背景:
记得2019左右就看到过Terraform系列的文章和书籍,过后所有的业务都上云了治理也很是不便,看了一眼就没有作过多的钻研。但本着对技术倒退的前瞻敏锐性, 还是感觉这个货色是会火起来的。刚巧最佳泽阳大佬devops训练营https://www.yuque.com/devopsvip交叉上了Terraform!集体又开始下体验一把了......

一、装置Terraform

1. 包管理器 or 二进制

关上terraform官网下载页面https://www.terraform.io/downloads。抉择装置形式包管理器 or 二进制形式

2. Terraform Cloud

当然了还有托管形式Terraform Cloud......毕竟当初是一个到处cloud的时代,疏忽,这里只演示包管理器的装置形式!

3. rocky install terraform

集体的工作环境是一台rocky linux ,抉择了centos8/rhel 的yum 装置的形式:

[root@zhangpeng ~]# sudo yum install -y yum-utils[root@zhangpeng ~]# sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo[root@zhangpeng ~]# sudo yum -y install terraform



查看Terraform以后装置版本:

[root@zhangpeng ~]# terraform -versionTerraform v1.1.7on linux_amd64

二、应用Terraform治理腾讯云

参照:

1. 创立帐号并受权:

登陆拜访治理-用户-用户列表-新建用户,依照本人的形式抉择创立用户,我抉择了疾速构建


给了AdministratorAccess权限限....测试吧,原本其实我先开一个子项目而后受权?然而这目迷五色的权限配置,无从下手......点击创立用户,生成密钥:


注:生产环境应该尽量正当设置帐号权限边界!

2. 配置provider文件 and terraform init

创立一个terraform的文件夹并配置id 密钥,参照:https://cloud.tencent.com/developer/article/1473713

[root@zhangpeng ~]# mkdir terraform [root@zhangpeng ~]# cd terraform/[root@zhangpeng terraform]# vim provider.tf[root@zhangpeng terraform]# cat provider.tf provider "tencentcloud" {    secret_id  = "xxxxxxxxxxxxxxxxxxxx"    secret_key = "xxxxxxxxxxxxxxxxxxx"    region     = "ap-beijing"}



what 开始没有认真看报错,凭直觉认为是被墙....迷信上网还是如此。google搜寻:

Could not retrieve the list of available versions for provider hashicorp/tencentcloud: provider registry registry.terraform.io │ does not have a provider named registry.terraform.io/hashicorp/tencentcloud


https://registry.terraform.io/providers/tencentcloudstack/tencentcloud/latest/docs

不倡议将凭据硬编码到任何 Terraform 配置中,如果此文件已经提交给公共版本控制系统,则存在机密泄露的危险。......那还是应用零碎变量吧!
依照提醒:

[root@zhangpeng terraform]# export TENCENTCLOUD_SECRET_ID="xxxxxxxx"[root@zhangpeng terraform]# export TENCENTCLOUD_SECRET_KEY="xxxxxx"[root@zhangpeng terraform]# export TENCENTCLOUD_REGION="ap-beijing"[root@zhangpeng terraform]# terraform plan


还是没有搞起来有点狐疑人生了.......
谷歌搜了一下最新的terraform 腾讯云关键词搜寻到聂伟星的博客:_聂伟星_https://www.niewx.cn/2021/09/11/Terraform-orchestrates-Tencent-Cloud-resources/。依照流程走一下:

[root@zhangpeng terraform]# cat provider.tf terraform {  required_providers {    tencentcloud = {      source = "tencentcloudstack/tencentcloud"    }  }}provider "tencentcloud" {    secret_id  = "xxxxxxxxxxx"    secret_key = "xxxxxxxxxxx"    region     = "ap-beijing"}
[root@zhangpeng terraform]# terraform init


ok,int胜利

3.编排部署文件

就参照:https://cloud.tencent.com/developer/article/1473713

1. 首先创立一个vpc

cat vpc.ft

resource "tencentcloud_vpc" "vpc_bj" {    name = "vpc_bj"    cidr_block = "10.0.0.0/16"    is_multicast = false}

2. 创立一个路由

cat route_table.tf

resource "tencentcloud_route_table" "rtb_vpc_bj" {  vpc_id = tencentcloud_vpc.vpc_bj.id  name   = "rtb-vpc-bj"}

注:后之后觉 route其实能够不创立的.....毕竟有默认的default......

3. 创立子网

创立子网subset,我这里之间创立了4个子网.......偷懒了,集体习惯而已......
cat subnet.tf

resource "tencentcloud_subnet" "subnet_bj_01" {    name = "bj-01"    cidr_block = "10.0.1.0/24"    availability_zone = "ap-beijing-1"     vpc_id = "${tencentcloud_vpc.vpc_bj.id}"    route_table_id = "${tencentcloud_route_table.rtb_vpc_bj.id}"}resource "tencentcloud_subnet" "subnet_bj_02" {    name = "bj-02"    cidr_block = "10.0.2.0/24"    availability_zone = "ap-beijing-2"    vpc_id = "${tencentcloud_vpc.vpc_bj.id}"    route_table_id = "${tencentcloud_route_table.rtb_vpc_bj.id}"}resource "tencentcloud_subnet" "subnet_bj_03" {    name = "bj-03"    cidr_block = "10.0.3.0/24"    availability_zone = "ap-beijing-3"    vpc_id = "${tencentcloud_vpc.vpc_bj.id}"    route_table_id = "${tencentcloud_route_table.rtb_vpc_bj.id}"}resource "tencentcloud_subnet" "subnet_bj_04" {    name = "bj-04"    cidr_block = "10.0.4.0/24"    availability_zone = "ap-beijing-4"    vpc_id = "${tencentcloud_vpc.vpc_bj.id}"    route_table_id = "${tencentcloud_route_table.rtb_vpc_bj.id}"}

4. 创立平安组

cat security_group.tf

resource "tencentcloud_security_group" "sg_bj" {    name = "sg-bj"    }resource "tencentcloud_security_group_rule" "sg_bj_1" {    security_group_id = "${tencentcloud_security_group.sg_bj.id}"    type = "ingress"    cidr_ip = "0.0.0.0/0"    ip_protocol = "tcp"    port_range = "22,80"    policy = "accept"}

5. 创立cvm

cat cvm.tf

resource "tencentcloud_instance" "cvm_almalinux" {  instance_name = "cvm-almalinux"  availability_zone = "ap-beijing-2"  image_id = "img-q95tlc25"  instance_type = "S2.MEDIUM2"  system_disk_type = "CLOUD_PREMIUM"        security_groups = [    "${tencentcloud_security_group.sg_bj.id}"  ]  vpc_id = "${tencentcloud_vpc.vpc_bj.id}"  subnet_id = "${tencentcloud_subnet.subnet_bj_02.id}"  internet_max_bandwidth_out = 10  count = 1}

当然了区域镜像都能够本人抉择了 .....我img-q95tlc25是一个almalinux的镜像。新近找腾讯云团队问能不能早点上rocky 跟almalinux的镜像。给我分享了一下正好测试一下!

6 . terraform plan

执行 terraform plan 预览部署打算,

[root@zhangpeng terraform]# terraform plan




7. terraform apply

terraform apply 进行资源部署

[root@zhangpeng terraform]# terraform apply


enter a value输出yes 确认。期待资源创立!

4.验证资源的部署

登陆腾讯云后盾似有网络管理页面:https://console.cloud.tencent.com/vpc/vpc抉择北京区域。查看新建的vpc创立胜利

点开对应vpc route发现route也创立胜利,默认是有default路由的,所以我这里是不是能够不创立路由?

点击子网查看创立的四个subset子网:

点击上图bj-02子网中的cvm查看示例名 镜像id 规格与配置文件绝对应!

后续:

  1. 给cvm绑定公网ip
  2. 调整硬盘大小,增加数据盘
  3. 给cvm绑定ssh-key

以上都是针对cvm的治理,其余的想更进一步体验一下其余服务的治理。比方 数据库 负载平衡 tke等其余的相干根底服务!
对了删除服务我也体验过了......开始创立有问题删除从新创立的:

terraform showterraform destroy

另外感觉集体对帐号的权限治理玩的不太好。想深入研究一下腾讯云的cam访问控制
特地鸣谢:

  1. 聂伟星的博客https://registry.terraform.io/providers/tencentcloudstack
  2. 腾讯云生态产品团队:腾讯云Terraform利用指南(一)(比拟早的文章了,有点老)
  3. 官网文档:https://registry.terraform.io/providers/tencentcloudstack/tencentcloud/latest/docs/