使用terraform 来创建GCP的instance template 和基于它的vm_terraform模板

本人在上一篇的文章中已经介绍了如何去创建 google cloud的 vm 的image 和 instance template了
url：
快速构建自定义配置好的VM - 使用GCP instance-template 和 custom-image

但是里面的操作是基于gcloud CLI的。

在实际项目上， 我们对google cloud infra的change 更常有的是terraform。 这里也简单介绍下如何利用terraform去创建vm instance template 和对应的vm

下面的内容都是参考自官方terraform 文档：
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance_from_template

创建 实例模板 vm instance template

首先在terraform的vm module里新建1个tf 文件 instance_template.tf, 其实terraform的module folder 内是支持把内容写在多个文件的， 比起单一的main.tf 来讲更加容易管理

接下来就简单了， 我们可以把vm module原来了定义vm的代码块抄过来， 只是下面的部分需要注意修改：

resource "google_compute_instance_template" "vm-template-vpc0-subnet0-e2-small-tomcat" {
  name         = "vm-template-vpc0-subnet0-e2-small-tomcat"
  machine_type = "e2-small"

  disk {
    source_image = "https://compute.googleapis.com/compute/v1/projects/jason-hsbc/global/images/e2-small-tomcat-image"
    auto_delete  = true
    disk_size_gb = 20
    boot         = true
  }

  network_interface {
    network =  var.vpc0
    subnetwork =  var.vpc0_subnet0    
  }

 service_account {
    email  = "vm-common@jason-hsbc.iam.gserviceaccount.com"
    scopes = ["https://www.googleapis.com/auth/cloud-platform"]
  }

  # https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#provisioning_model
  # to reduce cost
  scheduling { 
    automatic_restart = false # Scheduling must have preemptible be false when AutomaticRestart is true.
    provisioning_model = "SPOT"
    preemptible         = true
    instance_termination_action = "STOP"
  }

  can_ip_forward = false
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

注意修改的部分：

1. resource 是google_compute_instance_template 而不是 google_compute_instance
2. source image 记得改成你自定义的image, 如果你需要预安装配置某些软件的话(jdk/tomcat…)

当执行玩terraform 一套命令后(init/plan/apply) ， 1个新的vm instance template 就会被创建vm-template-vpc0-subnet0-e2-small-tomcat

[gateman@manjaro-x13 ~]$ gcloud compute instance-templates list
NAME                                      MACHINE_TYPE  PREEMPTIBLE  CREATION_TIMESTAMP
e2-small-tomcat                           e2-small      true         2023-12-18T11:31:14.226-08:00
vm-template-vpc0-subnet0-e2-small-tomcat  e2-small      true         2023-12-21T08:47:49.748-08:00
[gateman@manjaro-x13 ~]$ gcloud compute instance-templates describe vm-template-vpc0-subnet0-e2-small-tomcat
creationTimestamp: '2023-12-21T08:47:49.748-08:00'
description: ''
id: '7261720283884147418'
kind: compute#instanceTemplate
name: vm-template-vpc0-subnet0-e2-small-tomcat
properties:
  disks:
  - autoDelete: true
    boot: true
    deviceName: persistent-disk-0
    index: 0
    initializeParams:
      diskSizeGb: '20'
      diskType: pd-standard
      sourceImage: projects/jason-hsbc/global/images/e2-small-tomcat-image
    interface: SCSI
    kind: compute#attachedDisk
    mode: READ_WRITE
    type: PERSISTENT
  machineType: e2-small
  metadata:
    fingerprint: t09GrcHA4z0=
    kind: compute#metadata
  networkInterfaces:
  - kind: compute#networkInterface
    name: nic0
    network: https://www.googleapis.com/compute/v1/projects/jason-hsbc/global/networks/tf-vpc0
    subnetwork: https://www.googleapis.com/compute/v1/projects/jason-hsbc/regions/europe-west2/subnetworks/tf-vpc0-subnet0
  scheduling:
    automaticRestart: false
    instanceTerminationAction: STOP
    onHostMaintenance: TERMINATE
    preemptible: true
    provisioningModel: SPOT
  serviceAccounts:
  - email: vm-common@jason-hsbc.iam.gserviceaccount.com
    scopes:
    - https://www.googleapis.com/auth/cloud-platform
selfLink: https://www.googleapis.com/compute/v1/projects/jason-hsbc/global/instanceTemplates/vm-template-vpc0-subnet0-e2-small-tomcat
[gateman@manjaro-x13 ~]$ 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

创建 基于vm instance template 创建vm

这个也很简单
首先继续在vm module里添加1个新的tf文件 vm_from_template.tf

接下来， 使用下面的terraform代码创建1个vm

resource "google_compute_instance_from_template" "tf-vpc0-subnet0-vm21" {
  name         = "tf-vpc0-subnet0-vm21"
  project      = var.project_id
  zone         = var.zone_id

  # from a instance template
  source_instance_template = google_compute_instance_template.vm-template-vpc0-subnet0-e2-small-tomcat.self_link_unique
}
1
2
3
4
5
6
7
8

注意的是resource 那么不能是google_compute_instance 而是 google_compute_instance_from_template

但执行玩terraform 命令一套后， 1个新的vm会被创建

[gateman@manjaro-x13 ~]$ gcloud compute ssh tf-vpc0-subnet0-vm21                                                                                                            │
No zone specified. Using zone [europe-west2-c] for instance: [tf-vpc0-subnet0-vm21].                                                                                        │
External IP address was not found; defaulting to using IAP tunneling.                                                                                                       │
WARNING:                                                                                                                                                                    │
                                                                                                                                                                            │
To increase the performance of the tunnel, consider installing NumPy. For instructions,                                                                                     │
please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the_tcp_upload_bandwidth                                                                       │
                                                                                                                                                                            │
Warning: Permanently added 'compute.442217657071685871' (ED25519) to the list of known hosts.                                                                               │
Linux tf-vpc0-subnet0-vm21 5.10.0-26-cloud-amd64 #1 SMP Debian 5.10.197-1 (2023-09-29) x86_64                                                                               │
                                                                                                                                                                            │
The programs included with the Debian GNU/Linux system are free software;                                                                                                   │
the exact distribution terms for each program are described in the                                                                                                          │
individual files in /usr/share/doc/*/copyright.                                                                                                                             │
                                                                                                                                                                            │
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent                                                                                                           │
permitted by applicable law.                                                                                                                                                │
Last login: Mon Dec 18 17:25:44 2023 from 35.235.242.0                                                                                                                      │
gateman@tf-vpc0-subnet0-vm21:~$ ps -ef | grep java                                                                                                                          │
gateman      608       1  9 16:55 ?        00:00:06 /usr/bin/java -Djava.util.logging.config.file=/home/gateman/server/tomcat10/conf/logging.properties -Djava.util.logging.│
manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security│
.SecurityListener.UMASK=0027 --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=j│
ava.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED -classpath /home/gateman/server/tomcat10/bin/bootstrap.jar:/home/gateman/server│
/tomcat10/bin/tomcat-juli.jar -Dcatalina.base=/home/gateman/server/tomcat10 -Dcatalina.home=/home/gateman/server/tomcat10 -Djava.io.tmpdir=/home/gateman/server/tomcat10/tem│
p org.apache.catalina.startup.Bootstrap start                                                                                                                               │
gateman      981     976  0 16:57 pts/0    00:00:00 grep java                                                                                                               │
gateman@tf-vpc0-subnet0-vm21
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

测试过， 可以正确加载我们的自定义镜像， 也就是tomcat 已经被安装和启动了

创建 基于vm 的单独设置 可以覆盖 Instance template 上相应的值

这里做个测试
我在terraform加多1个resource tf-vpc0-subnet1-vm1

resource "google_compute_instance_from_template" "tf-vpc0-subnet0-vm21" {
  name         = "tf-vpc0-subnet0-vm21"
  project      = var.project_id
  zone         = var.zone_id

  # from a instance template
  source_instance_template = google_compute_instance_template.vm-template-vpc0-subnet0-e2-small-tomcat.self_link_unique
}


# The custom properties of vm_from_template could overwrite the pre-defined properties in instance template
resource "google_compute_instance_from_template" "tf-vpc0-subnet1-vm1" {
  name         = "tf-vpc0-subnet1-vm1"
  project      = var.project_id
  zone         = var.zone_id

  network_interface {
    network =  "tf-vpc0"
    subnetwork =  "tf-vpc0-subnet1"  # here the subnet property will overwrite the setting in instance template
  }
  # from a instance template
  source_instance_template = google_compute_instance_template.vm-template-vpc0-subnet0-e2-small-tomcat.self_link_unique
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

其中 subnetwork 我显式设为了 tf-vpc0-subnet1 , 而 模板上的subnet 是 tf-vpc0-subnet0
当资源创建后, 可以见到subnet的值被 覆盖了， 相当方便。

[gateman@manjaro-x13 ~]$ gcloud compute instances describe tf-vpc0-subnet1-vm1
No zone specified. Using zone [europe-west2-c] for instance: [tf-vpc0-subnet1-vm1].
cpuPlatform: Intel Broadwell
creationTimestamp: '2023-12-21T10:20:06.917-08:00'
deletionProtection: false
disks:
- architecture: X86_64
  autoDelete: true
  boot: true
  deviceName: persistent-disk-0
  diskSizeGb: '20'
  guestOsFeatures:
  - type: UEFI_COMPATIBLE
  - type: VIRTIO_SCSI_MULTIQUEUE
  - type: GVNIC
  - type: SEV_CAPABLE
  index: 0
  interface: SCSI
  kind: compute#attachedDisk
  licenses:
  - https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-11-bullseye
  mode: READ_WRITE
  source: https://www.googleapis.com/compute/v1/projects/jason-hsbc/zones/europe-west2-c/disks/tf-vpc0-subnet1-vm1
  type: PERSISTENT
fingerprint: 5624YdVwPFw=
id: '9061352765349510970'
kind: compute#instance
labelFingerprint: 42WmSpB8rSM=
lastStartTimestamp: '2023-12-21T10:20:12.479-08:00'
machineType: https://www.googleapis.com/compute/v1/projects/jason-hsbc/zones/europe-west2-c/machineTypes/e2-small
metadata:
  fingerprint: t09GrcHA4z0=
  kind: compute#metadata
name: tf-vpc0-subnet1-vm1
networkInterfaces:
- fingerprint: z9Z5YCAsnOo=
  kind: compute#networkInterface
  name: nic0
  network: https://www.googleapis.com/compute/v1/projects/jason-hsbc/global/networks/tf-vpc0
  networkIP: 192.168.1.5
  stackType: IPV4_ONLY
  subnetwork: https://www.googleapis.com/compute/v1/projects/jason-hsbc/regions/europe-west2/subnetworks/tf-vpc0-subnet1
satisfiesPzs: true
scheduling:
  automaticRestart: false
  instanceTerminationAction: STOP
  onHostMaintenance: TERMINATE
  preemptible: true
  provisioningModel: SPOT
selfLink: https://www.googleapis.com/compute/v1/projects/jason-hsbc/zones/europe-west2-c/instances/tf-vpc0-subnet1-vm1
serviceAccounts:
- email: vm-common@jason-hsbc.iam.gserviceaccount.com
  scopes:
  - https://www.googleapis.com/auth/cloud-platform
shieldedInstanceConfig:
  enableIntegrityMonitoring: true
  enableSecureBoot: false
  enableVtpm: true
shieldedInstanceIntegrityPolicy:
  updateAutoLearnPolicy: true
startRestricted: false
status: RUNNING
tags:
  fingerprint: 42WmSpB8rSM=
zone: https://www.googleapis.com/compute/v1/projects/jason-hsbc/zones/europe-west2-c
[gateman@manjaro-x13 ~]$ 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66