Terraform Detecting Drift
One of the core challenges of infrastructure as code is keeping an up-to-date record of all deployed infrastructure and their properties. Terraform manages this by maintaining state information in a single file, called the state file.
Terraform uses declarative configuration files to define the infrastructure resources to provision. This configuration serves as the target source of truth for what exists on the backend API. Changes to Infrastructure outside of Terraform will be detected as deviation by Terraform and shown as a diff in future runs of terraform plan
. This type of change is referred to as "drift", and its detection is an important responsibility of Terraform in order to inform users of changes in their infrastructure. Here are a few techniques for developers to ensure drift is detected.
»Capture all state in READ
A provider's READ
method is where state is synchronized from the remote API to Terraform state. It's essential that all attributes defined in the schema are recorded and kept up-to-date in state. Consider this provider code:
// resource_example_simple.gopackageexamplefuncresourceExampleSimple()*schema.Resource{return&schema.Resource{Read:resourceExampleSimpleRead,Create:resourceExampleSimpleCreate,Schema:map[string]*schema.Schema{"name":{Type:schema.TypeString,Required:true,ForceNew:true,},"type":{Type:schema.TypeString,Optional:true,},},}}funcresourceExampleSimpleRead(d*schema.ResourceData,metainterface{})error{client:=meta.(*ProviderApi).clientresource,_:=client.GetResource(d.Id())d.Set("name",resource.Name)d.Set("type",resource.Type)returnnil}
As defined in the schema, the type
attribute is optional, now consider this config:
# config.tf
resource "simple" "ex" {
name = "example"
}
Even though type
is omitted from the config, it is vital that we record it into state in the READ
function, as the backend API could set it to a default value. To illustrate the importance of capturing all state consider a configuration that interpolates the optional value into another resource:
resource "simple" "ex" {
name = "example"
}
resource "another" "ex" {
name = "${simple.ex.type}"
}
»Update state after modification
A provider's CREATE
and UPDATE
functions will create or modify resources on the remote API. APIs might perform things like provide default values for unspecified attributes (as described in the above example config/provider code), or normalize inputs (lower or upper casing all characters in a string). The end result is a backend API containing modified versions of values that Terraform has in its state locally. Immediately after creation or updating of a resource, Terraform will have a stale state, which will result in a detected deviation on subsequent plan
or apply
s, as Terraform refreshes its state and wants to reconcile the diff. Because of this, it is standard practice to call READ
at the end of all modifications to synchronize immediately and avoid that diff.
funcresourceExampleSimpleRead(d*schema.ResourceData,metainterface{})error{client:=meta.(*ProviderApi).clientresource,_:=client.GetResource(d.Id())d.Set("name",resource.Name)d.Set("type",resource.Type)returnnil}funcresourceExampleSimpleCreate(d*schema.ResourceData,metainterface{})error{client:=meta.(*ProviderApi).clientname:=d.Get("name").(string)client.CreateResource(name)d.SetId(name)returnresourceExampleSimpleRead(d,meta)}
»Error checking aggregate types
Terraform schema is defined using primitive types and aggregate types. The preceding examples featured primitive types which don't require error checking. Aggregate types on the other hand, schema.TypeList
, schema.TypeSet
, and schema.TypeMap
, are converted to key/value pairs when set into state. As a result the Set
method must be error checked, otherwise Terraform will think it's operation was successful despite having broken state. The same can be said for error checking API responses.
# config.tf
resource "simple" "ex" {
name = "example"
type = "simple"
tags = {
name = "example"
}
}
// resource_example_simple.gopackageexamplefuncresourceExampleSimple()*schema.Resource{return&schema.Resource{Read:resourceExampleSimpleRead,Create:resourceExampleSimpleCreate,Schema:map[string]*schema.Schema{"name":{Type:schema.TypeString,Required:true,ForceNew:true,},"type":{Type:schema.TypeString,Optional:true,},"tags":{Type:schema.TypeMap,Optional:true,},},}}funcresourceExampleSimpleRead(d*schema.ResourceData,metainterface{})error{client:=meta.(*ProviderApi).clientresource,err:=client.GetResource(d.Id())iferr!=nil{returnfmt.Errorf("error getting resource %s: %s",d.Id(),err)}d.Set("name",resource.Name)d.Set("type",resource.Type)iferr:=d.Set("tags",resource.TagMap);err!=nil{returnfmt.Errorf("error setting tags for resource %s: %s",d.Id(),err)}returnnil}
»Use Schema Helper methods
As mentioned, remote APIs can often perform mutations to the attributes of a resource outside of Terraform's control. Common examples include data containing uppercase letters and being normalized to lowercase, or complex defaults being set for unset attributes. These situations expectedly result in drift, but can be reconciled by using Terraform's schema functions, such as DiffSuppressFunc
or DefaultFunc
Terraform Detecting Drift的更多相关文章
- terraform plugin 版本以及changlog 规范
文章来自官方文章,转自:https://www.terraform.io/docs/extend/best-practices/versioning.html 里面包含了版本命名的规范,以及chang ...
- 论文阅读(Xiang Bai——【CVPR2012】Detecting Texts of Arbitrary Orientations in Natural Images)
Xiang Bai--[CVPR2012]Detecting Texts of Arbitrary Orientations in Natural Images 目录 作者和相关链接 方法概括 方法细 ...
- **stack smashing detecting**
stack smashing aborted 堆 猛烈撞击 流失 我在使用数据时写了 tmp_row = row + pos[num1][[0]; tmp_col = col + pos[num1][ ...
- 论文阅读之 DECOLOR: Moving Object Detection by Detecting Contiguous Outliers in the Low-Rank Representation
DECOLOR: Moving Object Detection by Detecting Contiguous Outliers in the Low-Rank Representation Xia ...
- Detecting diabetic retinopathy in eye images
Detecting diabetic retinopathy in eye images The past almost four months I have been competing in a ...
- 1.6.7 Detecting Languages During Indexing
1. Detecting Languages During Indexing 在索引的时候,solr可以使用langid UpdateRequestProcessor来识别语言,然后映射文本到特定语言 ...
- 如何使用 Docker、ECS、Terraform 重建基础架构?
早期 Segment 基础架构普遍组合在一起.我们通过 AWS 界面设定实例,使用许多闲散的 AMI,并且采用三种不同的部署方式. 然而随着商业的飞速发展,工程师团队的规模不断扩大,基础架构的复杂度也 ...
- 关于terraform的状态管理
我们想在aws创建3台主机,使用ansible和terraform都是可以实现的. 用ansible可能是这样子的: - ec2: count: 10 image: ami-40d281120 ins ...
- ansible+packer+terraform在aws上布署web服务器
各工具所扮演的角色 ansible: 配合packer生成安装有apache的基础镜像 packer: 生成amazon AMI terraform: 以packer生成的镜像为基础,布署web服务器 ...
随机推荐
- mysql数据库存储引擎及区别
MySQL有多种存储引擎,每种存储引擎有各自的优缺点,可以择优选择使用:MyISAM.InnoDB.MERGE.MEMORY(HEAP).BDB(BerkeleyDB).EXAMPLE.FEDERAT ...
- 升级pip10.0.0后出现ModuleNotFoundError: No module named 'pip'的问题
pip10升级后各种pip install出错----- Traceback (most recent call last): File "/usr/local/bin/pip", ...
- VSTO:使用C#开发Excel、Word【7】
第2章Office解决方案介绍 Office解决方案的三种基本模式现在,您了解Office对象模型的基本模式,本章将介绍开发人员如何模拟和构建其Offi ...
- LeetCode 151 翻转字符串里的单词
题目: 给定一个字符串,逐个翻转字符串中的每个单词. 示例 1: 输入: "the sky is blue" 输出: "blue is sky the" 示例 ...
- [PyImageSearch] Ubuntu16.04 使用深度学习和OpenCV实现物体检测
上一篇博文中讲到如何用OpenCV实现物体分类,但是接下来这篇博文将会告诉你图片中物体的位置具体在哪里. 我们将会知道如何使用OpenCV‘s的dnn模块去加载一个预训练的物体检测网络,它能使得我们将 ...
- how to istall virtualbox on centos
https://tecadmin.net/install-oracle-virtualbox-on-centos-redhat-and-fedora/
- js replace
<script type="text/javascript">// replace() 方法执行查找并替换操作,有两个参数,第一个是查找的正则表达式,第二个是callb ...
- zabbix 监控java通用
监控工具 jstat jstack http://www.blogjava.net/jjshcc/archive/2014/03/05/410655.html https://www.cnblogs. ...
- 通过日志关键字检测判断obb程序是否工作正常
C118+Osmocom-bb 多机 gsm sniff环境,经常发生工作一段时间后,某个手机监听的arfcn就不工作了. 检查日志发现,日志最后有连续的多条:TOA AVG is not 16 qb ...
- winform 使用线程
我这里写一个线程里创建一个窗体调用父窗体的方法 private void button4_Click(object sender, EventArgs e) { button4.Text = &quo ...