背景:
紧接:Terraform系列一腾讯云CVM相干简略创立,Terraform系列二腾讯云CVM进一步相干玩法。cvm创立实现,筹备初始化一下零碎,挂载一下数据盘,在cvm中装置一些软件,做一些简略的配置!
Terraform系列三腾讯云CVM中的玩法
1. Terraform output
咱们通过terraform创立了cvm相干资源,咱们该如何获取cvm的相干信息呢?后面我都是登陆控制台后盾查看的。我能不能通过terraform获取相干的我须要的信息输入呢?能够的!这里顺路提一下output……
1. 首先拿一个简略的例子来演示一下:
我须要打印出cvm_almalinux cvm云主机 的区域,id ,名称,公网ip相干信息。这样我就能够获取公网ip信息,不必去控制台查找ip信息,能够间接登陆服务器了。
1. cat output.tf
output "cvm_az" {
value = "${tencentcloud_instance.cvm_almalinux.availability_zone}"
}
output "cvm_id" {
value = "${tencentcloud_instance.cvm_almalinux.id}"
}
output "cvm_name" {
value = "${tencentcloud_instance.cvm_almalinux.instance_name}"
}
output "cvm_public_ip" {
value = "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"
}
2. terraform apply and terraform out
这样咱们就能够获取到服务器的公网ip了,能够至今ssh登陆服务器!当然了这里只是抛砖引玉。你能够通过output输入各种资源相干的信息-你所须要的!
3. terraform output 其余的用法
从腾讯云的腾讯云Terraform利用指南学到的
[root@zhangpeng terraform]# terraform output cvm_id
"ins-hsakr7ah"同理也能够打印其余相干信息.理解一个命令的最好办法还是通过–hlep看文档
[root@zhangpeng terraform]# terraform output --help
Usage: terraform [global options] output [options] [NAME]
Reads an output variable from a Terraform state file and prints
the value. With no additional arguments, output will display all
the outputs for the root module. If NAME is not specified, all
outputs are printed.
Options:
-state=path Path to the state file to read. Defaults to
"terraform.tfstate".
-no-color If specified, output won't contain any color.
-json If specified, machine readable output will be
printed in JSON format.
-raw For value types that can be automatically
converted to a string, will print the raw
string directly, rather than a human-oriented
representation of the value.居然能够json输入?体验一下!
[root@zhangpeng terraform]# terraform output -json
{
"cvm_az": {
"sensitive": false,
"type": "string",
"value": "ap-beijing-2"
},
"cvm_id": {
"sensitive": false,
"type": "string",
"value": "ins-hsxxxx"
},
"cvm_name": {
"sensitive": false,
"type": "string",
"value": "cvm-almalinux"
},
"cvm_public_ip": {
"sensitive": false,
"type": "string",
"value": "xxx.xxx.xxx.xxx"
}
}
更多的用法当前缓缓区发现了。这只是获取公网ip引申进去的!
2. 如何通过terraform给cvm运行shell
1. 格式化vdb并挂载到data目录
1. 创立格式化tf配置文件
cat mkfs.tf
resource "null_resource" "connect_private" {
connection {
host = "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"
type = "ssh"
user = "root"
}
# set hostname
provisioner "remote-exec" {
inline = [
"sudo mkfs -t ext4 /dev/vdb",
"sudo mkdir /data",
"sudo mount /dev/vdb /data"
]
}
}
2. terraform plan and terraform init –upgrade
[root@zhangpeng terraform]# terraform plan恩?提醒我要uprade?什么鬼先执行一下!目测是要装置一个null的组件好吧……
[root@zhangpeng terraform]# terraform init --upgrade
3. terraform apply
[root@zhangpeng terraform]# terraform apply
我认为我设置免密不必设置私钥或者明码就能够的…..这是不对的。设置一下私钥再走一遍!
4.正确的形式—特别强调
cat mkfs.tf
resource "null_resource" "connect_private" {
connection {
host = "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"
type = "ssh"
user = "root"
private_key = "${file("~/.ssh/id_rsa")}"
}
# set hostname
provisioner "remote-exec" {
inline = [
"sudo mkfs -t ext4 /dev/vdb",
"sudo mkdir /data",
"sudo mount /dev/vdb /data"
]
}
}注:减少了private_key配置
terraform plan and terraform apply
ssh登陆服务器查看验证:
[root@cvm-almalinux /]# lsblk
ok 格式化硬盘的工作就算是胜利了!当然了也能够在remote-exec中将配置写入fstab避免服务器重启生效!
2.装置一个软件,比方nginx?
1. 创立nginx.tf配置文件
cat nginx.tf
resource "null_resource" "connect_private_nginx" {
connection {
host = "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"
type = "ssh"
user = "root"
private_key = "${file("~/.ssh/id_rsa")}"
}
# set hostname
provisioner "remote-exec" {
inline = [
"sudo yum update -y",
"sudo yum install nginx -y",
"sudo systemctl start nginx"
]
}
}2. terraform plan and terraform apply
install 滚动条始终0怎么会事件…….登陆服务器查看一下
调用的是一个platform-python装置软件没有认真区看接着期待ing…..
连贯不到yum源?忽然就想到了防火墙……
果不其然,进口默认都是deny回绝!
批改平安组配置文件如下:
[root@zhangpeng terraform]# cat security_group.tf
resource "tencentcloud_security_group" "sg_bj" {
name = "sg-bj"
}
resource "tencentcloud_security_group_rule" "sg_bj_1" {
security_group_id = "${tencentcloud_security_group.sg_bj.id}"
type = "ingress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "tcp"
port_range = "22,80"
policy = "accept"
}
resource "tencentcloud_security_group_rule" "sg_bj_2" {
security_group_id = "${tencentcloud_security_group.sg_bj.id}"
type = "egress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "tcp"
policy = "accept"
}
持续terrafrom plan terraform apply
进度条能够走了总算!期待工作完结
拜访公网Ip nginx失常拜访胜利!
3.其余的形式?
不想讲脚本写在tf文件外面,我可不可以写一个shell脚本,而后用remote-exec去运行呢?能够的!装置一个httpd如下:
1. 编写install-http.sh脚本
install-httpd.sh
[root@k8s-master-01 terraform]# cat install-httpd.sh
#!/bin/bash
systemctl stop nginx
yum install -y httpd
systemctl start httpd注:主机名变了….放假回家拿另外服务器跑的。嗯id_isa也搞了过去!后面装置过nginx了不做简单设置,先把!nginx进行了!
2. 编写httpd.tf
httpd.tf
resource "null_resource" "connect_private_httpd" {
provisioner "file" {
source = "install-httpd.sh"
destination = "/tmp/install-httpd.sh"
}
# set hostname
provisioner "remote-exec" {
inline = [
"chmod +x /tmp/install-httpd.sh && sh /tmp/install-httpd.sh"
]
}
connection {
host = "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"
type = "ssh"
user = "root"
private_key = "${file("~/.ssh/id_rsa")}"
}
}3. terraform plain and terraform apply
[root@k8s-master-01 terraform]# terraform plan
[root@k8s-master-01 terraform]# terraform apply
拜访80也是能够的。当然了简单的脚本本人编写测试吧只是抛砖引玉!
另外看办法还有local-exec?看其余文章笔记还有ansible联合的?有工夫都能够尝试一下
下一步的打算
- 讲腾讯云后盾的现有资源导出成terraform的配置。嗯就是导出资产…将资产对立治理一下配置即代码。
- tf文件更标准的模块化治理?
- 变量的更正当使用?
- ansible或者其他软件的整合?
- 日志输入的标准标准化
发表回复