问题描述

我对Terraform设置有问题.第一次运行terraform时，我使用的是AWS控制台中生成的SSH密钥.该密钥将添加到 ubuntu 用户(它是Ubuntu 16.04 AMI).然后，我运行 remote-exec 设置:

I have an issue with Terraform provisioning. When I run terraform first time I am using SSH key generated in AWS console. This key is being added to ubuntu user (it's Ubuntu 16.04 AMI). Then I run remote-exec provisioning:

provisioner "remote-exec" {
  inline = [
  "sudo apt -y update && sudo apt install -y python"
  ]
  connection {
    user = "ubuntu"
    private_key = "${file("${var.aws_default_key_name}.pem")}"
  }
}

我需要安装python，以便以后可以使用Ansible.那是我唯一需要此密钥的地方，因为我用我的私钥创建了自己的用户.但是，当我稍后尝试运行terraform时，它将搜索文件 file("$ {var.aws_default_key_name} .pem" .现在我有一个问题，如何在以后的运行中跳过此设置?

I need python being installed so I can use Ansible later. That's the only place where I need this key, never more, because I create my own user with my private key. However, when I try to run terraform later it searches for a file file("${var.aws_default_key_name}.pem".Now I have a question how to skip this provisioning on subsequent runs?

我不想在存储库中存储SSH密钥.

I don't want to store SSH key in the repository.

我可以创建一个空文件来欺骗"地形，但是我不喜欢这种解决方案.

I could create an empty file to "trick" terraform, but I don't like this solution.

还有更好的主意吗?

推荐答案

与其在 aws_instance 块中进行配置，不如将其移至 null_resource 块，并带有适当的触发器.

Instead of doing provisioning in the aws_instance block, move it out to a null_resource block, with appropriate triggers.

resource "aws_instance" "cluster" {
  count = 3

  # ...
}

resource "null_resource" "cluster" {
  # Changes to any instance of the cluster requires re-provisioning
  triggers {
    cluster_instance_ids = "${join(",", aws_instance.cluster.*.id)}"
  }

  connection {
    host = "${element(aws_instance.cluster.*.public_ip, 0)}"
  }

  provisioner "remote-exec" {
    inline = [something]
  }
}

如果您的触发器未更改，则在随后的运行中不会触发null_resource设置.

If your triggers do not change the null_resource provisioning will not be triggered on subsequent runs.

这篇关于Terraform条件置备的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！