Rafael Dutra
APSIS Tecnologia

APSIS Tecnologia

Terraform | Criando dependências entre recursos

Terraform | Criando dependências entre recursos

Rafael Dutra's photo
Rafael Dutra
·Aug 5, 2021·

7 min read

Criando dependências entre recursos

Crie um arquivo chamado network.tf com o seguinte conteúdo abaixo:

resource "google_compute_network" "tf-network" {
  name                    = "tf-network"
  auto_create_subnetworks = true
}

Este arquivo irá criar uma nova VPC com as sub redes geradas automaticamente em todas regiões do mundo onde o Google tem presença de seus datacenters. Altere o seu arquivo instance.tf para suportar esta nova rede:

resource "google_compute_instance" "default" {
  name         = "linux-vm-1"
  machine_type = "f1-micro"
  zone         = "us-central1-a"

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }

  labels = {
    environment = "development"
    distro = "debian-9"
  }

  network_interface {
    network = google_compute_network.tf-network.self_link
  }
}

Repare na linha com network_interface onde o valor desta rede é uma "chamada" do recurso de rede criado anteriormente.

Para chamar um recurso dentro de outro recurso a sintaxe na maioria das vezes é o nome do recurso + nome deste recurso, por exemplo: google_compute_network é o recurso utilizado e tf-network é o nome deste recurso utilizado e self_link é o nome que será retornado ao criar o componente. Desta forma o Terraform saberá o nome que deve utilizar ao criar o vínculo desta dependência.

Okay, mas até o momento não fizemos praticamente nada com esta nova rede que criamos, ou seja, praticamente ela está igual a default que utilizamos anteriormente mas com um outro nome. Vamos alterar novamente o arquivo network.tf.

Faça o plano de ação para verificar o que irá acontecer com sua infraestrutura:

$ terraform plan

Esta saída abaixo é super longa, preste atenção no seu terminal onde aparecerá com uma cor possivelmente diferenciada, onde será mostrado que o recurso em questão deve ser substituído por outro recurso. Isto pode acontecer em algumas situações pois certos valores de recursos simplesmente não podem ser editados, mesmo fazendo o processo manualmente.

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
google_compute_instance.default: Refreshing state... [id=projects/projeto-1-265222/zones/us-central1-a/instances/linux-vm-1]

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:

+ create
-/+ destroy and then create replacement

Terraform will perform the following actions:
# google_compute_instance.default must be replaced
    -/+ resource "google_compute_instance" "default" {
      can_ip_forward = false
    ~ cpu_platform = "Intel Haswell" -> (known after apply)
      deletion_protection = false
    - enable_display = false -> null
    ~ guest_accelerator = [] -> (known after apply)
    ~ id = "projects/projeto-1-265222/zones/us-central1-a/instances/linux-vm-1" -> (known after apply)
    ~ instance_id = "5368174570526729490" -> (known after apply)
    ~ label_fingerprint = "1eO_ZGp1K5M=" -> (known after apply)
    labels = {
      "distro" = "debian-9"
      "environment" = "development"
    }
    machine_type = "f1-micro"
    - metadata = {} -> null
    ~ metadata_fingerprint = "y3D14wyHqNs=" -> (known after apply)
    + min_cpu_platform = (known after apply)
      name = "linux-vm-1"
    ~ project = "projeto-1-265222" -> (known after apply)
    ~ self_link = "https://www.googleapis.com/compute/v1/projects/projeto-1-265222/zones/us-central1-a/instances/linux-vm-1" -> (known after apply)
    - tags = [] -> null
    ~ tags_fingerprint = "42WmSpB8rSM=" -> (known after apply)
      zone = "us-central1-a"

    ~ boot_disk {
          auto_delete = true
          ~ device_name = "persistent-disk-0" -> (known after apply)
          + disk_encryption_key_sha256 = (known after apply)
          + kms_key_self_link = (known after apply)
            mode = "READ_WRITE"
          ~ source = "https://www.googleapis.com/compute/v1/projects/projeto-1-265222/zones/us-central1-a/disks/linux-vm-1" -> (known after apply)

          ~ initialize_params {
          ~ image = "https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/debian-9-stretch-v20191210" -> "debian-cloud/debian-9"
          ~ labels = {} -> (known after apply)
          ~ size = 10 -> (known after apply)
          ~ type = "pd-standard" -> (known after apply)
       }
    }

    ~ network_interface {
        ~ name = "nic0" -> (known after apply)
        ~ network = "https://www.googleapis.com/compute/v1/projects/projeto-1-265222/global/networks/default" -> (known after apply) # forces replacement
        ~ network_ip = "10.128.0.5" -> (known after apply)
        ~ subnetwork = "https://www.googleapis.com/compute/v1/projects/projeto-1-265222/regions/us-central1/subnetworks/default" -> (known after apply)
        ~ subnetwork_project = "projeto-1-265222" -> (known after apply)
    }

    ~ scheduling {
        ~ automatic_restart = true -> (known after apply)
        ~ on_host_maintenance = "MIGRATE" -> (known after apply)
        ~ preemptible = false -> (known after apply)

        + node_affinities {
            + key = (known after apply)
            + operator = (known after apply)
            + values = (known after apply)
          }
       }
    }

    # google_compute_network.tf-network will be created
    + resource "google_compute_network" "tf-network" {
        + auto_create_subnetworks = true
        + delete_default_routes_on_create = false
        + gateway_ipv4 = (known after apply)
        + id = (known after apply)
        + ipv4_range = (known after apply)
        + name = "tf-network"
        + project = (known after apply)
        + routing_mode = (known after apply)
        + self_link = (known after apply)
    }

Plan: 2 to add, 0 to change, 1 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

Aqui percebemos que temos 2 recursos que devem ser adicionados e 1 recurso deve ser destruído.

Confirme a execução:

$ terraform apply -auto-approve
Com o seguinte resultado:

google_compute_instance.default: Refreshing state... [id=projects/projeto-1-265222/zones/us-central1-a/instances/linux-vm-1]
google_compute_network.tf-network: Creating...
google_compute_instance.default: Destroying... [id=projects/projeto-1-265222/zones/
......
......
......
......
google_compute_instance.default: Creating...
google_compute_instance.default: Still creating... [10s elapsed]
google_compute_instance.default: Creation complete after 10s [id=projects/projeto-1-265222/zones/us-central1-a/instances/linux-vm-1]

Apply complete! Resources: 2 added, 0 changed, 1 destroyed.

Temos uma rede criada, mas até o momento praticamente o que fizemos foi criar uma rede semelhante a rede "default" do Google, portanto colocar o valor de auto_create_subnetworks para false, assim teremos que criar uma subrede com o valor que desejamos.

Altere o arquivo network.tf para:

resource "google_compute_network" "tf-network" {
    name = "tf-network"
    auto_create_subnetworks = false
}

Isso fará com que todas as redes criadas automaticamente anteriormente sejam destruídas e no lugar iremos criar uma sub rede com IP 10.10.1.0./24.

Crie um arquivo subnetwork.tf com o seguinte conteúdo:

resource "google_compute_subnetwork" "tf-subnetwork" {
  name = "tf-subnetwork"
  region = "us-central1"
  network = google_compute_network.tf-network.self_link
  ip_cidr_range = "10.10.1.0/24"
}

E temos que agora adicionar esta nova subrede com nossa instância para que possa ser utilizada. Caso você não informe que está utilizando uma subrede, o Terraform irá avisá-lo pelo terminal que esta rede tem uma subrede e que deverá ser informada.

resource "google_compute_instance"  "default" {
  name = "linux-vm-1"
  machine_type = "f1-micro"
  zone = "us-central1-a"
  boot_disk {
    initialize_params {
    image = "debian-cloud/debian-9"
  }
}

labels = {
  environment = "development" distro = "debian-9"
}

network_interface {
  network = google_compute_network.tf-network.self_link subnetwork = google_compute_subnetwork.tf-subnetwork.self_link
}

Execute o plano de ação:

$ terraform plan

Aqui temos outra saída super longa, mas importante para verificar o que estará acontecendo com sua infraestrutura.

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

google_compute_network.tf-network: Refreshing state... [id=projects/projeto-1-265222/global/networks/tf-network]
google_compute_instance.default: Refreshing state... [id=projects/projeto-1-265222/zones/us-central1-a/instances/linux-vm-1]

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
  -/+ destroy and then create replacement

Terraform will perform the following actions:

  # google_compute_instance.default must be replaced
-/+ resource "google_compute_instance" "default" {
        can_ip_forward = false
      ~ cpu_platform = "Intel Haswell" -> (known after apply)
        deletion_protection = false
      - enable_display = false -> null
      ~ guest_accelerator = [] -> (known after apply)
      ~ id = "projects/projeto-1-265222/zones/us-central1-a/instances/linux-vm-1" -> (known after apply)
      ~ instance_id = "7404175307202617516" -> (known after apply)
      ~ label_fingerprint = "1eO_ZGp1K5M=" -> (known after apply)
        labels = {
          "distro" = "debian-9"
          "environment" = "development"
        }
......
......
......
......

   ~ network_interface {
       ~ name = "nic0" -> (known after apply)
       ~ network = "https://www.googleapis.com/compute/v1/projects/projeto-1-265222/global/networks/tf-network" -> (known after apply) # forces replacement
       ~ network_ip = "10.128.0.2" -> (known after apply)
       ~ subnetwork = "https://www.googleapis.com/compute/v1/projects/projeto-1-265222/regions/us-central1/subnetworks/tf-network" -> (known after apply) # forces replacement
       ~ subnetwork_project = "projeto-1-265222" -> (known after apply)
     }

   ~ scheduling {
       ~ automatic_restart = true -> (known after apply)
       ~ on_host_maintenance = "MIGRATE" -> (known after apply)
       ~ preemptible = false -> (known after apply)

       + node_affinities {
           + key = (known after apply)
           + operator = (known after apply)
           + values = (known after apply)
         }
     }
  }

  # google_compute_network.tf-network must be replaced
-/+ resource "google_compute_network" "tf-network" {
      ~ auto_create_subnetworks = true -> false # forces replacement
        delete_default_routes_on_create = false
      + gateway_ipv4 = (known after apply)
      ~ id = "projects/projeto-1-265222/global/networks/tf-network" -> (known after apply)
      + ipv4_range = (known after apply)
        name = "tf-network"
      ~ project = "projeto-1-265222" -> (known after apply)
      ~ routing_mode = "REGIONAL" -> (known after apply)
      ~ self_link = "https://www.googleapis.com/compute/v1/projects/projeto-1-265222/global/networks/tf-network" -> (known after apply)
    }

  # google_compute_subnetwork.tf-subnetwork will be created
  + resource "google_compute_subnetwork" "tf-subnetwork" {
      + creation_timestamp = (known after apply)
      + enable_flow_logs = (known after apply)
      + fingerprint = (known after apply)
      + gateway_address = (known after apply)
      + id = (known after apply)
      + ip_cidr_range = "10.10.1.0/24"
      + name = "tf-subnetwork"
      + network = (known after apply)
      + project = (known after apply)
      + region = "us-central1"
      + secondary_ip_range = (known after apply)
      + self_link = (known after apply)
    }

Plan: 3 to add, 0 to change, 2 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

Agora temos 3 recursos que devem ser adicionados e 2 que devem ser destruídos, basicamente tudo será refeito de novo com adição apenas da nossa subrede.

Execute sua infraestrutura:

$ terraform apply -auto-approve

Com o resultado:

google_compute_network.tf-network: Refreshing state... [id=projects/projeto-1-265222/global/networks/tf-network]
google_compute_instance.default: Refreshing state... [id=projects/projeto-1-265222/zones/
......
......
......
......
......
google_compute_instance.default: Creating...
google_compute_instance.default: Still creating... [10s elapsed]
google_compute_instance.default: Creation complete after 11s [id=projects/projeto-1-265222/zones/us-central1-a/instances/linux-vm-1]

Apply complete! Resources: 3 added, 0 changed, 2 destroyed.
 
Share this