terraform刷新实际上有什么作用? [英] What does terraform refresh really do?

问题描述

使用Terraform在AWS中部署相当大的基础架构时，我们的远程tfstate被损坏并被删除.

从文档中，我收集到terraform refresh应该查询AWS以获取基础架构的真实状态并一致地更新tfstate，但这不会发生:我的tfstate未被修改，plan + apply给出了很多错误.

terraform refresh的真正作用是什么?

解决方案

terraform refresh 尝试查找状态文件中保留的任何资源，并更新自上次运行以来Terraform外部提供程序中发生的任何漂移.

例如，假设您的状态文件包含3个EC2实例，实例ID为i-abc123，i-abc124，i-abc125，然后在Terraform之外删除i-abc124.在运行terraform refresh之后，plan将表明它需要创建第二个实例，而销毁计划将表明它只需要销毁第一个和第三个实例(而不是销毁丢失的第二个实例)./p>

Terraform做出了一个非常具体的决定，即不干扰Terraform不管理的事物.这意味着，如果资源不存在于其状态文件中，则它绝对不会以任何方式接触它.这使您可以与其他工具一起运行Terraform并在AWS控制台中进行手动更改.这还意味着您只需提供不同的状态文件即可使用，即可在不同的上下文中运行Terraform，从而可以将基础结构拆分为多个状态文件，从而避免灾难性的状态文件损坏.

为了使自己摆脱当前的困境，建议您使用 terraform import 将内容放回您的状态文件中，或者在可能的情况下，手动销毁Terraform之外的所有内容并从头开始.

将来，我建议您既拆分状态文件以应用更精细的上下文，又建议将远程状态存储在启用版本控制的S3存储桶中.您也可以使用 Terragrunt 之类的工具来锁定状态文件，以帮助避免损坏或等待本机状态文件锁定在即将发布的0.9版本的Terraform中.

While using terraform to deploy a fairly large infrastructure in AWS, our remote tfstate got corrupted and was deleted.

From the documentation, I gather that terraform refresh should query AWS to get the real state of the infrastructure and update the tfstate accordigly, but that does not happen: my tfstate is untouched and plan + apply give a lot of Already existing errors.

What does terraform refresh really do?

解决方案

terraform refresh attempts to find any resources held in the state file and update with any drift that has happened in the provider outside of Terraform since it was last ran.

For example, lets say your state file contains 3 EC2 instances with instance ids of i-abc123, i-abc124, i-abc125 and then you delete i-abc124 outside of Terraform. After running terraform refresh, a plan would show that it needs to create the second instance while a destroy plan would show that it only needs to destroy the first and third instances (and not fail to destroy the missing second instance).

Terraform makes a very specific decision to not interfere with things that aren't being managed by Terraform. That means if the resource doesn't exist in its state file then it absolutely will not touch it in any way. This enables you to run Terraform alongside other tools as well as making manual changes in the AWS console. It also means that you can run Terraform in different contexts simply by providing a different state file to use, allowing you to split your infrastructure up into multiple state files and save yourself from catastrophic state file corruption.

To get yourself out of your current hole I suggest you use terraform import liberally to get things back into your state file or, if possible, manually destroy everything outside of Terraform and start from scratch.

In future I would suggest both splitting out state files to apply for more granular contexts and also to store your remote state in an S3 bucket with versioning enabled. You could also look towards tools like Terragrunt to lock your state file to help avoid corruption or wait for the native state file locking in the upcoming 0.9 release of Terraform.

这篇关于terraform刷新实际上有什么作用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！