Terraform 条件供应 [英] Terraform conditional provisioning
问题描述
我对 Terraform 配置有疑问.当我第一次运行 terraform 时,我使用的是在 AWS 控制台中生成的 SSH 密钥.此密钥正在添加到 ubuntu 用户(它是 Ubuntu 16.04 AMI).然后我运行 remote-exec 配置:
I have an issue with Terraform provisioning. When I run terraform first time I am using SSH key generated in AWS console. This key is being added to ubuntu user (it's Ubuntu 16.04 AMI). Then I run remote-exec provisioning:
provisioner "remote-exec" {
inline = [
"sudo apt -y update && sudo apt install -y python"
]
connection {
user = "ubuntu"
private_key = "${file("${var.aws_default_key_name}.pem")}"
}
}
我需要安装 python,以便以后可以使用 Ansible.那是我唯一需要这个密钥的地方,再也没有,因为我用我的私钥创建了我自己的用户.但是,当我稍后尝试运行 terraform 时,它会搜索文件 file("${var.aws_default_key_name}.pem".现在我有一个问题,如何在后续运行中跳过此配置?
I need python being installed so I can use Ansible later. That's the only place where I need this key, never more, because I create my own user with my private key. However, when I try to run terraform later it searches for a file file("${var.aws_default_key_name}.pem".
Now I have a question how to skip this provisioning on subsequent runs?
我不想将 SSH 密钥存储在存储库中.
I don't want to store SSH key in the repository.
我可以创建一个空文件来欺骗"terraform,但我不喜欢这个解决方案.
I could create an empty file to "trick" terraform, but I don't like this solution.
有更好的想法吗?
推荐答案
不要在 aws_instance 块中进行配置,而是将其移到 null_resource 块,带有适当的触发器.
Instead of doing provisioning in the aws_instance block, move it out to a null_resource block, with appropriate triggers.
resource "aws_instance" "cluster" {
count = 3
# ...
}
resource "null_resource" "cluster" {
# Changes to any instance of the cluster requires re-provisioning
triggers {
cluster_instance_ids = "${join(",", aws_instance.cluster.*.id)}"
}
connection {
host = "${element(aws_instance.cluster.*.public_ip, 0)}"
}
provisioner "remote-exec" {
inline = [something]
}
}
如果您的触发器不更改 null_resource 配置,则不会在后续运行中触发.
If your triggers do not change the null_resource provisioning will not be triggered on subsequent runs.
这篇关于Terraform 条件供应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
