当通过terraform删除EC2意图时，所有卷都会被删除。

Question

我正在使用terraform模板来创建AWS资源。我的计数是2，一切都是按照计划创建的，并且，我在这两台机器上附加了1GB的第二个EBS卷，这也很好。

但是，唯一的问题是，当我尝试使用下面的命令删除一个EC2实例时，两个1GB的EBS卷都被销毁了。我检查过它们是在不同的实例上连接的。

$ terraform destroy -target=aws_instance.jumpserver[1]
aws_vpc.main_vpc: Refreshing state... (ID: vpc-06b59734024ad6adc)
aws_key_pair.ProdKeypair: Refreshing state... (ID: ProdKeypair)
aws_security_group.sg_internet_facing: Refreshing state... (ID: sg-05a2739733f4f8a32)
aws_subnet.public_subnet: Refreshing state... (ID: subnet-0a8c6ea2718a44224)
aws_instance.jumpserver[1]: Refreshing state... (ID: i-05646d53baa34a988)

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  - aws_ebs_volume.vol_generic_data[0]

  - aws_ebs_volume.vol_generic_data[1]

  - aws_instance.jumpserver[1]

  - aws_volume_attachment.generic_data_vol_att[0]

  - aws_volume_attachment.generic_data_vol_att[1]

这是main.tf：

    # Define webserver inside the public subnets 
    resource "aws_instance" "jumpserver" {
      count                       = "${var.num_of_instances}"
      ami                         = "${var.ami}"
      instance_type               = "t2.micro"
      key_name                    = "${aws_key_pair.ProdKeypair.id}"
      subnet_id                   = "${aws_subnet.public_subnet.id}"
      vpc_security_group_ids      = ["${aws_security_group.sg_internet_facing.id}"]
      associate_public_ip_address = true
      source_dest_check           = false
      #   user_data = "${file("install.sh")}"
    
      root_block_device = {
        volume_type           = "gp2"
        volume_size           =  "8"  
        delete_on_termination = "${var.delete_on_termincation}"
      }
    
      tags {
        Name = "${format("jump-%01d",count.index+1)}"
      }
    
      provisioner "remote-exec" {
        inline = ["sudo apt-get  -y install python"]
    
        connection {
          type        = "ssh"
          user        = "ubuntu"
          private_key = "${file(var.private_key_path)}"
        }
      }
    }
    
    resource "aws_ebs_volume" "vol_generic_data" {
      size              = "1"
      count             = "${var.num_of_instances}"
      type              = "gp2"
      availability_zone = "${element(aws_instance.jumpserver.*.availability_zone, count.index)}"
    
     tags = {
        Name = "${format("jump-%01d",count.index+1)}"
      }
    }
    
    
    resource "aws_volume_attachment" "generic_data_vol_att" {
      device_name = "/dev/xvdf"
      volume_id   = "${element(aws_ebs_volume.vol_generic_data.*.id, count.index)}"
      instance_id = "${element(aws_instance.jumpserver.*.id, count.index)}"
      count       = "${var.num_of_instances}"
    }
    
    
    # Define webserver inside the private subnet
    resource "aws_instance" "backendserver" {
      ami                         = "${var.ami}"
      instance_type               = "t2.micro"
      key_name                    = "${aws_key_pair.ProdKeypair.id}"
      subnet_id                   = "${aws_subnet.private_subnet.id}"
      vpc_security_group_ids      = ["${aws_security_group.sg_backend.id}"]
      associate_public_ip_address = false
      source_dest_check           = false
      user_data                   = "${file("install.sh")}"
    
      tags {
        Name = "backendserver"
      }
    }

Answer 1

我可以看到一些拼写错误在下面提到的行，休息都是好的，我认为。

delete_on_termination = "${var.delete_on_termincation}"

最好避免这一行，这可能是在终止ec2实例时删除EBS。跳过此选项并检查。

Answer 2

TF提供程序上报告了一个一定相关的错误(terraform-提供者-aws/issues/83)。不幸的是，除了等待Tf0.12中预期的配置语言改进是否仍然存在之外，没有其他解决方案。

使用terraform destroy -target=aws_instance.xxx[1]命令删除此实例和ebs的用例是什么？您是要在第二步重新创建此实例，还是只使用一个实例？

作为一种解决方法，我想尝试的是用terraform taint aws_instance.xxx.1 && terraform taint aws_ebs_volume.xxx.1来污染要删除的实例和ebs卷。如果您想要重新创建它们，只需运行terraform apply或如果您想继续使用一个实例，则运行terraform apply -var 'count=1'。