从零开始的terraform之旅 - 2命令部分-初始化
命令总览
# terraform --help
Usage: terraform [global options] <subcommand> [args]
The available commands for execution are listed below.
The primary workflow commands are given first, followed by
less common or more advanced commands.
Main commands:
init Prepare your working directory for other commands
validate Check whether the configuration is valid
plan Show changes required by the current configuration
apply Create or update infrastructure
destroy Destroy previously-created infrastructure
All other commands:
console Try Terraform expressions at an interactive command prompt
fmt Reformat your configuration in the standard style
force-unlock Release a stuck lock on the current workspace
get Install or upgrade remote Terraform modules
graph Generate a Graphviz graph of the steps in an operation
import Associate existing infrastructure with a Terraform resource
login Obtain and save credentials for a remote host
logout Remove locally-stored credentials for a remote host
metadata Metadata related commands
output Show output values from your root module
providers Show the providers required for this configuration
refresh Update the state to match remote systems
show Show the current state or a saved plan
state Advanced state management
taint Mark a resource instance as not fully functional
test Execute integration tests for Terraform modules
untaint Remove the 'tainted' state from a resource instance
version Show the current Terraform version
workspace Workspace management
Global options (use these before the subcommand, if any):
-chdir=DIR Switch to a different working directory before executing the
given subcommand.
-help Show this help output, or the help for a specified subcommand.
-version An alias for the "version" subcommand
这里命令涉及较多,直接按照官方文档分类,随用随更新
初始化工作目录命令
简单说一下工作目录,通常来说包含以下几种内容
- 资源声明文件 (*.tf) 一般是hcl格式
- 一个隐藏的.terraform文件夹,用于存放缓存的provider和modules,之前使用的backend和workspace状态等文件
- state 文件,如果用默认的backend,则会生成文件名字叫terraform.tfstate (如果使用多个workspace,则会生成terraform.tfstate.d文件夹)
初始化
在执行真正的部署之前,必须使用init命令初始化工作目录,如果不初始化直接执行依赖于初始化的命令(比如plan apply)会提示需要初始化才能执行
通常情况下初始化过程会创建隐藏目录,访问state文件,下载provider和modules等步骤,详见init命令章节
重新初始化
有些时候,tf会要求重新初始化环境,比如你的tf文件中的provider, module source 或者版本约束发生变化的时候会有这种情况
如果tf执行了需要重新初始化的命令,则会报错,同时提示需要重新初始化
#简单测试修改provider示例 $ vim s3.tf $ terraform apply ╷ │ Error: Inconsistent dependency lock file │ │ The following dependency selections recorded in the lock file are inconsistent with the current configuration: │ - provider registry.terraform.io/hashicorp/aws: locked version selection 5.41.0 doesn't match the updated version constraints "5.3.0" │ │ To update the locked dependency selections to match a changed configuration, run: │ terraform init -upgrade
提示很完善 按照提示执行
terraform init -upgrade
就可以了
init命令
https://developer.hashicorp.com/terraform/cli/commands/init
这个命令正如上述提到的,会初始化一个工作目录,同时这个命令在未修改你的tf文件的情况下,多次执行也不会出现问题
-from-module=MODULE-SOURCE
terraform init -from-module="terraform-aws-modules/iam/aws"
这个参数能够让你从指定的module下载一个模块到空目录(没有任何的tf文件)
这有两个使用场景
1. 用于参考其中的example
1. 用于版本控制(这里不知道如何在这个命令里指定版本,没测试出来)
后端初始化
init 过程中会初始化后端配置,这里简单说一下,后端就是存储tf state文件的地方
如果后端配置更新了,重新执行初始化则必须提供-reconfigure 或者 -migrate-state
一个会提示是否确认迁移(可以用-force-copy屏蔽) 另一个直接忽略原有 不迁移
-backend=false
这个选项可以跳过后端初始化,但是建议只有在已经有后端的情况下去跳过,因为很多初始化其他步骤都依赖一个后端
-backend-config=...
这个参数可以支持把后端的配置动态指定,,具体的使用参考文档:
https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration
此处先省略 写backend时候再测试
模块安装
init会搜索module块,
模块安装之后重新运行init命令会继续安装那些自从上次init之后新增的模块,但不会修改已被安装的模块。使用-upgrade可以改变这种行为,将所有模块升级到最新版本的代码。
要跳过子模块安装步骤,可以使用-get=false参数。要注意其他一些init步骤需要模块树完整,所以建议只在成功安装过模块以后使用该参数。
provider 安装
init 核心的安装就是这部分,不同的三方平台会把自己的程序变成tf的插件安装,安装过一次之后相应的版本信息会写道一个锁文件里,示例如下:
[waooo!!@terraform providertest]$ cat .terraform.lock.hcl
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "5.3.0"
constraints = "5.3.0"
hashes = [
"h1:89Ara9HnoQzGsFK1nU0fPD8h0SsHJnlVc8mUfOQSAYE=",
"zh:001814dcf6b2329de5e2c9223c4f1e95a0f60d6670046015419053b03b3c0712",
"zh:3c511a91f53076c3a1117526bee0880b339261f1eb3feecd7854771bfef7890d",
"zh:3e6c19e048f06051c9296c7a3236946f37431ce0d84f843585c5f3e8504759d3",
"zh:476a3d918782a479166f33418192b522698e39702e8a0aec823682d3ee3082f1",
"zh:5dd0d3bff7a7acabeed600dfbbef797e189c4877f65e4b4ed572cb33e454f602",
"zh:6627f95a41e30c01b7f7c9e3db1cccba056c5257c36cccfaa0898d526211add2",
"zh:663023a4244cf7f7df2b08ab204922f7902eefe9a7b51a2c2def1a7dafe6f55f",
"zh:79cb8a22a131b7d2beb331d8443207eed10fdb4b09655048960bd5d59c8bbf3a",
"zh:8c2275a0954042cfc44843a6045543744e08bd8cad487f0bc9162cf92a9bcdcc",
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
"zh:ad08ae20b9402461af863772a9e4ff5677e14f3fc86d5b148bd4faaaa361f601",
"zh:b8b7bd15fc1842aeedc2e5eab03b8357cdb2b9fe3e67dd82ae240be3081bf637",
"zh:bdb3858c4c632aad8d5c4bff063f3afb18de51cec3167b3496d5bc5856915301",
"zh:f354a433ec8095b06c2701725411ffb73a20ef9b1aa325434e1bb575b5c86d52",
"zh:f47e1342883d599f4675dcfdeb9707cdfcfaf53c677f93fd5c410580d4dece13",
]
}
再次执行的时候会检查这个文件,保证init是幂等的,如果想升级(比如tf的provider配置没指定版本,默认用最新),那么就要-upgrade
选项
-lockfile=MODE
这个参数可以指定锁文件模式,,但是当前tf只支持readonly
-plugin-dir=PATH
— 强制插件安装仅从指定目录读取插件,就像在 CLI 配置中配置为插件 filesystem_mirror
一样。如果打算定期使用特定的文件系统镜像,那么建议全局配置 Terraform 的安装方法。对于特殊情况,可以 用-plugin-dir
用作一次性覆盖,例如,如果正在测试当前正在开发的提供程序插件的本地版本。
get命令
用于下载或者更新指定模块,划重点!只能下载模块,这些下载会被下载到。terraform文件夹
[waooo!!@terraform test2]$ rm -rf .terraform/
[waooo!!@terraform test2]$ terraform get
Downloading registry.terraform.io/terraform-aws-modules/iam/aws 5.37.1 for iam...
- iam in .terraform/modules/iam
[waooo!!@terraform test2]$ ls
m.tf
[waooo!!@terraform test2]$ cat m.tf
module "iam" {
source = "terraform-aws-modules/iam/aws"
version = "5.37.1"
}
上述测试了一下下载模块iam