gpt4 book ai didi

terraform - 引用 Terraform 中的其他模块资源

转载 作者:行者123 更新时间:2023-12-02 02:56:53 25 4
gpt4 key购买 nike

我的 Terraform Cloud git 项目中有这样的层次结构:

├── aws
│   ├── flavors
│   │   └── main.tf
│   ├── main.tf
│   ├── security-rules
│   │   └── sec-rule1
│   │   └── main.tf
│   └── vms
│ │ └── vm1
│   │   └── main.tf
└── main.tf

所有主要 main.tf 文件都包含带有子文件夹的模块定义:

/main.tf:

terraform {
required_version = "~> 0.12.0"

backend "remote" {
hostname = "app.terraform.io"
organization = "foo"

workspaces {
name = "bar"
}
}
required_providers {
openstack = "~> 1.24.0"
}
}

module "aws" {
source = "./aws"
}

/aws/main.tf:

module "security-rules" {
source = "./security-rules"
}

module "flavors" {
source = "./flavors"
}

module "vms" {
source = "./vms"
}

/aws/security-rules/main-tf:

module "sec-rule1" {
source = "./sec-rule1"
}

/aws/vms/main-tf:

module "vm1" {
source = "./vm1"
}

然后我定义了这个安全规则。

/aws/security-rules/sec-rule1/main-tf:

resource "openstack_compute_secgroup_v2" "sec-rule1" {
name = "sec-rule1"
description = "Allow web port"
rule {
from_port = 80
to_port = 80
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
lifecycle {
prevent_destroy = false
}
}

而且我想从一个或多个虚拟机引用它,但我不知道如何通过资源 ID(或名称)进行引用。我使用普通名称而不是引用。

/aws/vms/vm1/main-tf:

resource "openstack_blockstorage_volume_v3" "vm1_volume" {
name = "vm1_volume"
size = 30
image_id = "foo-bar"
}

resource "openstack_compute_instance_v2" "vm1_instance" {
name = "vm1_instance"
flavor_name = "foo-bar"
key_pair = "foo-bar keypair"
image_name = "Ubuntu Server 18.04 LTS Bionic"
block_device {
uuid = "${openstack_blockstorage_volume_v3.vm1_volume.id}"
source_type = "volume"
destination_type = "volume"
boot_index = 0
delete_on_termination = false
}

network {
name = "SEG-tenant-net"
}

security_groups = ["default", "sec-rule1"]
config_drive = true
}

resource "openstack_networking_floatingip_v2" "vm1_fip" {
pool = "foo-bar"
}

resource "openstack_compute_floatingip_associate_v2" "vm1_fip" {
floating_ip = "${openstack_networking_floatingip_v2.vm1_fip.address}"
instance_id = "${openstack_compute_instance_v2.vm1_instance.id}"
}

我想使用按名称或 ID 引用的安全规则(以及更多内容),因为这样会更加一致。除了当我创建一个新的安全规则,同时创建一个 VM 时,Terraform OpenStack 提供者计划它没有错误,但是在应用它时,会产生错误,因为 VM 首先创建并且没有找到尚未创建的新的安全规则。

我该怎么做?

最佳答案

您应该为 sec-rule1security-rules/ 模块输出 sec_rule_allow_web_name,然后设置 的输出>security-rules/ 模块作为 vm1vms 模块的输入。通过这种方式,您可以保持 vm1 模块与 security_rules 输出的依赖关系,该输出称为 Dependency Inversion。 .

# ./security-rules/<example>/outputs.tf

output "sec_rule_allow_web_name" {
value = "<some-resource-to-output>"
}
# ./vms/variables.tf

variable "security_rule_name" {}

前提是在正确的模块中定义了输出和输入。

# /aws/main.tf

# best practice to use underscores instead of dashes in names
# so security-roles/ directory is now called security_rules
module "security_rules" {
source = "./security-rules"
}

module "flavors" {
source = "./flavors"
}

module "vms" {
source = "./vms"

security_rule_name = module.security_rules.sec_rule_allow_web_name
}

关于terraform - 引用 Terraform 中的其他模块资源,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60911338/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com