Terraform-使用相同的 tf 文件进行多次部署?

Terraform-使用相同的 tf 文件进行多次部署?
resource "aws_instance" "win-example" {
  ami = "${lookup(var.WIN_AMIS, var.AWS_REGION)}"
  instance_type = "t2.medium"
 count="${var.count}"
  vpc_security_group_ids = ["${var.security_group_id}"]
  key_name = "${aws_key_pair.mykey.key_name}"
  user_data = <<EOF
<powershell>
net user ${var.username} '${var.password}' /add /y
net localgroup administrators ${var.username} /add

winrm quickconfig -q
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'

netsh advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
netsh advfirewall firewall add rule name="WinRM 5986" protocol=TCP dir=in localport=5986 action=allow

net stop winrm
sc.exe config winrm start=auto
net start winrm
</powershell>
EOF

  provisioner "file" {
    source = "test.txt"
    destination = "C:/test.txt"
  }
  connection {
    type = "winrm"
    timeout = "10m"
    user = "${var.username}"
    password = "${var.password}"
  }

tags {
Name="${format("${var.username}-%01d",count.index+1)}"
}

}

如果我多次运行上述代码 - 为 var.username 指定其他值,则实例会被重新创建,是否可以多次使用相同的 tf 文件来创建具有不同用户名的新机器?

答案1

数数

使用一个包含不同用户名和与之对应的密码的数组。

但是不要把 secrets.tfvars 放在 scm 中,

我们不建议将用户名和密码保存到版本控制中,但您可以创建本地秘密变量文件并使用-var-file 加载它。

您可以在单个命令中使用多个 -var-file 参数,其中一些已签入版本控制,而其他则未签入。例如:

$ terraform apply \
  -var-file="secret.tfvars" \

在 secrets.tfvars 中

instance_count = 3
usernames = ["jeff","jason","jake"]
passwords = ["jeff_password","jason_password","jake_password"]

然后在资源中

resource "aws_instance" "win-example" {
  ami = "${lookup(var.WIN_AMIS, var.AWS_REGION)}"
  instance_type = "t2.medium"
 count="${var.count}"
  vpc_security_group_ids = ["${var.security_group_id}"]
  key_name = "${aws_key_pair.mykey.key_name}"
  user_data = <<EOF
<powershell>
net user ${var.usernames[count.index]} '${var.passwords[count.index]}' /add /y
net localgroup administrators ${var.usernames[count.index]} /add

winrm quickconfig -q
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'

netsh advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
netsh advfirewall firewall add rule name="WinRM 5986" protocol=TCP dir=in localport=5986 action=allow

net stop winrm
sc.exe config winrm start=auto
net start winrm
</powershell>
EOF

  provisioner "file" {
    source = "test.txt"
    destination = "C:/test.txt"
  }
  connection {
    type = "winrm"
    timeout = "10m"
    user = "${var.usernames[count.index]}"
    password = "${var.passwords[count.index]}"
  }

tags {
Name="${format("${var.username}-%01d",count.index+1)}"
}

}

答案2

原来我必须为每个用户创建子文件夹(./terraform/user1,./terraform/user2....),将所有 tf​​ 文件复制到这些文件夹,为每个用户创建新的安全组,并且只有机器停止重新创建,为每个用户创建新的机器而不会破坏前一个机器

#!/bin/python
import json
import os.path
import shutil
from os import mkdir
from pprint import pprint
from python_terraform import *


json_data=open('./my.json')
data = json.load(json_data)

json_data.close()



def myfunc():

  tf = Terraform(working_dir=final_path, variables={'count':count,'INSTANCE_USERNAME':user})
  tf.plan(no_color=IsFlagged, refresh=True, capture_output=False)
  approve = {"auto-approve": True}
  print(tf.init(reconfigure=True))
  print(tf.plan())
  print(tf.apply(**approve))
  return







for i in range (0, len (data['customers'])):
    #print data['customers'][i]['email']
    k=data['customers'][i]['email']
    #print(k.split('@')[0])
    user=k.split('@')[0]
    #print(user)
    count=data['customers'][i]['instances']
    #print(count)
    #enter = int(input('Enter number of instances: '))
    start_path="/home/ja/terraform-course/demo-2b/"
    final_path=os.path.join(start_path,user)
    if not os.path.exists(final_path):
       os.makedirs(final_path)
    shutil.copy2('./vars.tf', final_path)
    shutil.copy2('./sg.tf', final_path)
    shutil.copy2('./windows.tf', final_path)
    shutil.copy2('./provider.tf', final_path)
    shutil.copy2('./test.txt', final_path)
    final=os.path.join(final_path,'sg.tf')
    final1=os.path.join(final_path,'windows.tf')
    with open(final, 'r') as file :
      filedata = file.read()
    filedata = filedata.replace('allow-all', user)
    with open(final, 'w') as file:
      file.write(filedata)
    with open(final1, 'r') as file :
      filedata = file.read()
    filedata = filedata.replace('allow-all', user)
    with open(final1, 'w') as file:
      file.write(filedata)
    myfunc()

相关内容