IaC 实践Terrafform 入门学习笔记 2023-10-15 06:40:16 Steven Xeldax [TOC] # Infrastructure as Code(IaC)概念 Infrastructure as Code(IaC)是一种将基础架构定义为代码的方法,用于自动化和管理基础架构的部署和配置。IaC 的目标是通过代码来描述基础架构,以便可以轻松地创建、修改和部署基础架构,从而提高效率、降低成本和减少错误。 IaC 的核心思想是将基础架构定义为代码,这使得基础架构的创建、修改和部署变得更加容易和可靠。与手动配置基础架构相比,使用 IaC 可以自动化基础架构的部署和配置,从而减少手动干预和减少错误。 使用 IaC 的另一个好处是可重复性。由于基础架构是通过代码来定义的,因此可以轻松地重复创建、修改和部署基础架构。这意味着可以轻松地创建多个相同的环境,例如开发、测试和生产环境,从而提高效率和减少错误。 IaC 还具有可扩展性。由于基础架构是通过代码来定义的,因此可以轻松地扩展基础架构以满足业务需求。这意味着可以根据需要增加或减少资源,例如服务器、存储和网络设备。 另一个 IaC 的好处是可追溯性。由于基础架构是通过代码来定义的,因此可以跟踪基础架构的变化,从而可以轻松地追溯问题并进行故障排除。这对于保证系统的稳定性和可靠性非常重要。 IaC 具有可协作性。由于基础架构是通过代码来定义的,因此多个团队成员可以协作开发和管理基础架构,从而提高效率和减少错误。这意味着可以更快地开发和部署新的功能和服务,从而提高业务的灵活性和竞争力。 常见的IaC方法论实现的工具有:Terraform,AWS CloudFormation,Azure Resource Manager等等,其中目前具有统治地位的就是Terrafrom平台。 # Terraform ![](/download/3bb44357-b20c-426f-a67f-a124e0645880.png) Terraform是一个开源编排工具,支持的插件众多,相对来讲比较灵活,兼容很多的公有云、私有云。 Terraform有自己的配置语言(Configuration Language)。配置语言最主要的功能就是描述需要编排的资源(resource),其它的都是围绕resource展开,其存在意义就是让resource的定义更加灵活、方便。 Terraform Language基本语法 ``` resource "aws_vpc" "main" { cidr_block = var.base_cidr_block } <BLOCK TYPE> "<BLOCK LABEL>" "<BLOCK LABEL>" { # Block body <IDENTIFIER> = <EXPRESSION> # Argument } ``` 遵循Terraform配置语言语法描述的一个资源集合,称之为模板,或配置文件,为了方便,统称为模板 模板以.tf、.tf.json扩展名结尾,语法遵循Terraform语言语法 ## terraform 安装 直接到https://www.terraform.io/downloads.html 下载,存放到环境变量目录下即可。 ## terraform command cheatsheat ``` terraform -install-autocomplete terraform fmt terraform validate terraform validate -backend=false terraform init terraform init -get-plugins=false terraform init -verify-plugins=false terraform apply --auto-approve #apply changes without being prompted to enter "yes" terraform destroy --auto-approve #destroy/cleanup deployment without being prompted for “yes” terraform refresh terraform apply --parallelism=5 #number of simultaneous resource operations terraform apply -var my_region_variable=us-east-1 terraform apply -var-file XXXX terraform state show aws_instance.my_ec2 terraform state list ``` ![](/download/6ae421af-ee26-4c79-9bde-89ffdf801515.jpg) ## terraform 使用 ![](/download/2713e6f3-5da0-43ed-aa58-be02bb3c36cb.png) data.tf ``` data "vultr_ssh_key" "my_ssh_key_data" { filter { name = "name" values = ["my-ssh-key"] } depends_on = [ vultr_ssh_key.my_ssh_key ] } ``` local.tf ``` locals { region_jp = "nrt" region_los_angeles = "lax" } locals { os_ubuntu = 1743 os_centos = 167 os_windows_2019 = 371 } ``` main.tf ``` resource "vultr_ssh_key" "my_ssh_key" { name = "my-ssh-key" ssh_key = "ssh-rsa A" } resource "vultr_startup_script" "install_golang_pkg" { name = "install_golang_pkg" script = "IyEvYmluL3NoCgphcHQgdXBkYXRlCmFwdCBpbnN0YWxsIGdvbGFuZyAteQ==" } resource "vultr_instance" "mmmm" { count = 1 plan = "vc2-1c-1gb" region = "nrt" os_id = local.os_ubuntu ddos_protection = false activation_email = false hostname = "terraform-auto-host-${count.index}" ssh_key_ids = [vultr_ssh_key.my_ssh_key.id] label = data.vultr_ssh_key.my_ssh_key_data.name script_id = vultr_startup_script.install_golang_pkg.id depends_on = [ vultr_ssh_key.my_ssh_key, vultr_startup_script.install_golang_pkg ] } ``` output.tf ``` # 单实例 # output "vm-mmmm-ip" { # value = vultr_instance.mmmm.main_ip # sensitive = false # description = "vm mmmmm ip" # } # output "vm-mmmm-id" { # value = vultr_instance.mmmm.id # sensitive = false # description = "vm mmmmm id" # } # output "vm-mmmm-status" { # value = vultr_instance.mmmm.status # sensitive = false # description = "vm mmmmm status" # } output "vm-mmmm-ip" { value = join(",", vultr_instance.mmmm.*.main_ip) sensitive = false description = "vm mmmmm ip" } output "vm-mmmm-id" { value = join(",", vultr_instance.mmmm.*.id) sensitive = false description = "vm mmmmm id" } output "vm-mmmm-status" { value = join(",", vultr_instance.mmmm.*.status) sensitive = false description = "vm mmmmm status" } ``` provider.tf ``` terraform { required_providers { vultr = { source = "vultr/vultr" version = "2.16.3" } } } # Configure the Vultr Provider provider "vultr" { api_key = "XXXXXX" rate_limit = 100 retry_limit = 3 } ``` varible.tf ``` # variable "users" { # type = map(object({ # user = string # })) # } ``` terraform init 下载vultr 的中间件 terraform plan ![](/download/3e34e7a1-5791-4615-b089-116dbd0f8231.png) terraform apply ![](/download/896f138e-7c9f-4199-a74d-073b776641a1.png) # 参考资料 azure 上 TF的文档: https://learn.microsoft.com/zh-cn/azure/key-vault/keys/quick-create-terraform?tabs=azure-cli https://learn.microsoft.com/zh-cn/azure/developer/terraform/create-resource-group?tabs=azure-cli terraform 入门book: https://lonegunmanb.github.io/introduction-terraform/ https://blog.gmem.cc/terraform cheatsheet: https://github.com/scraly/terraform-cheat-sheet/blob/master/terraform-cheat-sheet.pdf