0

我正在尝试使用远程后端在 GCP 上创建新资源在执行 terraform init plan -out=tfplan 然后 terraform apply tfplan 我收到以下错误:

Error: Inconsistent dependency lock file
│ 
│ The following dependency selections recorded in the lock file are
│ inconsistent with the configuration in the saved plan:
│ Terraform 0.13 and earlier allowed provider version constraints inside the
│ provider configuration block, but that is now deprecated and will be
│ removed in a future version of Terraform. To silence this warning, move the
│ provider version constraint into the required_providers block.
│ 
│ (and 22 more similar warnings elsewhere)
╵
│   - provider registry.terraform.io/hashicorp/aws: required by this configuration but no version is selected
│   - provider registry.terraform.io/hashicorp/external: required by this configuration but no version is selected
│   - provider registry.terraform.io/hashicorp/google-beta: required by this configuration but no version is selected
│   - provider registry.terraform.io/hashicorp/google: required by this configuration but no version is selected
│   - provider registry.terraform.io/hashicorp/local: required by this configuration but no version is selected
│   - provider registry.terraform.io/hashicorp/null: required by this configuration but no version is selected
│   - provider registry.terraform.io/hashicorp/random: required by this configuration but no version is selected
│ 
│ A saved plan can be applied only to the same configuration it was created
│ from. Create a new plan from the updated configuration.
╵
╷
│ Error: Inconsistent dependency lock file
│ 
│ The given plan file was created with a different set of external dependency
│ selections than the current configuration. A saved plan can be applied only
│ to the same configuration it was created from.
│ 
│ Create a new plan from the updated configuration.

另一方面,当我执行 terraform init plan 并应用 -auto-approve 时,它​​的工作没有问题

4

1 回答 1

2

的一部分工作terraform init是将所有必需的提供程序安装到一个临时目录.terraform/providers中,以便其他 Terraform 命令可以运行它们。对于全新的提供者,它还会更新依赖锁文件以记录它选择了哪些版本,以便未来terraform init可以保证做出相同的决定。

如果您在与运行terraform apply tfplan位置不同的目录中运行terraform plan -out=tfplan,则所需提供程序插件的本地缓存将不可用,因此应用程序将失败。

除此之外,似乎在terraform init创建计划之前运行时,Terraform 必须安装一些以前未记录在依赖锁文件中的新提供程序,因此它更新了依赖锁文件。但是,当您terraform apply tfplan稍后运行时,对锁定文件的这些更改不可见,因此 Terraform 报告当前锁定与创建计划的内容不一致。

在自动化指南中运行 Terraform有一个计划并在不同机器上应用部分,其中讨论了当您尝试在创建计划的地方以外的地方应用时会出现的一些特殊问题。但是,我将根据此错误消息尝试总结与您的情况最相关的部分。

首先,应在您的版本控制系统中记录最新的依赖锁定文件,以便您的自动化仅重新安装先前选择的提供程序,而不会进行全新的提供程序选择。这将确保您的所有运行都使用相同的提供程序版本,并且升级将始终在您的控制之下进行。

-lockfile=readonly您可以通过添加选项来使您的自动化检测这种情况,terraform init如果需要更改依赖关系锁定文件以执行其工作,这会使该命令失败:

terraform init -lockfile=readonly

如果您发现自动化失败,那么适当的修复方法是在您的开发环境中运行terraform init -lockfile=readonly然后将更新的锁定文件检查到您的版本控制系统中。

如果您无法在开发环境中初始化远程后端,则可以跳过该步骤,但仍通过添加来安装所需的提供程序-backend=false,如下所示:

terraform init -backend=false

在应用步骤之前重新安装相同的提供程序是问题的另一部分。

我在上面链接的指南建议通过在计划为工件之后归档整个工作目录然后在应用步骤中以相同路径重新提取它来实现这一点。这是最彻底的解决方案,特别是 Terraform Cloud 所做的事情是为了确保在计划期间在磁盘上创建的任何其他文件(例如使用archive_file来自提供程序的数据源hashicorp/archive)将在应用阶段继续存在。

但是,如果您知道您的配置本身在规划期间不会修改文件系统(这是一个最佳实践,如果可能的话),那么在运行terraform init -lockfile=readonly之前重新运行也是有效的terraform apply tfplan,因此将重新安装先前选择的提供程序,以及terraform init通常所做的所有其他工作目录初始化工作。

作为最后一点,与其余部分相切,Terraform 似乎也在打印关于不推荐使用的语言功能的警告,并且在您的系统上,警告输出与错误输出交错,使第一条消息令人困惑,因为它包含一个段落从里面的警告。

我相信预期的错误消息文本,没有来自警告的错误额外内容,如下所示:

Error: Inconsistent dependency lock file
│ 
│ The following dependency selections recorded in the lock file are
│ inconsistent with the configuration in the saved plan:
│   - provider registry.terraform.io/hashicorp/aws: required by this configuration but no version is selected
│   - provider registry.terraform.io/hashicorp/external: required by this configuration but no version is selected
│   - provider registry.terraform.io/hashicorp/google-beta: required by this configuration but no version is selected
│   - provider registry.terraform.io/hashicorp/google: required by this configuration but no version is selected
│   - provider registry.terraform.io/hashicorp/local: required by this configuration but no version is selected
│   - provider registry.terraform.io/hashicorp/null: required by this configuration but no version is selected
│   - provider registry.terraform.io/hashicorp/random: required by this configuration but no version is selected
│ 
│ A saved plan can be applied only to the same configuration it was created
│ from. Create a new plan from the updated configuration.
╵
于 2022-01-31T18:22:39.517 回答