当在GitLab-CI中使用Terraform的官方镜像时需要注意的事项

3 年 ago
韵, 科
4 minutes

在使用GitLab-CI使用Terraform的官方映像时需注意的事项。

首先

使用terraform官方映像时,在执行gitlab-ci时遇到了一些小问题,因此提醒注意事项。

用过的.gitlab-ci.yml文件

image: 
  name: hashicorp/terraform:latest

stages: 
  - terraform_validate
  - terraform_plan
  - terraform_apply

before_script:
  - terraform init --upgrade

validate:
  stage: terraform_validate
  script:
    - terraform --version
    - terraform validate

plan:
  stage: terraform_plan
  script: 
    - terraform plan --parallelism=30 -out "planfile"
  artifacts:
    paths:
      - ./planfile

apply:
  stage: terraform_apply
  script: 
    - terraform apply -input=false "planfile"
  dependencies:
    - plan
  when: manual

执行此操作的结果。

展示出了执行了 terraform 命令后的结果,类似于 Terraform Commands(CLI) 中的情况。

在错误情况下,将返回一个非零的退出状态。

由于返回了非0的状态,因此出现了错误并终止。

Usage: terraform [-version] [-help] <command> [args]

The available commands for execution are listed below.
The most common, useful commands are shown first, followed by
less common or more advanced commands. If you're just getting
started with Terraform, stick with the common commands. For the
other commands, please read the help and docs before usage.

Common commands:
    apply              Builds or changes infrastructure
    console            Interactive console for Terraform interpolations
    destroy            Destroy Terraform-managed infrastructure
    env                Workspace management
    fmt                Rewrites config files to canonical format
    get                Download and install modules for the configuration
    graph              Create a visual graph of Terraform resources
    import             Import existing infrastructure into Terraform
    init               Initialize a Terraform working directory
    output             Read an output from a state file
    plan               Generate and show an execution plan
    providers          Prints a tree of the providers used in the configuration
    refresh            Update local state file against real resources
    show               Inspect Terraform state or plan
    taint              Manually mark a resource for recreation
    untaint            Manually unmark a resource as tainted
    validate           Validates the Terraform files
    version            Prints the Terraform version
    workspace          Workspace management

All other commands:
    0.12upgrade        Rewrites pre-0.12 module source code for v0.12
    debug              Debug output management (experimental)
    force-unlock       Manually unlock the terraform state
    push               Obsolete command for Terraform Enterprise legacy (v1)
    state              Advanced state management
Usage: terraform [-version] [-help] <command> [args]

The available commands for execution are listed below.
The most common, useful commands are shown first, followed by
less common or more advanced commands. If you're just getting
started with Terraform, stick with the common commands. For the
other commands, please read the help and docs before usage.

Common commands:
    apply              Builds or changes infrastructure
    console            Interactive console for Terraform interpolations
    destroy            Destroy Terraform-managed infrastructure
    env                Workspace management
    fmt                Rewrites config files to canonical format
    get                Download and install modules for the configuration
    graph              Create a visual graph of Terraform resources
    import             Import existing infrastructure into Terraform
    init               Initialize a Terraform working directory
    output             Read an output from a state file
    plan               Generate and show an execution plan
    providers          Prints a tree of the providers used in the configuration
    refresh            Update local state file against real resources
    show               Inspect Terraform state or plan
    taint              Manually mark a resource for recreation
    untaint            Manually unmark a resource as tainted
    validate           Validates the Terraform files
    version            Prints the Terraform version
    workspace          Workspace management

All other commands:
    0.12upgrade        Rewrites pre-0.12 module source code for v0.12
    debug              Debug output management (experimental)
    force-unlock       Manually unlock the terraform state
    push               Obsolete command for Terraform Enterprise legacy (v1)
    state              Advanced state management
ERROR: Job failed: exit code 127

推理

请多关注DockerHub上的Dockerfile。

如下所示,ENTRYPOINT的值为[“terraform”]。
当然,这将执行terraform命令。

FROM golang:alpine
MAINTAINER "HashiCorp Terraform Team <terraform@hashicorp.com>"

ENV TERRAFORM_VERSION=0.10.0

RUN apk add --update git bash openssh

ENV TF_DEV=true
ENV TF_RELEASE=true

WORKDIR $GOPATH/src/github.com/hashicorp/terraform
RUN git clone https://github.com/hashicorp/terraform.git ./ && \
    git checkout v${TERRAFORM_VERSION} && \
    /bin/bash scripts/build.sh

WORKDIR $GOPATH
ENTRYPOINT ["terraform"]

结果

只需要一个选项,把「何でもいいから、entrypointを取り敢えず上書きするようにしておく。」的意思用中文重新表达出来。

无论什么都可以,先将入口点进行覆盖。

image: 
  name: hashicorp/terraform:latest
  entrypoint:
    - ''

stages: 
  - terraform_validate
  - terraform_plan
  - terraform_apply

before_script:
  - terraform init --upgrade

validate:
  stage: terraform_validate
  script:
    - terraform --version
    - terraform validate

plan:
  stage: terraform_plan
  script: 
    - terraform plan --parallelism=30 -out "planfile"
  artifacts:
    paths:
      - ./planfile

apply:
  stage: terraform_apply
  script: 
    - terraform apply -input=false "planfile"
  dependencies:
    - plan
  when: manual
bannerAds