Terraform 入门

yeedomliu

发布于 2021-12-10 09:12:00

2.6K0

发布于 2021-12-10 09:12:00

文章被收录于专栏：yeedomliuyeedomliu

为什么使用 Terraform

什么是基础设施即代码

基础设施即代码（IaC）：DevOps自动化的目标是将软件交付过程自动化。所以落实到管理基础设施方面，也要尽可能多地通过代码来进行，减少点击网页或手动执行Shell命令的方式

基础设施即代码背后的想法是，通过编写和执行代码来定义、部署、更新和销毁基础设施。这代表着一种观念上的重要转变：将运维的各个工作都视为与软件相关，甚至包括那些明显针对硬件的工作（如设置物理服务器）
DevOps的一个重要观点是，用户应该将所有事物都在代码中进行管理，包括服务器、数据库、网络、日志文件、应用程序配置、文档、自动测试、部署过程等

使用DevOps实践（例如IaC）的组织，部署频率提高了200倍，从故障中恢复的速度提高了24倍，交付周期缩短为原来的1/2555

Terraform 工作原理

Terraform使用Go语言编写，是由HashiCorp公司创建的开源工具

Terraform配置文件的示例

resource "aws_instance" "example" {
  instance_type     = "t2.micro"
  ami               = "ami-0c55b159cbfafe1f0"
}

resource "google_dns_record_set" "a" {
  name     = "demo.google-example.com"
  managed_zone = "example-zone"
  type = "A"
  ttl = 300
  rrdatas = [aws_instance.example.public_ip]
}

首先调用AWS的API来部署一台服务器。然后调用GoogleCloud的API，创建指向AWS服务器IP地址的DNS条目
用户可以在Terraform配置文件中定义整套基础设施：服务器、数据库、负载均衡器、网络拓扑等，然后将配置文件提交到版本控制系统。接下来，通过运行Terraform命令，例如terraformapply命令，来部署该基础设施。terraform命令将对代码进行解析，将代码转化为云服务提供商的一系列API调用，并在此过程中优化API调用

Terraform工具将用户的配置文件中的内容转换为对云服务提供商的API调用

Terraform 、Docker 搭配使用

使用Packer创建包括Docker和Kubernetes服务的虚拟机映像
通过Terraform部署服务器集群，每个服务器都运行此虚拟机映像，以及其余基础设施，包括网络拓扑（即VPC、子网、路由表）、数据存储（如MySQL、Redis）和负载均衡器

Terraform入门

设置云账号

为了使Terraform能够对你的AWS账户进行直接操作，需要将环境变量AWS_ACCESS_KEY_ID和AWS_SECRET_ACCESS_KEY

$ export TENCENTCLOUD_SECRET_ID="AKIDnU0JOKxxxxxxxxxxxxxxxxxxxxxxx"
$ export TENCENTCLOUD_SECRET_KEY="NWSBgxxxxxxxxxxxxxxxxxxxxxxxxx"

部署服务

Terraform代码是以HashiCorp配置语言（HashiCorpConfigurationLanguage，HCL）编写的，扩展名为.tf。HCL是一种声明性语言，目标是描述所需的基础设施，Terraform将自动计算生成创建它的方法

编辑文件

使用Terraform的第一步通常是配置要使用的提供商。创建一个空文件夹，并在其中放置一个名为main.tf的文件
创建vpc 资源

main.tf

provider "tencentcloud" {
  region = "ap-guangzhou"
}

resource "tencentcloud_vpc" "test_vpc" {
  name       = "hello"
  cidr_block = "10.1.0.0/16"
}

versions.tf

terraform {
  required_providers {
    tencentcloud = {
      source = "tencentcloudstack/tencentcloud"
    }
  }
}

运行`terraform init`命令

❯ ls
main.tf     versions.tf
❯ terraform init

Initializing the backend...

Initializing provider plugins...
- Finding latest version of tencentcloudstack/tencentcloud...
- Installing tencentcloudstack/tencentcloud v1.60.16...
- Installed tencentcloudstack/tencentcloud v1.60.16 (signed by a HashiCorp partner, key ID 84F69E1C1BECF459)

Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/plugins/signing.html

The following providers do not have any version constraints in configuration,
so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breaking
changes, we recommend adding version constraints in a required_providers block
in your configuration, with the constraint strings suggested below.

* tencentcloudstack/tencentcloud: version = "~> 1.60.16"

Terraform has been successfully initialized!

第一次开始使用Terraform时，需要运行terraform init命令，指示Terraform扫描代码，找出用到的提供商，并下载它们需要使用的代码库。在默认情况下，提供商代码将被下载到.terraform文件夹

运行`terraform plan`命令

可以让你在任何实际更改之前对Terraform进行预览，以便代码在发布给外界之前进行最后的检查

加号（+）代表任何新添加的内容
减号（-）代表删除的内容
波浪号（〜）代表所有将被修改的内容

❯ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # tencentcloud_vpc.test_vpc will be created
  + resource "tencentcloud_vpc" "test_vpc" {
      + cidr_block             = "10.1.0.0/16"
      + create_time            = (known after apply)
      + default_route_table_id = (known after apply)
      + dns_servers            = (known after apply)
      + id                     = (known after apply)
      + is_default             = (known after apply)
      + is_multicast           = true
      + name                   = "hello"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

运行`terraform apply`命令

❯ terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # tencentcloud_vpc.test_vpc will be created
  + resource "tencentcloud_vpc" "test_vpc" {
      + cidr_block             = "10.1.0.0/16"
      + create_time            = (known after apply)
      + default_route_table_id = (known after apply)
      + dns_servers            = (known after apply)
      + id                     = (known after apply)
      + is_default             = (known after apply)
      + is_multicast           = true
      + name                   = "hello"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

tencentcloud_vpc.test_vpc: Creating...
tencentcloud_vpc.test_vpc: Creation complete after 4s [id=vpc-6f1g0sw7]

从腾讯云控制台的『私有网络』就可以看到刚刚创建的 vpc