问题描述
在使用 terraform 在 AWS 中部署相当大的基础设施时,我们的远程 tfstate
已损坏并被删除.
While using terraform to deploy a fairly large infrastructure in AWS, our remote tfstate
got corrupted and was deleted.
从文档中,我收集到 terraform refresh
应该查询 AWS 以获取基础设施的真实状态并相应地更新 tfstate,但这不会发生:我的 tfstate 没有被触及并且计划 + 应用给出很多 Already existing
错误.
From the documentation, I gather that terraform refresh
should query AWS to get the real state of the infrastructure and update the tfstate accordigly, but that does not happen: my tfstate is untouched and plan + apply give a lot of Already existing
errors.
terraform refresh
的真正作用是什么?
推荐答案
terraformrefresh
尝试查找状态文件中保存的任何资源,并使用自上次运行以来在 Terraform 之外的提供程序中发生的任何漂移进行更新.
terraform refresh
attempts to find any resources held in the state file and update with any drift that has happened in the provider outside of Terraform since it was last ran.
例如,假设您的状态文件包含 3 个 EC2 实例,实例 ID 为 i-abc123
、i-abc124
、i-abc125
然后在 Terraform 之外删除 i-abc124
.运行 terraform refresh
后,plan
会显示它需要创建第二个实例,而销毁计划会显示它只需要销毁第一个和第三个实例(以及一定要销毁丢失的第二个实例).
For example, lets say your state file contains 3 EC2 instances with instance ids of i-abc123
, i-abc124
, i-abc125
and then you delete i-abc124
outside of Terraform. After running terraform refresh
, a plan
would show that it needs to create the second instance while a destroy plan would show that it only needs to destroy the first and third instances (and not fail to destroy the missing second instance).
Terraform 做出了一个非常具体的决定,即不干预不受 Terraform 管理的事物.这意味着如果资源在其状态文件中不存在,那么它绝对不会以任何方式触及它.这使您能够与其他工具一起运行 Terraform,并在 AWS 控制台中进行手动更改.这也意味着您可以通过提供不同的状态文件来在不同的上下文中运行 Terraform,从而允许您将基础架构拆分为多个状态文件并避免灾难性的状态文件损坏.
Terraform makes a very specific decision to not interfere with things that aren't being managed by Terraform. That means if the resource doesn't exist in its state file then it absolutely will not touch it in any way. This enables you to run Terraform alongside other tools as well as making manual changes in the AWS console. It also means that you can run Terraform in different contexts simply by providing a different state file to use, allowing you to split your infrastructure up into multiple state files and save yourself from catastrophic state file corruption.
为了让自己摆脱当前的困境,我建议您使用 terraform import
自由地将内容恢复到您的状态文件中,或者如果可能的话,手动销毁 Terraform 之外的所有内容并从头开始.
To get yourself out of your current hole I suggest you use terraform import
liberally to get things back into your state file or, if possible, manually destroy everything outside of Terraform and start from scratch.
以后我会建议拆分状态文件以应用更精细的上下文,并将您的远程状态存储在启用版本控制的 S3 存储桶中.您还可以使用 Terragrunt 之类的工具来锁定您的状态文件,以帮助避免损坏或等待在即将发布的 0.9 版本的 Terraform 中锁定本机状态文件.
In future I would suggest both splitting out state files to apply for more granular contexts and also to store your remote state in an S3 bucket with versioning enabled. You could also look towards tools like Terragrunt to lock your state file to help avoid corruption or wait for the native state file locking in the upcoming 0.9 release of Terraform.
这篇关于terraform refresh 到底有什么作用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!