you've got a neat little cluster...
目前的尝试
尝试初始化安装了 AWS 开发工具包的所有节点,并将节点 0 的连接密钥存储在 S3 上,然后在其他节点上获取该连接密钥.这是通过带有remote-exec"供应商的 null_resource 完成的.由于 Terraform 并行执行事物的方式,存在一些竞争类型的条件,并且可以预见,节点 1 和 2 经常尝试从 S3 获取尚未存在的密钥(例如,节点 0 尚未完成其工作).
Tried initializing all nodes with the AWS SDK installed, and storing the join key from node 0 on S3, then fetching that join key on other nodes. This is done via a null_resource with 'remote-exec' provisioners. Due to the way Terraform executes things in parallel, there are racy type conditions and predictably nodes 1 and 2 frequently attempt to fetch a key from S3 thats not there yet (eg. node 0 hasn't finished its stuff yet).
尝试使用local-exec"配置程序通过 SSH 连接到节点 0 并捕获其连接密钥输出.这效果不好,或者我做的很烂.
Tried using the 'local-exec' provisioner to SSH into node 0 and capture its join key output. This hasn't worked well or I sucked at doing it.
我已阅读文档.和堆栈溢出.以及 Github 问题,例如 这个长期杰出的问题.彻底.如果这已在其他地方得到解决,链接表示赞赏!
I've read the docs. And stack overflow. And Github issues, like this really long outstanding one. Thoroughly. If this has been solved elsewhere though, links appreciated!
PS - 这与 this question 直接相关并且是其较小的子集,但想重新询问它以集中问题的范围.
PS - this is directly related to and is a smaller subset of this question, but wanted to re-ask it in order to focus the scope of the problem.
推荐答案
当我问自己同样的问题时,我可以使用配置器的输出来输入另一个资源的变量吗?",我去源头寻求答案.
When I asked myself the same question, "Can I use output from a provisioner to feed into another resource's variables?", I went to the source for answers.
此时,provisioner 结果只是流式传输到 terraform 的标准输出,从未被捕获.
At this moment in time, provisioner results are simply streamed to terraform's standard out and never captured.
鉴于您在两个节点上都运行远程配置程序,并且您正在尝试从 S3 访问值 - 顺便说一下,我同意这种方法,我也会这样做 - 您可能需要做的是处理竞争条件在您的脚本中使用 sleep 命令,或通过调度脚本稍后使用 at 或 cron 或类似调度系统运行.
Given that you are running remote provisioners on both nodes, and you are trying to access values from S3 - I agree with this approach by the way, I would do the same - what you probably need to do is handle the race condition in your script with a sleep command, or by scheduling a script to run later with the at or cron or similar scheduling systems.
一般来说,Terraform 想要预先访问所有变量,或者作为提供者的结果.在 Terraform 中,Provisioner 不一定被视为一流的.我不在核心团队,所以我不能说为什么,但我的猜测是,除了成功或失败之外,忽略配置器结果会降低复杂性,因为配置器只是脚本,因此它们的结果通常是非结构化的.
In general, Terraform wants to access all variables either up front, or as the result of a provider. Provisioners are not necessarily treated as first-class in Terraform. I'm not on the core team so I can't say why, but my speculation is that it reduces complexity to ignore provisioner results beyond success or failure, since provisioners are just scripts so their results are generally unstructured.
如果您需要更多增强的功能来设置您的实例,我建议为此使用专用工具,例如 Ansible、Chef、Puppet 等.Terraform 真正关注的是基础架构,而不是软件组件.
If you need more enhanced capabilities for setting up your instances, I suggest a dedicated tool for that purpose like Ansible, Chef, Puppet, etc. Terraform's focus is really on Infrastructure, rather than software components.
这篇关于捕获 Terraform 供应商输出?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
