Terraform条件置备 [英] Terraform conditional provisioning
问题描述
我对Terraform设置有问题.第一次运行terraform时,我使用的是AWS控制台中生成的SSH密钥.该密钥将添加到 ubuntu 用户(它是Ubuntu 16.04 AMI).然后,我运行 remote-exec 设置:
I have an issue with Terraform provisioning. When I run terraform first time I am using SSH key generated in AWS console. This key is being added to ubuntu user (it's Ubuntu 16.04 AMI). Then I run remote-exec provisioning:
provisioner "remote-exec" {
inline = [
"sudo apt -y update && sudo apt install -y python"
]
connection {
user = "ubuntu"
private_key = "${file("${var.aws_default_key_name}.pem")}"
}
}
我需要安装python,以便以后可以使用Ansible.那是我唯一需要此密钥的地方,因为我用我的私钥创建了自己的用户.但是,当我稍后尝试运行terraform时,它将搜索文件 file("$ {var.aws_default_key_name} .pem" .现在我有一个问题,如何在以后的运行中跳过此设置?
I need python being installed so I can use Ansible later. That's the only place where I need this key, never more, because I create my own user with my private key. However, when I try to run terraform later it searches for a file file("${var.aws_default_key_name}.pem".
Now I have a question how to skip this provisioning on subsequent runs?
我不想在存储库中存储SSH密钥.
I don't want to store SSH key in the repository.
我可以创建一个空文件来欺骗"地形,但是我不喜欢这种解决方案.
I could create an empty file to "trick" terraform, but I don't like this solution.
还有更好的主意吗?
推荐答案
与其在 aws_instance 块中进行配置,不如将其移至
Instead of doing provisioning in the aws_instance block, move it out to a null_resource block, with appropriate triggers.
resource "aws_instance" "cluster" {
count = 3
# ...
}
resource "null_resource" "cluster" {
# Changes to any instance of the cluster requires re-provisioning
triggers {
cluster_instance_ids = "${join(",", aws_instance.cluster.*.id)}"
}
connection {
host = "${element(aws_instance.cluster.*.public_ip, 0)}"
}
provisioner "remote-exec" {
inline = [something]
}
}
如果您的触发器未更改,则在随后的运行中不会触发null_resource设置.
If your triggers do not change the null_resource provisioning will not be triggered on subsequent runs.
这篇关于Terraform条件置备的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
