概述
当我研究Terraform的状态锁定时,有一些部分我不理解。
- 地形v0.14.6
# Specify the provider and access details
provider "aws" {
region = "ap-northeast-1"
profile = "default"
}
terraform {
backend "s3" {
key = "terraform.tfstate"
bucket = "terraform-sample-yuta"
region = "ap-northeast-1"
dynamodb_table = "terraform-state-lock-dynamo"
}
}
resource "aws_dynamodb_table" "dynamodb-terraform-state-lock" {
name = "terraform-state-lock-dynamo"
hash_key = "LockID"
read_capacity = 20
write_capacity = 20
attribute {
name = "LockID"
type = "S"
}
tags = {
Name = "DynamoDB State Lock Table"
}
}
resource "aws_instance" "web" {
instance_type = "t3.small"
# Amazon Linux2
ami = "ami-0992fc94ca0f1415a"
count = 1
tags = {
Name = "EC2 instance terraform"
}
}
我执行这个main.tf,terraform plan main.tf,出现了以下错误。
$ terraform plan
Error: Error locking state: Error acquiring the state lock: 2 errors occurred:
* ResourceNotFoundException: Requested resource not found
* ResourceNotFoundException: Requested resource not found
Terraform acquires a state lock to protect the state from being written
by multiple users at the same time. Please resolve the issue above and try
again. For most commands, you can disable locking with the "-lock=false"
flag, but this is not recommended.
Terraform错误:错误锁定状态:错误获取状态锁定:发生2个错误:
所以,我提前创建了DynamoDB。但是,发生了另一个以下错误。
Acquiring state lock. This may take a few moments...
aws_instance.web[0]: Refreshing state... [id=i-084998a0833bc68cb]
aws_dynamodb_table.dynamodb-terraform-state-lock: Creating...
Error: error creating DynamoDB Table: ResourceInUseException: Table already exists: terraform-state-lock-dynamo
我可以使用-lock=false标志来解决它,但不建议这样做。
请在不使用-lock=false标志的情况下给我一些建议。
在我看来,错误似乎来自本地锁。
-rw-r--r-- 1 myusername staff 1002 Feb 17 13:02 .terraform.lock.hcl
drwxr-xr-x 4 myusername staff 128 Feb 17 18:19 .terraform/
删除那些文件,因为你是在初始阶段,我认为你清理,然后再试一次。
我能够实现这个确切的设置,下面是我的步骤:
- 创建DynamoDB表和S3存储桶
resource "aws_s3_bucket" "terraform_state" {
bucket = "terraform-up-and-running-statezpl"
# Enable versioning so we can see the full revision history of our
# state files
versioning {
enabled = true
}
# Enable server-side encryption by default
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
}
resource "aws_dynamodb_table" "terraform_locks" {
name = "terraform-up-and-running-locks"
billing_mode = "PAY_PER_REQUEST"
hash_key = "LockID"
attribute {
name = "LockID"
type = "S"
}
}
output "s3_bucket_arn" {
value = aws_s3_bucket.terraform_state.arn
description = "The ARN of the S3 bucket"
}
output "dynamodb_table_name" {
value = aws_dynamodb_table.terraform_locks.name
description = "The name of the DynamoDB table"
}
1.1terraform init and apply
aws_s3_bucket.terraform_state: Creating...
aws_dynamodb_table.terraform_locks: Creating...
aws_dynamodb_table.terraform_locks: Creation complete after 8s [id=terraform-up-and-running-locks]
aws_s3_bucket.terraform_state: Creation complete after 9s [id=terraform-up-and-running-statezpl]
- 然后我在您共享片段时配置了后端
terraform {
backend "s3" {
key = "terraform.tfstate"
bucket = "terraform-up-and-running-statezpl"
region = "us-east-1"
dynamodb_table = "terraform-up-and-running-locks"
}
}
2.1terraform init
Initializing the backend...
Acquiring state lock. This may take a few moments...
Do you want to copy existing state to the new backend?
Pre-existing state was found while migrating the previous "local" backend to the
newly configured "s3" backend. No existing state was found in the newly
configured "s3" backend. Do you want to copy this state to the new "s3"
backend? Enter "yes" to copy and "no" to start with an empty state.
Enter a value: yes
Releasing state lock. This may take a few moments...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Reusing previous version of hashicorp/aws from the dependency lock file
Terraform has been successfully initialized!
作者在这篇文章中讨论了如何管理Terraform状态相当好的资源,即使对于这种情况,也有许多不同的用例。