背景:

紧接:Terraform系列一腾讯云CVM相干简略创立,Terraform系列二腾讯云CVM进一步相干玩法。cvm创立实现,筹备初始化一下零碎,挂载一下数据盘,在cvm中装置一些软件,做一些简略的配置!

Terraform系列三腾讯云CVM中的玩法

1. Terraform output

咱们通过terraform创立了cvm相干资源,咱们该如何获取cvm的相干信息呢?后面我都是登陆控制台后盾查看的。我能不能通过terraform获取相干的我须要的信息输入呢?能够的!这里顺路提一下output......

1. 首先拿一个简略的例子来演示一下:

我须要打印出cvm_almalinux cvm云主机 的区域,id ,名称,公网ip相干信息。这样我就能够获取公网ip信息,不必去控制台查找ip信息,能够间接登陆服务器了。

1. cat output.tf

output "cvm_az" {  value = "${tencentcloud_instance.cvm_almalinux.availability_zone}"}output "cvm_id" {  value = "${tencentcloud_instance.cvm_almalinux.id}" }output "cvm_name" {  value = "${tencentcloud_instance.cvm_almalinux.instance_name}" }output "cvm_public_ip" {  value = "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"}

2. terraform apply and terraform out


这样咱们就能够获取到服务器的公网ip了,能够至今ssh登陆服务器!当然了这里只是抛砖引玉。你能够通过output输入各种资源相干的信息-你所须要的!

3. terraform output 其余的用法

从腾讯云的腾讯云Terraform利用指南学到的

[root@zhangpeng terraform]# terraform output cvm_id"ins-hsakr7ah"

同理也能够打印其余相干信息.理解一个命令的最好办法还是通过--hlep看文档

[root@zhangpeng terraform]# terraform output --helpUsage: terraform [global options] output [options] [NAME]  Reads an output variable from a Terraform state file and prints  the value. With no additional arguments, output will display all  the outputs for the root module.  If NAME is not specified, all  outputs are printed.Options:  -state=path      Path to the state file to read. Defaults to                   "terraform.tfstate".  -no-color        If specified, output won't contain any color.  -json            If specified, machine readable output will be                   printed in JSON format.  -raw             For value types that can be automatically                   converted to a string, will print the raw                   string directly, rather than a human-oriented                   representation of the value.

居然能够json输入?体验一下!

[root@zhangpeng terraform]# terraform output -json{  "cvm_az": {    "sensitive": false,    "type": "string",    "value": "ap-beijing-2"  },  "cvm_id": {    "sensitive": false,    "type": "string",    "value": "ins-hsxxxx"  },  "cvm_name": {    "sensitive": false,    "type": "string",    "value": "cvm-almalinux"  },  "cvm_public_ip": {    "sensitive": false,    "type": "string",    "value": "xxx.xxx.xxx.xxx"  }}

更多的用法当前缓缓区发现了。这只是获取公网ip引申进去的

2. 如何通过terraform给cvm运行shell

1. 格式化vdb并挂载到data目录

1. 创立格式化tf配置文件

cat mkfs.tf

resource "null_resource" "connect_private" {  connection {    host        = "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"    type        = "ssh"    user        = "root"  }  # set hostname  provisioner "remote-exec" {    inline = [      "sudo mkfs -t ext4 /dev/vdb",      "sudo mkdir /data",      "sudo mount /dev/vdb /data"    ]  }}

2. terraform plan and terraform init --upgrade

[root@zhangpeng terraform]# terraform plan

恩?提醒我要uprade?什么鬼先执行一下!目测是要装置一个null的组件好吧......

[root@zhangpeng terraform]# terraform init --upgrade

3. terraform apply

[root@zhangpeng terraform]# terraform apply


我认为我设置免密不必设置私钥或者明码就能够的.....这是不对的。设置一下私钥再走一遍!

4.正确的形式---特别强调

cat mkfs.tf

resource "null_resource" "connect_private" {  connection {    host        = "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"    type        = "ssh"    user        = "root"    private_key = "${file("~/.ssh/id_rsa")}"  }  # set hostname  provisioner "remote-exec" {    inline = [      "sudo mkfs -t ext4 /dev/vdb",      "sudo mkdir /data",      "sudo mount /dev/vdb /data"    ]  }}

注:减少了private_key配置

terraform plan and terraform apply

ssh登陆服务器查看验证:

[root@cvm-almalinux /]# lsblk


ok 格式化硬盘的工作就算是胜利了!当然了也能够在remote-exec中将配置写入fstab避免服务器重启生效!

2.装置一个软件,比方nginx?

1. 创立nginx.tf配置文件

cat nginx.tf

resource "null_resource" "connect_private_nginx" {  connection {    host        = "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"    type        = "ssh"    user        = "root"    private_key = "${file("~/.ssh/id_rsa")}"  }  # set hostname  provisioner "remote-exec" {    inline = [      "sudo yum update -y",      "sudo yum install nginx -y",      "sudo systemctl start nginx"    ]  }}

2. terraform plan and terraform apply


install 滚动条始终0怎么会事件.......登陆服务器查看一下

调用的是一个platform-python装置软件没有认真区看接着期待ing.....

连贯不到yum源?忽然就想到了防火墙......
果不其然,进口默认都是deny回绝!

批改平安组配置文件如下:

[root@zhangpeng terraform]# cat security_group.tf resource "tencentcloud_security_group" "sg_bj" {    name = "sg-bj"    }resource "tencentcloud_security_group_rule" "sg_bj_1" {    security_group_id = "${tencentcloud_security_group.sg_bj.id}"    type = "ingress"    cidr_ip = "0.0.0.0/0"    ip_protocol = "tcp"    port_range = "22,80"    policy = "accept"}resource "tencentcloud_security_group_rule" "sg_bj_2" {    security_group_id = "${tencentcloud_security_group.sg_bj.id}"    type = "egress"    cidr_ip = "0.0.0.0/0"    ip_protocol = "tcp"    policy = "accept"}

持续terrafrom plan terraform apply


进度条能够走了总算!期待工作完结

拜访公网Ip nginx失常拜访胜利!

3.其余的形式?

不想讲脚本写在tf文件外面,我可不可以写一个shell脚本,而后用remote-exec去运行呢?能够的!装置一个httpd如下:

1. 编写install-http.sh脚本

install-httpd.sh

[root@k8s-master-01 terraform]# cat install-httpd.sh #!/bin/bashsystemctl stop nginxyum install -y httpdsystemctl start httpd

注:主机名变了....放假回家拿另外服务器跑的。嗯id_isa也搞了过去!后面装置过nginx了不做简单设置,先把!nginx进行了!

2. 编写httpd.tf

httpd.tf

resource "null_resource" "connect_private_httpd" {  provisioner "file" {    source = "install-httpd.sh"    destination = "/tmp/install-httpd.sh"  }  # set hostname  provisioner "remote-exec" {    inline = [      "chmod +x /tmp/install-httpd.sh && sh /tmp/install-httpd.sh"    ]  }  connection {    host        = "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"    type        = "ssh"    user        = "root"    private_key = "${file("~/.ssh/id_rsa")}"  }}

3. terraform plain and terraform apply

[root@k8s-master-01 terraform]# terraform plan[root@k8s-master-01 terraform]# terraform apply



拜访80也是能够的。当然了简单的脚本本人编写测试吧只是抛砖引玉!


另外看办法还有local-exec?看其余文章笔记还有ansible联合的?有工夫都能够尝试一下

下一步的打算

  1. 讲腾讯云后盾的现有资源导出成terraform的配置。嗯就是导出资产...将资产对立治理一下配置即代码。
  2. tf文件更标准的模块化治理?
  3. 变量的更正当使用?
  4. ansible或者其他软件的整合?
  5. 日志输入的标准标准化