基础设施自动化-使用Terraform创建华为云ECS服务器
【摘要】 Terraform 是一个开源的基础设施即代码(Infrastructure as Code,IaC)工具,它用于通过配置文件来定义、预配和管理数据中心的基础设施。它使得开发人员和运维人员能够用代码来描述整个基础设施的构建过程,进而实现基础设施的自动化管理、版本控制、以及跨云平台的资源管理。
什么是Terraform
Terraform是一个开源的IT基础设施编排管理工具,Terraform支持使用配置文件描述单个应用或整个数据中心。
通过Terraform您可以轻松的创建、管理、删除华为云资源,并对其进行版本控制。
Terraform的优势
- 基础设施即代码
- 执行计划
Terraform有一个 "计划 "步骤,在这个步骤中,它会生成一个执行计划。执行计划显示了当你调用apply时,Terraform会做什么,这让你在Terraform操作基础设施时避免任何意外。
- 资源图
Terraform建立了一个所有资源的图,并行创建和修改任何非依赖性资源。从而使得Terraform可以尽可能高效地构建基础设施,操作人员可以深入了解基础设施中的依赖性。
- 变更自动化
复杂的变更集可以应用于您的基础设施,而只需最少的人工干预。有了前面提到的执行计划和资源图,您就可以准确地知道Terraform将改变什么,以及改变的顺序,从而避免了许多可能的人为错误。
使用Terraform创建ECS服务器
1.创建main.tf文件并编写HCL代码
#创建vpc
resource "huaweicloud_vpc" "vpc" {
name = "hw-vpc"
cidr = "192.168.0.0/16"
}
#创建子网
resource "huaweicloud_vpc_subnet" "subnet" {
vpc_id = huaweicloud_vpc.vpc.id
name = "hw-subnet"
cidr = "192.168.10.0/24"
gateway_ip = "192.168.10.1"
dns_list = ["100.125.1.250", "100.125.129.250"]
availability_zone = "cn-north-4a"
}
#创建安全组
resource "huaweicloud_networking_secgroup" "secgroup" {
name = "hw-secgroup"
delete_default_rules = true
}
#创建安全组规则
resource "huaweicloud_networking_secgroup_rule" "test" {
security_group_id = huaweicloud_networking_secgroup.secgroup.id
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 8080
port_range_max = 8080
remote_ip_prefix = "0.0.0.0/0"
}
# 创建ECS服务器
resource "huaweicloud_compute_instance" "ecs" {
#Ubuntu 24.04 server 64 bit
image_id = "48de6f82-7ba1-459b-8c46-8888379e5d7f"
flavor_id = "c7.xlarge.2"
name = "hw-ecs"
security_group_ids = huaweicloud_networking_secgroup.secgroup.id
system_disk_type = "GPSSD"
system_disk_size = "100"
#配置EIP
eip_type = "5_bgp"
bandwidth {
share_type = "PER"
size = 5
charge_mode = "traffic"
}
stop_before_destroy = true
delete_disks_on_termination = true
delete_eip_on_termination = true
network {
uuid = huaweicloud_vpc_subnet.subnet.id
fixed_ip_v4 = null
ipv6_enable = false
source_dest_check = false
access_network = false
}
#使用按需计费模式
charging_mode = "postPaid"
}
terraform {
required_providers {
huaweicloud = {
source = "huawei.com/provider/huaweicloud"
version = ">= 1.56.0"
}
}
}
provider "huaweicloud" {
region="cn-north-4"
}
2.运行 terraform init 初始化环境。
3.运行 terraform plan 查看资源。
PS D:\Code\IdeaProjects\AudoDeploy\AutoDeploy2025\example> terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# huaweicloud_compute_instance.ecs will be created
+ resource "huaweicloud_compute_instance" "ecs" {
+ access_ip_v4 = (known after apply)
+ access_ip_v6 = (known after apply)
+ agency_name = (known after apply)
+ agent_list = (known after apply)
+ availability_zone = (known after apply)
+ charging_mode = "postPaid"
+ created_at = (known after apply)
+ delete_disks_on_termination = true
+ delete_eip_on_termination = true
+ description = (known after apply)
+ eip_type = "5_bgp"
+ enterprise_project_id = (known after apply)
+ expired_time = (known after apply)
+ flavor_id = "c7.xlarge.2"
+ flavor_name = (known after apply)
+ hostname = (known after apply)
+ id = (known after apply)
+ image_id = "48de6f82-7ba1-459b-8c46-8888379e5d7f"
+ image_name = (known after apply)
+ name = "hw-ecs"
+ power_action = (known after apply)
+ public_ip = (known after apply)
+ region = (known after apply)
+ security_group_ids = (known after apply)
+ security_groups = (known after apply)
+ spot_duration_count = (known after apply)
+ status = (known after apply)
+ stop_before_destroy = true
+ system_disk_id = (known after apply)
+ system_disk_iops = (known after apply)
+ system_disk_kms_key_id = (known after apply)
+ system_disk_size = 100
+ system_disk_throughput = (known after apply)
+ system_disk_type = "GPSSD"
+ updated_at = (known after apply)
+ volume_attached = (known after apply)
+ bandwidth {
+ charge_mode = "traffic"
+ share_type = "PER"
+ size = 5
}
+ network {
+ access_network = false
+ fixed_ip_v4 = (known after apply)
+ fixed_ip_v6 = (known after apply)
+ ipv6_enable = false
+ mac = (known after apply)
+ port = (known after apply)
+ source_dest_check = false
+ uuid = (known after apply)
}
+ scheduler_hints (known after apply)
}
# huaweicloud_networking_secgroup.secgroup will be created
+ resource "huaweicloud_networking_secgroup" "secgroup" {
+ created_at = (known after apply)
+ delete_default_rules = true
+ enterprise_project_id = (known after apply)
+ id = (known after apply)
+ name = "hw-secgroup"
+ region = (known after apply)
+ rules = (known after apply)
+ updated_at = (known after apply)
}
# huaweicloud_networking_secgroup_rule.test will be created
+ resource "huaweicloud_networking_secgroup_rule" "test" {
+ action = (known after apply)
+ direction = "ingress"
+ ethertype = "IPv4"
+ id = (known after apply)
+ port_range_max = 8080
+ port_range_min = 8080
+ ports = (known after apply)
+ priority = (known after apply)
+ protocol = "tcp"
+ region = (known after apply)
+ remote_address_group_id = (known after apply)
+ remote_group_id = (known after apply)
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = (known after apply)
}
# huaweicloud_vpc.vpc will be created
+ resource "huaweicloud_vpc" "vpc" {
+ cidr = "192.168.0.0/16"
+ enhanced_local_route = (known after apply)
+ enterprise_project_id = (known after apply)
+ id = (known after apply)
+ name = "hw-vpc"
+ region = (known after apply)
+ routes = (known after apply)
+ secondary_cidrs = (known after apply)
+ status = (known after apply)
}
# huaweicloud_vpc_subnet.subnet will be created
+ resource "huaweicloud_vpc_subnet" "subnet" {
+ availability_zone = "cn-north-4a"
+ cidr = "192.168.10.0/24"
+ dhcp_enable = true
+ dhcp_ipv6_lease_time = (known after apply)
+ dhcp_lease_time = (known after apply)
+ dns_list = [
+ "100.125.1.250",
+ "100.125.129.250",
]
+ gateway_ip = "192.168.10.1"
+ id = (known after apply)
+ ipv4_subnet_id = (known after apply)
+ ipv6_cidr = (known after apply)
+ ipv6_gateway = (known after apply)
+ ipv6_subnet_id = (known after apply)
+ name = "hw-subnet"
+ primary_dns = (known after apply)
+ region = (known after apply)
+ secondary_dns = (known after apply)
+ subnet_id = (known after apply)
+ vpc_id = (known after apply)
}
Plan: 5 to add, 0 to change, 0 to destroy.
4.确认资源无误后,运行 terraform apply 开始创建。
PS D:\Code\IdeaProjects\AudoDeploy\AutoDeploy2025\example> terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# huaweicloud_compute_instance.ecs will be created
+ resource "huaweicloud_compute_instance" "ecs" {
+ access_ip_v4 = (known after apply)
+ access_ip_v6 = (known after apply)
+ agency_name = (known after apply)
+ agent_list = (known after apply)
+ availability_zone = (known after apply)
+ charging_mode = "postPaid"
+ created_at = (known after apply)
+ delete_disks_on_termination = true
+ delete_eip_on_termination = true
+ description = (known after apply)
+ eip_type = "5_bgp"
+ enterprise_project_id = (known after apply)
+ expired_time = (known after apply)
+ flavor_id = "c7.xlarge.2"
+ flavor_name = (known after apply)
+ hostname = (known after apply)
+ id = (known after apply)
+ image_id = "48de6f82-7ba1-459b-8c46-8888379e5d7f"
+ image_name = (known after apply)
+ name = "hw-ecs"
+ power_action = (known after apply)
+ public_ip = (known after apply)
+ region = (known after apply)
+ security_group_ids = (known after apply)
+ security_groups = (known after apply)
+ spot_duration_count = (known after apply)
+ status = (known after apply)
+ stop_before_destroy = true
+ system_disk_id = (known after apply)
+ system_disk_iops = (known after apply)
+ system_disk_kms_key_id = (known after apply)
+ system_disk_size = 100
+ system_disk_throughput = (known after apply)
+ system_disk_type = "GPSSD"
+ updated_at = (known after apply)
+ volume_attached = (known after apply)
+ bandwidth {
+ charge_mode = "traffic"
+ share_type = "PER"
+ size = 5
}
+ network {
+ access_network = false
+ fixed_ip_v4 = (known after apply)
+ fixed_ip_v6 = (known after apply)
+ ipv6_enable = false
+ mac = (known after apply)
+ port = (known after apply)
+ source_dest_check = false
+ uuid = (known after apply)
}
+ scheduler_hints (known after apply)
}
# huaweicloud_networking_secgroup.secgroup will be created
+ resource "huaweicloud_networking_secgroup" "secgroup" {
+ created_at = (known after apply)
+ delete_default_rules = true
+ enterprise_project_id = (known after apply)
+ id = (known after apply)
+ name = "hw-secgroup"
+ region = (known after apply)
+ rules = (known after apply)
+ updated_at = (known after apply)
}
# huaweicloud_networking_secgroup_rule.test will be created
+ resource "huaweicloud_networking_secgroup_rule" "test" {
+ action = (known after apply)
+ direction = "ingress"
+ ethertype = "IPv4"
+ id = (known after apply)
+ port_range_max = 8080
+ port_range_min = 8080
+ ports = (known after apply)
+ priority = (known after apply)
+ protocol = "tcp"
+ region = (known after apply)
+ remote_address_group_id = (known after apply)
+ remote_group_id = (known after apply)
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = (known after apply)
}
# huaweicloud_vpc.vpc will be created
+ resource "huaweicloud_vpc" "vpc" {
+ cidr = "192.168.0.0/16"
+ enhanced_local_route = (known after apply)
+ enterprise_project_id = (known after apply)
+ id = (known after apply)
+ name = "hw-vpc"
+ region = (known after apply)
+ routes = (known after apply)
+ secondary_cidrs = (known after apply)
+ status = (known after apply)
}
# huaweicloud_vpc_subnet.subnet will be created
+ resource "huaweicloud_vpc_subnet" "subnet" {
+ availability_zone = "cn-north-4a"
+ cidr = "192.168.10.0/24"
+ dhcp_enable = true
+ dhcp_ipv6_lease_time = (known after apply)
+ dhcp_lease_time = (known after apply)
+ dns_list = [
+ "100.125.1.250",
+ "100.125.129.250",
]
+ gateway_ip = "192.168.10.1"
+ id = (known after apply)
+ ipv4_subnet_id = (known after apply)
+ ipv6_cidr = (known after apply)
+ ipv6_gateway = (known after apply)
+ ipv6_subnet_id = (known after apply)
+ name = "hw-subnet"
+ primary_dns = (known after apply)
+ region = (known after apply)
+ secondary_dns = (known after apply)
+ subnet_id = (known after apply)
+ vpc_id = (known after apply)
}
Plan: 5 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
【声明】本内容来自华为云开发者社区博主,不代表华为云及华为云开发者社区的观点和立场。转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息,否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)