Terraform计划要销毁导入的RDS资源

Terraform计划要销毁导入的RDS资源

本文介绍了Terraform计划要销毁导入的RDS资源的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我使用以下命令将先前部署的RDS实例替换为手动配置的RDS实例:

I used the following commands to replace a previously deployed RDS instance with a manually configured RDS instance:

  • ./terraform destroy -target aws_db_instance.my_db
  • ./terraform import aws_db_instance.my_db my-rds-instance
  • ./terraform destroy -target aws_db_instance.my_db
  • ./terraform import aws_db_instance.my_db my-rds-instance

(必须先销毁旧实例,然后才能使用import.)

(Had to destroy the old instance before I could use import.)

当我现在运行./terraform plan时,terraform想要销毁并重新创建RDS数据库:

When I now run ./terraform plan, terraform wants to destroy and re-create the RDS db:

-/+ aws_db_instance.my_db (new resource required)
      id:                                    "my-rds-instance" => <computed> (forces new resource)
      address:                               "my-rds-instance.path.rds.amazonaws.com" => <computed>
      allocated_storage:                     "100" => "100"
      allow_major_version_upgrade:           "false" => "false"
      apply_immediately:                     "false" => "false"
      arn:                                   "arn:aws:rds:eu-central-1:123456789123:db:my-rds-instance" => <computed>
      auto_minor_version_upgrade:            "false" => "false"
      availability_zone:                     "eu-central-1b" => <computed>
      backup_retention_period:               "7" => "7"
      backup_window:                         "09:46-10:16" => "09:46-10:16"
      ca_cert_identifier:                    "rds-ca-2015" => <computed>
      character_set_name:                    "" => <computed>
      copy_tags_to_snapshot:                 "false" => "false"
      db_subnet_group_name:                  "bintu-ct6" => "bintu-ct6"
      endpoint:                              "my-rds-db-manually.path.rds.amazonaws.com:5432" => <computed>
      engine:                                "postgres" => "postgres"
      engine_version:                        "10.6" => "10.6"
      final_snapshot_identifier:             "" => "my-rds-DbFinal"
      hosted_zone_id:                        "Z1RLNUO7B9Q6NB" => <computed>
      identifier:                            "my-rds-db-manually" => "my-rds-db-manually"
      identifier_prefix:                     "my-rds-db-" => <computed>
      instance_class:                        "db.m5.large" => "db.m5.xlarge"
      kms_key_id:                            "arn:aws:kms:eu-central-1:123456789123:key/d123d45d-b678-9123-a1e9-c456d40d7be7" => <computed>
      license_model:                         "postgresql-license" => <computed>
      maintenance_window:                    "wed:00:53-wed:01:23" => "mon:00:00-mon:03:00"
      monitoring_interval:                   "60" => "60"
      monitoring_role_arn:                   "arn:aws:iam::123456789123:role/myRdsMonitoring" => "arn:aws:iam::123456789123:role/myRdsMonitoring"
      multi_az:                              "true" => "true"
      name:                                  "mydb" => "mydb"
      option_group_name:                     "default:postgres-10" => <computed>
      parameter_group_name:                  "rds-my-group" => "rds-my-group"
      password:                              <sensitive> => <sensitive> (attribute changed)
      port:                                  "5432" => <computed>
      publicly_accessible:                   "false" => "false"
      replicas.#:                            "0" => <computed>
      resource_id:                           "db-ABCDEFGHIJKLMNOPQRSTUVW12" => <computed>
      skip_final_snapshot:                   "true" => "false"
      status:                                "available" => <computed>
      storage_encrypted:                     "true" => "false" (forces new resource)
      storage_type:                          "gp2" => "gp2"
      tags.%:                                "1" => "0"
      tags.workload-type:                    "production" => ""
      timezone:                              "" => <computed>
      username:                              "user" => "user"
      vpc_security_group_ids.#:              "1" => "1"
      vpc_security_group_ids.1234563899:     "sg-011d2e33a4464eb65" => "sg-011d2e33a4464eb65"

我希望导入"命令会将手动创建的RDS实例添加到config/state文件中,因此可以在不重新部署新RDS实例的情况下使用它.使用terraform plan/apply时如何防止破坏导入的RDS实例?

I expected that the "import" command would add the manually created RDS instance to the config/state file, so it can be used without re-deploying a new RDS instance.How can I prevent the destruction of the imported RDS instance when using terraform plan/apply?

这是资源配置:

resource "aws_db_instance" "my_db" {
  #identifier                 = "my-rds-db-manually"
  identifier_prefix           = "${var.db_instance_identifier_prefix}"
  vpc_security_group_ids      = ["${aws_security_group.my_db.id}"]
  allocated_storage           = "${var.db_allocated_storage}"
  storage_type                = "gp2"
  engine                      = "postgres"
  engine_version              = "10.6"
  instance_class              = "${var.db_instance_type}"
  monitoring_interval         = "60"
  monitoring_role_arn         = "${aws_iam_role.my_rds_monitoring.arn}"
  name                        = "${var.bintu_db_name}"
  username                    = "${var.DB_USER}"
  password                    = "${var.DB_PASS}"
  allow_major_version_upgrade = false
  apply_immediately           = false
  auto_minor_version_upgrade  = false
  backup_window               = "${var.db_backup_window}"
  maintenance_window          = "${var.db_maintenance_window}"
  db_subnet_group_name        = "${aws_db_subnet_group.my_db.name}"
  final_snapshot_identifier   = "${var.db_final_snapshot_identifier}"
  parameter_group_name        = "${aws_db_parameter_group.my_db.name}"
  multi_az                    = true
  backup_retention_period     = 7

  lifecycle {
    prevent_destroy = false
  }
}

请注意已设置prevent_destroy = false,否则该计划将失败.

Notice that prevent_destroy = false is set, otherwise the plan will fail.

推荐答案

您可能已经注意到,您必须自己找出与导入资源匹配的代码.

As you probably noticed, you have to figure out the code that matches the imported resource yourself.

提供的输出包含一项重要信息:

The provided output contains one important information:

storage_encrypted: "true" => "false" (forces new resource)

这意味着您的代码想使用storage_encrypted = false设置RDS实例,而状态/现实将其设置为true.在您的代码中更改此设置,您的计划将是无损的.

This means that your code wants to set up an RDS instance with storage_encrypted = false, while state/reality has it set to true. Change this in your code and your plan will be non-destructive.

我还没有检查其余的差异是否匹配.如果没有,它将告诉您确切的设置与当前状态相反.

I haven't checked, if the rest of the diff is matching. If not, it will tell you which exact settings are contrary to current state.

这篇关于Terraform计划要销毁导入的RDS资源的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-01 20:16