确定性名称服务器地址
Deterministic name server addresses
使用 AWS,如何在 terraform apply/destroy 执行之间获得确定的名称服务器地址?
目前,我的域名服务器是这样的:
ns-XXX.awsdns-YY.com.
ns-XXX.awsdns-YY.org.
ns-XXX.awsdns-YY.net.
ns-XXX.awsdns-YY.co.uk.
每次我 运行 apply/destroy,XXX 和 YY 的值都会改变。
因此,如果我在 godaddy/namecheap/other 注册了一个域,那么这些也需要更新,这需要时间来传播。
所以我想知道是否有办法影响 XXX/YY 值,以便它们可以在会话之间持续存在?
例如,我尝试了这个,虽然它按照我的需要设置了名称服务器,但遗憾的是它无法解析。
resource "aws_route53_record" "ns" {
allow_overwrite = true
name = "my_fixed_ns"
ttl = 30
type = "NS"
zone_id = aws_route53_zone.zone.zone_id
records = [
"ns1.amazon.com",
"ns2.amazon.org",
"ns3.amazon.net",
"ns4.amazon.co.uk"
]
}
您可以使用 reusable delegation sets 让 Route53 区域为每个区域使用相同的名称服务器,无论是多个并发区域还是一遍又一遍地重建区域:
A set of four authoritative name servers that you can use with more than one hosted zone. By default, Route 53 assigns a random selection of name servers to each new hosted zone. To make it easier to migrate DNS service to Route 53 for a large number of domains, you can create a reusable delegation set and then associate the reusable delegation set with new hosted zones. (You can't change the name servers that are associated with an existing hosted zone.)
在 Terraform 中,这些是使用 aws_route53_delegation_set resource 创建的,文档中给出的示例如下所示:
resource "aws_route53_delegation_set" "main" {
reference_name = "DynDNS"
}
resource "aws_route53_zone" "primary" {
name = "hashicorp.com"
delegation_set_id = aws_route53_delegation_set.main.id
}
resource "aws_route53_zone" "secondary" {
name = "terraform.io"
delegation_set_id = aws_route53_delegation_set.main.id
}
如果您要销毁区域并重建它们并希望使用相同的名称服务器,那么您需要确保不要同时销毁授权集。
如果你想 select 只是区域,你可以通过 运行 terraform destroy -target aws_route53_zone.example 来做到这一点。
或者,您可以在一个目录中创建委托集,然后在单独的目录中创建 Route53 区域(以及其他任何内容),并且不要破坏委托集资源目录。所以你会有这样的东西:
.
├── delegation-set
│ └── delegation-set.tf
└── route53-zone
└── route53-zone.tf
### delegation-set.tf
resource "aws_route53_delegation_set" "example" {
reference_name = "Example"
}
output "delegation_set_id" {
value = aws_route53_delegation_set.example.id
}
### route53-zone.tf
data "aws_route53_delegation_set" "example" {
id = "INSERT_DELEGATION_SET_ID_HERE"
}
resource "aws_route53_zone" "example" {
name = "example.com"
delegation_set_id = data.aws_route53_delegation_set.example.id
}
不幸的是,正如您在上面的示例中看到的,aws_route53_delegation_set data source 仅采用委托集的 ID 而不能为其提供调用者引用,因此您需要对引用 ID 进行硬编码由 运行 terraform apply delegation-set.
生成和输出
或者您可以使用 terraform_remote_state data source 而不是 aws_route53_delegation_set 数据源:
### route53-zone.tf
data "terraform_remote_state" "delegation_set" {
backend = "remote"
config = {
organization = "example"
workspaces = {
name = "delegation-set"
}
}
}
resource "aws_route53_zone" "example" {
name = "example.com"
delegation_set_id = data.terraform_remote_state.delegation_set.id
}
以上配置需要根据您存储状态的方式进行调整。
使用 AWS,如何在 terraform apply/destroy 执行之间获得确定的名称服务器地址?
目前,我的域名服务器是这样的:
ns-XXX.awsdns-YY.com.
ns-XXX.awsdns-YY.org.
ns-XXX.awsdns-YY.net.
ns-XXX.awsdns-YY.co.uk.
每次我 运行 apply/destroy,XXX 和 YY 的值都会改变。
因此,如果我在 godaddy/namecheap/other 注册了一个域,那么这些也需要更新,这需要时间来传播。
所以我想知道是否有办法影响 XXX/YY 值,以便它们可以在会话之间持续存在?
例如,我尝试了这个,虽然它按照我的需要设置了名称服务器,但遗憾的是它无法解析。
resource "aws_route53_record" "ns" {
allow_overwrite = true
name = "my_fixed_ns"
ttl = 30
type = "NS"
zone_id = aws_route53_zone.zone.zone_id
records = [
"ns1.amazon.com",
"ns2.amazon.org",
"ns3.amazon.net",
"ns4.amazon.co.uk"
]
}
您可以使用 reusable delegation sets 让 Route53 区域为每个区域使用相同的名称服务器,无论是多个并发区域还是一遍又一遍地重建区域:
A set of four authoritative name servers that you can use with more than one hosted zone. By default, Route 53 assigns a random selection of name servers to each new hosted zone. To make it easier to migrate DNS service to Route 53 for a large number of domains, you can create a reusable delegation set and then associate the reusable delegation set with new hosted zones. (You can't change the name servers that are associated with an existing hosted zone.)
在 Terraform 中,这些是使用 aws_route53_delegation_set resource 创建的,文档中给出的示例如下所示:
resource "aws_route53_delegation_set" "main" {
reference_name = "DynDNS"
}
resource "aws_route53_zone" "primary" {
name = "hashicorp.com"
delegation_set_id = aws_route53_delegation_set.main.id
}
resource "aws_route53_zone" "secondary" {
name = "terraform.io"
delegation_set_id = aws_route53_delegation_set.main.id
}
如果您要销毁区域并重建它们并希望使用相同的名称服务器,那么您需要确保不要同时销毁授权集。
如果你想 select 只是区域,你可以通过 运行 terraform destroy -target aws_route53_zone.example 来做到这一点。
或者,您可以在一个目录中创建委托集,然后在单独的目录中创建 Route53 区域(以及其他任何内容),并且不要破坏委托集资源目录。所以你会有这样的东西:
.
├── delegation-set
│ └── delegation-set.tf
└── route53-zone
└── route53-zone.tf
### delegation-set.tf
resource "aws_route53_delegation_set" "example" {
reference_name = "Example"
}
output "delegation_set_id" {
value = aws_route53_delegation_set.example.id
}
### route53-zone.tf
data "aws_route53_delegation_set" "example" {
id = "INSERT_DELEGATION_SET_ID_HERE"
}
resource "aws_route53_zone" "example" {
name = "example.com"
delegation_set_id = data.aws_route53_delegation_set.example.id
}
不幸的是,正如您在上面的示例中看到的,aws_route53_delegation_set data source 仅采用委托集的 ID 而不能为其提供调用者引用,因此您需要对引用 ID 进行硬编码由 运行 terraform apply delegation-set.
或者您可以使用 terraform_remote_state data source 而不是 aws_route53_delegation_set 数据源:
### route53-zone.tf
data "terraform_remote_state" "delegation_set" {
backend = "remote"
config = {
organization = "example"
workspaces = {
name = "delegation-set"
}
}
}
resource "aws_route53_zone" "example" {
name = "example.com"
delegation_set_id = data.terraform_remote_state.delegation_set.id
}
以上配置需要根据您存储状态的方式进行调整。