5
02.Terraform基础
source link: https://blog.51cto.com/u_13812615/6000465
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
02.Terraform基础
精选 原创Terraform基础
开发环境配置
- 准备好代码base目录
配置阿里云RAM
- 登录阿里云https://www.aliyun.com/ 并通过控制台进入RAM
- 创建terraform用户,注意只需要OpenAPI 调用访问
- 将生成的access id和access secret保存备用
- 对terraform用户授权
需要的权限如下: AliyunECSFullAccess,AliyunVPCFullAccess
配置阿里云Provider
-
Terraform通过provider管理基础设施,使用provider与云供应商API 进行交互;每个Provider都包含相关的资源和数据源;
-
alicloud provider : https://registry.terraform.io/providers/aliyun/alicloud/latest/docs
声明provider
- required_providers{} 定义providers;
- source 定义provider的源地址;
- version指定provider的版本号
- 在basic下创建a_basic目录,并新增versions.tf
terraform {
required_version = "1.3.7"
required_providers {
alicloud = {
source = "aliyun/alicloud"
version = "1.195.0"
}
}
}
配置Provider
主要是配置认证信息
- alicloud_access_key RAM用户的AK信息;
- alicloud_secret_key RAM用户的SK信息;
- region定义创建资源的区域;
- a_basic/main.tf
provider "alicloud" {
access_key = var.alicloud_access_key
secret_key = var.alicloud_secret_key
region = var.region
}
定义variables变量
- 可以从环境变量或者文本文件中读取
- a_basic/variables.tf
variable "alicloud_access_key" {
type = string
}
variable "alicloud_secret_key" {
type = string
}
variable "region" {
type = string
}
- 声明TF环境变量,需要export TF_VAR开头,结合上述定义的变量去操作
export TF_VAR_alicloud_access_key="12345"
export TF_VAR_alicloud_secret_key="sbcopyit123"
export TF_VAR_region="cn-hangzhou"
定义阿里云资源
- 资源来自Provider, 是Terraform中最重要的元素。每个资源块描述一个或多个基础对象,例如网络、计算实例或更高级别的组件,例如 DNS 记录。
- 资源名称必须以字母或下划线开头,并且只能包含字母、数字、下划线和破折号。
resource "resource_type" "name" {
}
- 例如定义vpc资源: a_basic/alicloud_vpc.tf
专有网络VPC(Virtual Private Cloud)是用户基于阿里云创建的自定义私有网络,不同的专有网络之间二层逻辑隔离,用户可以在自己创建的专有网络内创建和管理云产品实例,比如ECS、负载均衡、RDS等。
//生产vpc
resource "alicloud_vpc" "vpc_prod" {
vpc_name = "hangzhou-prod-vpc"
cidr_block = "10.0.0.0/8"
}
//生产交换机
resource "alicloud_vswitch" "prod-vsw" {
vpc_id = alicloud_vpc.vpc_prod.id
cidr_block = "10.0.0.0/24"
zone_id = "cn-hangzhou-b"
}
//测试vpc
resource "alicloud_vpc" "vpc_test" {
vpc_name = "hangzhou-test-vpc"
cidr_block = "172.80.0.0/12"
}
resource "alicloud_vswitch" "test-vsw" {
vpc_id = alicloud_vpc.vpc_test.id
cidr_block = "172.80.0.0/24"
zone_id = "cn-hangzhou-k"
}
- 创建安全组: a_basic/alicloud_secure_group.tf
resource "alicloud_security_group" "prod-web-secure" {
name = "hangzhou_prod_web_secure_group"
vpc_id = alicloud_vpc.vpc_prod.id
security_group_type = "normal"
}
resource "alicloud_security_group_rule" "prod-web-secure-rule" {
type = "ingress"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "80/80"
priority = 1
security_group_id = alicloud_security_group.prod-web-secure.id
cidr_ip = "0.0.0.0/0"
}
resource "alicloud_security_group" "test-web-secure" {
name = "hangzhou_test_web_secure_group"
vpc_id = alicloud_vpc.vpc_test.id
security_group_type = "normal"
}
resource "alicloud_security_group_rule" "test-web-secure-rule" {
type = "ingress"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "80/80"
priority = 1
security_group_id = alicloud_security_group.test-web-secure.id
cidr_ip = "0.0.0.0/0"
}
申请阿里云资源
- 环境初始化
cd ~/Desktop/workspace/terraform_dode/basic/a_basic
terraform init
- 格式化代码
terraform fmt
terraform validate -json
- 计划和预览
terraform plan
terraform apply
- 展示申请资源
terraform show
- 删除资源(慎重)
terraform destroy
- 打赏
- 1赞
- 收藏
- 评论
- 分享
- 举报
上一篇:01.terraform概述
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK