Fatal编程技术网
  • azure/
  • Terraform能否解决Azure相互依赖性问题,如重命名资源?

Terraform能否解决Azure相互依赖性问题,如重命名资源?

azure terraform

Terraform能否解决Azure相互依赖性问题,如重命名资源?,azure,terraform,rename,Azure,Terraform,Rename,今天,我使用Terraform部署了一个Azure环境。它是一个简单的资源集合—一个资源组、一个VNET、一个VM、一个NIC、一个公共IP和一个基本NSG 在完成部署后,我注意到我的公共IP和NSG命名错误 我修改了我的地形配置,做了一个Terraform计划,然后是一个Terraform apply,以应用我的更改,但由于以下与正在使用的资源相关的错误,因此无法删除 我的问题是— 期望Terraform正确地处理解决依赖关系并采取必要的措施来实现这样的场景是否合理 我的配置是否有问题 最后,

今天,我使用Terraform部署了一个Azure环境。它是一个简单的资源集合—一个资源组、一个VNET、一个VM、一个NIC、一个公共IP和一个基本NSG

在完成部署后,我注意到我的公共IP和NSG命名错误

我修改了我的地形配置,做了一个
Terraform计划
,然后是一个
Terraform apply
,以应用我的更改,但由于以下与正在使用的资源相关的错误,因此无法删除

我的问题是—

  • 期望Terraform正确地处理解决依赖关系并采取必要的措施来实现这样的场景是否合理
  • 我的配置是否有问题
    • 最后,我的配置:

    # Configure the Microsoft Azure Provider
provider "azurerm" {
    subscription_id = "aaaaaaaaaaaaaaaa"
    client_id       = "bbbbbbbbbbbbbbbb"
    client_secret   = "cccccccccccccccc"
    tenant_id       = "dddddddddddddddd"
    skip_provider_registration = true
}

# Create a resource group if it doesn’t exist
resource "azurerm_resource_group" "main" {
    name     = "${var.prefix}-rg"
    location = var.location
}

# Create virtual network
resource "azurerm_virtual_network" "network" {
    name                = "${var.prefix}-vnet"
    address_space       = ["10.0.0.0/16"]
    location            = var.location
    resource_group_name = azurerm_resource_group.main.name

}

# Create subnet
resource "azurerm_subnet" "subnet" {
    name                 = "Internal"
    resource_group_name  = azurerm_resource_group.main.name
    virtual_network_name = azurerm_virtual_network.network.name
    address_prefix       = "10.0.1.0/24"
}

# Create public IPs
resource "azurerm_public_ip" "pip" {
    name                         = "${var.prefix}-pip"
    location                     = var.location
    resource_group_name          = azurerm_resource_group.main.name
    allocation_method            = "Dynamic"
}

# Create Network Security Group and rule
resource "azurerm_network_security_group" "nsg" {
    name                = "${var.prefix}-nsg"
    location            = var.location
    resource_group_name = azurerm_resource_group.main.name

    security_rule {
        name                       = "SSH"
        priority                   = 1001
        direction                  = "Inbound"
        access                     = "Allow"
        protocol                   = "Tcp"
        source_port_range          = "*"
        destination_port_range     = "22"
        source_address_prefix      = "*"
        destination_address_prefix = "*"
    }
}

# Create network interface
resource "azurerm_network_interface" "nic" {
    name                      = "${var.prefix}-vm01-nic"
    location                  = var.location
    resource_group_name       = azurerm_resource_group.main.name
    network_security_group_id = azurerm_network_security_group.nsg.id

    ip_configuration {
        name                          = "myNicConfiguration"
        subnet_id                     = azurerm_subnet.subnet.id
        private_ip_address_allocation = "Dynamic"
        public_ip_address_id          = azurerm_public_ip.pip.id
    }

}

# Generate random text for a unique storage account name
resource "random_id" "randomId" {
    keepers = {
        # Generate a new ID only when a new resource group is defined
        resource_group = azurerm_resource_group.main.name
    }
    byte_length = 8
}

# Create storage account for boot diagnostics
resource "azurerm_storage_account" "diagstorage" {
    name                        = "diag${random_id.randomId.hex}"
    resource_group_name         = azurerm_resource_group.main.name
    location                    = var.location
    account_tier                = "Standard"
    account_replication_type    = "LRS"
}

# Create virtual machine
resource "azurerm_virtual_machine" "vm" {

    name                  = "${var.prefix}-"
    location              = var.location
    resource_group_name   = azurerm_resource_group.main.name
    network_interface_ids = [azurerm_network_interface.nic.id]
    vm_size               = "Standard_DS1_v2"

    storage_os_disk {
        name              = "${var.prefix}-vm01-disk0"
        caching           = "ReadWrite"
        create_option     = "FromImage"
        managed_disk_type = "Premium_LRS"
    }

    storage_image_reference {
        publisher = "Canonical"
        offer     = "UbuntuServer"
        sku       = "16.04.0-LTS"
        version   = "latest"
    }

    os_profile {
        computer_name  = "${var.prefix}-vm01"
        admin_username = "azureuser"
    }

    os_profile_linux_config {
        disable_password_authentication = true
        ssh_keys {
            path     = "/home/azureuser/.ssh/authorized_keys"
            key_data = "ssh-rsa xxxxxxxx"
        }
    }

    boot_diagnostics {
        enabled = "true"
        storage_uri = azurerm_storage_account.diagstorage.primary_blob_endpoint
    }
}
    复制步骤:

  • 部署上述配置
  • 重命名NSG和公共IP地址(“名称”属性)
  • 再次部署,并返回错误
    • 我怀疑这对“顶级”资源(所以没有依赖于这些资源的资源的资源)有效。TF将从零开始删除和创建这些资源(你不能在Azure中真正重命名这些资源)

    对于具有依赖项的资源,这将不起作用,因为这意味着必须首先删除所有依赖项资源(或删除依赖项),然后才能重命名您的资源(因此删除\使用新名称创建),然后必须重新创建\重新配置所有依赖项资源

    ,我怀疑这对您会起作用“顶级”资源(所以没有依赖于这些资源的资源)。TF将从零开始删除和创建这些资源(你不能在Azure中真正重命名这些资源)

    对于具有依赖关系的资源,这将不起作用,因为这意味着必须首先删除所有依赖资源(或删除依赖关系),然后才能重命名资源(因此删除\使用新名称创建)然后必须重新创建/重新配置所有相关资源

    让我感到困惑/希望的是Terraform似乎“知道”它需要销毁和重新创建公共IP和NSG(无法重命名),并相应地更新NIC。这当然是必要的,但它忽略了一些依赖项,例如首先将公共IP与NIC断开关联,以及NIC与NSG断开关联。这就好像Terraform对影响这种更改的依赖性和复杂性有一半的认识。这是我所寻求的超出Terraform的预期范围吗es?或者也许我应该和Terraform团队一起打开一个bug?谢谢!我不知道更多细节,我避免像瘟疫一样的Terraform。我很好奇为什么!它有什么不好的地方,你用什么来代替?hcl是它最糟糕的部分,tbh。我使用arm模板,ansible,Pulumie。让我困惑/希望的是Terraform似乎“知道”的方式“它需要销毁并重新创建公共IP和NSG(无法重命名),并相应地更新NIC。这当然是必要的,但它忽略了一些依赖项,例如首先将公共IP与NIC断开关联,然后将NIC与NSG断开关联。就好像Terraform对影响这种变化的依赖性和复杂性有一半的认识。我想做的事情是否超出了Terraform的预期用途范围?或者我应该和Terraform团队一起打开一个bug?谢谢我不知道更多的细节,我避免像瘟疫一样的地形。我很好奇为什么!它有什么不好,你用什么来代替呢?盐酸是最糟糕的部分,tbh。我使用arm模板,ansible,pulumi 
    # Configure the Microsoft Azure Provider
provider "azurerm" {
    subscription_id = "aaaaaaaaaaaaaaaa"
    client_id       = "bbbbbbbbbbbbbbbb"
    client_secret   = "cccccccccccccccc"
    tenant_id       = "dddddddddddddddd"
    skip_provider_registration = true
}

# Create a resource group if it doesn’t exist
resource "azurerm_resource_group" "main" {
    name     = "${var.prefix}-rg"
    location = var.location
}

# Create virtual network
resource "azurerm_virtual_network" "network" {
    name                = "${var.prefix}-vnet"
    address_space       = ["10.0.0.0/16"]
    location            = var.location
    resource_group_name = azurerm_resource_group.main.name

}

# Create subnet
resource "azurerm_subnet" "subnet" {
    name                 = "Internal"
    resource_group_name  = azurerm_resource_group.main.name
    virtual_network_name = azurerm_virtual_network.network.name
    address_prefix       = "10.0.1.0/24"
}

# Create public IPs
resource "azurerm_public_ip" "pip" {
    name                         = "${var.prefix}-pip"
    location                     = var.location
    resource_group_name          = azurerm_resource_group.main.name
    allocation_method            = "Dynamic"
}

# Create Network Security Group and rule
resource "azurerm_network_security_group" "nsg" {
    name                = "${var.prefix}-nsg"
    location            = var.location
    resource_group_name = azurerm_resource_group.main.name

    security_rule {
        name                       = "SSH"
        priority                   = 1001
        direction                  = "Inbound"
        access                     = "Allow"
        protocol                   = "Tcp"
        source_port_range          = "*"
        destination_port_range     = "22"
        source_address_prefix      = "*"
        destination_address_prefix = "*"
    }
}

# Create network interface
resource "azurerm_network_interface" "nic" {
    name                      = "${var.prefix}-vm01-nic"
    location                  = var.location
    resource_group_name       = azurerm_resource_group.main.name
    network_security_group_id = azurerm_network_security_group.nsg.id

    ip_configuration {
        name                          = "myNicConfiguration"
        subnet_id                     = azurerm_subnet.subnet.id
        private_ip_address_allocation = "Dynamic"
        public_ip_address_id          = azurerm_public_ip.pip.id
    }

}

# Generate random text for a unique storage account name
resource "random_id" "randomId" {
    keepers = {
        # Generate a new ID only when a new resource group is defined
        resource_group = azurerm_resource_group.main.name
    }
    byte_length = 8
}

# Create storage account for boot diagnostics
resource "azurerm_storage_account" "diagstorage" {
    name                        = "diag${random_id.randomId.hex}"
    resource_group_name         = azurerm_resource_group.main.name
    location                    = var.location
    account_tier                = "Standard"
    account_replication_type    = "LRS"
}

# Create virtual machine
resource "azurerm_virtual_machine" "vm" {

    name                  = "${var.prefix}-"
    location              = var.location
    resource_group_name   = azurerm_resource_group.main.name
    network_interface_ids = [azurerm_network_interface.nic.id]
    vm_size               = "Standard_DS1_v2"

    storage_os_disk {
        name              = "${var.prefix}-vm01-disk0"
        caching           = "ReadWrite"
        create_option     = "FromImage"
        managed_disk_type = "Premium_LRS"
    }

    storage_image_reference {
        publisher = "Canonical"
        offer     = "UbuntuServer"
        sku       = "16.04.0-LTS"
        version   = "latest"
    }

    os_profile {
        computer_name  = "${var.prefix}-vm01"
        admin_username = "azureuser"
    }

    os_profile_linux_config {
        disable_password_authentication = true
        ssh_keys {
            path     = "/home/azureuser/.ssh/authorized_keys"
            key_data = "ssh-rsa xxxxxxxx"
        }
    }

    boot_diagnostics {
        enabled = "true"
        storage_uri = azurerm_storage_account.diagstorage.primary_blob_endpoint
    }
}