0

这是文档给出的解释:

前缀 -/+ 表示 Terraform 将销毁并重新创建资源,而不是就地更新它。虽然可以就地更新某些属性(以 ~ 前缀显示),但更改 EC2 实例的 AMI 需要重新创建它。Terraform 会为您处理这些细节,执行计划清楚地表明 Terraform 将做什么。

此外,执行计划显示 AMI 更改是需要替换您的资源的原因。使用此信息,您可以调整您的更改,以避免在某些情况下不可接受的更新/创建更新。

这是示例 CLI 输出:

$ terraform apply
aws_instance.example: Refreshing state... [id=i-08e568120498007f8]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # aws_instance.example must be replaced
-/+ resource "aws_instance" "example" {
      ~ ami                          = "ami-830c94e3" -> "ami-08d70e59c07c61a3a" # forces replacement
      ~ arn                          = "arn:aws:ec2:us-west-2:561656980159:instance/i-08e568120498007f8" -> (known after apply)
      ~ associate_public_ip_address  = true -> (known after apply)
      ~ availability_zone            = "us-west-2c" -> (known after apply)
      ~ cpu_core_count               = 1 -> (known after apply)
      ~ cpu_threads_per_core         = 1 -> (known after apply)
      - disable_api_termination      = false -> null
      - ebs_optimized                = false -> null
        get_password_data            = false
      - hibernation                  = false -> null
      + host_id                      = (known after apply)
      ~ id                           = "i-08e568120498007f8" -> (known after apply)
      ~ instance_state               = "running" -> (known after apply)
        instance_type                = "t2.micro"
      ~ ipv6_address_count           = 0 -> (known after apply)
      ~ ipv6_addresses               = [] -> (known after apply)
      + key_name                     = (known after apply)
      - monitoring                   = false -> null
      + outpost_arn                  = (known after apply)
      + password_data                = (known after apply)
      + placement_group              = (known after apply)
      ~ primary_network_interface_id = "eni-055ef36f8a8672b0e" -> (known after apply)
      ~ private_dns                  = "ip-172-31-6-208.us-west-2.compute.internal" -> (known after apply)
      ~ private_ip                   = "172.31.6.208" -> (known after apply)
      ~ public_dns                   = "ec2-34-211-82-197.us-west-2.compute.amazonaws.com" -> (known after apply)
      ~ public_ip                    = "34.211.82.197" -> (known after apply)
      ~ secondary_private_ips        = [] -> (known after apply)
      ~ security_groups              = [
          - "default",
        ] -> (known after apply)
        source_dest_check            = true
      ~ subnet_id                    = "subnet-31855d6c" -> (known after apply)
      - tags                         = {} -> null
      ~ tenancy                      = "default" -> (known after apply)
      ~ volume_tags                  = {} -> (known after apply)
      ~ vpc_security_group_ids       = [
          - "sg-0edc8a5a",
        ] -> (known after apply)

      - credit_specification {
          - cpu_credits = "standard" -> null
        }

      + ebs_block_device {
          + delete_on_termination = (known after apply)
          + device_name           = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + snapshot_id           = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = (known after apply)
          + volume_type           = (known after apply)
        }

      + ephemeral_block_device {
          + device_name  = (known after apply)
          + no_device    = (known after apply)
          + virtual_name = (known after apply)
        }

      ~ metadata_options {
          ~ http_endpoint               = "enabled" -> (known after apply)
          ~ http_put_response_hop_limit = 1 -> (known after apply)
          ~ http_tokens                 = "optional" -> (known after apply)
        }

      + network_interface {
          + delete_on_termination = (known after apply)
          + device_index          = (known after apply)
          + network_interface_id  = (known after apply)
        }

      ~ root_block_device {
          ~ delete_on_termination = true -> (known after apply)
          ~ device_name           = "/dev/sda1" -> (known after apply)
          ~ encrypted             = false -> (known after apply)
          ~ iops                  = 0 -> (known after apply)
          + kms_key_id            = (known after apply)
          ~ volume_id             = "vol-0e8a0961912e2ab59" -> (known after apply)
          ~ volume_size           = 8 -> (known after apply)
          ~ volume_type           = "standard" -> (known after apply)
        }
    }

Plan: 1 to add, 0 to change, 1 to destroy.

我理解-/+之前的前缀resource "aws_instance"——这意味着实例将被终止并使用 AMI 重新创建。

我不明白的是它下面的逐项列表中的~-和之间的区别。+例如,在上面的代码片段中,安全组~前面有 a 而特定安全组名称前面default有a 似乎是任意的-

这并不妨碍我完成某些事情,我只是对那些语法决定感到好奇,这样我也许可以对 Terraform 有更深入的了解。

4

1 回答 1

0

TerraForm 符号

    + create
    - destroy
    -/+ replace (destroy and then create, or vice-versa if create-before-destroy is used)
    ~ update in-place
    <= read

最后一个仅适用于数据资源。你不会经常看到这个。

查看此讨论:https ://github.com/hashicorp/terraform/issues/14379

注意:TerraForm 总是告诉你在 terraform plan 中呈现的符号含义,如下所示:

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
于 2020-10-27T16:38:27.250 回答