IaC基础设施即代码:Terraform 连接 tencentcloud COS 实现多资源管理
发布时间:2024年01月24日
目录
?2.Terraform 连接 tencentcloud 腾讯云COS
?
?
?一、实验
1.环境
(1)主机
表1-1 主机
| 主机 | 系统 | 软件 | 工具 | 备注 |
| jia | Windows? | Terraform 1.6.6 | VS Code、?PowerShell、?Chocolatey | ? |
?
?2.Terraform 连接 tencentcloud 腾讯云COS
(1)验证版本
terraform version
terraform -v 
(2)连接
参考本人上一篇博客:
IaC基础设施即代码:使用Terraform 连接 tencentcloud腾讯云 并创建后端COS-CSDN博客
?
3.申请VPC专有网络资源
(1)查看目录
?(2)创建主配置文件
main.tf
# Configure the TencentCloud Provider
provider "tencentcloud" {
secret_id = var.secret_id
secret_key = var.secret_key
region = var.region
}?
(3) 创建密钥配置文件
terraform.tfvars
secret_id = "XXXXX"
secret_key = "XXXXX"
?
?
(4)创建版本配置文件
versions.tf
terraform {
required_providers {
tencentcloud = {
source = "tencentcloudstack/tencentcloud"
version = "1.81.69"
}
}
}
?
(5)创建变量配置文件
variables.tf
variable "secret_id" {
type = string
}
variable "secret_key" {
type = string
}
variable "region" {
type = string
default = "ap-nanjing"
sensitive = true
}?
(6)创建后端配置文件
backend.tf
(8)?初始化
terraform init
?
(7)格式化代码
terraform fmt
?
(8)验证代码
terraform validate ?
?
(9) 创建网络模块
主配置文件 main.tf
resource "tencentcloud_vpc" "vpc" {
name = var.vpc_name
cidr_block = var.vpc_cidr_block
tags = {
"env" = var.env_name
}
}
resource "tencentcloud_subnet" "subnet" {
availability_zone = var.availability_zone
name = var.subnet_name
vpc_id = tencentcloud_vpc.vpc.id
cidr_block = var.subnet_cidr_block
}
变量配置文件 variables.tf
variable "vpc_name" {
type = string
default = "vpc"
sensitive = true
}
variable "vpc_cidr_block" {
type = string
sensitive = true
}
variable "env_name" {
type = string
}
variable "subnet_cidr_block" {
type = string
}
variable "subnet_name" {
type = string
}
variable "availability_zone" {
type = string
}
版本配置文件 versions.tf
terraform {
required_providers {
tencentcloud = {
source = "tencentcloudstack/tencentcloud"
version = "1.81.69"
}
}
}
(10)查看网络模块目录
(11)创建专有网络资源配置文件
vpc.tf
locals {
vpc_name = "dev-vpc"
vpc_cidr_block = "172.16.0.0/12"
env_name = "dev"
subnet_cidr_block = "172.16.0.0/21"
availability_zone = "ap-nanjing-1"
subnet_name = "dev-subnet"
}
module "dev-vpc" {
source = "../../../modules/vpc"
vpc_name = local.vpc_name
vpc_cidr_block = local.vpc_cidr_block
env_name = local.env_name
subnet_name = local.subnet_name
availability_zone = local.availability_zone
subnet_cidr_block = local.subnet_cidr_block
}
(12)查看网路服务目录
(13)?初始化
terraform init?
(14)格式化代码
terraform fmt
?
(15)验证代码
terraform validate 
?
(16)计划与预览
terraform plan
(17)申请资源
terraform apply
(18)登录腾讯云系统查看
存储桶已添加网络服务配置文件
私有网络
子网
?
4.申请安全组资源
(1) 创建安全组模块
主配置文件 main.tf
?
# Create security group
resource "tencentcloud_security_group" "default" {
name = var.security_group_name
description = var.security_group_desc
}
resource "tencentcloud_security_group_lite_rule" "web" {
security_group_id = tencentcloud_security_group.default.id
ingress = [
"ACCEPT#0.0.0.0/0#80#TCP",
"ACCEPT#0.0.0.0/0#8080#TCP",
"ACCEPT#0.0.0.0/0#443#TCP",
"ACCEPT#0.0.0.0/0#22#TCP"
]
egress = [
"ACCEPT#0.0.0.0/0#22#TCP",
"ACCEPT#0.0.0.0/0#80#TCP",
"ACCEPT#0.0.0.0/0#8080#TCP",
"ACCEPT#0.0.0.0/0#443#TCP"
]
}?
变量配置文件 variables.tf
variable "security_group_name" {
type = string
}
variable "security_group_desc" {
type = string
}?
版本配置文件 versions.tf
terraform {
required_providers {
tencentcloud = {
source = "tencentcloudstack/tencentcloud"
version = "1.81.69"
}
}
}
?
(2)查看安全组模块目录
(3)创建安全配置文件
security_group.tf
locals {
security_group_name = "dev-sec-group"
security_group_desc = "dev env group"
}
module "dev-sec-group" {
source = "../../../modules/security_group"
security_group_desc = local.security_group_desc
security_group_name = local.security_group_name
}
(4)创建输出配置文件
output "vpc_id" {
value = module.dev-vpc.vpc_id
}
output "subnet_id" {
value = module.dev-vpc.subnet_id
}
output "security_group_id" {
value = module.dev-sec-group.security_group_id
}
(5)查看网络服务目录
?
(6)格式化代码
terraform fmt
?
(7)验证代码
terraform validate ?
(8)计划与预览
terraform plan?
(9)申请资源
terraform apply?
?
(10)登录腾讯云系统查看
安全组
入站规则
出站规则
?
?
?
5.申请CVM资源
(1)查看目录
?(2)创建配置文件
主配置文件main.tf 、密钥配置文件terraform.tfvars、版本配置文件versions.tf 与之前的网络服务相同。
?
(3)创建后端配置文件
backend.tf
(4)? 修改主配置文件
main.tf
?
(5)?初始化
terraform init
(6)创建云主机模块
主配置文件main.tf
resource "tencentcloud_instance" "instance" {
instance_name = var.instance_name
availability_zone = var.availability_zone
image_id = var.image_id
instance_type = var.instance_type
system_disk_type = "CLOUD_PREMIUM"
system_disk_size = 50
allocate_public_ip = false
# internet_charge_type = "BANDWIDTH_POSTPAID_BY_HOUR"
internet_max_bandwidth_out = 0
orderly_security_groups = var.security_group_id
vpc_id = var.vpc_id
subnet_id = var.subnet_id
password = "root@123"
user_data_raw = <<-EOF
#!/bin/bash
yum -y install nginx
echo `hostname` >/usr/share/nginx/html/index.html
systemctl restart nginx
EOF
lifecycle {
create_before_destroy = true
}
}
输出配置文件outputs.tf
output "instance_id" {
value = tencentcloud_instance.instance.id
}
变量配置文件cariables.tf
variable "instance_name" {
type = string
}
variable "availability_zone" {
type = string
}
variable "image_id" {
type = string
}
variable "instance_type" {
type = string
}
variable "security_group_id" {
type = list(string)
}
variable "vpc_id" {
}
variable "subnet_id" {
}
版本配置文件versions.tf
terraform {
required_providers {
tencentcloud = {
source = "tencentcloudstack/tencentcloud"
version = "1.81.69"
}
}
}
?
(7)查看云主机模块
(8) 创建云主机配置文件
cvm.tf
data "tencentcloud_instance_types" "t2c2g" {
cpu_core_count = 2
memory_size = 2
exclude_sold_out = true
filter {
name = "instance-family"
values = ["S5"]
}
filter {
name = "zone"
values = ["ap-nanjing-1"]
}
filter {
name = "instance-charge-type"
values = ["POSTPAID_BY_HOUR"]
}
}
data "tencentcloud_images" "images" {
image_type = ["PUBLIC_IMAGE"]
os_name = "centos 7.9"
}
output "instance_type" {
value = data.tencentcloud_instance_types.t2c2g.instance_types.0.instance_type
}
output "image_id" {
value = data.tencentcloud_images.images.images[0].image_id
}
(9)?计划与预览
terraform plan拿到镜像id和实例类型
(10)修改云主机配置文件
cvm.tf ,添加如下代码
locals {
instance_name = "dev-instance"
instance_type = data.tencentcloud_instance_types.t2c2g.instance_types.0.instance_type
image_id = data.tencentcloud_images.images.images[0].image_id
security_group_id = [data.terraform_remote_state.network-data.outputs.security_group_id]
availability_zone = "ap-nanjing-1"
counts = 2
vpc_id = data.terraform_remote_state.network-data.outputs.vpc_id
subnet_id = data.terraform_remote_state.network-data.outputs.subnet_id
}
module "dev-cvm" {
source = "../../../modules/cvm"
count = local.counts
instance_name = "${local.instance_name}-${count.index}"
instance_type = local.instance_type
image_id = local.image_id
security_group_id = local.security_group_id
availability_zone = local.availability_zone
vpc_id = local.vpc_id
subnet_id = local.subnet_id
}
(11)初始化
terraform init
(12)格式化代码
terraform fmt
(13)验证代码
terraform validate
(14)计划与预览
terraform plan
(15)申请资源
terraform apply
yes
(16) 登录腾讯云系统查看
已新增2台云主机
(17)远程登录
(18)登录成功
(19) 测试
curl 127.0.0.1返回当前主机名
(20) 查看存储桶
已新增service配置文件
(21)查看服务目录
?
6.申请CLB资源
?(1)创建CLB模块
主配置文件main.tf
resource "tencentcloud_clb_instance" "internal_clb" {
network_type = "OPEN"
clb_name = var.clb_name
vpc_id = var.vpc_id
# subnet_id = var.subnet_id
tags = {
test = var.env_name
}
}
resource "tencentcloud_clb_listener" "listener" {
clb_id = tencentcloud_clb_instance.internal_clb.id
listener_name = var.listener_name
port = var.listener_port
protocol = var.listener_protocol
health_check_switch = true
health_check_time_out = 2
health_check_interval_time = 5
health_check_health_num = 3
health_check_unhealth_num = 3
session_expire_time = 30
scheduler = var.scheduler
}
resource "tencentcloud_clb_attachment" "foo" {
clb_id = tencentcloud_clb_instance.internal_clb.id
listener_id = tencentcloud_clb_listener.listener.listener_id
dynamic "targets" {
for_each = [for instance in var.instance_ids : instance]
content {
instance_id = targets.value
port = var.backend_port
weight = var.backend_weight
}
}
}
?
输出配置文件outputs.tf
output "clb_instance_id" {
value = tencentcloud_clb_instance.internal_clb.id
}
output "clb_instance_vip" {
value = tencentcloud_clb_instance.internal_clb.clb_vips
}?
变量配置文件cariables.tf
variable "clb_name" {
}
variable "vpc_id" {
}
variable "subnet_id" {
}
variable "env_name" {
}
variable "listener_name" {
}
variable "listener_port" {
}
variable "listener_protocol" {
}
variable "scheduler" {
}
variable "instance_ids" {
}
variable "backend_port" {
}
variable "backend_weight" {
}?
版本配置文件versions.tf
terraform {
required_providers {
tencentcloud = {
source = "tencentcloudstack/tencentcloud"
version = "1.81.69"
}
}
}
?
(7)查看CLB模块
(8) 创建CLB配置文件
clb.tf
locals {
clb_name = "dev-clb"
vpc_ids = data.terraform_remote_state.network-data.outputs.vpc_id
subnet_ids = data.terraform_remote_state.network-data.outputs.subnet_id
env_name = "dev"
listener_name = "dev-listener"
listener_port = 80
listener_protocol = "TCP"
scheduler = "WRR"
instance_ids = module.dev-cvm.*.instance_id
backend_port = 80
backend_weight = 100
}
module "dev-clb" {
source = "../../../modules/clb"
clb_name = local.clb_name
vpc_id = local.vpc_ids
subnet_id = local.subnet_ids
env_name = local.env_name
listener_name = local.listener_name
listener_port = local.listener_port
listener_protocol = local.listener_protocol
scheduler = local.scheduler
instance_ids = local.instance_ids
backend_port = local.backend_port
backend_weight = local.backend_weight
}
(9) 初始化
terraform init
(10)格式化代码
terraform fmt
(11)验证代码
terraform validate
(12)计划与预览
terraform plan3个资源将要被添加
(13)申请资源
terraform apply
yes
(14)登录腾讯云查看
已新增负载均衡
(15)访问地址
(16)查看监听器状态
(17)监听方式
WRR 加权轮询
?
7.申请DNS资源
(1)创建域名
(2) 查看
?
(3)创建DNS配置文件
dns.tf
resource "tencentcloud_dnspod_record" "tfdemo" {
domain = "ruwen.site"
record_type = "CNAME"
record_line = "默认"
value = "lb-eahy08p4-wyklophm18uf9sxj.clb.ap-nanjing.tencentclb.com"
sub_domain = "tfdemo"
}
(3)??计划与预览
terraform plan
(4) 申请资源
terraform apply
(5)登录腾讯云系统查看
云解析DNS
(6)测试
dig tfdemo.ruwen.site
?
8.销毁资源
? (1) 销毁服务资源
yes ,6个资源将要被删除
(2)销毁网络资源
yes,4个资源将要被删除
(3)登录腾讯云系统查看
云主机CVM 已删除
DNS云解析已移除
CLB负载均衡已删除
存储桶
(4)查看完整目录
?
二、问题
1. Terraform申请安全组资源失败
(1)报错
?
│ Warning: Deprecated Resource
│
│ with module.dev-sec-group.tencentcloud_security_group_rule.web,
│ on ..\..\..\modules\security_group\main.tf line 7, in resource "tencentcloud_security_group_rule" "web":
│ 7: resource "tencentcloud_security_group_rule" "web" {
│
│ This resource will be offline and no longer supported, beacause single security rule is hardly ordered. Please use 'tencentcloud_security_group_lite_rule' instead.
│
│ (and 2 more similar warnings elsewhere)
?
?
│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to module.dev-sec-group.tencentcloud_security_group_rule.ssh, provider "provider[\"registry.terraform.io/tencentcloudstack/tencentcloud\"]" produced an unexpected new value: Root object was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
(2)原因分析
resource "tencentcloud_security_group" "foo" {
name = "ci-temp-test-sg"
}
resource "tencentcloud_security_group_lite_rule" "foo" {
security_group_id = tencentcloud_security_group.foo.id
ingress = [
"ACCEPT#192.168.1.0/24#80#TCP",
"DROP#8.8.8.8#80,90#UDP",
"ACCEPT#0.0.0.0/0#80-90#TCP",
"ACCEPT#sg-7ixn3foj#80-90#TCP",
"ACCEPT#ipm-epjq5kn0#80-90#TCP",
"ACCEPT#ipmg-3loavam6#80-90#TCP",
"ACCEPT#0.0.0.0/0##ppm-xxxxxxxx"
"ACCEPT#0.0.0.0/0##ppmg-xxxxxxxx"
]
egress = [
"ACCEPT#192.168.0.0/16#ALL#TCP",
"ACCEPT#10.0.0.0/8#ALL#ICMP",
"DROP#0.0.0.0/0#ALL#ALL",
]
}
安全组规则采用最新的字段:tencentcloud_security_group_lite_rule
(3)解决方法
修改配置文件。
修改前:
# Create security group
resource "tencentcloud_security_group" "default" {
name = var.security_group_name
description = var.security_group_desc
}
resource "tencentcloud_security_group_rule" "web" {
security_group_id = tencentcloud_security_group.default.id
type = "ingress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "tcp"
port_range = "80,8080"
policy = "accept"
}
resource "tencentcloud_security_group_rule" "ssh" {
security_group_id = tencentcloud_security_group.default.id
type = "ingress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "tcp"
port_range = "22"
policy = "accept"
}
resource "tencentcloud_security_group_rule" "all" {
security_group_id = tencentcloud_security_group.default.id
type = "egress"
cidr_ip = "0.0.0.0/0"
policy = "accept"
}?
修改后:
# Create security group
resource "tencentcloud_security_group" "default" {
name = var.security_group_name
description = var.security_group_desc
}
resource "tencentcloud_security_group_lite_rule" "web" {
security_group_id = tencentcloud_security_group.default.id
ingress = [
"ACCEPT#0.0.0.0/0#80#TCP",
"ACCEPT#0.0.0.0/0#8080#TCP",
"ACCEPT#0.0.0.0/0#22#TCP"
]
egress = [
"ACCEPT#0.0.0.0/0#ALL#ALL",
]
}
?计划与预览
terraform plan
申请资源
terraform apply先删除旧的
yes
?
2.Terraform验证云主机资源报错
(1)报错
(2)原因分析
security_groups 已被弃用,现在使用的是?orderly_security_groups
(3)解决方法
修改配置文件。
orderly_security_groups = var.security_group_id
成功:
3. A记录和CNAME的区别
(1)区别
1)区别一
A 记录直接将域名映射到一个 IPv4 地址,而 CNAME 记录将域名映射到另一个域名。
2)区别二
A 记录速度较快,因为它直接映射到 IP 地址,不会引入额外的查询步骤。CNAME 记录可能稍微减慢解析速度,因为它需要额外的查询步骤以查找目标域名的 IP 地址。
3)区别三
A 记录适用于需要直接映射到 IP 地址的情况,而 CNAME 记录适用于创建别名或者需要更灵活管理目标位置的情况。4. 存储桶无法删除
(1)查看
(2)删除
(3)清空
(4)确定
(5)再次删除
(6)成功
?
文章来源:https://blog.csdn.net/cronaldo91/article/details/135819379
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:chenni525@qq.com进行投诉反馈,一经查实,立即删除!
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:chenni525@qq.com进行投诉反馈,一经查实,立即删除!
最新文章
- Python教程
- 深入理解 MySQL 中的 HAVING 关键字和聚合函数
- Qt之QChar编码(1)
- MyBatis入门基础篇
- 用Python脚本实现FFmpeg批量转换
- Datawhale聪明办法学Python(task2Getting Started)
- 【算法每日一练]-dfs (保姆级教程 篇9) #俄罗斯方块 #ABC Puzzle #lnc的工资
- 机器学习实验3——支持向量机分类鸢尾花
- LeetCode 每日一题 Day 16 || 二分
- Qt菜单工具栏和状态栏
- 亿发解密工单系统:客户服务中的得力助手,提升问题处理效率
- 嵌入式 开发——DMA内存到外设
- MongoDB主从复制,一文打尽!
- RabbitMQ消息队列安装配置及常用交换机
- c语言第二次测试错题整理