目录
1. GIT拉取客户端代码
https://wwwin-github.cisco.com/netascode/terraform-aac.git
2. tf配置文件结构
2.1 backend.tf 配置terraform 状态文件存储在哪 (local AWS S3...)
terraform {
backend "http" {}
}
2.2 main.tf terraform入口文件
module "aci" {
# 调用 netascode/nac-aci/aci:0.7.0 terraform repositry中的源码 并向源码中提交 (yaml_directories, manage_access_policies, manage_fabric_policies, write_default_values_file等变量)
source = "netascode/nac-aci/aci"
version = "0.7.0"
yaml_directories = ["data"]
manage_access_policies = false
manage_fabric_policies = false
manage_pod_policies = false
manage_node_policies = false
manage_interface_policies = false
manage_tenants = true
write_default_values_file = "defaults.yaml"
}
2.3 provider.tf 配置terraform供应商
terraform {
required_providers {
aci = {
source = "CiscoDevNet/aci"
version = ">= 2.1.0"
}
utils = {
source = "cloudposse/utils"
version = ">= 0.15.0"
}
}
}
provider "aci" {
# 调用CiscoDevNet/aci:2.10.0时像源码中提交的变量这里设置了 APIC URL, 用户名,密码 insecure, 以及尝试次数
url = var.apic_url
username = var.apic_user
password = var.apic_pwd
insecure = true
retries = 4
}
2.4 terraform.tfvars 以及 variables.tf 配置变量
对于terraform.tfvars文件,它是用来存储变量值的外部文件。在运行Terraform时,可以使用该文件来提供变量的值。它可以包含覆盖variables.tf中定义的默认值的变量值
# terraform.tfvars
apic_url = "http://f1apic1.aci.pub"
apic_user = "apic:tacacs\\\\aac-gitlab"
apic_pwd = "aac-gitlab"
# variables.tf
variable "apic_user" {
description = "APIC user"
type = string
}
variable "apic_pwd" {
description = "APIC password"
type = string
}
variable "apic_url" {
description = "APIC url"
type = string
}
2.5 总结
netascode /terraform-aac 项目中
main.tf 文件会调用terraform仓库中的 netascode/nac-aci/aci:0.7.0源码, 源码中的variables.tf接受变量
provider.tf 文件会调用terraform仓库中的CiscoDevNet/aci:2.10.0源码并向其中传递, APIC用户名,密码,url等参数
文件执行顺序
- versions.tf
- provider.tf
- variables.tf
- main.tf
- merge.tf
- backend.tf
- outputs.tf