我有一个任务来组织 terraform 状态文件。
过去进行过一些手动部署,现在我必须修改 terraform 代码以匹配门户中的 actaully。
到目前为止,我做了很多调整,我只需要修改虚拟机部署代码,以便生成一个没有任何更改、添加或销毁的计划。
所以我的虚拟机部署代码如下所示:
resource "azurerm_public_ip" "publicip" {
name = "ir-vm-publicip"
location = var.location
resource_group_name = var.resource_group_name
allocation_method = "Static"
tags = var.common_tags
}
resource "azurerm_network_interface" "nic" {
name = "ir-vm-nic"
location = var.location
resource_group_name = var.resource_group_name
ip_configuration {
name = "nicconfig"
subnet_id = azurerm_subnet.vm_endpoint.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.publicip.id
}
tags = var.common_tags
}
resource "azurerm_windows_virtual_machine" "vm" {
name = "vm-adf-${var.env}"
resource_group_name = var.resource_group_name
location = var.location
network_interface_ids = [azurerm_network_interface.nic.id]
size = "Standard_DS1_v2"
admin_username = "adminuser"
admin_password = data.azurerm_key_vault_secret.vm_login_password.value
encryption_at_host_enabled = false
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2016-Datacenter"
version = "latest"
}
tags = var.common_tags
}
计划显示它将删除我的
# module.vm.azurerm_windows_virtual_machine.vm must be replaced
-/+ resource "azurerm_windows_virtual_machine" "vm" {
~ admin_password = (sensitive value) # forces replacement
~ computer_name = "vm-adf-dev" -> (known after apply)
~ id = "/subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/xxxxx/providers/Microsoft.Compute/virtualMachines/vm-adf-dev" -> (known after apply)
name = "vm-adf-dev"
~ private_ip_address = "xx.x.x.x" -> (known after apply)
~ private_ip_addresses = [
- "xx.x.x.x",
] -> (known after apply)
~ public_ip_address = "xx.xxx.xxx.xx" -> (known after apply)
~ public_ip_addresses = [
**- "xx.xxx.xx.xx"**,
] -> (known after apply)
~ size = "Standard_DS2_v2" -> "Standard_DS1_v2"
tags = {
"Application Name" = "dev nll-001"
"Environment" = "DEV"
}
~ virtual_machine_id = "xxxxxxxxx" -> (known after apply)
+ zone = (known after apply)
# (21 unchanged attributes hidden)
**- boot_diagnostics {
# (1 unchanged attribute hidden)
}**
**- identity {
- identity_ids = [] -> null
- principal_id = "xxxxxx" -> null
- tenant_id = "xxxxxxxx" -> null
- type = "SystemAssigned" -> null
}**
~ os_disk {
~ disk_size_gb = 127 -> (known after apply)
~ name = "vm-adf-dev_OsDisk_1_" -> (known after apply)
# (4 unchanged attributes hidden)
}
# (1 unchanged block hidden)
}
如何避免这种情况?
完整的计划信息显示了重新创建的原因:
~ admin_password = (sensitive value) # forces replacement
在导入资源期间,Terraform 状态无法知道
admin_passwordresource "azurerm_windows_virtual_machine" "vm" {
...
lifecycle {
ignore_changes = [admin_password]
}
}
这将防止 Azure 提供程序因错误地假定对
admin_password进行必要更新而触发重新创建。请注意,如果您确实更新了密码并想要重新创建,则必须删除
lifecycle