terraform 实战

举报
kaliarch 发表于 2022/02/27 16:07:07 2022/02/27
【摘要】 Terraform 一 介绍欢迎来到Terraform入门指南!本指南是从Terraform开始的最佳位置。我们将介绍Terraform是什么,它可以解决什么问题,与现有软件的比较方式,并包含使用Terraform的快速入门。Terraform是一个IT基础架构自动化编排工具,主张基础架构即代码,你可以用代码集中管理你的云资源和基础架构。本文就腾讯云为例,讲述如何用Terraform完成云...

Terraform

一 介绍

欢迎来到Terraform入门指南!本指南是从Terraform开始的最佳位置。我们将介绍Terraform是什么,它可以解决什么问题,与现有软件的比较方式,并包含使用Terraform的快速入门。

Terraform是一个IT基础架构自动化编排工具,主张基础架构即代码,你可以用代码集中管理你的云资源和基础架构。本文就腾讯云为例,讲述如何用Terraform完成云上自动化运维

1.1 什么是Terraform

Terraform 是一个用于安全和有效地构建、更改和管理基础设施版本的工具。 Terraform 可以管理现有的和流行的服务提供商以及自定义的内部解决方案。

配置文件向 Terraform 描述运行单个应用程序或整个数据中心所需的组件。 Terraform 生成一个执行计划,描述它将如何达到所需的状态,然后执行它来构建所描述的基础结构。 当配置更改时,Terraform 能够确定更改了什么,并创建可以应用的增量执行计划。

Terraform 可以管理的基础设施包括低级组件(如计算实例、存储和网络) ,以及高级组件(如 DNS 条目、 SaaS 特性等)。

二 使用场景

在理解用例之前,了解什么是 Terraform 是很有用的。 这个页面列出了 Terraform 的一些具体用例,但是可能的用例比我们讨论的要广泛得多。 由于其可扩展性,可以添加提供者和供应者以进一步扩展 Terraform 操作资源的能力。

三 安装部署

3.1 安装部署

有些二进制安装存在问题,检验在系统进行源码安装

wget https://releases.hashicorp.com/terraform/0.12.21/terraform_0.12.21_linux_amd64.zip
yum -y install unzip
unzip terraform_0.12.21_linux_amd64.zip
cp terraform /usr/bin
  • 基本命令

Terraform有些命令,是我们常用的,也是后面我们实例会用到的

terraform init   # 初始化工作目录,也是我们第一个要执行的命令
terraform plan   # 生成计划
terraform appy   # 提交请求
terraform state  # 查看资源状态
terraform graph  # 生成执行计划图

3.2 资源定义

mkdir /resource && cd /resource

# 创建provider
cat >provider.tf <<EOF
provider "tencentcloud" {
    secret_id  = "AKIDZyGQXbErpY4MPDl7D4g3HH2c5KL8Y8G8"
    secret_key = "kFUTDk38yZw4xc5JHzRdZFfspWxDE0Xq"
    region     = "ap-guangzhou"
}
EOF

  # 编写变量
  cat >variable.tf <<EOF
  variable "region" {
  type = string
  default = "ap-guangzhou"
  }
  variable "availability_zone" {
  type = string
  default = "ap-guangzhou-4"
  }
  variable "image_id" {
  type = string
  default = "img-9qabwvbn"
  }
  variable "cvm_count" {
  type = number
  default = 1
  }
  variable "cvm_password" {
  type = string
  default = "WWW.51idc.com"
  }
  variable "APP_cvm_data_disk_type" {
  type = string
  default = "CLOUD_PREMIUM"
  }
  variable "APP_cvm_data_disk_size" {
  default = 50
  }
  variable "internet_max_bandwidth_out" { default = 1 }
  variable "hostname" { default = "xuel-terraform-cvm" }
  EOF
	

# 初始化
terraform init

# 创建cvm资源
cat > cvm.tf <<EOF
// Create a cvm
resource "tencentcloud_instance" "xuel_instance" {
    instance_name = "xuel_instance"
    availability_zone = var.availability_zone
    image_id = var.image_id
    instance_type = "S2.SMALL1"
    system_disk_type = "CLOUD_PREMIUM"

    security_groups = [
        "${tencentcloud_security_group.xuel_sg.id}"
    ]
    data_disks {
    		data_disk_type = var.APP_cvm_data_disk_type
    		data_disk_size = var.APP_cvm_data_disk_size
    }
    vpc_id = "${tencentcloud_vpc.xuel_vpc.id}"
    subnet_id = "${tencentcloud_subnet.xuel_subnet.id}"
    password = var.cvm_password
    internet_max_bandwidth_out = var.internet_max_bandwidth_out
    count = var.cvm_count
    allocate_public_ip = true
    hostname = join("-", [var.hostname, count.index])
}
EOF

# 创建route_table.tf
cat > route_table.tf<<EOF
// Create a route table
resource "tencentcloud_route_table" "xuel_rtb" {
    name = "xuel_rtb"
    vpc_id = "\${tencentcloud_vpc.xuel_vpc.id}"
}
EOF

# 创建vpc.tf
cat > vpc.tf <<EOF
resource "tencentcloud_vpc" "xuel_vpc" {
    name = "xuel_vpc"
    cidr_block = "10.0.0.0/16"
}
EOF

# 创建subnet.tf
cat > subnet.tf<<EOF
resource "tencentcloud_subnet" "xuel_subnet" {
    name = "xuel_subnet"
    cidr_block = "10.0.1.0/24"
    availability_zone = var.availability_zone
    vpc_id = "\${tencentcloud_vpc.xuel_vpc.id}"
    route_table_id = "\${tencentcloud_route_table.xuel_rtb.id}"
}
EOF
	
# 创建security_group.tf
cat >security_group.tf<<EOF
// Create a security group and rule
resource "tencentcloud_security_group" "xuel_sg" {
    name = "xuel_sg"
}

resource "tencentcloud_security_group_rule" "xuel_sg_rule_ingress" {
    security_group_id = "${tencentcloud_security_group.xuel_sg.id}"
    type = "ingress"
    cidr_ip = "0.0.0.0/0"
    ip_protocol = "tcp"
    port_range = "80,22"
    policy = "accept"
}
resource "tencentcloud_security_group_rule" "xuel_sg_rule_egress" {
    security_group_id = "${tencentcloud_security_group.xuel_sg.id}"
    type = "egress"
    cidr_ip = "0.0.0.0/0"
    ip_protocol = "tcp"
    port_range = "1-65535"
    policy = "accept"
}
EOF

输出

cat > output.tf <<EOF
output "cvm_az" {
  value = "\${tencentcloud_instance.xuel_instance.*.availability_zone}"
}
output "cvm_id" {
  value = "\${tencentcloud_instance.xuel_instance.*.id}"
}
output "cvm_name" {
  value = "\${tencentcloud_instance.xuel_instance.*.instance_name}"
}
output "cvm_publicip" {
  value = "\${tencentcloud_instance.xuel_instance.*.public_ip}"
}
output "cvm_private_ip" {
  value = "\${tencentcloud_instance.xuel_instance.*.private_ip}"
}
output "cvm_password" {
  value = "\${tencentcloud_instance.xuel_instance.*.password}"
}

EOF

3.3 使用

3.3.1 定义环境变量

export TENCENTCLOUD_SECRET_ID="AKxxxxx5KL8Y8G8"
export TENCENTCLOUD_SECRET_KEY="kFxxxxxxxXq"
export TENCENTCLOUD_REGION="ap-guangzhou"

3.3.2 初始化环境

[root@src resource]# terraform init

Initializing the backend...

Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "tencentcloud" (terraform-providers/tencentcloud) 1.30.3...

The following providers do not have any version constraints in configuration,
so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.

* provider.tencentcloud: version = "~> 1.30"

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

3.3.3 查看资源创建

[root@src resource]# terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # tencentcloud_instance.xuel_instance[0] will be created
  + resource "tencentcloud_instance" "xuel_instance" {
      + allocate_public_ip         = true
      + availability_zone          = "ap-guangzhou-4"
      + create_time                = (known after apply)
      + disable_monitor_service    = false
      + disable_security_service   = false
      + expired_time               = (known after apply)
      + id                         = (known after apply)
      + image_id                   = "img-9qabwvbn"
      + instance_charge_type       = "POSTPAID_BY_HOUR"
      + instance_name              = "xuel_instance"
      + instance_status            = (known after apply)
      + instance_type              = "S2.SMALL1"
      + internet_charge_type       = "TRAFFIC_POSTPAID_BY_HOUR"
      + internet_max_bandwidth_out = 1
      + key_name                   = (known after apply)
      + private_ip                 = (known after apply)
      + project_id                 = 0
      + public_ip                  = (known after apply)
      + running_flag               = true
      + security_groups            = (known after apply)
      + subnet_id                  = (known after apply)
      + system_disk_id             = (known after apply)
      + system_disk_size           = 50
      + system_disk_type           = "CLOUD_PREMIUM"
      + vpc_id                     = (known after apply)

      + data_disks {
          + data_disk_id         = (known after apply)
          + data_disk_size       = (known after apply)
          + data_disk_type       = (known after apply)
          + delete_with_instance = (known after apply)
        }
    }

  # tencentcloud_route_table.xuel_rtb will be created
  + resource "tencentcloud_route_table" "xuel_rtb" {
      + create_time     = (known after apply)
      + id              = (known after apply)
      + is_default      = (known after apply)
      + name            = "xuel_rtb"
      + route_entry_ids = (known after apply)
      + subnet_ids      = (known after apply)
      + vpc_id          = (known after apply)
    }

  # tencentcloud_security_group.xuel_sg will be created
  + resource "tencentcloud_security_group" "xuel_sg" {
      + id         = (known after apply)
      + name       = "xuel_sg"
      + project_id = (known after apply)
    }

  # tencentcloud_security_group_rule.xuel_sg_rule will be created
  + resource "tencentcloud_security_group_rule" "xuel_sg_rule" {
      + cidr_ip           = "0.0.0.0/0"
      + description       = (known after apply)
      + id                = (known after apply)
      + ip_protocol       = "tcp"
      + policy            = "accept"
      + port_range        = "80,22"
      + security_group_id = (known after apply)
      + source_sgid       = (known after apply)
      + type              = "ingress"
    }

  # tencentcloud_subnet.xuel_subnet will be created
  + resource "tencentcloud_subnet" "xuel_subnet" {
      + availability_zone  = "ap-guangzhou-4"
      + available_ip_count = (known after apply)
      + cidr_block         = "10.0.1.0/24"
      + create_time        = (known after apply)
      + id                 = (known after apply)
      + is_default         = (known after apply)
      + is_multicast       = true
      + name               = "xuel_subnet"
      + route_table_id     = (known after apply)
      + vpc_id             = (known after apply)
    }

  # tencentcloud_vpc.xuel_vpc will be created
  + resource "tencentcloud_vpc" "xuel_vpc" {
      + cidr_block   = "10.0.0.0/16"
      + create_time  = (known after apply)
      + dns_servers  = (known after apply)
      + id           = (known after apply)
      + is_default   = (known after apply)
      + is_multicast = true
      + name         = "xuel_vpc"
    }

Plan: 6 to add, 0 to change, 0 to destroy.

Warning: Interpolation-only expressions are deprecated

  on cvm.tf line 13, in resource "tencentcloud_instance" "xuel_instance":
  13:     vpc_id = "${tencentcloud_vpc.xuel_vpc.id}"

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.

(and 5 more similar warnings elsewhere)


------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.



执行:
[root@teraform resource]# terraform output -json
{
  "cvm_az": {
    "sensitive": false,
    "type": [
      "tuple",
      [
        "string"
      ]
    ],
    "value": [
      "ap-guangzhou-4"
    ]
  },
  "cvm_id": {
    "sensitive": false,
    "type": "string",
    "value": "ins-jv2br9vw"
  },
  "cvm_name": {
    "sensitive": false,
    "type": "string",
    "value": "xuel_instance"
  },
  "cvm_password": {
    "sensitive": false,
    "type": "string",
    "value": "WWW.51idc.com"
  },
  "cvm_private_ip": {
    "sensitive": false,
    "type": "string",
    "value": "10.0.1.2"
  },
  "cvm_publicip": {
    "sensitive": false,
    "type": [
      "tuple",
      [
        "string"
      ]
    ],
    "value": [
      "134.175.179.205"
    ]
  }
}

​ ![image-20200303142341506](/Users/xuel/Library/Application Support/typora-user-images/image-20200303142341506.png)

参考链接

【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱: cloudbbs@huaweicloud.com
  • 点赞
  • 收藏
  • 关注作者

评论(0

0/1000
抱歉,系统识别当前为高风险访问,暂不支持该操作

全部回复

上滑加载中

设置昵称

在此一键设置昵称,即可参与社区互动!

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。