Terraci销毁在CircleCI中失败 [英] Terraform destroy fails in CircleCI
问题描述
我目前正在使用CircleCI作为CI工具来使用Terraform构建AWS基础设施
I am currently using CircleCI as my CI tool to build AWS infrastructure using Terraform
我的流程是
- 使用Terraform创建一个AWS实例
- 安装Docker并在其上运行Nginx映像
- 销毁基础架构
我的CircleCI配置如下,
My CircleCI config is as follows,
version: 2
jobs:
terraform_apply:
working_directory: ~/tmp
docker:
- image: hashicorp/terraform:light
- image: ubuntu:16.04
steps:
- checkout
- run:
name: terraform apply
command: |
terraform init
terraform apply -auto-approve
- store_artifacts:
path: terraform.tfstate
terraform_destroy:
working_directory: ~/tmp
docker:
- image: hashicorp/terraform:light
- image: ubuntu:16.04
steps:
- checkout
- run:
name: terraform destroy
command: |
terraform init
terraform destroy -auto-approve
workflows:
version: 2
terraform:
jobs:
- terraform_apply
- click_here_to_delete:
type: approval
requires:
- terraform_apply
- terraform_destroy:
requires:
- click_here_to_delete
在CircleCI工作流程中,我正在使用2个工作,一个用于创建,一个用于删除。
Here I am using 2 jobs, One for the creation and one for Deletion in CircleCI workflow.
我的第一份工作正在成功运行,但是当我第二份开始时,它是从头开始的,因此我无法获得以前的 terraform应用状态,因此terraform无法破坏我已经创建的基础架构。
My first job is running successfully but when I started second it start from scratch so I could not get previous terraform apply state hence terraform could not destroy my already created infrastructure.
我正在寻找一种解决方案,可以以某种方式保存状态文件并将其复制到下一个作业中,terraform可以破坏我以前的体系结构
I am looking for some solution where I can somehow save state file and copy it to next job where terraform can destroy my previous architecture
推荐答案
您应该使用远程状态。
本地状态仅当您始终在同一台计算机上运行并且不关心意外删除某些内容等情况时丢失状态文件时才有用。
Local state is only ever useful if you are always running from the same machine and don't care about loss of your state file if you accidentally delete something etc.
您可以混合使用匹配任何可用的状态后端,但是当您使用AWS时,使用 S3后端。
You can mix and match any of the available state backends but as you're using AWS already it probably makes most sense to use the S3 backend.
您将需要为每个位置定义状态配置,可以完全通过命令将其完全硬编码到config中
You will need to define the state configuration for each location which can be done entirely hardcoded in config, entirely by command line flags or partially with both.
作为示例,您应该在要在其中运行Terraform的每个目录中都有类似此块的内容:
As an example you should have something like this block in each of the directories you would run Terraform in:
terraform {
backend "s3" {}
}
然后您可以在 terrain init
You could then finish configuring this during terraform init
:
terraform init -backend-config="bucket=uniquely-named-terraform-state-bucket" \
-backend-config="key=state-key/terraform.tfstate"
一旦您运行了 terraform init
,Terraform将从S3获取状态任何计划。然后在 terraform apply
或 terraform destroy
上,它将根据需要更新状态文件。
Once you have ran terraform init
, Terraform will fetch the state from S3 for any plans. Then on a terraform apply
or terraform destroy
it will update the state file as necessary.
这将使您可以轻松地在同事之间以及CI / CD机器之间共享状态。您还应该考虑使用DynamoDB调查状态锁定,以防止状态被破坏由多个人同时修改状态。同样,您还应该考虑在用于存储状态的S3存储桶上启用版本控制,以便在遇到任何问题时始终可以返回到状态的早期版本。
This will then allow you to share the state easily among colleagues and also CI/CD machines. You should also consider looking into state locking using DynamoDB to prevent state from being corrupted by multiple people modifying state at the same time. Equally you should also consider enabling versioning on the S3 bucket used for storing your state so you can always get back to an earlier version of the state in the event of any issues.
这篇关于Terraci销毁在CircleCI中失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!