Terraform实践
目录简介
Terraform是一个IT基础架构自动化编排工具,可以用代码来管理维护 IT 资源。Terraform的命令行接口(CLI)提供一种简单机制,并对其进行版本控制。它编写了描述云资源拓扑的配置文件中的基础结构,例如虚拟机、存储帐户和网络接口。
优势
-
- 将基础结构部署到多个云
- 自动化管理基础结构
- 降低开发成本
工作流程
安装
登录 Terraform官网 下载适用于你的操作系统的程序包
Ubauntu/Debian安装
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraform
Centos安装
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo yum -y install terraform
对接案例
腾讯云
参考文档:TencentCloud Provider,terraform文档, cloud-terraform-快速实践,腾讯云控制台
配置腾讯云provider文件
登录腾讯云,在访问管理中选择API秘钥管理
指定terraform版本
[root@test-lwj-150-64 cloud-terraform]# terraform12_5 --version
Terraform v0.12.5
+ provider.tencentcloud v1.56.2
Your version of Terraform is out of date! The latest version
is 1.3.5. You can update by downloading from www.terraform.io/downloads.html
在新目录下创建 provider.tf 文件,填入秘钥和区域信息
[root@test-lwj-150-64 cloud-terraform]# cat provider.tf
provider "tencentcloud" {
secret_id = "AK******************"
secret_key = "Wo******************"
region = "ap-shanghai"
}
执行terraform init初始化Terraform
[root@test-lwj-150-64 cloud-terraform]# terraform init
Initializing the backend...
Initializing provider plugins...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.
* provider.tencentcloud: version = "~> 1.56"
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
编辑资源
[root@test-lwj-150-64 cloud-terraform]# cat cvm.tf
resource "tencentcloud_instance" "cvm_test" {
# 实例名称
instance_name = "cvm-test"
# 可用区
availability_zone = "ap-shanghai-2"
# 镜像id
image_id = "img-57j4snjh"
# 实例类型
instance_type = "S5.MEDIUM2"
# 磁盘类型
system_disk_type = "CLOUD_PREMIUM"
# 安全组 可参考腾讯安全组
security_groups = [
"sg-5aw0ubdu"
]
# VPC ID 参考:腾讯云-上海私有网络
vpc_id = "vpc-4d8eaoy0"
# 子网ID
subnet_id = "subnet-53rip33v"
# 默认自动分配公网IP
allocate_public_ip = true
# 最大带宽输出
internet_max_bandwidth_out = 50
# 数量
count = 1
}
部署腾讯云资源
# 下载腾讯云provider依赖包
[root@test-lwj-150-64 cloud-terraform]# terraform12_5 init
Initializing the backend...
Initializing provider plugins...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.
* provider.tencentcloud: version = "~> 1.56"
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
# 开始创建资源
[root@test-lwj-150-64 cloud-terraform]# terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# tencentcloud_instance.cvm_test[0] will be created
+ resource "tencentcloud_instance" "cvm_test" {
+ allocate_public_ip = false
+ availability_zone = "ap-shanghai-5"
+ create_time = (known after apply)
+ disable_monitor_service = false
+ disable_security_service = false
+ expired_time = (known after apply)
+ force_delete = false
+ id = (known after apply)
+ image_id = "img-57j4snjh"
+ instance_charge_type = "POSTPAID_BY_HOUR"
+ instance_charge_type_prepaid_renew_flag = (known after apply)
+ instance_name = "cvm-test"
+ instance_status = (known after apply)
+ instance_type = "S5.MEDIUM2"
+ internet_charge_type = (known after apply)
+ internet_max_bandwidth_out = (known after apply)
+ key_name = (known after apply)
+ private_ip = (known after apply)
+ project_id = 0
+ public_ip = (known after apply)
+ running_flag = true
+ security_groups = [
+ "sg-5aw0ubdu",
]
+ subnet_id = "subnet-53rip33v"
+ system_disk_id = (known after apply)
+ system_disk_size = 50
+ system_disk_type = "CLOUD_PREMIUM"
+ vpc_id = "vpc-4d8eaoy0"
+ data_disks {
+ data_disk_id = (known after apply)
+ data_disk_size = (known after apply)
+ data_disk_snapshot_id = (known after apply)
+ data_disk_type = (known after apply)
+ delete_with_instance = (known after apply)
+ encrypt = (known after apply)
+ throughput_performance = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
tencentcloud_instance.cvm_test[0]: Creating...
tencentcloud_instance.cvm_test[0]: Still creating... [10s elapsed]
tencentcloud_instance.cvm_test[0]: Still creating... [20s elapsed]
tencentcloud_instance.cvm_test[0]: Still creating... [30s elapsed]
tencentcloud_instance.cvm_test[0]: Creation complete after 34s [id=ins-avgx70a7]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
首都云
参考文档:terraform-provider-cds,cds-api, 首都云控制台
下载首都云terraform-provider
$ git clone https://github.com/capitalonline/terraform-provider-cds.git
$ cd terraform-provider-cds
$ go get
$ go build -o terraform-provider-cds
$ mkdir ~/.terraform.d/plugins/
$ mv terraform-provider-cds ~/.terraform.d/plugins/
获取首都云密钥
编辑首都云密钥
[root@test-lwj-150-64 terraform-provider-cds]# cd terraform-provider-cds/
[root@test-lwj-150-64 terraform-provider-cds]# cat sn.sh
#!/usr/bin/env bash
export CDS_SECRET_ID=4a698**************
export CDS_SECRET_KEY=606a8**************
export CDS_REGION=CN_Shanghai_C
[root@test-lwj-150-64 terraform-provider-cds]# source sn.sh
需要手动创建以下.terraform目录结构,注意1.4.4版本应该跟你当前provider一直,可以通过versions.tf进行查看
[root@test-lwj-150-64 cds_instance]# tree -a
.
|-- .main.tf.swp
|-- .terraform
| `-- providers
| `-- terraform.capitalonline.net
| `-- capitalonline
| `-- cds
| `-- 1.4.4
| `-- linux_amd64 -> /root/.terraform.d/plugins/terraform.capitalonline.net/capitalonline/cds/1.4.4/linux_amd64
|-- .terraform.lock.hcl
|-- main.tf
|-- terraform.log
|-- terraform.tfstate
|-- terraform.tfstate.backup
|-- variables.tf
`-- versions.tf
参数说明
[root@test-lwj-150-64 cds_instance]# cat main.tf
// create instance
resource "cds_instance" "my_instance2" {
# 实例名称
instance_name = "test_zz_04"
# 可用区,可以参考cds-api-可用区说明文档
region_id = "CN_Shanghai_C"
# 镜像ID,可以参考CDS-GUI控制台-镜像管理
image_id = "16c64418-cb49-11ec-90e9-da10a5128739"
# 实例类型说明可以参考cds-api文档:
instance_type = "CCS.C3CL"
# CPU
cpu = 2
# 内存
ram = 4
# VDC-ID 可参考CDS-GUI控制台-虚拟数据中心VDC列表
vdc_id = "545a90f1-f140-4cb6-b866-dd4ca3e2437a"
# 给服务器添加公钥信息
public_key = file("/home/guest/.ssh/test.pub")
# 自定义服务器密码
password = "Huanle.2021"
# 自定义镜像密码
image_password = "Huanle.2022"
# 实例预期运行状态
operate_instance_status = "run"
# 公网IP分配
public_ip = "auto"
# 私网IP分配;private_id:参数如何获取可参考下图
private_ip {
private_id="34c024da-a1a5-11eb-b808-9602cbfa07f9"
address= "auto"
}
# 系统磁盘
system_disk = {
type = var.system_disk_type
size = 100
iops = 5
}
}
部分参数如何获取
private_id参数获取
以当前例子获取VDC的私网ID:虚拟数据中心-VDC:office-上海C ID:545a90f1-f140-4cb6-b866-dd4ca3e2437a
- 点击对应VDC的【更多】按钮
-
开启页面【检查】,快捷键F12
-
点击【私网管理】
- 查看【pipe_segment/】请求参数中有pipe_id就是我们需要的private_id
interface_id参数获取
以当前为例:
部署首都云
[root@test-lwj-150-64 cds_instance]# terraform apply
cds_instance.my_instance2: Refreshing state... [id=d3d7389b-2660-4925-8e7c-383db2d66769]
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
VMware
参考文档: Vsphere-Terraform-Providers
准备Terraform工作目录
[root@lwj-local-103 terraform-vsphere-standalone]# cat variables.tf
#====================#
# vCenter connection #
#====================#
variable "vsphere_user" {
description = "vSphere user name"
}
variable "vsphere_password" {
description = "vSphere password"
}
variable "vsphere_vcenter" {
description = "vCenter server FQDN or IP"
}
variable "vsphere_unverified_ssl" {
description = "Is the vCenter using a self signed certificate (true/false)"
}
variable "vsphere_datacenter" {
description = "vSphere datacenter"
}
variable "vsphere_cluster" {
description = "vSphere cluster"
default = ""
}
#=========================#
# vSphere virtual machine #
#=========================#
variable "vm_datastore" {
description = "Datastore used for the vSphere virtual machines"
}
variable "vm_network" {
description = "Network used for the vSphere virtual machines"
}
variable "vm_template" {
description = "Template used to create the vSphere virtual machines"
}
variable "vm_linked_clone" {
description = "Use linked clone to create the vSphere virtual machine from the template (true/false). If you would like to use the linked clone feature, your template need to have one and only one snapshot"
default = "false"
}
variable "vm_ip" {
description = "Ip used for the vSpgere virtual machine"
}
variable "vm_netmask" {
description = "Netmask used for the vSphere virtual machine (example: 24)"
}
variable "vm_gateway" {
description = "Gateway for the vSphere virtual machine"
}
variable "vm_dns" {
description = "DNS for the vSphere virtual machine"
}
variable "vm_domain" {
description = "Domain for the vSphere virtual machine"
}
variable "vm_cpu" {
description = "Number of vCPU for the vSphere virtual machines"
}
variable "vm_ram" {
description = "Amount of RAM for the vSphere virtual machines (example: 2048)"
}
variable "vm_name" {
description = "The name of the vSphere virtual machines and the hostname of the machine"
}
准备variables.tf文件
准备terraform.tfvars文件
[root@lwj-local-103 terraform-vsphere-standalone]# cat terraform.tfvars
#===============================================================================
# VMware vSphere configuration
#===============================================================================
# vCenter IP or FQDN #
vsphere_vcenter = "0.0.0.0"
# vSphere username used to deploy the infrastructure #
vsphere_user = "******"
vsphere_password = "********"
# Skip the verification of the vCenter SSL certificate (true/false) #
vsphere_unverified_ssl = "true"
# vSphere datacenter name where the infrastructure will be deployed #
vsphere_datacenter = "Datacenter"
# vSphere cluster name where the infrastructure will be deployed #
# 集群名
vsphere_cluster = "compute_cluster01"
#===============================================================================
# Virtual machine parameters
#===============================================================================
# The name of the virtual machine #
vm_name = "trf-test01"
# The datastore name used to store the files of the virtual machine #
# 数据中心
vm_datastore = "datastore_160_1_02"
# The vSphere network name used by the virtual machine #
vm_network = "VM Network"
# The netmask used to configure the network card of the virtual machine (example: 24) #
vm_netmask = "24"
# The network gateway used by the virtual machine #
vm_gateway = "10.0.160.254"
# The DNS server used by the virtual machine #
vm_dns = "192.168.0.1"
# The domain name used by the virtual machine #
vm_domain = ""
# The vSphere template the virtual machine is based on #
vm_template = "centos7-temp"
# Use linked clone (true/false)
vm_linked_clone = "false"
# The number of vCPU allocated to the virtual machine #
vm_cpu = 2
# The amount of RAM allocated to the virtual machine #
vm_ram = 2048
vm_disk_size = 40
# The IP address of the virtual machine #
vm_ip = "10.0.160.19"
准备vsphere-standalone.tf文件
[root@lwj-local-103 terraform-vsphere-standalone]# cat vsphere-standalone.tf
#===============================================================================
# vSphere Provider
#===============================================================================
provider "vsphere" {
version = "1.11.0"
vsphere_server = "${var.vsphere_vcenter}"
user = "${var.vsphere_user}"
password = "${var.vsphere_password}"
allow_unverified_ssl = "${var.vsphere_unverified_ssl}"
}
#===============================================================================
# vSphere Data
#===============================================================================
data "vsphere_datacenter" "dc" {
name = "${var.vsphere_datacenter}"
}
data "vsphere_compute_cluster" "cluster" {
name = "${var.vsphere_cluster}"
datacenter_id = "${data.vsphere_datacenter.dc.id}"
}
data "vsphere_datastore" "datastore" {
name = "${var.vm_datastore}"
datacenter_id = "${data.vsphere_datacenter.dc.id}"
}
data "vsphere_network" "network" {
name = "${var.vm_network}"
datacenter_id = "${data.vsphere_datacenter.dc.id}"
}
data "vsphere_virtual_machine" "template" {
name = "${var.vm_template}"
datacenter_id = "${data.vsphere_datacenter.dc.id}"
}
#===============================================================================
# vSphere Resources
#===============================================================================
resource "vsphere_virtual_machine" "standalone" {
name = "${var.vm_name}"
resource_pool_id = "${data.vsphere_compute_cluster.cluster.resource_pool_id}"
datastore_id = "${data.vsphere_datastore.datastore.id}"
num_cpus = "${var.vm_cpu}"
memory = "${var.vm_ram}"
guest_id = "${data.vsphere_virtual_machine.template.guest_id}"
network_interface {
network_id = "${data.vsphere_network.network.id}"
adapter_type = "${data.vsphere_virtual_machine.template.network_interface_types[0]}"
}
disk {
label = "${var.vm_name}.vmdk"
size = "${data.vsphere_virtual_machine.template.disks.0.size}"
eagerly_scrub = "${data.vsphere_virtual_machine.template.disks.0.eagerly_scrub}"
thin_provisioned = "${data.vsphere_virtual_machine.template.disks.0.thin_provisioned}"
}
clone {
template_uuid = "${data.vsphere_virtual_machine.template.id}"
linked_clone = "${var.vm_linked_clone}"
customize {
timeout = "20"
linux_options {
host_name = "${var.vm_name}"
domain = "${var.vm_domain}"
}
network_interface {
ipv4_address = "${var.vm_ip}"
ipv4_netmask = "${var.vm_netmask}"
}
ipv4_gateway = "${var.vm_gateway}"
dns_server_list = ["${var.vm_dns}"]
}
}
}