Terraform 计划要销毁导入的 RDS 资源 [英] Terraform plan wants to destroy imported RDS resource
问题描述
我使用以下命令将之前部署的 RDS 实例替换为手动配置的 RDS 实例:
I used the following commands to replace a previously deployed RDS instance with a manually configured RDS instance:
./terraform destroy -target aws_db_instance.my_db./terraform import aws_db_instance.my_db my-rds-instance
(在我可以使用 import 之前必须销毁旧实例.)
(Had to destroy the old instance before I could use import.)
当我现在运行 ./terraform plan 时,terraform 想要销毁并重新创建 RDS db:
When I now run ./terraform plan, terraform wants to destroy and re-create the RDS db:
-/+ aws_db_instance.my_db (new resource required)
id: "my-rds-instance" => <computed> (forces new resource)
address: "my-rds-instance.path.rds.amazonaws.com" => <computed>
allocated_storage: "100" => "100"
allow_major_version_upgrade: "false" => "false"
apply_immediately: "false" => "false"
arn: "arn:aws:rds:eu-central-1:123456789123:db:my-rds-instance" => <computed>
auto_minor_version_upgrade: "false" => "false"
availability_zone: "eu-central-1b" => <computed>
backup_retention_period: "7" => "7"
backup_window: "09:46-10:16" => "09:46-10:16"
ca_cert_identifier: "rds-ca-2015" => <computed>
character_set_name: "" => <computed>
copy_tags_to_snapshot: "false" => "false"
db_subnet_group_name: "bintu-ct6" => "bintu-ct6"
endpoint: "my-rds-db-manually.path.rds.amazonaws.com:5432" => <computed>
engine: "postgres" => "postgres"
engine_version: "10.6" => "10.6"
final_snapshot_identifier: "" => "my-rds-DbFinal"
hosted_zone_id: "Z1RLNUO7B9Q6NB" => <computed>
identifier: "my-rds-db-manually" => "my-rds-db-manually"
identifier_prefix: "my-rds-db-" => <computed>
instance_class: "db.m5.large" => "db.m5.xlarge"
kms_key_id: "arn:aws:kms:eu-central-1:123456789123:key/d123d45d-b678-9123-a1e9-c456d40d7be7" => <computed>
license_model: "postgresql-license" => <computed>
maintenance_window: "wed:00:53-wed:01:23" => "mon:00:00-mon:03:00"
monitoring_interval: "60" => "60"
monitoring_role_arn: "arn:aws:iam::123456789123:role/myRdsMonitoring" => "arn:aws:iam::123456789123:role/myRdsMonitoring"
multi_az: "true" => "true"
name: "mydb" => "mydb"
option_group_name: "default:postgres-10" => <computed>
parameter_group_name: "rds-my-group" => "rds-my-group"
password: <sensitive> => <sensitive> (attribute changed)
port: "5432" => <computed>
publicly_accessible: "false" => "false"
replicas.#: "0" => <computed>
resource_id: "db-ABCDEFGHIJKLMNOPQRSTUVW12" => <computed>
skip_final_snapshot: "true" => "false"
status: "available" => <computed>
storage_encrypted: "true" => "false" (forces new resource)
storage_type: "gp2" => "gp2"
tags.%: "1" => "0"
tags.workload-type: "production" => ""
timezone: "" => <computed>
username: "user" => "user"
vpc_security_group_ids.#: "1" => "1"
vpc_security_group_ids.1234563899: "sg-011d2e33a4464eb65" => "sg-011d2e33a4464eb65"
我预计import"命令会将手动创建的 RDS 实例添加到 config/state 文件中,因此无需重新部署新的 RDS 实例即可使用它.使用terraform plan/apply时如何防止损坏导入的RDS实例?
I expected that the "import" command would add the manually created RDS instance to the config/state file, so it can be used without re-deploying a new RDS instance.
How can I prevent the destruction of the imported RDS instance when using terraform plan/apply?
这里是资源配置:
resource "aws_db_instance" "my_db" {
#identifier = "my-rds-db-manually"
identifier_prefix = "${var.db_instance_identifier_prefix}"
vpc_security_group_ids = ["${aws_security_group.my_db.id}"]
allocated_storage = "${var.db_allocated_storage}"
storage_type = "gp2"
engine = "postgres"
engine_version = "10.6"
instance_class = "${var.db_instance_type}"
monitoring_interval = "60"
monitoring_role_arn = "${aws_iam_role.my_rds_monitoring.arn}"
name = "${var.bintu_db_name}"
username = "${var.DB_USER}"
password = "${var.DB_PASS}"
allow_major_version_upgrade = false
apply_immediately = false
auto_minor_version_upgrade = false
backup_window = "${var.db_backup_window}"
maintenance_window = "${var.db_maintenance_window}"
db_subnet_group_name = "${aws_db_subnet_group.my_db.name}"
final_snapshot_identifier = "${var.db_final_snapshot_identifier}"
parameter_group_name = "${aws_db_parameter_group.my_db.name}"
multi_az = true
backup_retention_period = 7
lifecycle {
prevent_destroy = false
}
}
注意设置了prevent_destroy = false,否则计划失败.
Notice that prevent_destroy = false is set, otherwise the plan will fail.
推荐答案
你可能注意到了,你必须自己找出匹配导入资源的代码.
As you probably noticed, you have to figure out the code that matches the imported resource yourself.
提供的输出包含一个重要信息:
The provided output contains one important information:
storage_encrypted: "true" => "false" (forces new resource)
这意味着您的代码想要使用 storage_encrypted = false 设置 RDS 实例,而 state/reality 已将其设置为 true.在您的代码中更改它,您的计划将是非破坏性的.
This means that your code wants to set up an RDS instance with storage_encrypted = false, while state/reality has it set to true. Change this in your code and your plan will be non-destructive.
我还没有检查其余的差异是否匹配.如果不是,它会告诉您哪些确切设置与当前状态相反.
I haven't checked, if the rest of the diff is matching. If not, it will tell you which exact settings are contrary to current state.
这篇关于Terraform 计划要销毁导入的 RDS 资源的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
