Skip to content

Terraform Basic

Terraform 简介

Terraform(IaaC)是用于安全有效地构建,更改和版本控制基础结构的工具。 Terraform可以管理现有和流行的服务提供商以及定制的内部解> 决方案。

配置文件向Terraform描述了运行单个应用程序或整个数据中心所需的组件。Terraform生成执行计划,以描述达到预期状态所需执行的> 操作,然后执行该计划以构建所描述的基础结构。随着配置的更改,Terraform能够确定更改的内容并创建可以应用的增量执行计划。

Terraform可以管理的基础结构包括低级组件,例如计算实例,存储和网络,以及高级组件,例如DNS条目,SaaS功能等。

Terraform 安装

首先从官方站点下载与当前系统相同的Terraform版本, 解压缩, 然后放置于环境变量目录下即可.

Linux系统下(其他系统?):

$ wget https://releases.hashicorp.com/terraform/0.13.5/terraform_0.13.5_linux_amd64.zip
$ unzip terraform_0.13.5_linux_amd64.zip
$ cd terraform_0.13.5_linux_amd64
$ chmod +x terraform
$ mv terraform /usr/bin/

## 检验安装
$ terraform --version
Terraform v0.13.5

# 为bash或者zsh添加命令行自动补全功能
$ terraform -install-autocomplete
$ wget https://releases.hashicorp.com/terraform/0.13.5/terraform_0.13.5_linux_amd64.zip
$ unzip terraform_0.13.5_linux_amd64.zip
$ cd terraform_0.13.5_linux_amd64
$ chmod +x terraform
$ mv terraform /usr/bin/

## 检验安装
$ terraform --version
Terraform v0.13.5

# 为bash或者zsh添加命令行自动补全功能
$ terraform -install-autocomplete

Terraform with AWS

预先准备:

  • aws cli已成功安装;
  • 成功获取AKSK;
  • aws 本地证书已成功配置;

aws cli安装很简单, 在此就不再赘述.

使用AKSK配置aws本地证书:

$ aws configure
# 会提示输入AKSK信息, 可以从 https://console.aws.amazon.com/iam/home?#security_credential 获取
AWS Access Key ID [****************CRUK]: AKI******HHMRQ
AWS Secret Access Key [****************4K/x]: z0RR******NK0wZE37A
Default region name [ap-east-1]: 
Default output format [yaml]: 
$ aws configure
# 会提示输入AKSK信息, 可以从 https://console.aws.amazon.com/iam/home?#security_credential 获取
AWS Access Key ID [****************CRUK]: AKI******HHMRQ
AWS Secret Access Key [****************4K/x]: z0RR******NK0wZE37A
Default region name [ap-east-1]: 
Default output format [yaml]: 

执行完该命令之后, 会自动在家目录(Mac/Linux/Windows)创建一个名为.aws的文件夹, 文件夹中包含config配置文件以及credentials证书认证文件(实际为AKSK明文的ini风格文件).

快速开始

编写配置文件:

# vim main.tf
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.0"
    }
  }
}

# Configure the AWS Provider
provider "aws" {
  profile = "default"
  region = "us-east-1"
}

resource "aws_instance" "example" {
  count         = 1     # 运行的实例数
  ami           = "ami-07efac79022b86107"        # 指定ami
  instance_type = "t2.micro"            # 指定实例类型
  tags = {
    Name = "Server ${count.index}"
  }
}
# vim main.tf
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.0"
    }
  }
}

# Configure the AWS Provider
provider "aws" {
  profile = "default"
  region = "us-east-1"
}

resource "aws_instance" "example" {
  count         = 1     # 运行的实例数
  ami           = "ami-07efac79022b86107"        # 指定ami
  instance_type = "t2.micro"            # 指定实例类型
  tags = {
    Name = "Server ${count.index}"
  }
}

初始化:

$ terrform init
$ terrform init

格式化和验证配置文件:

$ terraform fmt
$ terraform validate
Success! The configuration is valid.
$ terraform fmt
$ terraform validate
Success! The configuration is valid.

应用配置文件:

$ terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_instance.example will be created
  + resource "aws_instance" "example" {
      + ami                          = "ami-03657b56516ab7912"
      + arn                          = (known after apply)
      + associate_public_ip_address  = (known after apply)
      + availability_zone            = (known after apply)
      + cpu_core_count               = (known after apply)
      + cpu_threads_per_core         = (known after apply)
      + get_password_data            = false
...
Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes    # 确认完信息之后输入yes

aws_instance.example: Creating...
aws_instance.example: Still creating... [10s elapsed]
aws_instance.example: Still creating... [20s elapsed]
aws_instance.example: Still creating... [30s elapsed]
aws_instance.example: Creation complete after 33s [id=i-0073fc0ea18bc948b]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed

$ terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_instance.example will be created
  + resource "aws_instance" "example" {
      + ami                          = "ami-03657b56516ab7912"
      + arn                          = (known after apply)
      + associate_public_ip_address  = (known after apply)
      + availability_zone            = (known after apply)
      + cpu_core_count               = (known after apply)
      + cpu_threads_per_core         = (known after apply)
      + get_password_data            = false
...
Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes    # 确认完信息之后输入yes

aws_instance.example: Creating...
aws_instance.example: Still creating... [10s elapsed]
aws_instance.example: Still creating... [20s elapsed]
aws_instance.example: Still creating... [30s elapsed]
aws_instance.example: Creation complete after 33s [id=i-0073fc0ea18bc948b]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed

使用terraform show查看生成后的信息.

将state文件存放到远程

Terraform的状态文件以及所有配置文件都是存于本地的, 如果要协同工作, 则需将文件推送到远端, 可以使用Github, GitLab, aws S3等等, 同时, 官方也提供了一个云端平台来存储和协同工作.

Terraform Cloud 使用参考: https://learn.hashicorp.com/tutorials/terraform/aws-remote?in=terraform/aws-get-started

token生成: https://app.terraform.io/app/settings/tokens, 将生成之后的token放置于~/.terraformrc文件中(Windows系统为%APPDATA%\terraform.rc), 文件内容如下所示:

credentials "app.terraform.io" {
  token = "REPLACE_ME"
}

credentials "app.terraform.io" {
  token = "REPLACE_ME"
}

在配置文件中引用远端存储配置示例文件内容如下所示:

terraform {
  backend "remote" {
    organization = "AGou-ops"

    workspaces {
      name = "Example-Workspace"
    }
  }
}
terraform {
  backend "remote" {
    organization = "AGou-ops"

    workspaces {
      name = "Example-Workspace"
    }
  }
}

最后初始化即可, terraform init

其他

  • terraform apply [--auto-approve -target <RESOURCES>]: 应用.tf文件, 并自动应答yes, 指定资源名称;
  • terraform fmt: 格式化配置文件;
  • terraform validate: 检查配置文件语法是否正确;
  • terraform show: 查看生成之后的状态;
  • terraform state list: 查看状态列表;
  • terraform state show <STATE_LIST_OUTPUT_NAME>: 查看指定状态的详细信息;
  • terraform refresh: 刷新状态;
  • terraform destroy [-target <RESOURCES>]: 摧毁;

参考链接