赞
踩
记得2019左右就看到过Terraform系列的文章和书籍,当时所有的业务都上云了管理也很是方便,看了一眼就没有作过多的研究。但本着对技术发展的前瞻敏锐性, 还是觉得这个东西是会火起来的。正巧最近泽阳大佬devops训练营https://www.yuque.com/devopsvip穿插上了Terraform!个人又开始下体验一把了…Terraform!个人又开始体验了一把…
打开terraform官方下载页面https://www.terraform.io/downloads。选择安装方式**包管理器 **or 二进制方式:
当然了还有托管方式Terraform Cloud…毕竟现在是一个到处cloud的时代,忽略,这里只演示包管理器的安装方式!
个人的工作环境是一台rocky linux ,选择了centos8/rhel 的yum 安装的方式:
[root@zhangpeng ~]# sudo yum install -y yum-utils
[root@zhangpeng ~]# sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
[root@zhangpeng ~]# sudo yum -y install terraform
查看Terraform当前安装版本:
[root@zhangpeng ~]# terraform -version
Terraform v1.1.7
on linux_amd64
参照:
登陆访问管理-用户-用户列表-新建用户,按照自己的方式选择创建用户,我选择了快速构建
给了AdministratorAccess权限限…测试吧,本来其实我先开一个子项目然后授权?但是这眼花缭乱的权限配置,无从下手…点击创建用户,生成密钥:
注:生产环境应该尽量合理设置帐号权限边界!
创建一个terraform的文件夹并配置id 密钥,参照:https://cloud.tencent.com/developer/article/1473713
[root@zhangpeng ~]# mkdir terraform
[root@zhangpeng ~]# cd terraform/
[root@zhangpeng terraform]# vim provider.tf
[root@zhangpeng terraform]# cat provider.tf
provider "tencentcloud" {
secret_id = "xxxxxxxxxxxxxxxxxxxx"
secret_key = "xxxxxxxxxxxxxxxxxxx"
region = "ap-beijing"
}
what 开始没有仔细看报错,凭直觉以为是被墙…科学上网还是如此。google搜索:
Could not retrieve the list of available versions for provider hashicorp/tencentcloud: provider registry registry.terraform.io │ does not have a provider named registry.terraform.io/hashicorp/tencentcloud
https://registry.terraform.io/providers/tencentcloudstack/tencentcloud/latest/docs
不建议将凭据硬编码到任何 Terraform 配置中,如果此文件曾经提交给公共版本控制系统,则存在秘密泄露的风险。…那还是使用系统变量吧!
按照提示:
[root@zhangpeng terraform]# export TENCENTCLOUD_SECRET_ID="xxxxxxxx"
[root@zhangpeng terraform]# export TENCENTCLOUD_SECRET_KEY="xxxxxx"
[root@zhangpeng terraform]# export TENCENTCLOUD_REGION="ap-beijing"
[root@zhangpeng terraform]# terraform plan
还是没有搞起来有点怀疑人生了…
谷歌搜了一下最新的terraform 腾讯云关键词搜索到聂伟星的博客:聂伟星https://www.niewx.cn/2021/09/11/Terraform-orchestrates-Tencent-Cloud-resources/。按照流程走一下:
[root@zhangpeng terraform]# cat provider.tf
terraform {
required_providers {
tencentcloud = {
source = "tencentcloudstack/tencentcloud"
}
}
}
provider "tencentcloud" {
secret_id = "xxxxxxxxxxx"
secret_key = "xxxxxxxxxxx"
region = "ap-beijing"
}
[root@zhangpeng terraform]# terraform init
ok,int成功
就参照:https://cloud.tencent.com/developer/article/1473713
cat vpc.ft
resource "tencentcloud_vpc" "vpc_bj" {
name = "vpc_bj"
cidr_block = "10.0.0.0/16"
is_multicast = false
}
cat route_table.tf
resource "tencentcloud_route_table" "rtb_vpc_bj" {
vpc_id = tencentcloud_vpc.vpc_bj.id
name = "rtb-vpc-bj"
}
注:后之后觉 route其实可以不创建的…毕竟有默认的default…
创建子网subset,我这里之间创建了4个子网…偷懒了,个人习惯而已…
cat subnet.tf
resource "tencentcloud_subnet" "subnet_bj_01" { name = "bj-01" cidr_block = "10.0.1.0/24" availability_zone = "ap-beijing-1" vpc_id = "${tencentcloud_vpc.vpc_bj.id}" route_table_id = "${tencentcloud_route_table.rtb_vpc_bj.id}" } resource "tencentcloud_subnet" "subnet_bj_02" { name = "bj-02" cidr_block = "10.0.2.0/24" availability_zone = "ap-beijing-2" vpc_id = "${tencentcloud_vpc.vpc_bj.id}" route_table_id = "${tencentcloud_route_table.rtb_vpc_bj.id}" } resource "tencentcloud_subnet" "subnet_bj_03" { name = "bj-03" cidr_block = "10.0.3.0/24" availability_zone = "ap-beijing-3" vpc_id = "${tencentcloud_vpc.vpc_bj.id}" route_table_id = "${tencentcloud_route_table.rtb_vpc_bj.id}" } resource "tencentcloud_subnet" "subnet_bj_04" { name = "bj-04" cidr_block = "10.0.4.0/24" availability_zone = "ap-beijing-4" vpc_id = "${tencentcloud_vpc.vpc_bj.id}" route_table_id = "${tencentcloud_route_table.rtb_vpc_bj.id}" }
cat security_group.tf
resource "tencentcloud_security_group" "sg_bj" {
name = "sg-bj"
}
resource "tencentcloud_security_group_rule" "sg_bj_1" {
security_group_id = "${tencentcloud_security_group.sg_bj.id}"
type = "ingress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "tcp"
port_range = "22,80"
policy = "accept"
}
cat cvm.tf
resource "tencentcloud_instance" "cvm_almalinux" { instance_name = "cvm-almalinux" availability_zone = "ap-beijing-2" image_id = "img-q95tlc25" instance_type = "S2.MEDIUM2" system_disk_type = "CLOUD_PREMIUM" security_groups = [ "${tencentcloud_security_group.sg_bj.id}" ] vpc_id = "${tencentcloud_vpc.vpc_bj.id}" subnet_id = "${tencentcloud_subnet.subnet_bj_02.id}" internet_max_bandwidth_out = 10 count = 1 }
当然了区域镜像都可以自己选择了 …我img-q95tlc25是一个almalinux的镜像。早先找腾讯云团队问能不能早点上rocky 跟almalinux的镜像。给我分享了一下正好测试一下!
执行** terraform plan **预览部署计划,
[root@zhangpeng terraform]# terraform plan
terraform apply 进行资源部署
[root@zhangpeng terraform]# terraform apply
enter a value输入yes 确认。等待资源创建!
登陆腾讯云后台似有网络管理页面:https://console.cloud.tencent.com/vpc/vpc选择北京区域。查看新建的vpc创建成功
点开对应vpc route发现route也创建成功,默认是有default路由的,所以我这里是不是可以不创建路由?
点击子网查看创建的四个subset子网:
点击上图bj-02子网中的cvm查看示例名 镜像id 规格与配置文件相对应!
以上都是针对cvm的管理,其他的想更进一步体验一下其他服务的管理。比如 数据库 负载均衡 tke等其他的相关基础服务!
对了删除服务我也体验过了…开始创建有问题删除重新创建的:
terraform show
terraform destroy
另外感觉个人对帐号的权限管理玩的不太好。想深入研究一下腾讯云的cam访问控制
特别鸣谢:
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。