.terraform.lock.hcl ׬શʹཧղͨ͠ Terraform meetup ONLINE #2021.02 2021/02/10 @minamijoyo

ࣗݾ঺հ • Masayuki Morita • Twitter/GitHub/Qiita: @minamijoyo • SRE at CrowdWorks Inc. • Contributor of hashicorp/terraform, hcl, etc… • Author of: tfschema, tfupdate, tfmigrate, hcledit

.terraform.lock.hclͱ͸

• Terraform v0.14͔Βಋೖ͞ΕͨґଘϩοΫϑΝΠϧ • Terraform v0.14Ͱ͸ϓϩόΠμͷΈ؅ཧ(ϞδϡʔϧະରԠ) • terraform init͢ΔͱࣗಈͰੜ੒͞ΕΔ (ߋ৽͸-upgrade) • GitͳͲͷόʔδϣϯ؅ཧπʔϧʹίϛοτΛެࣜʹਪ঑ • .gitignoreˍຖճterraform init -upgrade͢Ε͹v0.13Ҏલͱ΄΅ಉ༷ ͷڍಈ .terraform.lock.hclͱ͸ ※஫: ຊࢿྉ࡞੒࣌ͷTerraform͸v0.14.5Ͱ͢

# This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { version = "3.26.0" constraints = "~> 3.0" hashes = [ "h1:b1qNzEzDHZpnHSOW4fRo1PFC0U2Ft25PKKs9NSDGe3U=", "zh:26043eed36d070ca032cf04bc980c654a25821a8abc0c85e1e570e3935bbfcbb", "zh:2fe68f3f78d23830a04d7fac3eda550eef1f627dfc130486f70a65dc5c254300", "zh:3d66484c608c64678e639db25d63872783ce60363a1246e30317f21c9c23b84b", "zh:46ffd755cfd4cf94fe66342797b5afdcef010a24e126c67fee141b357d393535", "zh:5e96f24357e945c9067cf5e032ad1d003609629c956c2f9f642fefe714e74587", "zh:60c27aca36bb63bf3e865c2193be80ca83b376581d00f9c220af4b013e163c4d", "zh:896f0f22d19d41e71b22f9240b261714c3915b165ddefeb771e7734d69dc47ea", "zh:90de9966cb2fd3e2f326df291595e55d2dd2d90e7d6dd085c2c8691dce82bdb4", "zh:ad05a91a88ceb1d6de5a568f7cc0b0e5bc0a79f3da70bc28c1e7f3750e362d58", "zh:e8c63f59c6465329e1f3357498face3dd7ef10a033df3c366a33aa9e94b46c01", ] } ੍໿৚݅ͱબ୒͞Εͨόʔδϣϯ ϓϩόΠμͷϋογϡ஋ ϓϩόΠμ໊

͋ʔɺ͸͍͸͍ɻ Α͋͘ΔґଘϥΠϒϥϦͷ ϩοΫϑΝΠϧͶɻ

.terraform.lock.hcl ׬શʹཧղͨ͠

ͰɺऴΘΕ͹Α͔͕ͬͨɺ ͦΜͳʹ୯७Ͱ͸ͳ͔ͬͨ

• TF_PLUGIN_CACHEͰϓϩόΠμΛΩϟογϡ͢Δͱ৑௕ͳμ΢ϯϩʔυճආ Ͱ͖Δ • Ωϟογϡͷ༗ແͰੜ੒͞ΕΔϩοΫϑΝΠϧͷத਎͕ҟͳΔ ϩοΫϑΝΠϧ͕Ωϟογϡঢ়ଶʹґଘ͢Δ໰୊ $ mkdir -p /tmp/plugin-cache $ TF_PLUGIN_CACHE_DIR=/tmp/plugin-cache terraform init $ rm -rf .terraform && rm .terraform.lock.hcl $ TF_PLUGIN_CACHE_DIR=/tmp/plugin-cache terraform init $ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { version = "3.26.0" constraints = "~> 3.0" hashes = [ "h1:b1qNzEzDHZpnHSOW4fRo1PFC0U2Ft25PKKs9NSDGe3U=", ] } ϋογϡ͕ߦ͔͠ه࿥͞Εͳ͍ Ωϟογϡ͋ΓͰੜ੒͞ΕͨϩοΫ

# This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { version = "3.26.0" constraints = "~> 3.0" hashes = [ "h1:b1qNzEzDHZpnHSOW4fRo1PFC0U2Ft25PKKs9NSDGe3U=", "zh:26043eed36d070ca032cf04bc980c654a25821a8abc0c85e1e570e3935bbfcbb", "zh:2fe68f3f78d23830a04d7fac3eda550eef1f627dfc130486f70a65dc5c254300", "zh:3d66484c608c64678e639db25d63872783ce60363a1246e30317f21c9c23b84b", "zh:46ffd755cfd4cf94fe66342797b5afdcef010a24e126c67fee141b357d393535", "zh:5e96f24357e945c9067cf5e032ad1d003609629c956c2f9f642fefe714e74587", "zh:60c27aca36bb63bf3e865c2193be80ca83b376581d00f9c220af4b013e163c4d", "zh:896f0f22d19d41e71b22f9240b261714c3915b165ddefeb771e7734d69dc47ea", "zh:90de9966cb2fd3e2f326df291595e55d2dd2d90e7d6dd085c2c8691dce82bdb4", "zh:ad05a91a88ceb1d6de5a568f7cc0b0e5bc0a79f3da70bc28c1e7f3750e362d58", "zh:e8c63f59c6465329e1f3357498face3dd7ef10a033df3c366a33aa9e94b46c01", ] } ͦ΋ͦ΋Iͱ͔[Iͱ͔Կʁʁʁ Ωϟογϡͳ͠ͷ৔߹

.terraform.lock.hcl φχϞϫΧϥφΠ

• https://www.terraform.io/docs/language/dependency-lock.html • zh: zip hash (legacy) • ϓϩόΠμͷ഑෍෺ͷzipύοέʔδͷϋογϡ஋ • Terraform Registry͔Βμ΢ϯϩʔυͨ͠৔߹ʹ෇༩͞ΕΔ • ͢΂ͯͷϓϥοτϑΥʔϜ෼Λه࿥ • h1: hash scheme 1 • ϓϩόΠμͷ഑෍෺ͷίϯςϯπͷϋογϡ஋ • ϛϥʔ΍ΩϟογϡͰ΋࢖͑Δ • σϑΥϧτͰ͸࣮ߦ͢ΔϓϥοτϑΥʔϜ෼͚ͩه࿥ ݱঢ়zhͱh1ͷ2छྨͷϋογϡํ͕ࣜ͋Δ

# This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { version = "3.26.0" constraints = "~> 3.0" hashes = [ "h1:b1qNzEzDHZpnHSOW4fRo1PFC0U2Ft25PKKs9NSDGe3U=", "zh:26043eed36d070ca032cf04bc980c654a25821a8abc0c85e1e570e3935bbfcbb", "zh:2fe68f3f78d23830a04d7fac3eda550eef1f627dfc130486f70a65dc5c254300", "zh:3d66484c608c64678e639db25d63872783ce60363a1246e30317f21c9c23b84b", "zh:46ffd755cfd4cf94fe66342797b5afdcef010a24e126c67fee141b357d393535", "zh:5e96f24357e945c9067cf5e032ad1d003609629c956c2f9f642fefe714e74587", "zh:60c27aca36bb63bf3e865c2193be80ca83b376581d00f9c220af4b013e163c4d", "zh:896f0f22d19d41e71b22f9240b261714c3915b165ddefeb771e7734d69dc47ea", "zh:90de9966cb2fd3e2f326df291595e55d2dd2d90e7d6dd085c2c8691dce82bdb4", "zh:ad05a91a88ceb1d6de5a568f7cc0b0e5bc0a79f3da70bc28c1e7f3750e362d58", "zh:e8c63f59c6465329e1f3357498face3dd7ef10a033df3c366a33aa9e94b46c01", ] } NBD04 EBSXJO@BNE ͢΂ͯͷϓϥοτϑΥʔϜͱ͸ʁʁʁ

$ curl -s https://registry.terraform.io/v1/providers/hashicorp/aws/3.26.0/download/darwin/amd64 | jq . { "protocols": [ "5.0" ], "os": "darwin", "arch": "amd64", "filename": "terraform-provider-aws_3.26.0_darwin_amd64.zip", "download_url": "https://releases.hashicorp.com/terraform-provider-aws/3.26.0/terraform-provider- aws_3.26.0_darwin_amd64.zip", "shasums_url": "https://releases.hashicorp.com/terraform-provider-aws/3.26.0/terraform-provider-aws_3.26.0_SHA256SUMS", "shasums_signature_url": "https://releases.hashicorp.com/terraform-provider-aws/3.26.0/terraform-provider- aws_3.26.0_SHA256SUMS.sig", "shasum": "90de9966cb2fd3e2f326df291595e55d2dd2d90e7d6dd085c2c8691dce82bdb4", "signing_keys": { $ TF_LOG=TRACE terraform init (snip.) 2021/02/03 23:32:13 [DEBUG] GET https://registry.terraform.io/v1/providers/hashicorp/aws/versions 2021/02/03 23:32:13 [TRACE] HTTP client GET request to https://registry.terraform.io/v1/providers/hashicorp/aws/versions 2021/02/03 23:32:13 [DEBUG] GET https://registry.terraform.io/v1/providers/hashicorp/aws/3.26.0/download/darwin/amd64 2021/02/03 23:32:13 [TRACE] HTTP client GET request to https://registry.terraform.io/v1/providers/hashicorp/aws/3.26.0/ download/darwin/amd64 2021/02/03 23:32:14 [DEBUG] GET https://releases.hashicorp.com/terraform-provider-aws/3.26.0/terraform-provider- aws_3.26.0_SHA256SUMS 2021/02/03 23:32:14 [TRACE] HTTP client GET request to https://releases.hashicorp.com/terraform-provider-aws/3.26.0/ terraform-provider-aws_3.26.0_SHA256SUMS 2021/02/03 23:32:14 [DEBUG] GET https://releases.hashicorp.com/terraform-provider-aws/3.26.0/terraform-provider- aws_3.26.0_SHA256SUMS.sig 2021/02/03 23:32:14 [TRACE] HTTP client GET request to https://releases.hashicorp.com/terraform-provider-aws/3.26.0/ terraform-provider-aws_3.26.0_SHA256SUMS.sig (snip.) σόοάϩάΛग़ྗ ͜͜ʹνΣοΫαϜ͕͋Γͦ͏ 5FSSBGPSN3FHJTUSZͱ௨৴ͯ͠Δ

$ curl -s https://releases.hashicorp.com/terraform-provider-aws/3.26.0/terraform-provider-aws_3.26.0_SHA256SUMS | sort 26043eed36d070ca032cf04bc980c654a25821a8abc0c85e1e570e3935bbfcbb terraform-provider-aws_3.26.0_linux_amd64.zip 2fe68f3f78d23830a04d7fac3eda550eef1f627dfc130486f70a65dc5c254300 terraform-provider-aws_3.26.0_windows_386.zip 3d66484c608c64678e639db25d63872783ce60363a1246e30317f21c9c23b84b terraform-provider-aws_3.26.0_freebsd_arm.zip 46ffd755cfd4cf94fe66342797b5afdcef010a24e126c67fee141b357d393535 terraform-provider-aws_3.26.0_linux_386.zip 5e96f24357e945c9067cf5e032ad1d003609629c956c2f9f642fefe714e74587 terraform-provider-aws_3.26.0_freebsd_amd64.zip 60c27aca36bb63bf3e865c2193be80ca83b376581d00f9c220af4b013e163c4d terraform-provider-aws_3.26.0_linux_arm64.zip 896f0f22d19d41e71b22f9240b261714c3915b165ddefeb771e7734d69dc47ea terraform-provider-aws_3.26.0_freebsd_386.zip 90de9966cb2fd3e2f326df291595e55d2dd2d90e7d6dd085c2c8691dce82bdb4 terraform-provider-aws_3.26.0_darwin_amd64.zip ad05a91a88ceb1d6de5a568f7cc0b0e5bc0a79f3da70bc28c1e7f3750e362d58 terraform-provider-aws_3.26.0_linux_arm.zip e8c63f59c6465329e1f3357498face3dd7ef10a033df3c366a33aa9e94b46c01 terraform-provider-aws_3.26.0_windows_amd64.zip TPSU͢Δͱ hashes = [ "h1:b1qNzEzDHZpnHSOW4fRo1PFC0U2Ft25PKKs9NSDGe3U=", "zh:26043eed36d070ca032cf04bc980c654a25821a8abc0c85e1e570e3935bbfcbb", "zh:2fe68f3f78d23830a04d7fac3eda550eef1f627dfc130486f70a65dc5c254300", "zh:3d66484c608c64678e639db25d63872783ce60363a1246e30317f21c9c23b84b", "zh:46ffd755cfd4cf94fe66342797b5afdcef010a24e126c67fee141b357d393535", "zh:5e96f24357e945c9067cf5e032ad1d003609629c956c2f9f642fefe714e74587", "zh:60c27aca36bb63bf3e865c2193be80ca83b376581d00f9c220af4b013e163c4d", "zh:896f0f22d19d41e71b22f9240b261714c3915b165ddefeb771e7734d69dc47ea", "zh:90de9966cb2fd3e2f326df291595e55d2dd2d90e7d6dd085c2c8691dce82bdb4", "zh:ad05a91a88ceb1d6de5a568f7cc0b0e5bc0a79f3da70bc28c1e7f3750e362d58", "zh:e8c63f59c6465329e1f3357498face3dd7ef10a033df3c366a33aa9e94b46c01", ] ׬શʹҰக

.terraform.lock.hcl ׬શʹཧղͨ͠

͋Εɺ͏ͪͷCI͸ Docker(Linux)ͳΜ͚ͩͲʁ h1͸macOS༻Ͱ͍͍ͷʁ

ͳΔ΄Ͳʙɺ ͍͍࣭໰Ͱ͢Ͷɻ

$ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { version = "3.26.0" constraints = "~> 3.0" hashes = [ "h1:b1qNzEzDHZpnHSOW4fRo1PFC0U2Ft25PKKs9NSDGe3U=", ] } [I͕ͳ͍৔߹ NBD04 EBSXJO@BNE $ docker run -it --rm -v $(pwd):/work hashicorp/terraform:0.14.5 -chdir=/work init Initializing the backend... Initializing provider plugins... - Reusing previous version of hashicorp/aws from the dependency lock file - Installing hashicorp/aws v3.26.0... Error: Failed to install provider Error while installing hashicorp/aws v3.26.0: the current package for registry.terraform.io/hashicorp/aws 3.26.0 doesn't match any of the checksums previously recorded in the dependency lock file νΣοΫαϜΤϥʔ %PDLFS -JOVY Ͱ࣮ߦͯ͠ΈΔ

ͦΕ͸ͦ͏ɻ ͩͬͯνΣοΫαϜͬͯ վ͟Μݕ஌ͳΜ͔ͩΒ ͦ͏͍͏΋Μɻ

# This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { version = "3.26.0" constraints = "~> 3.0" hashes = [ "h1:b1qNzEzDHZpnHSOW4fRo1PFC0U2Ft25PKKs9NSDGe3U=", "zh:26043eed36d070ca032cf04bc980c654a25821a8abc0c85e1e570e3935bbfcbb", "zh:2fe68f3f78d23830a04d7fac3eda550eef1f627dfc130486f70a65dc5c254300", "zh:3d66484c608c64678e639db25d63872783ce60363a1246e30317f21c9c23b84b", "zh:46ffd755cfd4cf94fe66342797b5afdcef010a24e126c67fee141b357d393535", "zh:5e96f24357e945c9067cf5e032ad1d003609629c956c2f9f642fefe714e74587", "zh:60c27aca36bb63bf3e865c2193be80ca83b376581d00f9c220af4b013e163c4d", "zh:896f0f22d19d41e71b22f9240b261714c3915b165ddefeb771e7734d69dc47ea", "zh:90de9966cb2fd3e2f326df291595e55d2dd2d90e7d6dd085c2c8691dce82bdb4", "zh:ad05a91a88ceb1d6de5a568f7cc0b0e5bc0a79f3da70bc28c1e7f3750e362d58", "zh:e8c63f59c6465329e1f3357498face3dd7ef10a033df3c366a33aa9e94b46c01", ] } I͸NBD04 EBSXJO@BNE [I͕͋Δ

$ git diff diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 9591972..a0f76ee 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -5,6 +5,7 @@ provider "registry.terraform.io/hashicorp/aws" { version = "3.26.0" constraints = "~> 3.0" hashes = [ + "h1:0i78FItlPeiomd+4ThZrtm56P5K33k7/6dnEe4ZePI0=", "h1:b1qNzEzDHZpnHSOW4fRo1PFC0U2Ft25PKKs9NSDGe3U=", "zh:26043eed36d070ca032cf04bc980c654a25821a8abc0c85e1e570e3935bbfcbb", “zh:2fe68f3f78d23830a04d7fac3eda550eef1f627dfc130486f70a65dc5c254300", (snip.) $ docker run -it --rm -v $(pwd):/work hashicorp/terraform:0.14.5 -chdir=/work init %PDLFS -JOVY Ͱ࣮ߦͯ͠ΈΔ ͳΜ͔૿͑ͯΔʂʂ

উखʹ૿͑ͯ΂ΜΓʙ ʢͳΘ͚ͳ͍ʣ CIͰgit diffग़Δͷ΍ͩʔɻ

.terraform.lock.hcl φχϞϫΧϥφΠ

ͦΜͳ͜ͱ΋͋Ζ͏͔ͱ terraform providers lock

• ͋Β͔͡ΊඞཁͳϓϥοτϑΥʔϜ໊Λࢦఆͯ͠ϩοΫϑΝΠϧΛੜ੒͢Δ • https://www.terraform.io/docs/cli/commands/providers/lock.html terraform providers lock $ terraform providers lock -platform=linux_amd64 -platform=darwin_amd64 hashes = [ "h1:0i78FItlPeiomd+4ThZrtm56P5K33k7/6dnEe4ZePI0=", "h1:b1qNzEzDHZpnHSOW4fRo1PFC0U2Ft25PKKs9NSDGe3U=", "zh:26043eed36d070ca032cf04bc980c654a25821a8abc0c85e1e570e3935bbfcbb", "zh:2fe68f3f78d23830a04d7fac3eda550eef1f627dfc130486f70a65dc5c254300", "zh:3d66484c608c64678e639db25d63872783ce60363a1246e30317f21c9c23b84b", "zh:46ffd755cfd4cf94fe66342797b5afdcef010a24e126c67fee141b357d393535", "zh:5e96f24357e945c9067cf5e032ad1d003609629c956c2f9f642fefe714e74587", "zh:60c27aca36bb63bf3e865c2193be80ca83b376581d00f9c220af4b013e163c4d", "zh:896f0f22d19d41e71b22f9240b261714c3915b165ddefeb771e7734d69dc47ea", "zh:90de9966cb2fd3e2f326df291595e55d2dd2d90e7d6dd085c2c8691dce82bdb4", "zh:ad05a91a88ceb1d6de5a568f7cc0b0e5bc0a79f3da70bc28c1e7f3750e362d58", "zh:e8c63f59c6465329e1f3357498face3dd7ef10a033df3c366a33aa9e94b46c01", ] NBD04 EBSXJO@BNE -JOVY MJOVY@BNE

.terraform.lock.hcl ׬શʹཧղͨ͠

͋ΕɺΩϟογϡ͕ޮ͍͍ͯ ͳ͍Α͏ͳʁʁʁ

• terraform providers lockίϚϯυ͸σϑΥϧτͰ͸Registryͱ ௨৴͢ΔͷͰɺΩϟογϡΛແࢹ͢ΔʢόάͰ͸ͳ͘࢓༷ʣ • ϩοΫ͸rootϞδϡʔϧ (=σΟϨΫτϦ) ͝ͱʹ؅ཧ͢Δ • h1Λܭࢉ͢ΔͨΊϓϩόΠμͷμ΢ϯϩʔυ͕ඞཁ • σΟϨΫτϦ͍ͬͺ͍͋ΔͱɺຖճσΟϨΫτϦ਺෼͚ͩॏ ෳμ΢ϯϩʔυ͢Δͷແବ͗͢Ͷʁʁʁ • ϦϙδτϦϧʔτͰϩοΫϑΝΠϧੜ੒ͯ͠ɺ֤σΟϨΫτϦ ʹίϐʔͱ͍͏Ҋ΋ͳ͘͸ͳ͍͕ɺϩοΫϑΝΠϧ͕কདྷϞ δϡʔϧ΋αϙʔτ͢Δͱഁ୼ͦ͠͏ TF_PLUGIN_CACHEޮ͔ͳ͍໰୊

.terraform.lock.hcl φχϞϫΧϥφΠ

ͦΜͳ͋ͳͨʹ terraform providers mirror

• ϩʔΧϧϑΝΠϧγεςϜϛϥʔΛ࡞੒͠ɺϛϥʔ͔ΒϩοΫϑΝΠϧ΋࡞ΕΔ • https://www.terraform.io/docs/cli/commands/providers/mirror.html terraform providers mirror $ FS_MIRROR=“/tmp/terraform.d/plugins" $ terraform providers mirror -platform=linux_amd64 -platform=darwin_amd64 "${FS_MIRROR}" $ terraform providers lock -fs-mirror="${FS_MIRROR}" -platform=linux_amd64 -platform=darwin_amd64 # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { version = "3.26.0" constraints = "~> 3.0" hashes = [ "h1:0i78FItlPeiomd+4ThZrtm56P5K33k7/6dnEe4ZePI0=", "h1:b1qNzEzDHZpnHSOW4fRo1PFC0U2Ft25PKKs9NSDGe3U=", ] } 3FHJTUSZͱ௨৴͠ͳ͍৔߹ I͔͠ه࿥͞Εͳ͍ ϛϥʔΛࢦఆ

·͊ඞཁͳh1Λੜ੒Ͱ͖Ε͹ zh͍Βͳ͘Ͷʁ

#!/bin/bash set -eo pipefail export TF_PLUGIN_CACHE_DIR="/tmp/terraform.d/plugin-cache" mkdir -p "${TF_PLUGIN_CACHE_DIR}" FS_MIRROR="/tmp/terraform.d/plugins" terraform providers mirror -platform=linux_amd64 -platform=darwin_amd64 "${FS_MIRROR}" ALL_DIRS=$(find . -type f -name '*.tf' | xargs -I {} dirname {} | sort | uniq | grep -v 'modules/') for dir in ${ALL_DIRS} do pushd "$dir" rm -f .terraform.lock.hcl terraform providers lock -fs-mirror="${FS_MIRROR}" -platform=linux_amd64 -platform=darwin_amd64 popd done ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ͷ.sh • ϦϙδτϦϧʔτͰඞཁͳϓϩόΠμΛྻڍͨ͠ .tfΛ͋Β͔͡Ί഑ஔ • ϦϙδτϦϧʔτͰϩʔΧϧϛϥʔΛ࡞੒͠ɺαϒσΟϨΫτϦͰϩοΫϑΝΠϧΛੜ੒

$ terraform providers lock Error: Module not installed on main.tf line 1: 1: module "foo" { This module is not yet installed. Run "terraform init" to install all modules required by this configuration. Ϟδϡʔϧࢀর͕͋Δͱ ΤϥʔʹͳΔ Ϟδϡʔϧࢀর͕͋ΔͱΤϥʔʹͳΔ໰୊ • Ϟδϡʔϧ͔Βؒ઀తʹϓϩόΠμͷґଘ͕૿͑Δ͜ͱ͸͋Γ͏Δ • providers lockίϚϯυ͸ґଘ͢Δ͢΂ͯͷϞδϡʔϧΛಡΈࠐΉඞཁ͕͋Δ

#!/bin/bash set -eo pipefail export TF_PLUGIN_CACHE_DIR="/tmp/terraform.d/plugin-cache" mkdir -p "${TF_PLUGIN_CACHE_DIR}" FS_MIRROR="/tmp/terraform.d/plugins" terraform providers mirror -platform=linux_amd64 -platform=darwin_amd64 "${FS_MIRROR}" ALL_DIRS=$(find . -type f -name '*.tf' | xargs -I {} dirname {} | sort | uniq | grep -v 'modules/') for dir in ${ALL_DIRS} do pushd “$dir" rm -f .terraform.lock.hcl terraform init -input=false -no-color -backend=false -plugin-dir=“${FS_MIRROR}" rm -f .terraform.lock.hcl terraform providers lock -fs-mirror="${FS_MIRROR}" -platform=linux_amd64 -platform=darwin_amd64 rm -rf .terraform popd done QSPWJEFSTMPDLલʹ JOJUͰϞδϡʔϧΛऔಘ ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ͷ.sh

.terraform.lock.hcl ׬શʹཧղͨ͠

͋Εɺ ·ͨͳΜ͔gitࠩ෼͕ग़ͨ

$ terraform init $ git diff diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 88ac68e..a0f76ee 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -7,5 +7,15 @@ provider "registry.terraform.io/hashicorp/aws" { hashes = [ "h1:0i78FItlPeiomd+4ThZrtm56P5K33k7/6dnEe4ZePI0=", "h1:b1qNzEzDHZpnHSOW4fRo1PFC0U2Ft25PKKs9NSDGe3U=", + "zh:26043eed36d070ca032cf04bc980c654a25821a8abc0c85e1e570e3935bbfcbb", + "zh:2fe68f3f78d23830a04d7fac3eda550eef1f627dfc130486f70a65dc5c254300", + "zh:3d66484c608c64678e639db25d63872783ce60363a1246e30317f21c9c23b84b", + "zh:46ffd755cfd4cf94fe66342797b5afdcef010a24e126c67fee141b357d393535", + "zh:5e96f24357e945c9067cf5e032ad1d003609629c956c2f9f642fefe714e74587", + "zh:60c27aca36bb63bf3e865c2193be80ca83b376581d00f9c220af4b013e163c4d", + "zh:896f0f22d19d41e71b22f9240b261714c3915b165ddefeb771e7734d69dc47ea", + "zh:90de9966cb2fd3e2f326df291595e55d2dd2d90e7d6dd085c2c8691dce82bdb4", + "zh:ad05a91a88ceb1d6de5a568f7cc0b0e5bc0a79f3da70bc28c1e7f3750e362d58", + "zh:e8c63f59c6465329e1f3357498face3dd7ef10a033df3c366a33aa9e94b46c01", ] } [I͕௥ه͞ΕΔ ϩʔΧϧʹΩϟογϡ͕ͳ͍৔߹ Ωϟογϡ͕ͳ͍ͱzh௥ه͞ΕͪΌ͏໰୊

WindowsͰ΋࢖͏͔΋ͩ͠ɺ zh௥ه͓͍ͯͨ͠Α ʢ༨ܭͳ͓ੈ࿩ʣ

.terraform.lock.hcl φχϞϫΧϥφΠ

ͦ΋ͦ΋ Terraform Registry͕௚઀ zhͱh1྆ํฦͯ͘͠ΕΕ͹ શ෦ղܾͰ͸ʁʁʁ

https://github.com/hashicorp/terraform/issues/27264

https://github.com/hashicorp/terraform/issues/27264 UFSSBGPSNMPDLIDMνϣοτσΩϧ 5FSSBGPSNίΞνʔϜͷ BQQBSFOUMZNBSUࢯʹΑΔղઆ

ͳΜͰ͜ΜͳΊΜͲ͍͘͜͞ ͱʹͳ͍ͬͯΔͷ͔ʁ ͬ͘͟Γཁ໿ˍิ଍͢Δͱ

• Terraform v0.12·Ͱ͸ϓϩόΠμ͸ releases.hashicorp.com ͔Β഑ ෍͍ͯͨ͠ • ͦ΋ͦ΋ releases.hashicorp.com ͸Terraformઐ༻Ͱ͸ͳ͍ͷͰɺ഑ ෍෺ͷzipΞʔΧΠϒͷνΣοΫαϜΛ࢖͏ͱ͍͏ͷ͸ଥ౰ • v0.13ͰϓϩόΠμͷ഑෍΋Registryܦ༝ʹͳ͕ͬͨɺஈ֊తʹҠߦ ͢ΔͨΊɺRegistry͸࣮ࡍʹ͸ͨͩͷindexͰɺ഑෍෺͸Ҿ͖ଓ͖ releases.hashicorp.com ͔Β഑෍͢Δ͜ͱʹ • ݁Ռͱͯ͠ɺRegistry͸releases.hashicorp.comͷνΣοΫαϜͷ࢓ ༷ΛҾ͖ܧ͍ͩ ݱঢ়Terraform Registry͸zh͔͠ฦͤͳ͍

• h1͸౰ॳLocal Filesystem MirrorΛαϙʔτ͢ΔͨΊʹಋೖ͞Εͨ • Local Filesystem Mirror͸zipܗ͚ࣜͩͰͳ͘ɺzipల։ࡁΈͷσΟϨΫτ Ϧܗࣜ΋αϙʔτ͓ͯ͠ΓɺσΟϨΫτϦܗࣜͷ৔߹͸zhΛܭࢉͰ͖ͳ ͍ʢѹॖ͢ΔͨͼʹzipϑΝΠϧͷϝλσʔλ͕มΘͬͯ͠·͏ͷͰʣ • ࣗ࡞ϓϩόΠμͷ৔߹͸ɺRegistry͔Β഑෍͞ΕΔ͜ͱ͸ͳ͘ɺh1͚ͩ Ͱ໰୊ͳ͔͕ͬͨɺRegistryͰ഑෍͞Ε͍ͯΔ΋ͷΛɺLocal Filesystem Mirrorܦ༝ͰΠϯετʔϧ͠Α͏ͱ͢ΔͱɺΠϯετʔϧํ๏ʹґଘ͠ ͯϩοΫϑΝΠϧͷத਎͕มΘͬͯ͠·͏ • ͱ͍͏Θ͚Ͱɺ͋Β͔͡ΊϩοΫϑΝΠϧΛੜ੒͢Δterrform providers lock͕࣮૷͞Εͨ Local Filesystem Mirror ͸zhΛܭࢉͰ͖ͳ͍

• h1͸ܭࢉʹμ΢ϯϩʔυ͕ඞཁͳͷͰɺ௨ৗ͸terraform initͨ͠ϓ ϥοτϑΥʔϜ෼͔͠ه࿥͞Εͳ͍ • ͨͩzhΛ͋Β͔͡Ί͢΂ͯͷϓϥοτϑΥʔϜ෼ه࿥͓͚ͯ͠͹ɺ ଞͷϓϥοτϑΥʔϜͰ΋ɺ৴པͰ͖Δط஌ͷzhʹϚον͢Δzipͷ ίϯςϯπͷh1Λޙ͔Β௥هͯ͠΋҆શɻ • ඞཁʹͳͬͨλΠϛϯάͰ৽͍͠h1Λ௥ه͢Δͱ͍͏࢓༷͸ɺਓ͕ ϩοΫϑΝΠϧΛݟͯߋ৽Λίϛοτ͢Δͱ͍͏ϫʔΫϑϩʔΛ૝ ఆͯ͠ઃܭ͞Ε͍ͯΔ • ҰํɺϓϩόΠμͷόʔδϣϯΞοϓΛࣗಈԽ͠ɺϩοΫϑΝΠϧ Λߋ৽͞ΕΔλΠϛϯάΛݫີʹίϯτϩʔϧ͍ͨ͠৔߹ʹ͸ɺҙ ਤ͠ͳ͍λΠϛϯάͰߋ৽͞ΕΔͷ͸ࠔͬͯ͠·͏ ҆શʹh1Λݕূͯ͠௥Ճ͢Δʹ͸

• ݱঢ়ͷRegistryϓϩτίϧ͸ෳ਺ͷϋογϡํ͕ࣜ͋Δ͜ͱ Λ૝ఆ͍ͯ͠ͳ͍ • Registry ͕ෳ਺ͷϋογϡํࣜΛѻ͑ΔΑ͏ʹ͢΂͖ͩ ͠ɺඞཁੑ͸ೝ͍ࣝͯ͠Δ͕ɺv0.14.0ͷϦϦʔεʹ͸ؒʹ ߹ΘͤΒΕͳ͔ͬͨ • Registryϓϩτίϧͷมߋʹ͸͠͹Β͕͔͔࣌ؒ͘Γͦ͏ Registry͸h1Λฦͤͳ͍ͷ͔ʁ

.terraform.lock.hcl ׬શʹཧղͨ͠

͋ͨ͞͠ΓϩοΫϑΝΠϧߋ৽Λ ཈ࢭ͍ͨ͠ͷ͚ͩΕͲ΋ Կ͔Φϓγϣϯੜ΍͢ͷ͋Γʁ UFSSBGPSNJOJUMPDLpMFSFBEPOMZ ͸͋Γ͡Όͳ͍ʁ

https://github.com/hashicorp/terraform/pull/27630 ϨϏϡʔ଴ͪ terraform init -lockfile=readonly ࡞ͬͯΈͨ

• Terraform v0.14͔Βಋೖ͞Εͨ.terraform.lock.hclΛɺෳ਺ͷ σΟϨΫτϦͱϓϥοτϑΥʔϜࠞࡏ؀ڥͰޮ཰Α͘ӡ༻͢Δ ʹ͸ɺݱঢ়͍Ζ͍Ζͳٕज़తͳ੍໿͕͋Γେมݫ͍͠ • .gitignoreͨ͠Βෛ͚͔ͳͱࢥͬͯΔͷͰӡ༻ํ๏Λ໛ࡧத • terraform providers mirrorͱterraform providers lockΛ૊Έ߹ ΘͤΕ͹ɺΩϟογϡ͕ͳ͍৔߹Ҏ֎͸͍͚ͦ͏ײ • terraform init -lockfile=readonly͕ύζϧͷ࠷ޙͷϐʔε • ࠜຊతʹ͸Registry͕h1Λ௚઀ฦͯ͘͠ΕΔ͜ͱΛظ଴ ·ͱΊ: .terraform.lock.hcl ׬શʹཧղͨ͠