Ubuntu 安装 Terraform 和 Terragrunt

安装 kinit

[root@liqiang.io]# sudo apt install -y krb5-user
[root@liqiang.io]#

安装 Terraform

[root@liqiang.io]# wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
[root@liqiang.io]# echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
[root@liqiang.io]# sudo apt update && sudo apt install terraform
[root@liqiang.io]# 
[root@liqiang.io]#

安装 Terragrunt

[root@liqiang.io]# wget https://github.com/gruntwork-io/terragrunt/releases/download/v0.58.12/terragrunt_linux_arm64
[root@liqiang.io]# sudo install terragrunt_linux_arm64 /usr/local/bin/terragrunt && rm terragrunt_linux_arm64
[root@liqiang.io]# 
[root@liqiang.io]# 
[root@liqiang.io]#

运行 Terragrunt

[root@liqiang.io]# terragrunt apply

问题处理

保存状态

│ See https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id for workaround and implications.
│ Errors: 2 errors occurred:
│     * retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 0, RequestID: , request send failed, Post "https://sts.cn-beijing.amazonaws.com/": dial tcp: lookup sts.cn-beijing.amazonaws.com on 127.0.0.53:53: no such host
│     * retrieving account information via iam:ListRoles: operation error IAM: ListRoles, https response error StatusCode: 403, RequestID: 1072adeb-651e-47d6-85a2-36ff9d42b2be, api error InvalidClientTokenId: The security token included in the request is invalid.

解决办法：

这个问题是无法正常地获取 account_id 导致的，所以先检查一下自己的 AK 和 SK 配置是否正确，这里我用的是火山云，所以先确保添加了以下两个环境变量：

• TF_STATE_VOLCENGINE_ACCESS_KEY
• TF_STATE_VOLCENGINE_SECRET_KEY

并且添加上这两个配置 skip_requesting_account_id = true 和 skip_s3_checksum = true：

  terraform {
    backend "s3" {
... ...
      skip_credentials_validation = true
      skip_metadata_api_check     = true
      skip_region_validation      = true
      skip_requesting_account_id = true
      skip_s3_checksum = true
    }
}

保存到 S3 出错

│ Error saving state: failed to upload state: operation error S3: PutObject,
│ https response error StatusCode: 400, RequestID:
│ 67500161a1bb47a76661a1bb-be7549c-1sFBaF-PuO-cb-tos-1az-front-aza-3, HostID:
│ 67500161a1bb47a76661a1bb-be7549c-1sFBaF-PuO-cb-tos-1az-front-aza-3, api
│ error ContentSHA256Mismatch: The provided content-sha256 does not match
│ what was computed.
╵
╷
│ Error: Failed to persist state to backend
│ 
│ The error shown above has prevented Terraform from writing the updated
│ state to the configured backend. To allow for recovery, the state has been
│ written to the file "errored.tfstate" in the current working directory.
│ 
│ Running "terraform apply" again at this point will create a forked state,
│ making it harder to recover.
│ 
│ To retry writing this state, use the following command:
│     terraform state push errored.tfstate
│ 

解决办法

sh '''sed -i \"s/\\/\\/ skip_requesting_account_id = true/skip_requesting_account_id = true/g\" ../../terragrunt.hcl'''
sh '''sed -i \"s/\\/\\/ skip_s3_checksum = true/skip_s3_checksum = true/g\" ../../terragrunt.hcl'''

set the skip_outputs flag to true on the dependency block.

遇到问题：

[root@liqiang.io]# terragrunt apply
ERRO[0006] /...aaaa/terragrunt.hcl is a dependency of /..../bbbb/terragrunt.hcl but detected no outputs. Either the target module has not been applied yet, or the module has no outputs. If this is expected, set the skip_outputs flag to true on the dependency block. 
ERRO[0006] Unable to determine underlying exit code, so Terragrunt will exit with error code 1

The provided content-sha256 does not match what was computed.

进入到 terraform 目录下，找到 .terraform/terraform.tfstate 配置，添加 skip_s3_checksum: true 配置，然后执行：

[root@liqiang.io]# terraform state push errored.tfstate

手动将结果保存到 S3 中。

无交互执行

两种方式，设置环境变量或者设置运行参数：

[root@liqiang.io]# TERRAGRUNT_NON_INTERACTIVE = "true" terragrunt apply
[root@liqiang.io]# terragrunt apply -auto-approve