azure - Terraform 可以解决 Azure 相互依赖性问题(例如重命名资源)吗？-6ren

azure - Terraform 可以解决 Azure 相互依赖性问题(例如重命名资源)吗？

转载作者：行者123 更新时间：2023-12-02 07:23:48

今天我使用 Terraform 部署了 Azure 环境。它是一个简单的资源集合 - 资源组、VNET、VM、NIC、公共(public) IP 和基本 NSG。

完成部署后，我注意到我错误地命名了我的公共(public) IP 和 NSG。

我修改了 Terraform 配置，执行了 terraform plan，然后执行 terraform apply 来应用我的更改，但未能执行此操作，并出现以下与以下内容相关的错误:资源正在使用中，因此无法删除。

我的问题是 -

期望 Terraform 正确处理解决依赖关系并采取必要的操作来实现这样的场景是否合理？
我的配置是否有问题？

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # azurerm_network_interface.nic will be updated in-place
  ~ resource "azurerm_network_interface" "nic" {
        applied_dns_servers           = []
        dns_servers                   = []
        enable_accelerated_networking = false
        enable_ip_forwarding          = false
        id                            = "/subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/app505-jmd-terraform-rg/providers/Microsoft.Network/networkInterfaces/app505-jmd-terraform-vm01-nic"
        location                      = "eastus2"
        mac_address                   = "00-0D-3A-7B-B9-EC"
        name                          = "app505-jmd-terraform-vm01-nic"
      ~ network_security_group_id     = "/subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/app505-jmd-terraform-rg/providers/Microsoft.Network/networkSecurityGroups/app505-jmd-terraform" -> (known after apply)
        private_ip_address            = "10.0.1.4"
        private_ip_addresses          = [
            "10.0.1.4",
        ]
        resource_group_name           = "app505-jmd-terraform-rg"
        tags                          = {}
        virtual_machine_id            = "/subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/app505-jmd-terraform-rg/providers/Microsoft.Compute/virtualMachines/app505-jmd-terraform-vm01"

      ~ ip_configuration {
            application_gateway_backend_address_pools_ids = []
            application_security_group_ids                = []
            load_balancer_backend_address_pools_ids       = []
            load_balancer_inbound_nat_rules_ids           = []
            name                                          = "myNicConfiguration"
            primary                                       = true
            private_ip_address                            = "10.0.1.4"
            private_ip_address_allocation                 = "dynamic"
            private_ip_address_version                    = "IPv4"
          ~ public_ip_address_id                          = "/subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/app505-jmd-terraform-rg/providers/Microsoft.Network/publicIPAddresses/app505-jmd-terraform" -> (known after apply)
            subnet_id                                     = "/subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/app505-jmd-terraform-rg/providers/Microsoft.Network/virtualNetworks/app505-jmd-terraform-vnet/subnets/Internal"
        }
    }

  # azurerm_network_security_group.nsg must be replaced
-/+ resource "azurerm_network_security_group" "nsg" {
      ~ id                  = "/subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/app505-jmd-terraform-rg/providers/Microsoft.Network/networkSecurityGroups/app505-jmd-terraform" -> (known after apply)
        location            = "eastus2"
      ~ name                = "app505-jmd-terraform" -> "app505-jmd-terraform-nsg" # forces replacement
        resource_group_name = "app505-jmd-terraform-rg"
        security_rule       = [
            {
                access                                     = "Allow"
                description                                = ""
                destination_address_prefix                 = "*"
                destination_address_prefixes               = []
                destination_application_security_group_ids = []
                destination_port_range                     = "22"
                destination_port_ranges                    = []
                direction                                  = "Inbound"
                name                                       = "SSH"
                priority                                   = 1001
                protocol                                   = "Tcp"
                source_address_prefix                      = "*"
                source_address_prefixes                    = []
                source_application_security_group_ids      = []
                source_port_range                          = "*"
                source_port_ranges                         = []
            },
        ]
      ~ tags                = {} -> (known after apply)
    }

  # azurerm_public_ip.pip must be replaced
-/+ resource "azurerm_public_ip" "pip" {
        allocation_method            = "Dynamic"
      + fqdn                         = (known after apply)
      ~ id                           = "/subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/app505-jmd-terraform-rg/providers/Microsoft.Network/publicIPAddresses/app505-jmd-terraform" -> (known after apply)
        idle_timeout_in_minutes      = 4
      ~ ip_address                   = "13.68.114.233" -> (known after apply)
        ip_version                   = "IPv4"
        location                     = "eastus2"
      ~ name                         = "app505-jmd-terraform" -> "app505-jmd-terraform-pip" # forces replacement
      ~ public_ip_address_allocation = "Dynamic" -> (known after apply)
        resource_group_name          = "app505-jmd-terraform-rg"
        sku                          = "Basic"
      ~ tags                         = {} -> (known after apply)
      - zones                        = [] -> null
    }

Plan: 2 to add, 1 to change, 2 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

azurerm_public_ip.pip: Destroying... [id=/subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/app505-jmd-terraform-rg/providers/Microsoft.Network/publicIPAddresses/app505-jmd-terraform]
azurerm_network_security_group.nsg: Destroying... [id=/subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/app505-jmd-terraform-rg/providers/Microsoft.Network/networkSecurityGroups/app505-jmd-terraform]

Error: Error deleting Network Security Group "app505-jmd-terraform" (Resource Group "app505-jmd-terraform-rg"): network.SecurityGroupsClient#Delete: Failure sending request: StatusCode=400 -- Original Error: Code="InUseNetworkSecurityGroupCannotBeDeleted" Message="Network security group /subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/app505-jmd-terraform-rg/providers/Microsoft.Network/networkSecurityGroups/app505-jmd-terraform cannot be deleted because it is in use by the following resources: /subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/app505-jmd-terraform-rg/providers/Microsoft.Network/networkInterfaces/app505-jmd-terraform-vm01-nic. In order to delete the Network security group, remove the association with the resource(s). To learn how to do this, see aka.ms/deletensg." Details=[]



Error: Error deleting Public IP "app505-jmd-terraform" (Resource Group "app505-jmd-terraform-rg"): network.PublicIPAddressesClient#Delete: Failure sending request: StatusCode=400 -- Original Error: Code="PublicIPAddressCannotBeDeleted" Message="Public IP address /subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/app505-jmd-terraform-rg/providers/Microsoft.Network/publicIPAddresses/app505-jmd-terraform can not be deleted since it is still allocated to resource /subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/app505-jmd-terraform-rg/providers/Microsoft.Network/networkInterfaces/app505-jmd-terraform-vm01-nic/ipConfigurations/myNicConfiguration. In order to delete the public IP, disassociate/detach the Public IP address from the resource.  To learn how to do this, see aka.ms/deletepublicip." Details=[]



C:\Users\jdeli\OneDrive\Documents\Code\Terraform\terraform>

最后，我的配置:

# Configure the Microsoft Azure Provider
provider "azurerm" {
    subscription_id = "aaaaaaaaaaaaaaaa"
    client_id       = "bbbbbbbbbbbbbbbb"
    client_secret   = "cccccccccccccccc"
    tenant_id       = "dddddddddddddddd"
    skip_provider_registration = true
}

# Create a resource group if it doesn’t exist
resource "azurerm_resource_group" "main" {
    name     = "${var.prefix}-rg"
    location = var.location
}

# Create virtual network
resource "azurerm_virtual_network" "network" {
    name                = "${var.prefix}-vnet"
    address_space       = ["10.0.0.0/16"]
    location            = var.location
    resource_group_name = azurerm_resource_group.main.name

}

# Create subnet
resource "azurerm_subnet" "subnet" {
    name                 = "Internal"
    resource_group_name  = azurerm_resource_group.main.name
    virtual_network_name = azurerm_virtual_network.network.name
    address_prefix       = "10.0.1.0/24"
}

# Create public IPs
resource "azurerm_public_ip" "pip" {
    name                         = "${var.prefix}-pip"
    location                     = var.location
    resource_group_name          = azurerm_resource_group.main.name
    allocation_method            = "Dynamic"
}

# Create Network Security Group and rule
resource "azurerm_network_security_group" "nsg" {
    name                = "${var.prefix}-nsg"
    location            = var.location
    resource_group_name = azurerm_resource_group.main.name

    security_rule {
        name                       = "SSH"
        priority                   = 1001
        direction                  = "Inbound"
        access                     = "Allow"
        protocol                   = "Tcp"
        source_port_range          = "*"
        destination_port_range     = "22"
        source_address_prefix      = "*"
        destination_address_prefix = "*"
    }
}

# Create network interface
resource "azurerm_network_interface" "nic" {
    name                      = "${var.prefix}-vm01-nic"
    location                  = var.location
    resource_group_name       = azurerm_resource_group.main.name
    network_security_group_id = azurerm_network_security_group.nsg.id

    ip_configuration {
        name                          = "myNicConfiguration"
        subnet_id                     = azurerm_subnet.subnet.id
        private_ip_address_allocation = "Dynamic"
        public_ip_address_id          = azurerm_public_ip.pip.id
    }

}

# Generate random text for a unique storage account name
resource "random_id" "randomId" {
    keepers = {
        # Generate a new ID only when a new resource group is defined
        resource_group = azurerm_resource_group.main.name
    }
    byte_length = 8
}

# Create storage account for boot diagnostics
resource "azurerm_storage_account" "diagstorage" {
    name                        = "diag${random_id.randomId.hex}"
    resource_group_name         = azurerm_resource_group.main.name
    location                    = var.location
    account_tier                = "Standard"
    account_replication_type    = "LRS"
}

# Create virtual machine
resource "azurerm_virtual_machine" "vm" {

    name                  = "${var.prefix}-"
    location              = var.location
    resource_group_name   = azurerm_resource_group.main.name
    network_interface_ids = [azurerm_network_interface.nic.id]
    vm_size               = "Standard_DS1_v2"

    storage_os_disk {
        name              = "${var.prefix}-vm01-disk0"
        caching           = "ReadWrite"
        create_option     = "FromImage"
        managed_disk_type = "Premium_LRS"
    }

    storage_image_reference {
        publisher = "Canonical"
        offer     = "UbuntuServer"
        sku       = "16.04.0-LTS"
        version   = "latest"
    }

    os_profile {
        computer_name  = "${var.prefix}-vm01"
        admin_username = "azureuser"
    }

    os_profile_linux_config {
        disable_password_authentication = true
        ssh_keys {
            path     = "/home/azureuser/.ssh/authorized_keys"
            key_data = "ssh-rsa xxxxxxxx"
        }
    }

    boot_diagnostics {
        enabled = "true"
        storage_uri = azurerm_storage_account.diagstorage.primary_blob_endpoint
    }
}

重现步骤:

部署上述配置
重命名 NSG 和公共(public) IP 地址(“名称”属性)
再次部署，但出现错误。

最佳答案

我怀疑这适用于“顶级”资源(因此没有依赖于这些资源的资源)。 TF 会从头开始删除并创建这些资源(您无法真正重命名 Azure 中的内容)。

对于具有依赖关系的资源，这不起作用，因为这意味着必须首先删除所有依赖资源(或删除依赖关系)，然后才能重命名您的资源(因此删除\使用新名称创建)，然后所有依赖资源都必须重新创建\重新配置

关于azure - Terraform 可以解决 Azure 相互依赖性问题(例如重命名资源)吗？，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/59331571/

文章推荐： azure - 使用 azcopy 从带有 SAS 链接的 blob 下载 zip 文件

文章推荐： java - 如何将标签文本设置为特殊字符？

文章推荐： java - 图标图像 "error java.lang.NullPointerException"

文章推荐：具有多个终结点的 Azure 机器学习 (AML) Web 服务 REST API

node.js - Chrome 的跟踪事件分析工具中的自上而下(树)、自上而下(重)和自下而上(重)有什么区别
我正在尝试使用谷歌浏览器的 Trace Event Profiling Tool分析我正在运行的 Node.js 应用程序。选择点样本后，我可以在三种 View 之间进行选择: 自上而下(树) 自上而
android - 重 ContentProvider 查询和 ListView
对于一个可能是菜鸟的问题，我们深表歉意，但尽管在 SO 上研究了大量教程和其他问题，但仍找不到答案。我想做的很简单:显示一个包含大量数据库存储字符串的 Android ListView。我所说的“很
css - 基础 5 div 重
我已经开始了一个新元素的工作，并决定给 Foundation 5 一个 bash，看看它是什么样的。在创建带有水平字段的表单时，我在文档中注意到的第一件事是它们使用大量 div 来设置样式。所以我在下
.net - 重 CPU 负载下的跨线程 BeginInvoke 阻塞
我有一个 Windows 窗体用户控件，其中包含一个使用 BeginInvoke 委托(delegate)调用从单独线程更新的第 3 方图像显示控件。在繁重的 CPU 负载下，UI 会锁定。当我附加
javascript - 什么是测试 Dom 重 js 的好方法？
我有一堆严重依赖dom元素的JS代码。我目前使用的测试解决方案依赖于 Selenium ，但 AFAIK 无法正确评估 js 错误(addScript 错误不会导致您的测试失败，而 getEval 会
Java Swing 重/慢 paintComponent - 有什么建议吗？
我正在制作一款基于滚动 2D map /图 block 的游戏。每个图 block (存储为图 block [21][11] - 每个 map 总共 231 个图 block )最多可以包含 21 个
javascript - 在网页上 - 如何显示(轻)图像并在客户端下载后者时将其替换为(重)图像？
考虑到以下情况，我是前端初学者: 某个 HTML 页面应该包含一个沉重的图像(例如 - 动画 gif)，但我不想强制客户缓慢地等待它完全下载才能享受一个漂亮的页面，而是我更愿意给他看一个轻量级图像(例
python - 重 I/O 和 python 多处理/多线程
我正在设计一个小软件，其中包括: 在互联网上获取资源，一些用户交互(资源的快速编辑)，一些处理。我想使用许多资源(它们都列在列表中)来这样做。每个都独立于其他。由于编辑部分很累，我想让用户(可能
c# - 重 I/O 操作中的 Parallel.ForEach 与异步 For 循环
我想比较两个理论场景。为了问题的目的，我简化了案例。但基本上它是您典型的生产者消费者场景。 (我关注的是消费者)。我有一个很大的Queue dataQueue我必须将其传输给多个客户端。那么让我们
python - K 重 CV 的变体，其中 size(test_set) > N/K
我有一个二元分类问题，标签 0 和 1(少数)存在巨大不平衡。由于测试集带有标签 1 的行太少，因此我将训练测试设置为至少 70-30 或 60-40，因此仍然有重要的观察结果。由于我没有过多地衡量准

行者123

个人简介

我是一名优秀的程序员,十分优秀！

作者热门文章

滴滴打车优惠券免费领取

全站热门文章

首页

博学

6Ren·AI

商城

azure - Terraform 可以解决 Azure 相互依赖性问题(例如重命名资源)吗？