Terraform – Provisioner [远端或本地执行器]
官方文档:https://developer.hashicorp.com/terraform/language/resources/provisioners/syntax
Provisioner 的基本概念
Provisioner 是 Terraform 用来在资源创建或销毁时执行额外操作的一种机制。它可以在资源创建成功后(或销毁前)执行脚本或命令,用于:
- 初始化系统:例如安装软件、配置系统参数或上传文件;
- 后续处理:例如在销毁资源前进行数据备份或清理操作。
file
用于将本地文件复制到目标机器
local-exec
当terraform创建了EC2之后把vm的ip写入本地机的txt文件内
remote-exec
当terraform创建了EC2之后在vm当中安装软件,必须nginx等等
使用案例
使用terraform获取最新版本的AMI,然后创建一台获取EC2。接着使用ssh登入EC2安装nginx,最后再把EC2的public ip写入txt文档内。
# 配置 AWS 提供商,指定区域为亚太地区 (ap-southeast-5)
provider "aws" {
region = "ap-southeast-5"
}
# 获取最新版本的 Amazon Linux 2023 AMI
# 使用 data 数据源查询最新版本的 Amazon Linux AMI,其中:
# - most_recent = true 表示获取最新的镜像
# - owners 指定镜像拥有者为 Amazon
# - 第一个 filter 根据架构筛选为 x86_64
# - 第二个 filter 根据镜像名称筛选符合 "al2023-ami-2023*" 模式的镜像
data "aws_ami" "latest_amazon_linux" {
most_recent = true
owners = ["amazon"]
filter {
name = "architecture"
values = ["x86_64"]
}
filter {
name = "name" // 找出最新版本的 Amazon Linux 2023 AMI
values = ["al2023-ami-2023*"]
}
}
# 创建一个安全组,允许 HTTP (80)、HTTPS (443) 和 SSH (22) 访问
resource "aws_security_group" "web_sg" {
name = "web-sg"
description = "https , http, ssh"
vpc_id = "vpc-0a85beb97e0734dfa" # 请替换为实际的 VPC ID
# 允许 HTTP 访问(80端口)
ingress {
description = "HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# 允许 HTTPS 访问(443端口)
ingress {
description = "HTTPS"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# 允许 SSH 访问(22端口)
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# 配置所有流量的出口规则
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# 创建一个 EC2 实例,并使用上面查询到的最新 Amazon Linux AMI
resource "aws_instance" "ec2" {
ami = data.aws_ami.latest_amazon_linux.id
instance_type = "t3.micro"
key_name = "test" # 指定 SSH 密钥名称,请确保已在 AWS 中创建
subnet_id = "subnet-08a62e0e1f76c78d9" # 请替换为实际的子网 ID
security_groups = [aws_security_group.web_sg.id]
# 配置 SSH 连接参数,用于后续的远程执行操作
connection {
type = "ssh"
user = "ec2-user"
private_key = file("${path.module}/test.pem")
host = self.public_ip
}
# 远程执行器,在实例中安装并启动 nginx
provisioner "remote-exec" {
inline = [
"sudo yum install -y nginx",
"sudo systemctl start nginx"
]
}
# 本地执行器,将 EC2 实例的公网 IP 写入 public_ip.txt 文件
provisioner "local-exec" {
command = "echo ${self.public_ip} >> public_ip.txt"
}
}
输出结果
aws_security_group.web_sg: Creating...
aws_security_group.web_sg: Creation complete after 1s [id=sg-0da0b1d044deefafb]
aws_instance.ec2: Creating...
aws_instance.ec2: Still creating... [10s elapsed]
aws_instance.ec2: Provisioning with 'remote-exec'...
aws_instance.ec2 (remote-exec): Connecting to remote host via SSH...
aws_instance.ec2 (remote-exec): Host: 43.216.199.232
aws_instance.ec2 (remote-exec): User: ec2-user
aws_instance.ec2 (remote-exec): Password: false
aws_instance.ec2 (remote-exec): Private key: true
aws_instance.ec2 (remote-exec): Certificate: false
aws_instance.ec2 (remote-exec): SSH Agent: true
aws_instance.ec2 (remote-exec): Checking Host Key: false
aws_instance.ec2 (remote-exec): Target Platform: unix
aws_instance.ec2 (remote-exec): Connecting to remote host via SSH...
aws_instance.ec2 (remote-exec): Host: 43.216.199.232
aws_instance.ec2 (remote-exec): User: ec2-user
aws_instance.ec2 (remote-exec): Password: false
aws_instance.ec2 (remote-exec): Private key: true
aws_instance.ec2 (remote-exec): Certificate: false
aws_instance.ec2 (remote-exec): SSH Agent: true
aws_instance.ec2 (remote-exec): Checking Host Key: false
aws_instance.ec2 (remote-exec): Target Platform: unix
aws_instance.ec2 (remote-exec): Connecting to remote host via SSH...
aws_instance.ec2 (remote-exec): Host: 43.216.199.232
aws_instance.ec2 (remote-exec): User: ec2-user
aws_instance.ec2 (remote-exec): Password: false
aws_instance.ec2 (remote-exec): Private key: true
aws_instance.ec2 (remote-exec): Certificate: false
aws_instance.ec2 (remote-exec): SSH Agent: true
aws_instance.ec2 (remote-exec): Checking Host Key: false
aws_instance.ec2 (remote-exec): Target Platform: unix
aws_instance.ec2 (remote-exec): Connected!
aws_instance.ec2 (remote-exec): Amazon --- B/s | 0 B --:-- ETA
aws_instance.ec2 (remote-exec): Amazon --- B/s | 0 B --:-- ETA
aws_instance.ec2 (remote-exec): Amazon --- B/s | 0 B --:-- ETA
aws_instance.ec2: Still creating... [20s elapsed]
aws_instance.ec2 (remote-exec): Amazon 25 MB/s | 33 MB 00:01
aws_instance.ec2: Still creating... [30s elapsed]
aws_instance.ec2 (remote-exec): Amazon --- B/s | 0 B --:-- ETA
aws_instance.ec2 (remote-exec): Amazon --- B/s | 0 B --:-- ETA
aws_instance.ec2 (remote-exec): Amazon --- B/s | 0 B --:-- ETA
aws_instance.ec2 (remote-exec): Amazon 17 kB/s | 14 kB 00:00
aws_instance.ec2 (remote-exec): Last metadata expiration check: 0:00:01 ago on Thu Mar 20 15:39:19 2025.
aws_instance.ec2: Still creating... [40s elapsed]
aws_instance.ec2 (remote-exec): Dependencies resolved.
aws_instance.ec2 (remote-exec): ========================================
aws_instance.ec2 (remote-exec): Package Arch Version
aws_instance.ec2 (remote-exec): Repository Size
aws_instance.ec2 (remote-exec): ========================================
aws_instance.ec2 (remote-exec): Installing:
aws_instance.ec2 (remote-exec): nginx x86_64 1:1.26.3-1.amzn2023.0.1
aws_instance.ec2 (remote-exec): amazonlinux 33 k
aws_instance.ec2 (remote-exec): Installing dependencies:
aws_instance.ec2 (remote-exec): generic-logos-httpd
aws_instance.ec2 (remote-exec): noarch 18.0.0-12.amzn2023.0.3
aws_instance.ec2 (remote-exec): amazonlinux 19 k
aws_instance.ec2 (remote-exec): gperftools-libs
aws_instance.ec2 (remote-exec): x86_64 2.9.1-1.amzn2023.0.3
aws_instance.ec2 (remote-exec): amazonlinux 308 k
aws_instance.ec2 (remote-exec): libunwind x86_64 1.4.0-5.amzn2023.0.2
aws_instance.ec2 (remote-exec): amazonlinux 66 k
aws_instance.ec2 (remote-exec): nginx-core x86_64 1:1.26.3-1.amzn2023.0.1
aws_instance.ec2 (remote-exec): amazonlinux 670 k
aws_instance.ec2 (remote-exec): nginx-filesystem
aws_instance.ec2 (remote-exec): noarch 1:1.26.3-1.amzn2023.0.1
aws_instance.ec2 (remote-exec): amazonlinux 9.6 k
aws_instance.ec2 (remote-exec): nginx-mimetypes
aws_instance.ec2 (remote-exec): noarch 2.1.49-3.amzn2023.0.3
aws_instance.ec2 (remote-exec): amazonlinux 21 k
aws_instance.ec2 (remote-exec): Transaction Summary
aws_instance.ec2 (remote-exec): ========================================
aws_instance.ec2 (remote-exec): Install 7 Packages
aws_instance.ec2 (remote-exec): Total download size: 1.1 M
aws_instance.ec2 (remote-exec): Installed size: 3.6 M
aws_instance.ec2 (remote-exec): Downloading Packages:
aws_instance.ec2 (remote-exec): Amazon --- B/s | 0 B --:-- ETA
aws_instance.ec2 (remote-exec): (1/7): --- B/s | 0 B --:-- ETA
aws_instance.ec2 (remote-exec): (1/7): 70 kB/s | 19 kB 00:00
aws_instance.ec2 (remote-exec): (2-3/7) 70 kB/s | 19 kB 00:15 ETA
aws_instance.ec2 (remote-exec): (2/7): 234 kB/s | 66 kB 00:00
aws_instance.ec2 (remote-exec): (3-4/7) 83 kB/s | 85 kB 00:12 ETA
aws_instance.ec2 (remote-exec): (3/7): 1.0 MB/s | 308 kB 00:00
aws_instance.ec2 (remote-exec): (4-5/7) 149 kB/s | 419 kB 00:04 ETA
aws_instance.ec2 (remote-exec): (4/7): 951 kB/s | 33 kB 00:00
aws_instance.ec2 (remote-exec): (5-6/7) 150 kB/s | 426 kB 00:04 ETA
aws_instance.ec2 (remote-exec): (5/7): 497 kB/s | 9.6 kB 00:00
aws_instance.ec2 (remote-exec): (6-7/7) 152 kB/s | 435 kB 00:04 ETA
aws_instance.ec2 (remote-exec): (6/7): 11 MB/s | 670 kB 00:00
aws_instance.ec2 (remote-exec): (7/7): 289 kB/s | 1.1 MB 00:00 ETA
aws_instance.ec2 (remote-exec): (7/7): 558 kB/s | 21 kB 00:00
aws_instance.ec2 (remote-exec): ----------------------------------------
aws_instance.ec2 (remote-exec): Total 1.7 MB/s | 1.1 MB 00:00
aws_instance.ec2 (remote-exec): Running transaction check
aws_instance.ec2 (remote-exec): Transaction check succeeded.
aws_instance.ec2 (remote-exec): Running transaction test
aws_instance.ec2 (remote-exec): Transaction test succeeded.
aws_instance.ec2 (remote-exec): Running transaction
aws_instance.ec2 (remote-exec): Preparing : [= ] 1/1
aws_instance.ec2 (remote-exec): Preparing : [=== ] 1/1
aws_instance.ec2 (remote-exec): Preparing : [==== ] 1/1
aws_instance.ec2 (remote-exec): Preparing : [====== ] 1/1
aws_instance.ec2 (remote-exec): Preparing : [======= ] 1/1
aws_instance.ec2 (remote-exec): Preparing : [========= ] 1/1
aws_instance.ec2 (remote-exec): Preparing : 1/1
aws_instance.ec2 (remote-exec): Running scriptlet: nginx-filesy 1/7
aws_instance.ec2 (remote-exec): Installing : nginx [ ] 1/7
aws_instance.ec2 (remote-exec): Installing : nginx [= ] 1/7
aws_instance.ec2 (remote-exec): Installing : nginx [== ] 1/7
aws_instance.ec2 (remote-exec): Installing : nginx [=== ] 1/7
aws_instance.ec2 (remote-exec): Installing : nginx [==== ] 1/7
aws_instance.ec2 (remote-exec): Installing : nginx [===== ] 1/7
aws_instance.ec2 (remote-exec): Installing : nginx-filesy 1/7
aws_instance.ec2 (remote-exec): Installing : nginx [ ] 2/7
aws_instance.ec2 (remote-exec): Installing : nginx [==== ] 2/7
aws_instance.ec2 (remote-exec): Installing : nginx [===== ] 2/7
aws_instance.ec2 (remote-exec): Installing : nginx-mimety 2/7
aws_instance.ec2 (remote-exec): Installing : libun [ ] 3/7
aws_instance.ec2 (remote-exec): Installing : libun [= ] 3/7
aws_instance.ec2 (remote-exec): Installing : libun [=== ] 3/7
aws_instance.ec2 (remote-exec): Installing : libun [==== ] 3/7
aws_instance.ec2 (remote-exec): Installing : libun [===== ] 3/7
aws_instance.ec2 (remote-exec): Installing : libunwind-1. 3/7
aws_instance.ec2 (remote-exec): Installing : gperf [ ] 4/7
aws_instance.ec2 (remote-exec): Installing : gperf [= ] 4/7
aws_instance.ec2 (remote-exec): Installing : gperf [== ] 4/7
aws_instance.ec2 (remote-exec): Installing : gperf [=== ] 4/7
aws_instance.ec2 (remote-exec): Installing : gperf [==== ] 4/7
aws_instance.ec2 (remote-exec): Installing : gperf [===== ] 4/7
aws_instance.ec2 (remote-exec): Installing : gperftools-l 4/7
aws_instance.ec2 (remote-exec): Installing : nginx [ ] 5/7
aws_instance.ec2 (remote-exec): Installing : nginx [= ] 5/7
aws_instance.ec2 (remote-exec): Installing : nginx [== ] 5/7
aws_instance.ec2 (remote-exec): Installing : nginx [=== ] 5/7
aws_instance.ec2 (remote-exec): Installing : nginx [==== ] 5/7
aws_instance.ec2 (remote-exec): Installing : nginx [===== ] 5/7
aws_instance.ec2 (remote-exec): Installing : nginx-core-1 5/7
aws_instance.ec2 (remote-exec): Installing : gener [ ] 6/7
aws_instance.ec2 (remote-exec): Installing : gener [==== ] 6/7
aws_instance.ec2 (remote-exec): Installing : gener [===== ] 6/7
aws_instance.ec2 (remote-exec): Installing : generic-logo 6/7
aws_instance.ec2 (remote-exec): Installing : nginx [ ] 7/7
aws_instance.ec2 (remote-exec): Installing : nginx [== ] 7/7
aws_instance.ec2 (remote-exec): Installing : nginx [=== ] 7/7
aws_instance.ec2 (remote-exec): Installing : nginx [===== ] 7/7
aws_instance.ec2 (remote-exec): Installing : nginx-1:1.26 7/7
aws_instance.ec2 (remote-exec): Running scriptlet: nginx-1:1.26 7/7
aws_instance.ec2 (remote-exec): Verifying : generic-logo 1/7
aws_instance.ec2 (remote-exec): Verifying : gperftools-l 2/7
aws_instance.ec2 (remote-exec): Verifying : libunwind-1. 3/7
aws_instance.ec2 (remote-exec): Verifying : nginx-1:1.26 4/7
aws_instance.ec2 (remote-exec): Verifying : nginx-core-1 5/7
aws_instance.ec2 (remote-exec): Verifying : nginx-filesy 6/7
aws_instance.ec2 (remote-exec): Verifying : nginx-mimety 7/7
aws_instance.ec2 (remote-exec): Installed:
aws_instance.ec2 (remote-exec): generic-logos-httpd-18.0.0-12.amzn2023.0.3.noarch
aws_instance.ec2 (remote-exec): gperftools-libs-2.9.1-1.amzn2023.0.3.x86_64
aws_instance.ec2 (remote-exec): libunwind-1.4.0-5.amzn2023.0.2.x86_64
aws_instance.ec2 (remote-exec): nginx-1:1.26.3-1.amzn2023.0.1.x86_64
aws_instance.ec2 (remote-exec): nginx-core-1:1.26.3-1.amzn2023.0.1.x86_64
aws_instance.ec2 (remote-exec): nginx-filesystem-1:1.26.3-1.amzn2023.0.1.noarch
aws_instance.ec2 (remote-exec): nginx-mimetypes-2.1.49-3.amzn2023.0.3.noarch
aws_instance.ec2 (remote-exec): Complete!
aws_instance.ec2: Provisioning with 'local-exec'...
aws_instance.ec2 (local-exec): Executing: ["/bin/sh" "-c" "echo 43.216.199.232 >> public_ip.txt"]
aws_instance.ec2: Creation complete after 44s [id=i-0fa059b345ed3d9d5]
浏览public ip就能打开网站
当销毁资源之后执行local-exec
需要在local-exec当中加入when = destroy即可
resource "aws_iam_user" "ss" {
name = "test"
provisioner "local-exec" {
when = destroy
command = "echo this is destroy"
}
}
执行命令有错误应该怎么办?
执行的命令行有错误的话,在terraform state 是taint的状态,还未完整。IAM用户是创建了,但是卡在中间的还未完成的状态,所以再次apply的话会进行销毁了再尝试重新创建过。
resource "aws_iam_user" "ss" {
name = "test"
provisioner "local-exec" {
command = "sssd"
}
}
执行命令有错误,但是想继续执行应该怎么办?
想继续执行的话可以加上on_failure = continue , 那么就算命令行有错误都能完成执行terraform
resource "aws_iam_user" "ss" {
name = "test"
provisioner "local-exec" {
command = "sssd"
on_failure = continue
}
}
Facebook评论