使用预安装的 Terraform 插件，而不是使用 terraform init 下载它们 [英] Use pre-installed Terraform plugins instead of downloading them with terraform init

问题描述

在运行 terraform init 时使用 Terraform 0.11.3 我们收到以下错误:

While running terraform init when using Terraform 0.11.3 we are getting the following error:

正在初始化提供程序插件...- 在 https://releases.hashicorp.com...

Initializing provider plugins... - Checking for available provider plugins on https://releases.hashicorp.com...

安装提供程序模板"时出错:获取https://releases.hashicorp.com/terraform-provider-template/:阅读tcp172.25.77.25:53742->151.101.13.183:443:读取:对等方重置连接.

Error installing provider "template": Get https://releases.hashicorp.com/terraform-provider-template/: read tcp 172.25.77.25:53742->151.101.13.183:443: read: connection reset by peer.

Terraform 自动分析配置和状态下载使用的提供程序的插件.然而，当试图下载此插件时发生意外错误.

Terraform analyses the configuration and state and automatically downloads plugins for the providers used. However, when attempting to download this plugin an unexpected error occured.

这可能是由于某种原因 Terraform 无法到达插件库.如果可以访问，则存储库可能无法访问被防火墙阻止.

This may be caused if for some reason Terraform is unable to reach the plugin repository. The repository may be unreachable if access is blocked by a firewall.

如果在您的系统中无法或不希望自动安装环境，您也可以手动安装插件下载合适的分发包并放置插件的以下目录中的可执行文件:terraform.d/plugins/linux_amd64

If automatic installation is not possible or desirable in your environment, you may alternatively manually install plugins by downloading a suitable distribution package and placing the plugin's executable file in the following directory: terraform.d/plugins/linux_amd64

我意识到这是因为 https://releases.hashicorp.com 域的连接问题.由于一些明显的原因，我们将不得不调整这个连接问题，因为在控制服务器和 Hashicorp 的服务器之间存在一些 SSL 和防火墙问题.

I realized it's because of connectivity issues with https://releases.hashicorp.com domain. For some obvious reasons, we will have to adjust with this connectivity issue as there are some SSL and firewall issues between the control server and Hashicorp's servers.

有什么方法可以绕过这个问题，从 Hashicorp 的服务器下载插件并将它们复制到控制服务器上?或者任何其他替代方法来避免尝试从 Hashicorp 的服务器下载内容?

Is there any way we could bypass this by downloading the plugins from Hashicorp's servers and copying them onto the control server? Or any other alternative to avoid trying to download things from Hashicorp's servers?

推荐答案

您可以通过将插件放在与 terraform 二进制文件相同的目录中或通过设置 -plugin-dir 标志.

You can use pre-installed plugins by either putting the plugins in the same directory as the terraform binary or by setting the -plugin-dir flag.

还可以使用 terraform-b​​undle 工具.

It's also possible to build a bundle of every provider you need automatically using the terraform-bundle tool.

我在 Docker 容器中的 CI 管道中运行 Terraform，所以有一个看起来像这样的 Dockerfile:

I run Terraform in our CI pipeline in a Docker container so have a Dockerfile that looks something like this:

FROM golang:alpine AS terraform-bundler-build

RUN apk --no-cache add git unzip && 
    go get -d -v github.com/hashicorp/terraform && 
    go install ./src/github.com/hashicorp/terraform/tools/terraform-bundle

COPY terraform-bundle.hcl .

RUN terraform-bundle package terraform-bundle.hcl && 
    mkdir -p terraform-bundle && 
    unzip -d terraform-bundle terraform_*.zip

####################

FROM python:alpine

RUN apk add --no-cache git make && 
    pip install awscli

COPY --from=terraform-bundler-build /go/terraform-bundle/* /usr/local/bin/

请注意，完成的容器映像还添加了 git、make 和 AWS CLI，因为我还需要在使用此容器的 CI 作业中使用这些工具.

Note that the finished container image also adds git, make and the AWS CLI as I also require those tools in the CI jobs that uses this container.

terraform-b​​undle.hcl 然后看起来像这样(取自 terraform-b​​undle README):

The terraform-bundle.hcl then looks something like this (taken from the terraform-bundle README):

terraform {
  # Version of Terraform to include in the bundle. An exact version number
  # is required.
  version = "0.10.0"
}

# Define which provider plugins are to be included
providers {
  # Include the newest "aws" provider version in the 1.0 series.
  aws = ["~> 1.0"]

  # Include both the newest 1.0 and 2.0 versions of the "google" provider.
  # Each item in these lists allows a distinct version to be added. If the
  # two expressions match different versions then _both_ are included in
  # the bundle archive.
  google = ["~> 1.0", "~> 2.0"]

  # Include a custom plugin to the bundle. Will search for the plugin in the 
  # plugins directory, and package it with the bundle archive. Plugin must have
  # a name of the form: terraform-provider-*, and must be build with the operating
  # system and architecture that terraform enterprise is running, e.g. linux and amd64
  customplugin = ["0.1"]
}

这篇关于使用预安装的 Terraform 插件，而不是使用 terraform init 下载它们的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！