3命令部分- 部署基础架构 (plan apply)
文章目录
部署基础架构
terraform的主要功能就是去部署基础架构,因此使用最多的功能就是plan apply,这里这两个命令默认都是在当前前目录以及当前工作区
plan
terraform plan命令创建一个可以执行的plan,能够看到即将对infrastructure进行修改的部分,默认情况下,当执行命令的时候:
1. 读取真实infra的状态,
1. 比较当前的配置和之前的状态,并且提示出来
1. 提出一系列应该被执行的操作,如果apply的话,就会让远端的infra跟当前配置变成一样
需要注意的是 plan 命令正如其名,不会执行任何修改 如果直接在交互式终端中使用 Terraform,并且希望应用 Terraform 建议的更改,则也可以直接运行 terraform apply 。
可以使用可选 -out=FILE 选项将生成的计划保存到磁盘上的文件中,稍后可以通过将文件作为额外参数传递到 terraform apply 该文件来执行该文件。
planning modes
除了默认的模式之外,tf有额外两种备选模式
- destroy模式 用于生成删除资源的plan,比如:
[waooo!!@terraform providertest]$ terraform plan -destroy
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
- destroy
Terraform will perform the following actions:
# aws_s3_bucket.felixtest will be destroyed
- resource "aws_s3_bucket" "felixtest" {
- arn = "arn:aws-cn:s3:::felixtftestprovider1" -> null
- bucket = "felixtftestprovider1" -> null
- bucket_domain_name = "felixtftestprovider1.s3.amazonaws.com.cn" -> null
- bucket_regional_domain_name = "felixtftestprovider1.s3.cn-north-1.amazonaws.com.cn" -> null
- force_destroy = false -> null
- hosted_zone_id = "Z5CN8UMXT92WN" -> null
- id = "felixtftestprovider1" -> null
- object_lock_enabled = false -> null
- region = "cn-north-1" -> null
- request_payer = "BucketOwner" -> null
- tags = {} -> null
- tags_all = {} -> null
- grant {
- id = "fb1a0ca5601755fb8c96c5ebb2c49ac0b4ebd732d0bfbd5f55281f3c21ffd5c8" -> null
- permissions = [
- "FULL_CONTROL",
] -> null
- type = "CanonicalUser" -> null
}
- server_side_encryption_configuration {
- rule {
- bucket_key_enabled = false -> null
- apply_server_side_encryption_by_default {
- sse_algorithm = "AES256" -> null
}
}
}
- versioning {
- enabled = true -> null
- mfa_delete = false -> null
}
}
# aws_s3_bucket_versioning.this will be destroyed
- resource "aws_s3_bucket_versioning" "this" {
- bucket = "felixtftestprovider1" -> null
- id = "felixtftestprovider1" -> null
- versioning_configuration {
- status = "Enabled" -> null
}
}
Plan: 0 to add, 0 to change, 2 to destroy.
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.
Refresh-only mode 仅刷新模式,非常有用
如果手动更改了远程对象,同时又想把这个内容更新到terraform中, 这个命令就非常有用
注意:该
-refresh-only选项仅在 Terraform v0.15.4 及更高版本中可用。
如果希望根据这个内容改代码,则需要使用仅刷新模式同步了state文件之后再对自己的tf文件进行修改。
下边的示例中我手动暂停了我得版本控制:
[waooo!!@terraform providertest]$ terraform plan -refresh-only
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected
this plan:
# aws_s3_bucket.felixtest has changed
~ resource "aws_s3_bucket" "felixtest" {
id = "felixtftestprovider1"
tags = {}
# (10 unchanged attributes hidden)
~ versioning {
~ enabled = true -> false
# (1 unchanged attribute hidden)
}
# (2 unchanged blocks hidden)
}
# aws_s3_bucket_versioning.this has changed
~ resource "aws_s3_bucket_versioning" "this" {
id = "felixtftestprovider1"
# (1 unchanged attribute hidden)
~ versioning_configuration {
~ status = "Enabled" -> "Suspended"
}
}
This is a refresh-only plan, so Terraform will not take any actions to undo these. If you were expecting these changes then
you can apply this plan to record the updated values in the Terraform state without changing any remote objects.
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.
[waooo!!@terraform providertest]$ terraform apply -refresh-only
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected
this plan:
# aws_s3_bucket.felixtest has changed
~ resource "aws_s3_bucket" "felixtest" {
id = "felixtftestprovider1"
tags = {}
# (10 unchanged attributes hidden)
~ versioning {
~ enabled = true -> false
# (1 unchanged attribute hidden)
}
# (2 unchanged blocks hidden)
}
# aws_s3_bucket_versioning.this has changed
~ resource "aws_s3_bucket_versioning" "this" {
id = "felixtftestprovider1"
# (1 unchanged attribute hidden)
~ versioning_configuration {
~ status = "Enabled" -> "Suspended"
}
}
This is a refresh-only plan, so Terraform will not take any actions to undo these. If you were expecting these changes then
you can apply this plan to record the updated values in the Terraform state without changing any remote objects.
Would you like to update the Terraform state to reflect these detected changes?
Terraform will write these changes to the state without modifying any real infrastructure.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Planning Options 规划选项
一些额外的命令行选项,
-refresh=false 这个选项可以禁用再aply之前terraform对远程对象的查询操作,但是可能会因为这个对象被手动修改了已经跟state文件不一致,导致这个apply出错
测试: 我tf文件里的版本控制是开启, state文件中是暂停,真实环境是开启,执行以下命令:
[waooo!!@terraform providertest]$ terraform apply -refresh=false
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_s3_bucket_versioning.this will be updated in-place
~ resource "aws_s3_bucket_versioning" "this" {
id = "felixtftestprovider1"
# (1 unchanged attribute hidden)
~ versioning_configuration {
~ status = "Suspended" -> "Enabled"
}
}
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: ^C
Interrupt received.
Please wait for Terraform to exit or data loss may occur.
Gracefully shutting down...
╷
│ Error: error asking for approval: interrupted
│
│
╵
[waooo!!@terraform providertest]$ terraform apply
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are
needed.
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
可以看到如果指定了-refresh=false 的话,不会查询我的真实状态,而是直接参考我的state中的状态,因此terraform会尝试修改我得版本控制为enabled(即便真实状态已经是enabled), 这时候直接apply terraform检查了远端是跟当前的配置一致的,直接就是更新了我得state文件为真实状态
[waooo!!@terraform providertest]$ terraform state show aws_s3_bucket_versioning.this
# aws_s3_bucket_versioning.this:
resource "aws_s3_bucket_versioning" "this" {
bucket = "felixtftestprovider1"
id = "felixtftestprovider1"
versioning_configuration {
status = "Enabled"
}
}
-replace=ADDRESS 这个选项用于替换指定的资源,如果远端的资源降级了,可以用这个选项进行替换远端资源 ,相当于删除并重新创建一个远端对象,测试
[waooo!!@terraform providertest]$ terraform state list
aws_s3_bucket.felixtest
aws_s3_bucket_versioning.this
[waooo!!@terraform providertest]$ terraform apply -replace=aws_s3_bucket.felixtest
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_s3_bucket.felixtest will be replaced, as requested
-/+ resource "aws_s3_bucket" "felixtest" {
+ acceleration_status = (known after apply)
+ acl = (known after apply)
~ arn = "arn:aws-cn:s3:::felixtftestprovider1" -> (known after apply)
~ bucket_domain_name = "felixtftestprovider1.s3.amazonaws.com.cn" -> (known after apply)
+ bucket_prefix = (known after apply)
~ bucket_regional_domain_name = "felixtftestprovider1.s3.cn-north-1.amazonaws.com.cn" -> (known after apply)
~ hosted_zone_id = "Z5CN8UMXT92WN" -> (known after apply)
~ id = "felixtftestprovider1" -> (known after apply)
+ policy = (known after apply)
~ region = "cn-north-1" -> (known after apply)
~ request_payer = "BucketOwner" -> (known after apply)
- tags = {} -> null
~ tags_all = {} -> (known after apply)
+ website_domain = (known after apply)
+ website_endpoint = (known after apply)
# (3 unchanged attributes hidden)
- grant {
- id = "fb1a0ca5601755fb8c96c5ebb2c49ac0b4ebd732d0bfbd5f55281f3c21ffd5c8" -> null
- permissions = [
- "FULL_CONTROL",
] -> null
- type = "CanonicalUser" -> null
}
- server_side_encryption_configuration {
- rule {
- bucket_key_enabled = false -> null
- apply_server_side_encryption_by_default {
- sse_algorithm = "AES256" -> null
}
}
}
- versioning {
- enabled = true -> null
- mfa_delete = false -> null
}
}
# aws_s3_bucket_versioning.this must be replaced
-/+ resource "aws_s3_bucket_versioning" "this" {
~ bucket = "felixtftestprovider1" # forces replacement -> (known after apply) # forces replacement
~ id = "felixtftestprovider1" -> (known after apply)
~ versioning_configuration {
+ mfa_delete = (known after apply)
# (1 unchanged attribute hidden)
}
}
Plan: 2 to add, 0 to change, 2 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
可以看到输出中的提示:
-/+ destroy and then create replacement
之后能看到日志
aws_s3_bucket_versioning.this: Destroying... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Destruction complete after 0s
aws_s3_bucket.felixtest: Destroying... [id=felixtftestprovider1]
aws_s3_bucket.felixtest: Destruction complete after 1s
aws_s3_bucket.felixtest: Creating...
aws_s3_bucket.felixtest: Creation complete after 0s [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Creating...
aws_s3_bucket_versioning.this: Creation complete after 1s [id=felixtftestprovider1]
Apply complete! Resources: 2 added, 0 changed, 2 destroyed.
-target=ADDRESS 选项,这个选项能够很好的用于只更新部分配置,如果tf文件中有很多内容,如果只想更新其中一个小部分的话,用这个就很方便。tf能够自动判断其依赖
-var 'NAME=VALUE' - 为在配置的根模块中声明的单个输入变量设置值。多次使用此选项可设置多个变量。有关详细信息,请参阅命令行上的输入变量。
-var-file=FILENAME - 使用“tfvars”文件中的定义,为在配置的根模块中声明的可能许多输入变量设置值。多次使用此选项可包含来自多个文件的值。
https://developer.hashicorp.com/terraform/language/values/variables#assigning-values-to-root-module-variables
更多引入变量的内容可以参考上述链接
资源定位相关参考文档:
https://developer.hashicorp.com/terraform/cli/state/resource-addressing
后续单独记录
-compact-warnings - 以仅包含摘要消息的紧凑形式显示任何警告消息,除非警告至少附带一个错误,因此警告文本可能是错误的有用上下文。
-detailed-exitcode - 命令退出时返回详细的退出代码。提供时,此参数将更改退出代码及其含义,以提供有关生成的计划包含的内容的更精细的信息:
- 0 = 成功,但差异为空(无更改)
- 1 = 错误
- 2 = 成功,非空差异(存在更改)
这个有意思了,可以通过返回代码判断资源是否一致!!测试一下:
[waooo!!@terraform providertest]$ terraform plan -detailed-exitcode
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_s3_bucket_versioning.this will be updated in-place
~ resource "aws_s3_bucket_versioning" "this" {
id = "felixtftestprovider1"
# (1 unchanged attribute hidden)
~ versioning_configuration {
~ status = "Enabled" -> "Suspended"
}
}
Plan: 0 to add, 1 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.
[waooo!!@terraform providertest]$ echo $?
2
[waooo!!@terraform providertest]$ terraform plan
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_s3_bucket_versioning.this will be updated in-place
~ resource "aws_s3_bucket_versioning" "this" {
id = "felixtftestprovider1"
# (1 unchanged attribute hidden)
~ versioning_configuration {
~ status = "Enabled" -> "Suspended"
}
}
Plan: 0 to add, 1 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.
[waooo!!@terraform providertest]$ echo $?
0
-generate-config-out 这个参数可以用于导入一个模块,很方便,在引入一个资源的时候, 官方文档通常会给出import block的写法,但是不会给出具体的资源的写法,这时候用plan加这个参数就能生成一个对应模块 很方便,测试如下:
import {
to = aws_s3_bucket.bucket
id = "felixselftest"
}
写一个文件,里边加这句话
[waooo!!@terraform providertest]$ terraform plan -generate-config-out=generated.tf
aws_s3_bucket.bucket: Preparing import... [id=felixselftest]
aws_s3_bucket.bucket: Refreshing state... [id=felixselftest]
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]
Terraform will perform the following actions:
# aws_s3_bucket.bucket will be imported
# (config will be generated)
resource "aws_s3_bucket" "bucket" {
arn = "arn:aws-cn:s3:::felixselftest"
bucket = "felixselftest"
bucket_domain_name = "felixselftest.s3.amazonaws.com.cn"
bucket_regional_domain_name = "felixselftest.s3.cn-north-1.amazonaws.com.cn"
hosted_zone_id = "Z5CN8UMXT92WN"
id = "felixselftest"
object_lock_enabled = false
policy = jsonencode(
{
Id = "S3-Console-Auto-Gen-Policy-1701242805895"
Statement = [
{
Action = "s3:PutObject"
Condition = {
StringEquals = {
"aws:SourceAccount" = "AWS_ACCOUNT_ID"
"aws:SourceArn" = "arn:aws-cn:s3:cn-north-1:AWS_ACCOUNT_ID:storage-lens/test"
"s3:x-amz-acl" = "bucket-owner-full-control"
}
}
Effect = "Allow"
Principal = {
Service = "storage-lens.s3.amazonaws.com"
}
Resource = "arn:aws-cn:s3:::felixselftest/StorageLens/AWS_ACCOUNT_ID/*"
},
]
Version = "2012-10-17"
}
)
region = "cn-north-1"
request_payer = "BucketOwner"
tags = {}
tags_all = {}
grant {
id = "fb1a0ca5601755fb8c96c5ebb2c49ac0b4ebd732d0bfbd5f55281f3c21ffd5c8"
permissions = [
"FULL_CONTROL",
]
type = "CanonicalUser"
}
server_side_encryption_configuration {
rule {
bucket_key_enabled = false
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
versioning {
enabled = false
mfa_delete = false
}
}
Plan: 1 to import, 0 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.
[waooo!!@terraform providertest]$ cat generated.tf
# __generated__ by Terraform
# Please review these resources and move them into your main configuration files.
# __generated__ by Terraform from "felixselftest"
resource "aws_s3_bucket" "bucket" {
bucket = "felixselftest"
bucket_prefix = null
force_destroy = null
object_lock_enabled = false
tags = {}
tags_all = {}
}
[waooo!!@terraform providertest]$ terraform plan
aws_s3_bucket.bucket: Preparing import... [id=felixselftest]
aws_s3_bucket.bucket: Refreshing state... [id=felixselftest]
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]
Terraform will perform the following actions:
# aws_s3_bucket.bucket will be imported
resource "aws_s3_bucket" "bucket" {
arn = "arn:aws-cn:s3:::felixselftest"
bucket = "felixselftest"
bucket_domain_name = "felixselftest.s3.amazonaws.com.cn"
bucket_regional_domain_name = "felixselftest.s3.cn-north-1.amazonaws.com.cn"
hosted_zone_id = "Z5CN8UMXT92WN"
id = "felixselftest"
object_lock_enabled = false
policy = jsonencode(
{
Id = "S3-Console-Auto-Gen-Policy-1701242805895"
Statement = [
{
Action = "s3:PutObject"
Condition = {
StringEquals = {
"aws:SourceAccount" = "AWS_ACCOUNT_ID"
"aws:SourceArn" = "arn:aws-cn:s3:cn-north-1:AWS_ACCOUNT_ID:storage-lens/test"
"s3:x-amz-acl" = "bucket-owner-full-control"
}
}
Effect = "Allow"
Principal = {
Service = "storage-lens.s3.amazonaws.com"
}
Resource = "arn:aws-cn:s3:::felixselftest/StorageLens/AWS_ACCOUNT_ID/*"
},
]
Version = "2012-10-17"
}
)
region = "cn-north-1"
request_payer = "BucketOwner"
tags = {}
tags_all = {}
grant {
id = "fb1a0ca5601755fb8c96c5ebb2c49ac0b4ebd732d0bfbd5f55281f3c21ffd5c8"
permissions = [
"FULL_CONTROL",
]
type = "CanonicalUser"
}
server_side_encryption_configuration {
rule {
bucket_key_enabled = false
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
versioning {
enabled = false
mfa_delete = false
}
}
Plan: 1 to import, 0 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.
[waooo!!@terraform providertest]$ terraform apply
aws_s3_bucket.bucket: Preparing import... [id=felixselftest]
aws_s3_bucket.bucket: Refreshing state... [id=felixselftest]
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]
Terraform will perform the following actions:
# aws_s3_bucket.bucket will be imported
resource "aws_s3_bucket" "bucket" {
arn = "arn:aws-cn:s3:::felixselftest"
bucket = "felixselftest"
bucket_domain_name = "felixselftest.s3.amazonaws.com.cn"
bucket_regional_domain_name = "felixselftest.s3.cn-north-1.amazonaws.com.cn"
hosted_zone_id = "Z5CN8UMXT92WN"
id = "felixselftest"
object_lock_enabled = false
policy = jsonencode(
{
Id = "S3-Console-Auto-Gen-Policy-1701242805895"
Statement = [
{
Action = "s3:PutObject"
Condition = {
StringEquals = {
"aws:SourceAccount" = "AWS_ACCOUNT_ID"
"aws:SourceArn" = "arn:aws-cn:s3:cn-north-1:AWS_ACCOUNT_ID:storage-lens/test"
"s3:x-amz-acl" = "bucket-owner-full-control"
}
}
Effect = "Allow"
Principal = {
Service = "storage-lens.s3.amazonaws.com"
}
Resource = "arn:aws-cn:s3:::felixselftest/StorageLens/AWS_ACCOUNT_ID/*"
},
]
Version = "2012-10-17"
}
)
region = "cn-north-1"
request_payer = "BucketOwner"
tags = {}
tags_all = {}
grant {
id = "fb1a0ca5601755fb8c96c5ebb2c49ac0b4ebd732d0bfbd5f55281f3c21ffd5c8"
permissions = [
"FULL_CONTROL",
]
type = "CanonicalUser"
}
server_side_encryption_configuration {
rule {
bucket_key_enabled = false
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
versioning {
enabled = false
mfa_delete = false
}
}
Plan: 1 to import, 0 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_s3_bucket.bucket: Importing... [id=felixselftest]
aws_s3_bucket.bucket: Import complete [id=felixselftest]
Apply complete! Resources: 1 imported, 0 added, 0 changed, 0 destroyed.
-input=false - 禁用 Terraform 的默认提示输入变量
-lock=false - 在操作过程中不要保持状态锁定。如果其他人可能同时对同一工作区运行命令,则这很危险。
-lock-timeout=DURATION - 除非使用 -lock=false 禁用锁定,否则指示 Terraform 在返回错误之前重试获取锁定一段时间。持续时间语法是一个数字,后跟一个时间单位字母,例如“3s”表示三秒。
-out=FILENAME - 将生成的计划以不透明的文件格式写入给定的文件名,稍后可以传递到 terraform apply 该文件名以执行计划的更改,以及一些其他可用于保存的计划文件的 Terraform 命令。
Terraform 将允许计划文件的任何文件名,但典型的约定是将其 tfplan 命名为 。不要使用 Terraform 识别为其他文件格式的后缀命名文件;如果使用 .tf 后缀,则 Terraform 将尝试将文件解释为配置文件源文件,这将导致后续命令出现语法错误。
apply 命令
当您在不传递已保存的计划文件的情况下运行 terraform apply 时,Terraform 会自动创建一个新的执行计划,就像您已经运行 terraform plan 一样,提示您批准该计划,并执行指示的操作。可以使用所有计划模式和计划选项来自定义 Terraform 创建计划的方式。
可以传递 -auto-approve 选项以指示 Terraform 应用计划,而无需请求确认。
将保存的计划文件传递给 terraform apply 时,Terraform 会在不提示您确认的情况下执行已保存计划中的操作。在自动化中运行 Terraform 时,可能需要使用此两步工作流。
用 terraform show 在应用已保存的计划文件之前对其进行检查。
terraform show tfplan
Plan Options
不用plan得情况下,可以使用 -destroy 和-refresh-only 这两个参数,后者会创建一个更新state文件得plan
apply 选项
-auto-approve - 在申请之前跳过计划的交互式批准。传递以前保存的计划文件时,将忽略此选项,因为 Terraform 会将计划文件视为审批,因此在这种情况下永远不会提示。
-compact-warnings - 以仅包含摘要消息的紧凑形式显示任何警告消息,除非警告至少附带一个错误,因此警告文本可能是错误的有用上下文。
-input=false - 禁用 Terraform 的所有交互式提示。请注意,这也会阻止 Terraform 提示对计划进行交互式批准,因此 Terraform 会保守地假设您不希望应用该计划,从而导致操作失败。
-json - 启用机器可读的 JSON UI 输出。这选项包含着 -input=false ,因此配置必须没有未分配的变量值才能继续。若要启用此标志,还必须启用该 -auto-approve 标志或指定以前保存的计划。
-lock=false - 在操作过程中不要保持状态锁定。如果其他人可能同时对同一工作区运行命令,则这很危险。
-lock-timeout=DURATION - 除非使用 -lock=false 禁用锁定,否则指示 Terraform 在返回错误之前重试获取锁定一段时间。持续时间语法是一个数字,后跟一个时间单位字母,例如“3s”表示三秒。
对于仅使用 local 后端的配置, terraform apply 还接受旧选项 -state 、 -state-out 和 -backup 。
-chdir 全局选项,该选项适用于所有命令,并使 Terraform 在给定目录中一致地查找它通常在当前工作目录中读取或写入的所有文件。
destroy命令
该 terraform destroy 命令是销毁由特定 Terraform 配置管理的所有远程对象的便捷方法。
此命令只是以下命令的方便别名:
terraform apply -destroy
因此,此命令接受大多数 `terraform apply` 接受的选项,尽管它不接受plan参数并强制选择“销毁”计划模式。
您还可以通过运行以下命令创建推测销毁计划,以查看销毁的效果:
terraform plan -destroy