假设你正在使用remote state backend,你可以拉在OPS网络堆栈作为remote state data source,然后修改其路由表从哪个短暂的堆栈,你希望它是能够路由到。
会尽量做一个小例子(显然缺少很多锅炉板):
# my_ops_stack.tf
provider "aws" {
region = "eu-west-1"
}
module "ops_stack" {
source = "/my/modules/ops_stack"
cidr = "10.1.0.0/16"
// other vars probably
}
// the outputs which will be accessible
// via the remote state data source:
output "routing_table_id" {
value = "${module.ops_stack.routing_table_id}"
}
output "vpc_id" {
value = "${module.ops_stack.vpc_id}"
}
output "vpc_cidr" {
value = "10.1.0.0/16"
}
我现在就configure这个堆栈使用terraform CLI(this will soon be possible in config)的远程状态后端:
# Run in the same folder as my_ops_stack.tf
terraform remote config \
-backend=s3 \
-backend-config="bucket=my-state-bucket" \
-backend-config="key=ops-stack/terraform.tfstate" \
-backend-config="region=eu-west-1"
现在国家后端配置,任何应用堆栈的变化将同步到后端:
terraform apply
# the usual stuff... but now synced with s3!
现在,在新的临时堆的模板(DEV,督促,QA,STG,UAT,CTE等):
# my_dev_stack.tf
provider "aws" {
region = "eu-west-1"
}
// Pull in your ops stack from the remote backend:
data "terraform_remote_state" "ops_stack" {
backend = "s3"
config {
bucket = "my-state-bucket"
key = "ops-stack/terraform.tfstate"
region = "eu-west-1"
}
}
// Create your dev stack
module "dev_stack" {
source = "/my/modules/dev_stack"
cidr = "10.2.0.0/16"
// The ops_stack vpc id for creating the peering connection:
ops_vpc_id = "${data.terraform_remote_state.ops_stack.vpc_id}"
// Maybe some security group rules you wanna setup
allow_access_from = "${data.terraform_remote_state.ops_stack.vpc_cidr}"
// other vars probably
}
// And use its outputs to add a route to the
// ops vpc routing table from the dev stack!
resource "aws_route" "ops_to_dev" {
route_table_id = "${data.terraform_remote_state.ops_stack.routing_table_id}"
destination_cidr_block = "10.2.0.0/16" // dev_stack's cidr
vpc_peering_connection_id = "${module.dev_stack.vpcx_id}"
}
一旦你用短暂的栈完成,你可以放心地摧毁它甚至会在操作堆栈中清理它的路线。
希望这是你以后的样子!