Terraform Detecting Drift
One of the core challenges of infrastructure as code is keeping an up-to-date record of all deployed infrastructure and their properties. Terraform manages this by maintaining state information in a single file, called the state file.
Terraform uses declarative configuration files to define the infrastructure resources to provision. This configuration serves as the target source of truth for what exists on the backend API. Changes to Infrastructure outside of Terraform will be detected as deviation by Terraform and shown as a diff in future runs of terraform plan
. This type of change is referred to as "drift", and its detection is an important responsibility of Terraform in order to inform users of changes in their infrastructure. Here are a few techniques for developers to ensure drift is detected.
»Capture all state in READ
A provider's READ
method is where state is synchronized from the remote API to Terraform state. It's essential that all attributes defined in the schema are recorded and kept up-to-date in state. Consider this provider code:
// resource_example_simple.gopackageexamplefuncresourceExampleSimple()*schema.Resource{return&schema.Resource{Read:resourceExampleSimpleRead,Create:resourceExampleSimpleCreate,Schema:map[string]*schema.Schema{"name":{Type:schema.TypeString,Required:true,ForceNew:true,},"type":{Type:schema.TypeString,Optional:true,},},}}funcresourceExampleSimpleRead(d*schema.ResourceData,metainterface{})error{client:=meta.(*ProviderApi).clientresource,_:=client.GetResource(d.Id())d.Set("name",resource.Name)d.Set("type",resource.Type)returnnil}
As defined in the schema, the type
attribute is optional, now consider this config:
# config.tf
resource "simple" "ex" {
name = "example"
}
Even though type
is omitted from the config, it is vital that we record it into state in the READ
function, as the backend API could set it to a default value. To illustrate the importance of capturing all state consider a configuration that interpolates the optional value into another resource:
resource "simple" "ex" {
name = "example"
}
resource "another" "ex" {
name = "${simple.ex.type}"
}
»Update state after modification
A provider's CREATE
and UPDATE
functions will create or modify resources on the remote API. APIs might perform things like provide default values for unspecified attributes (as described in the above example config/provider code), or normalize inputs (lower or upper casing all characters in a string). The end result is a backend API containing modified versions of values that Terraform has in its state locally. Immediately after creation or updating of a resource, Terraform will have a stale state, which will result in a detected deviation on subsequent plan
or apply
s, as Terraform refreshes its state and wants to reconcile the diff. Because of this, it is standard practice to call READ
at the end of all modifications to synchronize immediately and avoid that diff.
funcresourceExampleSimpleRead(d*schema.ResourceData,metainterface{})error{client:=meta.(*ProviderApi).clientresource,_:=client.GetResource(d.Id())d.Set("name",resource.Name)d.Set("type",resource.Type)returnnil}funcresourceExampleSimpleCreate(d*schema.ResourceData,metainterface{})error{client:=meta.(*ProviderApi).clientname:=d.Get("name").(string)client.CreateResource(name)d.SetId(name)returnresourceExampleSimpleRead(d,meta)}
»Error checking aggregate types
Terraform schema is defined using primitive types and aggregate types. The preceding examples featured primitive types which don't require error checking. Aggregate types on the other hand, schema.TypeList
, schema.TypeSet
, and schema.TypeMap
, are converted to key/value pairs when set into state. As a result the Set
method must be error checked, otherwise Terraform will think it's operation was successful despite having broken state. The same can be said for error checking API responses.
# config.tf
resource "simple" "ex" {
name = "example"
type = "simple"
tags = {
name = "example"
}
}
// resource_example_simple.gopackageexamplefuncresourceExampleSimple()*schema.Resource{return&schema.Resource{Read:resourceExampleSimpleRead,Create:resourceExampleSimpleCreate,Schema:map[string]*schema.Schema{"name":{Type:schema.TypeString,Required:true,ForceNew:true,},"type":{Type:schema.TypeString,Optional:true,},"tags":{Type:schema.TypeMap,Optional:true,},},}}funcresourceExampleSimpleRead(d*schema.ResourceData,metainterface{})error{client:=meta.(*ProviderApi).clientresource,err:=client.GetResource(d.Id())iferr!=nil{returnfmt.Errorf("error getting resource %s: %s",d.Id(),err)}d.Set("name",resource.Name)d.Set("type",resource.Type)iferr:=d.Set("tags",resource.TagMap);err!=nil{returnfmt.Errorf("error setting tags for resource %s: %s",d.Id(),err)}returnnil}
»Use Schema Helper methods
As mentioned, remote APIs can often perform mutations to the attributes of a resource outside of Terraform's control. Common examples include data containing uppercase letters and being normalized to lowercase, or complex defaults being set for unset attributes. These situations expectedly result in drift, but can be reconciled by using Terraform's schema functions, such as DiffSuppressFunc
or DefaultFunc
Terraform Detecting Drift的更多相关文章
- terraform plugin 版本以及changlog 规范
文章来自官方文章,转自:https://www.terraform.io/docs/extend/best-practices/versioning.html 里面包含了版本命名的规范,以及chang ...
- 论文阅读(Xiang Bai——【CVPR2012】Detecting Texts of Arbitrary Orientations in Natural Images)
Xiang Bai--[CVPR2012]Detecting Texts of Arbitrary Orientations in Natural Images 目录 作者和相关链接 方法概括 方法细 ...
- **stack smashing detecting**
stack smashing aborted 堆 猛烈撞击 流失 我在使用数据时写了 tmp_row = row + pos[num1][[0]; tmp_col = col + pos[num1][ ...
- 论文阅读之 DECOLOR: Moving Object Detection by Detecting Contiguous Outliers in the Low-Rank Representation
DECOLOR: Moving Object Detection by Detecting Contiguous Outliers in the Low-Rank Representation Xia ...
- Detecting diabetic retinopathy in eye images
Detecting diabetic retinopathy in eye images The past almost four months I have been competing in a ...
- 1.6.7 Detecting Languages During Indexing
1. Detecting Languages During Indexing 在索引的时候,solr可以使用langid UpdateRequestProcessor来识别语言,然后映射文本到特定语言 ...
- 如何使用 Docker、ECS、Terraform 重建基础架构?
早期 Segment 基础架构普遍组合在一起.我们通过 AWS 界面设定实例,使用许多闲散的 AMI,并且采用三种不同的部署方式. 然而随着商业的飞速发展,工程师团队的规模不断扩大,基础架构的复杂度也 ...
- 关于terraform的状态管理
我们想在aws创建3台主机,使用ansible和terraform都是可以实现的. 用ansible可能是这样子的: - ec2: count: 10 image: ami-40d281120 ins ...
- ansible+packer+terraform在aws上布署web服务器
各工具所扮演的角色 ansible: 配合packer生成安装有apache的基础镜像 packer: 生成amazon AMI terraform: 以packer生成的镜像为基础,布署web服务器 ...
随机推荐
- js批量上传文件
html代码: <input type="file" id='upload' name="upload" multiple="multiple& ...
- zabbix安装部署(server部分)
Linux下常用的系统监控软件有Nagios.Cacti.Zabbix.Monit等,这些开源的软件,可以帮助我们更好的管理机器,在第一时间内发现,并警告系统维护人员. 今天开始研究下Zabbix,使 ...
- FFT理解
*连续时间-周期性信号频谱 clc;clear;close all N = input('N= '); T = 0.05; n = 1:N; %原始数据输入 D = 2*pi/(N*T); %计算分 ...
- Oracle 用户 表 表空间之间的关系和管理
文献地址: https://blog.csdn.net/jmilk/article/details/51599260 https://www.cnblogs.com/roger112/p/768530 ...
- elasticsearch内存优化设置
1.禁用交换分区 最简单的选项是完全禁用交换,通常elasticsearch是在框上运行的唯一服务,内存由ES_HEAP_SIZE环境变量控制,设有必要启用交换分区 linux:swapoff -a ...
- Could not open JDBC Connection for transaction
Could not open JDBC Connection for transaction; nested exception is java.sql.SQLTransientConnectionE ...
- JAVA 线程Join
join方法: 当某个线程要等待另一个线程执行结束后才能继续执行时,使用join方法. public class DinnerThread { public static void main(Stri ...
- HDU 6090 17多校5 Rikka with Graph(思维简单题)
Problem Description As we know, Rikka is poor at math. Yuta is worrying about this situation, so he ...
- python 基础 内置函数 和lambda表达式
1.把任意数值转化为字符串有两种方法. (1)str()用于将数值转化为易于人读的形式.print(str("我是中国人"))>>>我是中国人 (2)repr() ...
- ubuntu ssh 与 Samba安装
ssh 安装:sudo apt-get install openssh-server 确认sshserver是否启动:ps -aux | grep ssh(/etc/init.d/ssh start, ...