前往小程序,Get更优阅读体验!
立即前往
首页
学习
活动
专区
工具
TVP
发布
社区首页 >专栏 >通过terraform快速创建腾讯云基础资源

通过terraform快速创建腾讯云基础资源

原创
作者头像
Vicwan
修改2020-04-09 11:57:55
8K0
修改2020-04-09 11:57:55
举报
文章被收录于专栏:腾讯云迁云技术团队专栏

一、什么是terraform

Terraform是一个IT基础架构自动化编排工具,可以用代码来管理维护IT资源。它编写了描述云资源拓扑的配置文件中的基础结构,例如虚拟机、存储账户和网络接口。Terraform的命令行接口(Command Line Interface,CLI)提供一种简单机制,用于将配置文件部署到腾讯云或其他任意支持的云上,并对其进行版本控制。

同时,Terraform是一个高度可扩展的工具,通过Provider来支持新的基础架构。用户可以使用Terraform来创建、修改、删除CVM、VPC、CDB、CLB等多种资源。

二、TIC产品简介

腾讯云TIC全称是Tencent Infrastructure as Code,通过与业界领先的开源技术集成,并支持HCL(Terraform)、JSON和YAML语法,来更好的进行云上资源编排、配置管理和符合性检查,另外为了简化用户使用,它还提供了许多遵循腾讯云最佳实践创建的terraform公共模板。

三、功能优势

1、将基础结构部署到多个云

Terraform适用于多云方案,将相类似的基础结构部署到腾讯云、其他云提供商或者本地数据中心。开发人员能够使用相同的工具和相似的配置文件同时管理不同云提供商的资源。

2、自动化管理基础结构

Terraform能够创建配置文件的模板,以可重复、可预测的方式定义和预配CVM资源,减少人为因素导致的部署和管理错误。能够多次部署同一模板,创建相同的开发、测试和生产环境。

3、基础架构即代码(Infrastructure as Code)

可以用代码来管理维护资源。允许保存基础设施状态,从而使用户能够跟踪对系统(基础设施即代码)中不同组件所做的更改,并与其他人共享这些配置。

4、降低开发成本

用户通过按需创建开发和部署环境来降低成本。并且,可以在系统更改之前进行评估。

四、需求和目标

基于一般用户在云上的部署规划需求,下面介绍如何通过TIC来快速创建腾讯云基础资源,并提供terraform代码模板示例。

五、场景说明

绝大部分用户在云上的网络规划,业务划分都基本一致,本文提供的terraform代码模板能够实现的场景如下:</br>

1、在同一个地域创建2个VPC,一个生产环境,一个QA环境,相互隔离</br>

2、生产环境VPC划分3个子网,分别是线上APP环境,数据库及中间件,大数据,QA环境VPC划分1个子网,为QA测试环境</br>

3、线上APP环境,数据库环境,大数据环境,QA测试环境,CLB分别设置相应的安全组策略</br>

4、线上环境创建2台CVM+1台mysql+1台redis+1个EIP+1个CLB实例,QA环境创建2台CVM+1台mysql+1台redis,实例命名以name+序号递增</br>

5、将公网CLB绑定应用环境其中一台CVM上,端口80</br>

6、将EIP绑定到其中一台CVM上,用于跳板机</br>

六、基于腾讯云TIC系统创建云上资源步骤

1、配置API KEY以授权TIC

Settings – API Credentials – New,新建一个授权,填写即将要购买资源的云账号对应的Secret ID与Secret Key

2、编写terraform代码

(1)选择“Templates”,并新建template

(2)根据需求编写terraform代码(在以下第四章节也会提供terraform代码模板)

3、执行terraform代码

(1)新建一个资源栈,选择目 标“Region”(注意region需要跟以下tf文件中availability_zone在同一个地域,比如region选shanghai,availability_zone配置为ap-shanghai-4),点选“Private templates”选择已经编写好的terraform代码

(2)确认代码后,点击Next 进入下一个步骤

(3)执行Plan

(4)执行apply

七、terraform代码模板说明

1、模板中tf文件说明

推荐按照不同的resource来划分单独的tf文件,这样便于阅读、以及后续修改

代码语言:txt
复制
global_variables.tf             #全局变量,定义可用区、所属项目等
variables.tf                    #变量,定义所用到的变量
vpc.tf                          #定义vpc相关配置
subnet.tf                       #定义subnet相关配置
APP_cvm_security_group.tf       #定义生产环境cvm安全组策略
cvm_instance.tf                 #定义cvm相关配置
eip.tf                          #定义eip相关配置
eip_association.tf              #定义eip绑定到cvm相关配置
mysql_instance.tf               #定义mysql相关配置
clb_instance.tf                 #定义clb相关配置
clb_listener.tf                 #定义clb监听器相关配置
clb_attachment.tf               #定义clb绑定到cvm相关配置
redis_instance.tf               #定义redis相关配置
BIGDATA_cvm_security_group.tf   #定义大数据环境cvm安全组策略
QA_cvm_security_group.tf        #定义QA环境cvm安全组策略
APP_DB_security_group.tf        #定义生产环境DB安全组策略
QA_DB_security_group.tf         #定义QA环境DB安全组策略
clb_security_group.tf           #定义clb安全组策略

2、具体的terraform代码模板

global_variables.tf代码如下:

代码语言:txt
复制
# 这里指定可用区为上海4区,用户可以根据需求修改
variable "availability_zone" {
  default = "ap-shanghai-4"
}
 variable "project_id" {
  default = 0
}

variables.tf代码如下:

代码语言:txt
复制
/*APP VPC variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "vpc_name" { default = "shanghai_vpc_APP" } 
variable "vpc_cidr" { default = "10.178.0.0/16" }
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "vpc_dns_servers" { default = ["119.29.29.29", "8.8.8.8"] } 
variable "vpc_is_multicast" { default = false }


/*QA VPC variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "QA_vpc_name" { default = "shanghai_vpc_QA" } 
variable "QA_vpc_cidr" { default = "10.179.0.0/16" }
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "QA_vpc_dns_servers" { default = ["119.29.29.29", "8.8.8.8"] } 
variable "QA_vpc_is_multicast" { default = false }

/* subnet variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "subnet_cidr_1" {
  default = "10.178.10.0/24"
}
variable "subnet_name_1"  { default = "APP_subnet"} 

variable "subnet_cidr_2" {
  default = "10.178.40.0/24"
}
variable "subnet_name_2"  { default = "DB_subnet"} 

variable "subnet_cidr_3" {
  default = "10.178.100.0/24"
}
variable "subnet_name_3"  { default = "BIGDATA_subnet"} 

variable "subnet_cidr_4" {
  default = "10.179.10.0/24"
}
variable "subnet_name_4"  { default = "QA_subnet"} 
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
 variable "subnet_is_multicast" { default = true }
 

 /* APP cvm instance variables*/
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
 variable "APP_cvm_instance_name" {
  default = "myapp"
}
 variable "APP_cvm_instance_type" {
  default = "S5.SMALL2"
}
 variable "APP_cvm_system_disk_type" {
  default = "CLOUD_PREMIUM"
}
 variable "APP_cvm_system_disk_size" {
  default = 50
}
 variable "APP_cvm_hostname" {
  default = "myapp"
}
 variable "APP_cvm_data_disk_type" {
  default = "CLOUD_PREMIUM"
}
 variable "APP_cvm_data_disk_size" {
  default = 50
}
 variable "APP_cvm_password" {
  default = "password"
}
 variable "APP_cvm_count" {
  default = 2
}
variable "APP_cvm_instance_charge_type" {
  default = "POSTPAID_BY_HOUR"
}


 /* BIGDATA cvm instance variables*/
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
 variable "BIGDATA_cvm_instance_name" {
  default = "hadoop"
}
 variable "BIGDATA_cvm_instance_type" {
  default = "D2.2XLARGE32"
}
 variable "BIGDATA_cvm_system_disk_type" {
  default = "CLOUD_PREMIUM"
}
 variable "BIGDATA_cvm_system_disk_size" {
  default = 50
}
 variable "BIGDATA_cvm_hostname" {
  default = "hadoop"
}
# variable "BIGDATA_cvm_data_disk_type" {
#  default = "LOCAL_BASIC"
#}
# variable "BIGDATA_cvm_data_disk_size" {
#  default = 1176
#}
 variable "BIGDATA_cvm_password" {
  default = "password"
}
 variable "BIGDATA_cvm_count" {
  default = 2
}
variable "BIGDATA_cvm_instance_charge_type" {
  default = "POSTPAID_BY_HOUR"
}

 /* QA cvm instance variables*/
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
 variable "QA_cvm_instance_name" {
  default = "QA"
}
 variable "QA_cvm_instance_type" {
  default = "S5.SMALL2"
}
 variable "QA_cvm_system_disk_type" {
  default = "CLOUD_PREMIUM"
}
 variable "QA_cvm_system_disk_size" {
  default = 50
}
 variable "QA_cvm_hostname" {
  default = "QA"
}
 variable "QA_cvm_data_disk_type" {
  default = "CLOUD_PREMIUM"
}
 variable "QA_cvm_data_disk_size" {
  default = 50
}
 variable "QA_cvm_password" {
  default = "password"
}
 variable "QA_cvm_count" {
  default = 2
}
variable "QA_cvm_instance_charge_type" {
  default = "POSTPAID_BY_HOUR"
}

/* eip variables*/
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
 variable "eip_name" {
  default = "eip_1"
}
 variable "eip_internet_max_bandwidth_out" {
  default = 5
}
 variable "eip_internet_service_provider" {
  default = "BGP"
}
variable "eip_type" {
  default = "EIP"
}
variable "eip_internet_charge_type" {
  default = "TRAFFIC_POSTPAID_BY_HOUR"
}


/* APP mysql variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
 variable "APP_mysql_instance_name" {
  default = "APP_mysql_1"
}
 variable "APP_mysql_mem_size" {
  default = "2000"
}
 variable "APP_mysql_root_password" {
  default = "password"
}
variable "APP_mysql_volume_size" {
  default = "25"
  }

# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
 variable "APP_mysql_engine_version" {
  default = "5.7"
}
 variable "APP_mysql_intranet_port" {
  default = 3306
}


/* QA mysql variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
 variable "QA_mysql_instance_name" {
  default = "QA_mysql_1"
}
 variable "QA_mysql_mem_size" {
  default = "2000"
}
 variable "QA_mysql_root_password" {
  default = "password"
}
variable "QA_mysql_volume_size" {
  default = "25"
  }

# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
 variable "QA_mysql_engine_version" {
  default = "5.7"
}
 variable "QA_mysql_intranet_port" {
  default = 3306
}

/* clb variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
 variable "clb_name" {
  default = "myclb"
}
 variable "clb_network_type" {
  default = "OPEN"
}

/* APP Redis variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
 variable "APP_redis_mem_size" {
  default = 8192
}
 variable "APP_redis_password" {
  default = "password"
}

# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
 variable "APP_redis_name" {
  default = "APP_redis_1"
}
 variable "APP_redis_type" {
  default = "master_slave_redis"
}
 variable "APP_redis_port" {
  default = 6379
}


/* QA Redis variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
 variable "QA_redis_mem_size" {
  default = 8192
}
 variable "QA_redis_password" {
  default = "password"
}

# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
 variable "QA_redis_name" {
  default = "QA_redis_1"
}
 variable "QA_redis_type" {
  default = "master_slave_redis"
}
 variable "QA_redis_port" {
  default = 6379
}

vpc.tf代码如下:

代码语言:txt
复制
# Create  a VPC resource for app
resource "tencentcloud_vpc" "my_vpc" {
  name         = var.vpc_name
  cidr_block   = var.vpc_cidr
  dns_servers  = var.vpc_dns_servers
  is_multicast = var.vpc_is_multicast
}

# Create  a VPC resource for QA
resource "tencentcloud_vpc" "QA_vpc" {
  name         = var.QA_vpc_name
  cidr_block   = var.QA_vpc_cidr
  dns_servers  = var.QA_vpc_dns_servers
  is_multicast = var.QA_vpc_is_multicast
}

subnet.tf代码如下:

代码语言:txt
复制
# Create 4 subnet resource for live app,DB,BIGDATA,and QA environment
resource "tencentcloud_subnet" "APP_subnet" {
  availability_zone = var.availability_zone
  cidr_block = var.subnet_cidr_1
  name = var.subnet_name_1
  vpc_id = tencentcloud_vpc.my_vpc.id
}

resource "tencentcloud_subnet" "DB_subnet" {
  availability_zone = var.availability_zone
  cidr_block = var.subnet_cidr_2
  name = var.subnet_name_2
  vpc_id = tencentcloud_vpc.my_vpc.id
}

resource "tencentcloud_subnet" "BIGDATA_subnet" {
  availability_zone = var.availability_zone
  cidr_block = var.subnet_cidr_3
  name = var.subnet_name_3
  vpc_id = tencentcloud_vpc.my_vpc.id
}

resource "tencentcloud_subnet" "QA_subnet" {
  availability_zone = var.availability_zone
  cidr_block = var.subnet_cidr_4
  name = var.subnet_name_4
  vpc_id = tencentcloud_vpc.QA_vpc.id
}

APP_cvm_security_group.tf代码如下:

代码语言:txt
复制
# Create security group with 3 rules for APP cvm instance
resource "tencentcloud_security_group" "APP_cvm_rules" {
  name        = "web accessibility"
  description = "make it accessible"
}

resource "tencentcloud_security_group_rule" "APP_web" {
  security_group_id = tencentcloud_security_group.APP_cvm_rules.id
  type              = "ingress"
  cidr_ip           = "0.0.0.0/0"
  ip_protocol       = "tcp"
  port_range        = "80,8080"
  policy            = "accept"
}

resource "tencentcloud_security_group_rule" "APP_ssh" {
  security_group_id = tencentcloud_security_group.APP_cvm_rules.id
  type              = "ingress"
  cidr_ip           = "0.0.0.0/0"
  ip_protocol       = "tcp"
  port_range        = "22"
  policy            = "accept"
}

resource "tencentcloud_security_group_rule" "APP_icmp" {
  security_group_id = tencentcloud_security_group.APP_cvm_rules.id
  type              = "ingress"
  cidr_ip           = "0.0.0.0/0"
  ip_protocol       = "icmp"
  policy            = "accept"
}

cvm_instance.tf代码如下:

代码语言:txt
复制
# Use this data source to query images
data "tencentcloud_images" "my_favorite_image" {
  image_type = ["PUBLIC_IMAGE"]
  os_name    = "centos 7.5"
}

# Create APP CVMs instance 
resource "tencentcloud_instance" "APP_cvm_instance" {
  instance_name              = join("-", [var.APP_cvm_instance_name, count.index])
  availability_zone          = var.availability_zone
  image_id                   = data.tencentcloud_images.my_favorite_image.images.0.image_id
  instance_type              = var.APP_cvm_instance_type
  system_disk_type           = var.APP_cvm_system_disk_type
  system_disk_size           = var.APP_cvm_system_disk_size
  hostname                   = join("-", [var.APP_cvm_hostname, count.index])
  project_id                 = var.project_id
  vpc_id                     = tencentcloud_vpc.my_vpc.id
  subnet_id                  = tencentcloud_subnet.APP_subnet.id
  security_groups            = [tencentcloud_security_group.APP_cvm_rules.id]
  password                   = var.APP_cvm_password
  count                      = var.APP_cvm_count
  instance_charge_type       = var.APP_cvm_instance_charge_type

  data_disks {
    data_disk_type = var.APP_cvm_data_disk_type
    data_disk_size = var.APP_cvm_data_disk_size
  }
}


# Create BIGDATA CVMs instance 
resource "tencentcloud_instance" "BIGDATA_cvm_instance" {
  instance_name              = join("-", [var.BIGDATA_cvm_instance_name, count.index])
  availability_zone          = var.availability_zone
  image_id                   = data.tencentcloud_images.my_favorite_image.images.0.image_id
  instance_type              = var.BIGDATA_cvm_instance_type
  system_disk_type           = var.BIGDATA_cvm_system_disk_type
  system_disk_size           = var.BIGDATA_cvm_system_disk_size
  hostname                   = join("-", [var.BIGDATA_cvm_hostname, count.index])
  project_id                 = var.project_id
  vpc_id                     = tencentcloud_vpc.my_vpc.id
  subnet_id                  = tencentcloud_subnet.BIGDATA_subnet.id
  security_groups            = [tencentcloud_security_group.BIGDATA_cvm_rules.id]
  password                   = var.BIGDATA_cvm_password
  count                      = var.BIGDATA_cvm_count
  instance_charge_type       = var.BIGDATA_cvm_instance_charge_type

#  data_disks {
#    data_disk_type = var.BIGDATA_cvm_data_disk_type
#    data_disk_size = var.BIGDATA_cvm_data_disk_size
#  }
}


# Create QA CVMs instance 
resource "tencentcloud_instance" "QA_cvm_instance" {
  instance_name              = join("-", [var.QA_cvm_instance_name, count.index])
  availability_zone          = var.availability_zone
  image_id                   = data.tencentcloud_images.my_favorite_image.images.0.image_id
  instance_type              = var.QA_cvm_instance_type
  system_disk_type           = var.QA_cvm_system_disk_type
  system_disk_size           = var.QA_cvm_system_disk_size
  hostname                   = join("-", [var.QA_cvm_hostname, count.index])
  project_id                 = var.project_id
  vpc_id                     = tencentcloud_vpc.QA_vpc.id
  subnet_id                  = tencentcloud_subnet.QA_subnet.id
  security_groups            = [tencentcloud_security_group.QA_cvm_rules.id]
  password                   = var.QA_cvm_password
  count                      = var.QA_cvm_count
  instance_charge_type       = var.QA_cvm_instance_charge_type

  data_disks {
    data_disk_type = var.QA_cvm_data_disk_type
    data_disk_size = var.QA_cvm_data_disk_size
  }
}

eip.tf代码如下:

代码语言:txt
复制
# Create an EIP resource
resource "tencentcloud_eip" "my_eip" {
  name                       = var.eip_name
  internet_max_bandwidth_out = var.eip_internet_max_bandwidth_out
  internet_service_provider  = var.eip_internet_service_provider
  type                       = var.eip_type
  internet_charge_type       = var.eip_internet_charge_type
}

eip_association.tf代码如下:

代码语言:txt
复制
# Provides an eip resource associated with  CVM
resource "tencentcloud_eip_association" "my_eip_association" {
  eip_id      = tencentcloud_eip.my_eip.id
  instance_id = tencentcloud_instance.APP_cvm_instance.0.id
}

mysql_instance.tf代码如下:

代码语言:txt
复制
# Create mysql_instance resource for APP 
resource tencentcloud_mysql_instance "APP_mysql_instance" {
  engine_version    = var.APP_mysql_engine_version
  availability_zone = var.availability_zone
  instance_name     = var.APP_mysql_instance_name
  mem_size          = var.APP_mysql_mem_size
  root_password     = var.APP_mysql_root_password
  subnet_id         = tencentcloud_subnet.DB_subnet.id
  volume_size       = var.APP_mysql_volume_size
  vpc_id            = tencentcloud_vpc.my_vpc.id
  intranet_port     = var.APP_mysql_intranet_port
  project_id        = var.project_id
  security_groups   = [tencentcloud_security_group.APP_DB_rules.id]
}


# Create  mysql_instance resource for QA
resource tencentcloud_mysql_instance "QA_mysql_instance" {
  engine_version    = var.QA_mysql_engine_version
  availability_zone = var.availability_zone
  instance_name     = var.QA_mysql_instance_name
  mem_size          = var.QA_mysql_mem_size
  root_password     = var.QA_mysql_root_password
  subnet_id         = tencentcloud_subnet.QA_subnet.id
  volume_size       = var.QA_mysql_volume_size
  vpc_id            = tencentcloud_vpc.QA_vpc.id
  intranet_port     = var.QA_mysql_intranet_port
  project_id        = var.project_id
  security_groups   = [tencentcloud_security_group.QA_DB_rules.id]
}

clb_instance.tf代码如下:

代码语言:txt
复制
# create an OPEN CLB resource
resource tencentcloud_clb_instance "open_clb_instance" {
  clb_name        = var.clb_name
  network_type    = var.clb_network_type
  vpc_id          = tencentcloud_vpc.my_vpc.id
  project_id      = var.project_id
  security_groups = [tencentcloud_security_group.CLB_rules.id]
}

clb_listener.tf代码如下:

代码语言:txt
复制
# create a TCP Listener
resource "tencentcloud_clb_listener" "TCP_listener" {
  clb_id                     = tencentcloud_clb_instance.open_clb_instance.id
  listener_name              = "appweb_listener"
  port                       = 80
  protocol                   = "TCP"
  health_check_switch        = true
  health_check_time_out      = 2
  health_check_interval_time = 5
  health_check_health_num    = 3
  health_check_unhealth_num  = 3
  session_expire_time        = 30
  scheduler                  = "WRR"
}

clb_attachment.tf代码如下:

代码语言:txt
复制
# Provides a resource to a CLB attachment
resource "tencentcloud_clb_attachment" "foo" {
  clb_id      = tencentcloud_clb_instance.open_clb_instance.id
  listener_id = tencentcloud_clb_listener.TCP_listener.id

  targets {
    instance_id = tencentcloud_instance.APP_cvm_instance.1.id
    port        = 80
    weight      = 10
  }
}

redis_instance.tf代码如下:

代码语言:txt
复制
# Create Redis instance for APP 
resource "tencentcloud_redis_instance" "APP_redis_instance" {
  availability_zone = var.availability_zone
  type              = var.APP_redis_type
  password          = var.APP_redis_password
  mem_size          = var.APP_redis_mem_size
  name              = var.APP_redis_name
  port              = var.APP_redis_port
  subnet_id         = tencentcloud_subnet.DB_subnet.id
  vpc_id            = tencentcloud_vpc.my_vpc.id
  project_id        = var.project_id
  security_groups   = [tencentcloud_security_group.APP_DB_rules.id]
}


# Create  Redis instance for QA 
resource "tencentcloud_redis_instance" "QA_redis_instance" {
  availability_zone = var.availability_zone
  type              = var.QA_redis_type
  password          = var.QA_redis_password
  mem_size          = var.QA_redis_mem_size
  name              = var.QA_redis_name
  port              = var.QA_redis_port
  subnet_id         = tencentcloud_subnet.QA_subnet.id
  vpc_id            = tencentcloud_vpc.QA_vpc.id
  project_id        = var.project_id
  security_groups   = [tencentcloud_security_group.QA_DB_rules.id]
}

BIGDATA_cvm_security_group.tf代码如下:

代码语言:txt
复制
# Create security group with 2 rules for BIGDATA cvm instance
resource "tencentcloud_security_group" "BIGDATA_cvm_rules" {
  name        = "BIGDATA accessibility"
  description = "make it accessible"
}


resource "tencentcloud_security_group_rule" "BIGDATA_ssh" {
  security_group_id = tencentcloud_security_group.BIGDATA_cvm_rules.id
  type              = "ingress"
  cidr_ip           = "10.178.0.0/16"
  ip_protocol       = "tcp"
  port_range        = "22"
  policy            = "accept"
}

resource "tencentcloud_security_group_rule" "BIGDATA_icmp" {
  security_group_id = tencentcloud_security_group.BIGDATA_cvm_rules.id
  type              = "ingress"
  cidr_ip           = "0.0.0.0/0"
  ip_protocol       = "icmp"
  policy            = "accept"
}

QA_cvm_security_group.tf代码如下:

代码语言:txt
复制
# Create security group with 2 rules for QA cvm instance
resource "tencentcloud_security_group" "QA_cvm_rules" {
  name        = "QA accessibility"
  description = "make it accessible"
}


resource "tencentcloud_security_group_rule" "QA_ssh" {
  security_group_id = tencentcloud_security_group.QA_cvm_rules.id
  type              = "ingress"
  cidr_ip           = "0.0.0.0/0"
  ip_protocol       = "tcp"
  port_range        = "22"
  policy            = "accept"
}

resource "tencentcloud_security_group_rule" "QA_icmp" {
  security_group_id = tencentcloud_security_group.QA_cvm_rules.id
  type              = "ingress"
  cidr_ip           = "0.0.0.0/0"
  ip_protocol       = "icmp"
  policy            = "accept"
}

APP_DB_security_group.tf代码如下:

代码语言:txt
复制
# Create security group with 2 rules for APP DB 
resource "tencentcloud_security_group" "APP_DB_rules" {
  name        = "APP DB accessibility"
  description = "make it accessible"
}


resource "tencentcloud_security_group_rule" "APP_mysql" {
  security_group_id = tencentcloud_security_group.APP_DB_rules.id
  type              = "ingress"
  cidr_ip           = "10.178.0.0/16"
  ip_protocol       = "tcp"
  port_range        = "3306"
  policy            = "accept"
}

resource "tencentcloud_security_group_rule" "APP_redis" {
  security_group_id = tencentcloud_security_group.APP_DB_rules.id
  type              = "ingress"
  cidr_ip           = "10.178.0.0/16"
  ip_protocol       = "tcp"
  port_range        = "6379"
  policy            = "accept"
}

QA_DB_security_group.tf代码如下:

代码语言:txt
复制
# Create security group with 2 rules for QA DB 
resource "tencentcloud_security_group" "QA_DB_rules" {
  name        = "QA DB accessibility"
  description = "make it accessible"
}


resource "tencentcloud_security_group_rule" "QA_mysql" {
  security_group_id = tencentcloud_security_group.QA_DB_rules.id
  type              = "ingress"
  cidr_ip           = "10.179.0.0/16"
  ip_protocol       = "tcp"
  port_range        = "3306"
  policy            = "accept"
}

resource "tencentcloud_security_group_rule" "QA_redis" {
  security_group_id = tencentcloud_security_group.QA_DB_rules.id
  type              = "ingress"
  cidr_ip           = "10.179.0.0/16"
  ip_protocol       = "tcp"
  port_range        = "6379"
  policy            = "accept"
}

clb_security_group.tf代码如下:

代码语言:txt
复制
# Create security group  for CLB
resource "tencentcloud_security_group" "CLB_rules" {
  name        = "CLB accessibility"
  description = "make it accessible"
}


resource "tencentcloud_security_group_rule" "CLB_web" {
  security_group_id = tencentcloud_security_group.CLB_rules.id
  type              = "ingress"
  cidr_ip           = "0.0.0.0/0"
  ip_protocol       = "tcp"
  port_range        = "80,8080"
  policy            = "accept"
}

原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。

如有侵权,请联系 cloudcommunity@tencent.com 删除。

原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。

如有侵权,请联系 cloudcommunity@tencent.com 删除。

评论
登录后参与评论
0 条评论
热度
最新
推荐阅读
目录
  • 一、什么是terraform
  • 二、TIC产品简介
  • 三、功能优势
  • 四、需求和目标
  • 五、场景说明
  • 六、基于腾讯云TIC系统创建云上资源步骤
    • 1、配置API KEY以授权TIC
      • 2、编写terraform代码
        • 3、执行terraform代码
        • 七、terraform代码模板说明
          • 1、模板中tf文件说明
            • 2、具体的terraform代码模板
            相关产品与服务
            云服务器
            云服务器(Cloud Virtual Machine,CVM)提供安全可靠的弹性计算服务。 您可以实时扩展或缩减计算资源,适应变化的业务需求,并只需按实际使用的资源计费。使用 CVM 可以极大降低您的软硬件采购成本,简化 IT 运维工作。
            领券
            问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档