- 이미 Cloudflare DNS (이하 CF DNS) 를 웹 인터페이스로 관리하고 있었다면 Terraform 으로 import 해야 한다 (테라폼은 기본적으로 '모든' 인프라 구조를 관리할 수 있어야 함)
- 수동 변경을 한 번이라도 하면 import 과정 필요. 빠뜨리면 수동 반영한 인프라 데이터가 사라질 수 있다.
- cf-terraforming 을 이용하여 CF DNS 정보를 가져와야 함
- 2024-12-27 현재, OpenTofu 로는 안 됨 (cf-terraforming genarate 실패)
cf-terraforming generate email jellypo@
gmail.com --token CF_APITOKEN -z ZONE_ID --resource-type cloudflare_record > import.tf
FATA[0001] failed to read provider schemaexit status 1
Error: Inconsistent dependency lock file
The following dependency selections recorded in the lock file are
inconsistent with the current configuration:
- provider registry.terraform.io/cloudflare/cloudflare: required by this configuration but no version is selected
To update the locked dependency selections to match a changed configuration,
run:
terraform init -upgrade
- Cloudflare Provider 설치용 tf 코드 작성,
tf init
- cf-terrforming 으로 기존 데이터로 tf 파일 생성
cf-terraforming generate
- 기존 데이터 tf 에 import
cf-terraforming import
- 기존 설정의 반영 완료 되었으니 추가/삭제 등 신규 설정을 tf 로 할 수 있음.
cloudflare.tf
terraform {
required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
version = "~> 3.0"
}
}
}
provider "cloudflare" {
api_token = "..."
# email = "admin@example.com"
}
variable "zone_id" {
default = "..."
}
variable "domain" {
default = "example.com"
}
> tofu init
Initializing the backend...
Initializing provider plugins...
- Finding cloudflare/cloudflare versions matching "~> 3.0"...
- Installing cloudflare/cloudflare v3.35.0...
- Installed cloudflare/cloudflare v3.35.0 (signed, key ID C76001609EE3B136)
Providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://opentofu.org/docs/cli/plugins/signing/
OpenTofu has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that OpenTofu can guarantee to make the same selections by default when
you run "tofu init" in the future.
OpenTofu has been successfully initialized!
You may now begin working with OpenTofu. Try running "tofu plan" to see
any changes that are required for your infrastructure. All OpenTofu commands
should now work.
If you ever set or change modules or backend configuration for OpenTofu,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
> cf-terraforming generate --email admin@example.com --token CF_APITOKEN -z ZONE_ID --resource-type cloudflare_record > import.tf
> cf-terraforming import --email admin@example.com --token CF_APITOKEN -z ZONE_ID --resource-type cloudflare_record > import.txt
> tf plan
cloudflare_record.terraform_managed_resource_...: Refreshing state... [id=...]
cloudflare_record.terraform_managed_resource_...: Refreshing state... [id=...]
cloudflare_record.terraform_managed_resource_...: Refreshing state... [id=...]
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.
IaC