对象在 Terraform 之外发生了更改,随后的“terraform apply”删除了资源,而脚本中没有任何更改

【问题标题】:Objects have changed outside of Terraform and subsequent "terraform apply" deletes resources without any changes in the scripts对象在 Terraform 之外发生了更改,随后的“terraform apply”删除了资源,而脚本中没有任何更改
【发布时间】:2021-11-15 09:36:24
【问题描述】:

这里是脚本。

  1. 第一次“应用”时,行为符合预期。
  2. 在第二次“应用”时,我得到“对象已在 Terraform 之外更改”,即使没有手动更改资源。
  3. 另外,在第二次“应用”时,子网会被删除。

---模块---

data "azurerm_resource_group" "rg" {
  name     = var.resource_group_name
}

resource "azurerm_virtual_network" "vnet" {
  name                = var.vnet_name
  resource_group_name = data.azurerm_resource_group.rg.name
  location            = data.azurerm_resource_group.rg.location
  address_space       = var.vnet_address_space
  dns_servers         = var.dns_servers
  subnet              = []
}

resource "azurerm_subnet" "subnet" {
  name                 = var.subnet_name
  resource_group_name  = var.resource_group_name
  virtual_network_name = var.vnet_name
  address_prefixes     = var.subnet_address_space
  enforce_private_link_endpoint_network_policies = var.enforce_private_link_endpoint_network_policies
}

module "vnet_gateway_dev" {
    source = "./../../az_modules/vnet"
    
    vnet_name                           = var.vnet_name
    resource_group_name                 = data.azurerm_resource_group.rg.name
    vnet_address_space                  = var.vnet_address_space
    dns_servers                         = var.dns_servers
    depends_on                          = [data.azurerm_resource_group.rg]    
}

module "subnet" {
  source = "./../../az_modules/subnet"
  for_each = {for subnet in var.subnet_config: subnet.subnet_name => subnet}

  resource_group_name  = data.azurerm_resource_group.rg.name
  vnet_name            = each.value.vnet_name
  subnet_name          = each.value.subnet_name
  subnet_address_space = each.value.subnet_adress_space
  enforce_private_link_endpoint_network_policies = each.value.enforce_private_link_endpoint_network_policies
  depends_on = [module.vnet_gateway_dev]
}

---输入文件---

resource_group_name="RG-01"
vnet_name = "VNET-DEV-01"
vnet_address_space = ["10.104.0.0/22"]
nsg_location="germanywestcentral"
dns_servers = []
subnet_config = [
  {
    vnet_name = "VNET-DEV-01"
    subnet_name = "snet-01"
    subnet_adress_space = ["10.104.0.0/28"]
    enforce_private_link_endpoint_network_policies = null
    nsg_rules = []
  }

---这是地形计划---

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the


  # module.subnet["snet-01"].azurerm_subnet.subnet has been changed
  ~ resource "azurerm_subnet" "subnet" {
        id                                             = "/subscriptions/1111111111111111/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01/subnets/snet-01"
        name                                           = "snet-01"
      + service_endpoint_policy_ids                    = []
      + service_endpoints                              = []
        # (6 unchanged attributes hidden)
    }
  # module.vnet_gateway_dev.azurerm_virtual_network.vnet has been changed
  ~ resource "azurerm_virtual_network" "vnet" {
        id                    = "/subscriptions/1111111111111111/resourceGroups/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01"
        name                  = "VNET-DEV-01"
      ~ subnet                = [
          + {
              + address_prefix = "10.104.0.0/28"
              + id             = "/subscriptions/1111111111111111/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01/subnets/snet-01"
              + name           = "snet-01"
              + security_group = ""
            }
}


------------

Terraform will perform the following actions:

  # module.vnet_gateway_dev.azurerm_virtual_network.vnet will be updated in-place
  ~ resource "azurerm_virtual_network" "vnet" {
        id                    = "/subscriptions/1111111111111111/resourceGroups/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01"
        name                  = "VNET-DEV-01"
      ~ subnet                = [
          - {
              - address_prefix = "10.104.0.0/28"
              - id             = "/subscriptions/1111111111111111/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01/subnets/snet-01"
              - name           = "snet-01"
              - security_group = ""
            },
        ]
    }

【问题讨论】:

  • 你能显示计划输出吗?究竟是什么原因导致更换?
  • @Marcin 我已经添加了计划。我不确定是什么导致删除。控制台中没有手动更改。

标签: azure terraform terraform-provider-azure


【解决方案1】:

我认为发生这种情况是因为您使用以下方法删除了这些子网

 subnet              = []

TF 文档write:

目前,您不能使用带有内联子网的虚拟网络以及任何子网资源。这样做会导致子网配置冲突,并会覆盖子网。

因此,您必须决定是要在 azurerm_virtual_network 中使用 subnet,还是使用单独的资源 azurerm_subnet。您不能同时混合两者。

【讨论】:

  • @Morariu 没问题。很高兴我能帮上忙。
猜你喜欢
  • 2021-07-29
  • 1970-01-01
  • 2021-10-21
  • 2020-01-24
  • 2021-11-16
  • 2022-11-08
  • 1970-01-01
  • 1970-01-01
  • 2022-10-19
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode