Terraform快速入门

todo

一、安装

Terraform是以二进制可执行文件发布的,只需下载terraform,然后将terraform可执行文件添加到系统环境变量PATH中即可。下面以Linux系统为例:

1
2
3
4
mkdir -p ~/terraform && cd $_
wget https://releases.hashicorp.com/terraform/0.14.3/terraform_0.14.3_linux_amd64.zip
unzip terraform_0.14.3_linux_amd64.zip
sudo mv terraform /usr/local/bin/

二、认证鉴权

使用Terraform管理云资源前,需要获取云平台的AK/SK,并在Terraform中进行配置,从而实现认证鉴权。认证信息的配置方式是由各云厂商实现的provider决定的,详细信息可参考各云的provider文档。但常用的方式有两种:静态文件和环境变量。下面我们分别讨论。

2.1、静态文件

静态文件,就是直接在配置文件中添加AK、SK信息,如下示例:

1
2
3
4
5
provider "huaweicloud" {
  region     = "cn-north-1"
  access_key = "my-access-key"
  secret_key = "my-secret-key"
}

说明:

  • region:区域,即要管理哪个区域的资源。
  • access_key:密钥ID,即AK。
  • secret_key:访问密钥,即SK。

2.2、环境变量

环境变量,就是将认证信息配置成系统环境变量,下面以华为云为例:

1
2
3
$ export HW_REGION_NAME="cn-north-1"
$ export HW_ACCESS_KEY="my-access-key"
$ export HW_SECRET_KEY="my-secret-key"

说明:

  • HW_REGION_NAME:区域,即要管理哪个区域的资源。
  • HW_ACCESS_KEY:密钥ID,即AK。
  • HW_SECRET_KEY:访问密钥,即SK。

三、使用Terraform创建云上网络

下面,我们以华为云为例,使用Terraform创建一个VPC网络

3.1、搭建本地registry

1
2
3
4
wget https://releases.hashicorp.com/terraform-provider-huaweicloud/1.20.0/terraform-provider-huaweicloud_1.20.0_linux_amd64.zip

mkdir -p ~/.terraform.d/plugins/local-registry/huaweicloud/huaweicloud/1.20.0/linux_amd64
unzip terraform-provider-huaweicloud_1.20.0_linux_amd64.zip -d ~/.terraform.d/plugins/local-registry/huaweicloud/huaweicloud/1.20.0/linux_amd64

3.2、配置registry

1
2
3
4
5
6
7
8
9
10
cat > ~/terraform/versions.tf << EOF
terraform {
  required_providers {
    huaweicloud = {
      source = "local-registry/huaweicloud/huaweicloud"
      version = "1.20.0"
    }
  }
}
EOF

3.3、定义资源

创建“main.tf”文件,内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
cat > ~/terraform/main.tf << EOF
# Configure the HuaweiCloud Provider
provider "huaweicloud" {
  region      = "cn-south-1"
  domain_name = "Kuberxy"
  access_key  = "access_key"
  secret_key  = "access_key"
}

# Create a VPC
resource "huaweicloud_vpc" "example" {
  name = "gz_vpc"
  cidr = "192.168.0.0/16"
}
EOF

该文件:

  • 上半部分为HuaweiCloud Provider的配置,包含认证鉴权的内容;如果使用环境变量方式认证鉴权,可以省略该部分内容。
  • 下半部分描述一个名为example的VPC资源,该VPC在云平台上的名称为gz_vpc,cidr为192.168.0.0/16。

3.4、初始化

1
terraform init

如果使用的是网络registry,首次执行时会访问公网下载Provider并安装。该命令的输出结果如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Initializing the backend...

Initializing provider plugins...
- Finding local-registry/huaweicloud/huaweicloud versions matching "1.20.0"...
- Installing local-registry/huaweicloud/huaweicloud v1.20.0...
- Installed local-registry/huaweicloud/huaweicloud v1.20.0 (unauthenticated)

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

3.5、查看要创建的资源

1
terraform plan

该命令会显示要创建哪些资源,输出如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # huaweicloud_vpc.example will be created
  + resource "huaweicloud_vpc" "example" {
      + cidr                  = "192.168.0.0/16"
      + enterprise_project_id = (known after apply)
      + id                    = (known after apply)
      + name                  = "gz_vpc"
      + region                = (known after apply)
      + routes                = (known after apply)
      + shared                = (known after apply)
      + status                = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

3.6、创建资源

1
terraform apply

该命令后需要我们进行确认后,才会真正的创建资源。根据提示输入“yes”即可,输出如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # huaweicloud_vpc.example will be created
  + resource "huaweicloud_vpc" "example" {
      + cidr                  = "192.168.0.0/16"
      + enterprise_project_id = (known after apply)
      + id                    = (known after apply)
      + name                  = "gz_vpc"
      + region                = (known after apply)
      + routes                = (known after apply)
      + shared                = (known after apply)
      + status                = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

huaweicloud_vpc.example: Creating...
huaweicloud_vpc.example: Creation complete after 7s [id=420c4ed2-20e5-4dca-b4bf-3758535ccbfc]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

3.7、查看资源信息

1
terraform show

该命令会显示资源的详细信息,输出如下:

1
2
3
4
5
6
7
8
9
10
11
# huaweicloud_vpc.example:
resource "huaweicloud_vpc" "example" {
    cidr                  = "192.168.0.0/16"
    enterprise_project_id = "0"
    id                    = "420c4ed2-20e5-4dca-b4bf-3758535ccbfc"
    name                  = "gz_vpc"
    region                = "cn-east-2"
    routes                = []
    shared                = false
    status                = "OK"
}

3.8、删除资源

1
terraform destroy

该命令也需要进行确认,根据提示输入“yes”即可,输出如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # huaweicloud_vpc.example will be destroyed
  - resource "huaweicloud_vpc" "example" {
      - cidr                  = "192.168.0.0/16" -> null
      - enterprise_project_id = "0" -> null
      - id                    = "420c4ed2-20e5-4dca-b4bf-3758535ccbfc" -> null
      - name                  = "gz_vpc" -> null
      - region                = "cn-east-2" -> null
      - routes                = [] -> null
      - shared                = false -> null
      - status                = "OK" -> null
    }

Plan: 0 to add, 0 to change, 1 to destroy.

Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes

huaweicloud_vpc.example: Destroying... [id=420c4ed2-20e5-4dca-b4bf-3758535ccbfc]
huaweicloud_vpc.example: Still destroying... [id=420c4ed2-20e5-4dca-b4bf-3758535ccbfc, 10s elapsed]
huaweicloud_vpc.example: Destruction complete after 11s

Destroy complete! Resources: 1 destroyed.

四、参考

快速入门

DevOps
#Terraform
Terraform快速入门
https://kuberxy.github.io/2021/01/04/Terraform快速入门/
作者
Mr.x
发布于
2021年1月4日
许可协议