乐趣区

关于腾讯云:Terraform系列三腾讯云CVM中的玩法

背景:

紧接:Terraform 系列一腾讯云 CVM 相干简略创立,Terraform 系列二腾讯云 CVM 进一步相干玩法。cvm 创立实现, 筹备初始化一下零碎,挂载一下数据盘,在 cvm 中装置一些软件,做一些简略的配置!

Terraform 系列三腾讯云 CVM 中的玩法

1. Terraform output

咱们通过 terraform 创立了 cvm 相干资源, 咱们该如何获取 cvm 的相干信息呢?后面我都是登陆控制台后盾查看的。我能不能通过 terraform 获取相干的我须要的信息输入呢?能够的!这里顺路提一下output……

1. 首先拿一个简略的例子来演示一下:

我须要打印出 cvm_almalinux cvm 云主机 的区域,id,名称,公网 ip 相干信息。这样我就能够获取公网 ip 信息,不必去控制台查找 ip 信息,能够间接登陆服务器了。

1. cat output.tf

output "cvm_az" {value = "${tencentcloud_instance.cvm_almalinux.availability_zone}"
}
output "cvm_id" {value = "${tencentcloud_instance.cvm_almalinux.id}"
 }
output "cvm_name" {value = "${tencentcloud_instance.cvm_almalinux.instance_name}"
 }
output "cvm_public_ip" {value = "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"
}

2. terraform apply and terraform out


这样咱们就能够获取到服务器的公网 ip 了,能够至今 ssh 登陆服务器!当然了这里只是抛砖引玉。你能够通过 output 输入各种资源相干的信息 - 你所须要的!

3. terraform output 其余的用法

从腾讯云的 腾讯云 Terraform 利用指南 学到的

[root@zhangpeng terraform]# terraform output cvm_id
"ins-hsakr7ah"

同理也能够打印其余相干信息. 理解一个命令的最好办法还是通过 –hlep 看文档

[root@zhangpeng terraform]# terraform output --help
Usage: terraform [global options] output [options] [NAME]

  Reads an output variable from a Terraform state file and prints
  the value. With no additional arguments, output will display all
  the outputs for the root module.  If NAME is not specified, all
  outputs are printed.

Options:

  -state=path      Path to the state file to read. Defaults to
                   "terraform.tfstate".

  -no-color        If specified, output won't contain any color.

  -json            If specified, machine readable output will be
                   printed in JSON format.

  -raw             For value types that can be automatically
                   converted to a string, will print the raw
                   string directly, rather than a human-oriented
                   representation of the value.

居然能够 json 输入?体验一下!

[root@zhangpeng terraform]# terraform output -json
{
  "cvm_az": {
    "sensitive": false,
    "type": "string",
    "value": "ap-beijing-2"
  },
  "cvm_id": {
    "sensitive": false,
    "type": "string",
    "value": "ins-hsxxxx"
  },
  "cvm_name": {
    "sensitive": false,
    "type": "string",
    "value": "cvm-almalinux"
  },
  "cvm_public_ip": {
    "sensitive": false,
    "type": "string",
    "value": "xxx.xxx.xxx.xxx"
  }
}

更多的用法当前缓缓区发现了。这只是 获取公网 ip 引申进去的

2. 如何通过 terraform 给 cvm 运行 shell

1. 格式化 vdb 并挂载到 data 目录

1. 创立格式化 tf 配置文件

cat mkfs.tf

resource "null_resource" "connect_private" {
  connection {host        = "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"
    type        = "ssh"
    user        = "root"
  }

  # set hostname
  provisioner "remote-exec" {
    inline = [
      "sudo mkfs -t ext4 /dev/vdb",
      "sudo mkdir /data",
      "sudo mount /dev/vdb /data"
    ]
  }
}

2. terraform plan and terraform init –upgrade

[root@zhangpeng terraform]# terraform plan

恩?提醒我要 uprade?什么鬼先执行一下!目测是要装置一个 null 的组件好吧 ……

[root@zhangpeng terraform]# terraform init --upgrade

3. terraform apply

[root@zhangpeng terraform]# terraform apply


我认为我设置免密不必设置私钥或者明码就能够的 ….. 这是不对的。设置一下私钥再走一遍!

4. 正确的形式 — 特别强调

cat mkfs.tf

resource "null_resource" "connect_private" {
  connection {host        = "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"
    type        = "ssh"
    user        = "root"
    private_key = "${file("~/.ssh/id_rsa")}"
  }

  # set hostname
  provisioner "remote-exec" {
    inline = [
      "sudo mkfs -t ext4 /dev/vdb",
      "sudo mkdir /data",
      "sudo mount /dev/vdb /data"
    ]
  }
}

注:减少了 private_key 配置

terraform plan and terraform apply

ssh 登陆服务器查看验证:

[root@cvm-almalinux /]# lsblk


ok 格式化硬盘的工作就算是胜利了! 当然了也能够在 remote-exec 中将配置写入 f stab避免服务器重启生效!

2. 装置一个软件,比方 nginx?

1. 创立 nginx.tf 配置文件

cat nginx.tf

resource "null_resource" "connect_private_nginx" {
  connection {host        = "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"
    type        = "ssh"
    user        = "root"
    private_key = "${file("~/.ssh/id_rsa")}"
  }

  # set hostname
  provisioner "remote-exec" {
    inline = [
      "sudo yum update -y",
      "sudo yum install nginx -y",
      "sudo systemctl start nginx"
    ]
  }
}

2. terraform plan and terraform apply


install 滚动条始终 0 怎么会事件 ……. 登陆服务器查看一下

调用的是一个 platform-python 装置软件没有认真区看接着期待 ing…..

连贯不到 yum 源?忽然就想到了防火墙 ……
果不其然,进口默认都是 deny 回绝!

批改平安组配置文件如下:

[root@zhangpeng terraform]# cat security_group.tf 
resource "tencentcloud_security_group" "sg_bj" {name = "sg-bj"}

resource "tencentcloud_security_group_rule" "sg_bj_1" {security_group_id = "${tencentcloud_security_group.sg_bj.id}"
    type = "ingress"
    cidr_ip = "0.0.0.0/0"
    ip_protocol = "tcp"
    port_range = "22,80"
    policy = "accept"
}
resource "tencentcloud_security_group_rule" "sg_bj_2" {security_group_id = "${tencentcloud_security_group.sg_bj.id}"
    type = "egress"
    cidr_ip = "0.0.0.0/0"
    ip_protocol = "tcp"
    policy = "accept"
}

持续 terrafrom plan terraform apply


进度条能够走了总算!期待工作完结

拜访公网 Ip nginx 失常拜访胜利!

3. 其余的形式?

不想讲脚本写在 tf 文件外面,我可不可以写一个 shell 脚本,而后用 remote-exec 去运行呢?能够的!装置一个 httpd 如下:

1. 编写 install-http.sh 脚本

install-httpd.sh

[root@k8s-master-01 terraform]# cat install-httpd.sh 
#!/bin/bash
systemctl stop nginx
yum install -y httpd
systemctl start httpd

注:主机名变了 …. 放假回家拿另外服务器跑的。嗯 id_isa 也搞了过去!后面装置过 nginx 了不做简单设置,先把!nginx 进行了!

2. 编写 httpd.tf

httpd.tf

resource "null_resource" "connect_private_httpd" {
  provisioner "file" {
    source = "install-httpd.sh"
    destination = "/tmp/install-httpd.sh"
  }
  # set hostname
  provisioner "remote-exec" {
    inline = ["chmod +x /tmp/install-httpd.sh && sh /tmp/install-httpd.sh"]
  }
  connection {host        = "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"
    type        = "ssh"
    user        = "root"
    private_key = "${file("~/.ssh/id_rsa")}"
  }
}

3. terraform plain and terraform apply

[root@k8s-master-01 terraform]# terraform plan
[root@k8s-master-01 terraform]# terraform apply



拜访 80 也是能够的。当然了简单的脚本本人编写测试吧只是抛砖引玉!


另外看办法还有local-exec?看其余文章笔记还有 ansible 联合的?有工夫都能够尝试一下

下一步的打算

  1. 讲腾讯云后盾的现有资源导出成 terraform 的配置。嗯就是导出资产 … 将资产对立治理一下配置即代码。
  2. tf 文件更标准的模块化治理?
  3. 变量的更正当使用?
  4. ansible 或者其他软件的整合?
  5. 日志输入的标准标准化
退出移动版