专栏首页01ZOOTerraform 入门
原创

Terraform 入门

简介

Terraform 的特点:

  • Infrastructure as Code
  • Execution Plans
  • Resource Graph
  • Change Automation

Terraform 工具处在什么位置:

image
image

指引

核心工作流

  • Write - Author infrastructure as code.
  • Plan - Preview changes before applying.
  • Apply - Provision reproducible infrastructure.

其他步骤

  • Use provisioners to initialize instances when they're created. 比如 local-exec remote-exec# 自动化 terraform init -input=false to initialize the working directory. terraform plan -out=tfplan -input=false to create a plan and save it to the local file tfplan. terraform apply -input=false tfplan to apply the plan stored in the file tfplan.
  • 使用 variable 定义变量,使用 -var/-var-file/TF_VAR_name/UI-Input 给变量赋值
  • 使用 output 定义输出
  • 使用 module 组织 tf 文件
  • Store State Remotely
  • 自动化

自定义:Writing Custom Providers

  • Plugins are distributed as Go binaries
  • schema.Provider type describes the provider's properties:
    • the configuration keys it accepts
    • the resources it supports
    • any callbacks to configure
  • Defining Resources schema.Resource: resource_xxx
  • Defining Resources properties
    • Create
    • Read: sync the local state with the actual state
    • Update
    • Delete
    • Schema
  • 几个原则:
    • 如果 Create callback 返回 error 或者 nil, 但是没有 SetId, 认为资源未创建,状态不保存.
    • 如果 Create callback 返回 error 或者 nil, 有 SetId, 认为资源创建,状态保存.
    • 如果 Update callback 返回 error 或者 nil, 状态保存, 如果 ID 变空, 认为资源被销毁.
    • 如果 Destroy callback 返回 nil, 认为资源被销毁, 状态被删除.
    • 如果 Destroy callback 返回 error, 认为资源仍存在, 状态保存.
    • 如果 create/update 返回时 partial mode 打开, 只有明确打开的 configuration keys 会被保存, resulting in a partial state.

一个provider例子的执行流程

image

命令行工具: terraform cli

配置语言(语法)

  • The main purpose of the Terraform language is declaring resources.
  • A group of resources can be gathered into a module
  • Terraform configuration consists of a root module
<BLOCK TYPE> "<BLOCK LABEL>" "<BLOCK LABEL>" {
  # Block body
  <IDENTIFIER> = <EXPRESSION> # Argument
}

variable "image_id" {
  type = string
}
  • 语法:
  • Resource: 定义资源的最小单位
    • Each resource is associated with a single resource type, which determines the kind of infrastructure object it manages and what arguments and other attributes the resource supports.
    • Each resource type in turn belongs to a provider, which is a plugin for Terraform that offers a collection of resource types.
    • Meta-Arguments:
      • depends_on
      • count
      • for_each
      • provider
      • lifecycle
      • provisioner and connection
  • Providers: 供应商,比如云平台
    • Meta-Arguments:
      • version
      • alias: 可以用于新建一个provider的多个配置 比如:provider "aws" {alias="west"} 引用:provider = aws.west
  • Provisioner: 同 vagrant,启动后的处理
  • Input Variables:
    • Input variables serve as parameters for a Terraform module
    • 声明:variable xxx {type=xx, default=xx, description=xx}, 引用:var.<NAME>
    • 赋值方式:
      • In a Terraform Cloud workspace.
      • Individually, with the -var command line option. -var
      • In variable definitions (.tfvars) files, either specified on the command line or automatically loaded. -var-file=
      • As environment variables. TF_VAR_xxx
    • 优先级 (由低到高):
      • Environment variables
      • The terraform.tfvars file, if present.
      • The terraform.tfvars.json file, if present.
      • Any .auto.tfvars or .auto.tfvars.json files, processed in lexical order of their filenames.
      • Any -var and -var-file options on the command line, in the order they are provided. (This includes variables set by a Terraform Cloud workspace.)
  • Output Values:
    • 声明:output "xx" { value=xxx, description=xx, sensitive=t/f, depends_on}, 引用:module.<MODULE NAME>.<OUTPUT NAME>
  • Local Values:
    • 声明:locals { xx1=yy1, xx2=yy2 }, 引用 local.xxx
  • Modules:
    • A module is a container for multiple resources that are used together.
    • Every Terraform configuration has at least one module, known as its root module, which consists of the resources defined in the .tf files in the main working directory.
    • 调用:module xxx { source=xx, version=xx, providers=xx, xx1=yy1, xx2=yy2 }, 其中 source, version, providers 为 meta-arguments 其他为 输入变量
    • 获取调用输出:module.<MODULE NAME>.<OUTPUT NAME>
    • Providers within Modules
  • Data Sources:
    • Data sources allow data to be fetched or computed for use elsewhere in Terraform configuration.
    • 是一种特殊的 resource,即 data resource, 声明 data "aws_ami" "example" {}, data "local_file" "foo" { filename = "${path.module}/foo.bar"}, data "template_file" xx {}

Provisioner

  • 需要设置 connections
  • Provisioners Without a Resource resource "null_resource" "cluster"
  • 内置 Provisioners
    • File Provisioner:copy files or directories
    • local-exec Provisioner:invokes a local executable after a resource is created.
    • remote-exec Provisioner:invokes a script on a remote resource after it is created
provisioner "file" {
  source      = "conf/myapp.conf"
  destination = "/etc/myapp.conf"

  connection {
    type     = "ssh"
    user     = "root"
    password = "${var.root_password}"
    host     = "${var.host}"
  }
}

resource "aws_instance" "web" {
  # ...

  provisioner "local-exec" {
    command = "echo ${aws_instance.web.private_ip} >> private_ips.txt"
  }
}

resource "aws_instance" "web" {
  # ...

  provisioner "remote-exec" {
    inline = [
      "puppet apply",
      "consul join ${aws_instance.web.private_ip}",
    ]
  }
}

Backends

  • A "backend" in Terraform determines how state is loaded and how an operation such as apply is executed. 作用:
    • Execute operations (e.g. plan, apply)
    • Store state
    • Store workspace-defined variables (in the future; not yet implemented)
  • Backends may support differing levels of features in Terraform. We differentiate these by calling a backend either standard or enhanced. All backends must implement standard functionality.
    • Standard: State management, functionality covered in State Storage & Locking
    • Enhanced: Everything in standard plus remote operations.

源码

请求流程

image.png
image

命令行(cli)

几个主要的操作

  • init:初始化,会执行几个操作
    • 如果设置了 -from-module 会拷贝来源 module 到当前文件夹, 支持 remote path (http/git)
    • Child Module Installation: 获取所有依赖的 module
    • Backend Initialization: 初始化 backend,默认使用 local, backend 是扩展 terraform的一种方式,可以分为两种
      • Standard: 很多云厂商实现了这种,用于存储 state 文件
      • Enhanced: 处理存储 state 文件,还可以执行,比如plan, apply
    • 安装插件 (Plugin): 主要是 providers, 获取的时候会根据名字去 registry.terraform.io 查找信息,安装
  • plan:计划执行,会生成可能的新 state 并和旧state 做比较,输出计划
    • 加载 backend
    • load config, 生成一个 Operation, OperationTypePlan 并执行
    • Plan 操作调用 terraform.Context 执行,生成一个 terraform.Graph, 这时候的 graph builder 是一个 PlanGraphBuilder
      • Build graph的操作由几个 GraphTransformer 组成,比如 ConfigTransformer 创建配置中的 Resource, LocalTransformer add local values, OutputTransformer 增加输出
    • Walk terraform.Graph: walkOperation 为 walkPlan, walk 操作会有多个 goroutine (vertex两倍数量) 并发执行(考虑依赖关系)
      • Walk 对每个 vertex 执行 EnterPath,EnterEvalTree 等操作
      • 每个 vertex 如果能 Eval,会被 Evaluation
  • apply:执行
  • destroy:销毁

原创声明,本文系作者授权云+社区发表,未经许可,不得转载。

如有侵权,请联系 yunjia_community@tencent.com 删除。

我来说两句

0 条评论
登录 后参与评论

相关文章

  • kubernetes入门-概念篇

    Kubernetes is an open-source platform for automating deployment, scaling, and op...

    王磊-AI基础
  • kubernetes-api-machinery

    http server 或者 rpc server 要解决的一个问题是:如何解析用户的请求数据,并把他反序列化为语言中的一个具体的类型。反序列化的程序需要知道具...

    王磊-AI基础
  • thanos内核

    产生数据,目前只有两种 Prometheus sidecar 和 rule nodes.

    王磊-AI基础
  • SAP应用followup transaction的错误讨论

    版权声明:本文为博主汪子熙原创文章,未经博主允许不得转载。 https://jerry.bl...

    Jerry Wang
  • Why I cannot create follow up transactions in CRM Fiori Application

    版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明...

    Jerry Wang
  • Pythpon 爬取中国天气网数据

    以前看别人用python写爬取数据的程序感觉特牛掰,今天在网上找到了一个例子参考了下,自己也写了一个。之后会结合微信机器人,然后每隔一段时间给自己和好友发送天气...

    用户5908113
  • ios 如何访问私有变量

    方式二: 假如我们不知TestObject有哪些属性,所以我们可以利用RunTime获取所有属性

    赵哥窟
  • Linux上虚拟网络与真实网络的映射

    使用Linux上的网络设备模拟真实网络 随着云计算技术的发展,如何以类似物理网络的方式分割虚拟网络成为热点,物理网络也引入了更多支持虚拟化的网络技术,使得问题更...

    SDNLAB
  • 静态变量和Session

    FlyLolo
  • Springboot整合Websocket案例(后端向前端主动推送消息)

    在手机上相信都有来自服务器的推送消息,比如一些及时的新闻信息,这篇文章主要就是实现这个功能,只演示一个基本的案例。使用的是websocket技术。

    三哥

扫码关注云+社区

领取腾讯云代金券