terraform 实战
Terraform
一 介绍
欢迎来到Terraform入门指南!本指南是从Terraform开始的最佳位置。我们将介绍Terraform是什么,它可以解决什么问题,与现有软件的比较方式,并包含使用Terraform的快速入门。
Terraform是一个IT基础架构自动化编排工具,主张基础架构即代码,你可以用代码集中管理你的云资源和基础架构。本文就腾讯云为例,讲述如何用Terraform完成云上自动化运维
1.1 什么是Terraform
Terraform 是一个用于安全和有效地构建、更改和管理基础设施版本的工具。 Terraform 可以管理现有的和流行的服务提供商以及自定义的内部解决方案。
配置文件向 Terraform 描述运行单个应用程序或整个数据中心所需的组件。 Terraform 生成一个执行计划,描述它将如何达到所需的状态,然后执行它来构建所描述的基础结构。 当配置更改时,Terraform 能够确定更改了什么,并创建可以应用的增量执行计划。
Terraform 可以管理的基础设施包括低级组件(如计算实例、存储和网络) ,以及高级组件(如 DNS 条目、 SaaS 特性等)。
二 使用场景
在理解用例之前,了解什么是 Terraform 是很有用的。 这个页面列出了 Terraform 的一些具体用例,但是可能的用例比我们讨论的要广泛得多。 由于其可扩展性,可以添加提供者和供应者以进一步扩展 Terraform 操作资源的能力。
三 安装部署
3.1 安装部署
有些二进制安装存在问题,检验在系统进行源码安装
wget https://releases.hashicorp.com/terraform/0.12.21/terraform_0.12.21_linux_amd64.zip
yum -y install unzip
unzip terraform_0.12.21_linux_amd64.zip
cp terraform /usr/bin
- 基本命令
Terraform有些命令,是我们常用的,也是后面我们实例会用到的
terraform init # 初始化工作目录,也是我们第一个要执行的命令
terraform plan # 生成计划
terraform appy # 提交请求
terraform state # 查看资源状态
terraform graph # 生成执行计划图
3.2 资源定义
mkdir /resource && cd /resource
# 创建provider
cat >provider.tf <<EOF
provider "tencentcloud" {
secret_id = "AKIDZyGQXbErpY4MPDl7D4g3HH2c5KL8Y8G8"
secret_key = "kFUTDk38yZw4xc5JHzRdZFfspWxDE0Xq"
region = "ap-guangzhou"
}
EOF
# 编写变量
cat >variable.tf <<EOF
variable "region" {
type = string
default = "ap-guangzhou"
}
variable "availability_zone" {
type = string
default = "ap-guangzhou-4"
}
variable "image_id" {
type = string
default = "img-9qabwvbn"
}
variable "cvm_count" {
type = number
default = 1
}
variable "cvm_password" {
type = string
default = "WWW.51idc.com"
}
variable "APP_cvm_data_disk_type" {
type = string
default = "CLOUD_PREMIUM"
}
variable "APP_cvm_data_disk_size" {
default = 50
}
variable "internet_max_bandwidth_out" { default = 1 }
variable "hostname" { default = "xuel-terraform-cvm" }
EOF
# 初始化
terraform init
# 创建cvm资源
cat > cvm.tf <<EOF
// Create a cvm
resource "tencentcloud_instance" "xuel_instance" {
instance_name = "xuel_instance"
availability_zone = var.availability_zone
image_id = var.image_id
instance_type = "S2.SMALL1"
system_disk_type = "CLOUD_PREMIUM"
security_groups = [
"${tencentcloud_security_group.xuel_sg.id}"
]
data_disks {
data_disk_type = var.APP_cvm_data_disk_type
data_disk_size = var.APP_cvm_data_disk_size
}
vpc_id = "${tencentcloud_vpc.xuel_vpc.id}"
subnet_id = "${tencentcloud_subnet.xuel_subnet.id}"
password = var.cvm_password
internet_max_bandwidth_out = var.internet_max_bandwidth_out
count = var.cvm_count
allocate_public_ip = true
hostname = join("-", [var.hostname, count.index])
}
EOF
# 创建route_table.tf
cat > route_table.tf<<EOF
// Create a route table
resource "tencentcloud_route_table" "xuel_rtb" {
name = "xuel_rtb"
vpc_id = "\${tencentcloud_vpc.xuel_vpc.id}"
}
EOF
# 创建vpc.tf
cat > vpc.tf <<EOF
resource "tencentcloud_vpc" "xuel_vpc" {
name = "xuel_vpc"
cidr_block = "10.0.0.0/16"
}
EOF
# 创建subnet.tf
cat > subnet.tf<<EOF
resource "tencentcloud_subnet" "xuel_subnet" {
name = "xuel_subnet"
cidr_block = "10.0.1.0/24"
availability_zone = var.availability_zone
vpc_id = "\${tencentcloud_vpc.xuel_vpc.id}"
route_table_id = "\${tencentcloud_route_table.xuel_rtb.id}"
}
EOF
# 创建security_group.tf
cat >security_group.tf<<EOF
// Create a security group and rule
resource "tencentcloud_security_group" "xuel_sg" {
name = "xuel_sg"
}
resource "tencentcloud_security_group_rule" "xuel_sg_rule_ingress" {
security_group_id = "${tencentcloud_security_group.xuel_sg.id}"
type = "ingress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "tcp"
port_range = "80,22"
policy = "accept"
}
resource "tencentcloud_security_group_rule" "xuel_sg_rule_egress" {
security_group_id = "${tencentcloud_security_group.xuel_sg.id}"
type = "egress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "tcp"
port_range = "1-65535"
policy = "accept"
}
EOF
输出
cat > output.tf <<EOF
output "cvm_az" {
value = "\${tencentcloud_instance.xuel_instance.*.availability_zone}"
}
output "cvm_id" {
value = "\${tencentcloud_instance.xuel_instance.*.id}"
}
output "cvm_name" {
value = "\${tencentcloud_instance.xuel_instance.*.instance_name}"
}
output "cvm_publicip" {
value = "\${tencentcloud_instance.xuel_instance.*.public_ip}"
}
output "cvm_private_ip" {
value = "\${tencentcloud_instance.xuel_instance.*.private_ip}"
}
output "cvm_password" {
value = "\${tencentcloud_instance.xuel_instance.*.password}"
}
EOF
3.3 使用
3.3.1 定义环境变量
export TENCENTCLOUD_SECRET_ID="AKxxxxx5KL8Y8G8"
export TENCENTCLOUD_SECRET_KEY="kFxxxxxxxXq"
export TENCENTCLOUD_REGION="ap-guangzhou"
3.3.2 初始化环境
[root@src resource]# terraform init
Initializing the backend...
Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "tencentcloud" (terraform-providers/tencentcloud) 1.30.3...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.
* provider.tencentcloud: version = "~> 1.30"
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
3.3.3 查看资源创建
[root@src resource]# terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# tencentcloud_instance.xuel_instance[0] will be created
+ resource "tencentcloud_instance" "xuel_instance" {
+ allocate_public_ip = true
+ availability_zone = "ap-guangzhou-4"
+ create_time = (known after apply)
+ disable_monitor_service = false
+ disable_security_service = false
+ expired_time = (known after apply)
+ id = (known after apply)
+ image_id = "img-9qabwvbn"
+ instance_charge_type = "POSTPAID_BY_HOUR"
+ instance_name = "xuel_instance"
+ instance_status = (known after apply)
+ instance_type = "S2.SMALL1"
+ internet_charge_type = "TRAFFIC_POSTPAID_BY_HOUR"
+ internet_max_bandwidth_out = 1
+ key_name = (known after apply)
+ private_ip = (known after apply)
+ project_id = 0
+ public_ip = (known after apply)
+ running_flag = true
+ security_groups = (known after apply)
+ subnet_id = (known after apply)
+ system_disk_id = (known after apply)
+ system_disk_size = 50
+ system_disk_type = "CLOUD_PREMIUM"
+ vpc_id = (known after apply)
+ data_disks {
+ data_disk_id = (known after apply)
+ data_disk_size = (known after apply)
+ data_disk_type = (known after apply)
+ delete_with_instance = (known after apply)
}
}
# tencentcloud_route_table.xuel_rtb will be created
+ resource "tencentcloud_route_table" "xuel_rtb" {
+ create_time = (known after apply)
+ id = (known after apply)
+ is_default = (known after apply)
+ name = "xuel_rtb"
+ route_entry_ids = (known after apply)
+ subnet_ids = (known after apply)
+ vpc_id = (known after apply)
}
# tencentcloud_security_group.xuel_sg will be created
+ resource "tencentcloud_security_group" "xuel_sg" {
+ id = (known after apply)
+ name = "xuel_sg"
+ project_id = (known after apply)
}
# tencentcloud_security_group_rule.xuel_sg_rule will be created
+ resource "tencentcloud_security_group_rule" "xuel_sg_rule" {
+ cidr_ip = "0.0.0.0/0"
+ description = (known after apply)
+ id = (known after apply)
+ ip_protocol = "tcp"
+ policy = "accept"
+ port_range = "80,22"
+ security_group_id = (known after apply)
+ source_sgid = (known after apply)
+ type = "ingress"
}
# tencentcloud_subnet.xuel_subnet will be created
+ resource "tencentcloud_subnet" "xuel_subnet" {
+ availability_zone = "ap-guangzhou-4"
+ available_ip_count = (known after apply)
+ cidr_block = "10.0.1.0/24"
+ create_time = (known after apply)
+ id = (known after apply)
+ is_default = (known after apply)
+ is_multicast = true
+ name = "xuel_subnet"
+ route_table_id = (known after apply)
+ vpc_id = (known after apply)
}
# tencentcloud_vpc.xuel_vpc will be created
+ resource "tencentcloud_vpc" "xuel_vpc" {
+ cidr_block = "10.0.0.0/16"
+ create_time = (known after apply)
+ dns_servers = (known after apply)
+ id = (known after apply)
+ is_default = (known after apply)
+ is_multicast = true
+ name = "xuel_vpc"
}
Plan: 6 to add, 0 to change, 0 to destroy.
Warning: Interpolation-only expressions are deprecated
on cvm.tf line 13, in resource "tencentcloud_instance" "xuel_instance":
13: vpc_id = "${tencentcloud_vpc.xuel_vpc.id}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
(and 5 more similar warnings elsewhere)
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
执行:
[root@teraform resource]# terraform output -json
{
"cvm_az": {
"sensitive": false,
"type": [
"tuple",
[
"string"
]
],
"value": [
"ap-guangzhou-4"
]
},
"cvm_id": {
"sensitive": false,
"type": "string",
"value": "ins-jv2br9vw"
},
"cvm_name": {
"sensitive": false,
"type": "string",
"value": "xuel_instance"
},
"cvm_password": {
"sensitive": false,
"type": "string",
"value": "WWW.51idc.com"
},
"cvm_private_ip": {
"sensitive": false,
"type": "string",
"value": "10.0.1.2"
},
"cvm_publicip": {
"sensitive": false,
"type": [
"tuple",
[
"string"
]
],
"value": [
"134.175.179.205"
]
}
}
![image-20200303142341506](/Users/xuel/Library/Application Support/typora-user-images/image-20200303142341506.png)
参考链接
- https://cloud.tencent.com/developer/article/1597530
- https://www.terraform.io/docs/
- https://juejin.im/post/5d4ab8e9e51d45620d2cb89e
- https://juejin.im/post/5d4ab949f265da03f564cda8
- https://cloud.tencent.com/developer/article/1067230
- https://github.com/ausmartway/tencent-cloud-simple-example
- https://cloud.tencent.com/developer/article/1469162
- https://cloud.tencent.com/developer/article/1560534
- https://www.terraform.io/docs/providers/tencentcloud/index.html
- https://cloud.tencent.com/developer/article/1473713
- https://979137.com/archives/870.html
- https://cloud.tencent.com/developer/article/1478955
- https://cloud.tencent.com/developer/user/5830525
- 点赞
- 收藏
- 关注作者
评论(0)