Terraform是一个高度可扩展的IT基础架构自动化编排工具,主张基础设施即代码,可通过代码集中管理云资源和基础架构,这意味着用户能够在京东云上轻松使用简单模板语言来定义、预览和部署云基础架构,能够快速将环境部署到京东云或本地数据中心,实现多云管理和跨云迁移。京东云成为国内少数拥有Terraform Provider产品的云厂商之一。应用场景:基础设施即代码、快速部署多云环境、自动化管理降低成本。官网链接:
https://www.terraform.io/docs/providers/jdcloud/index.html
Terraform 是 Hashicorp 公司一款开源的资源编排工具,代表了业界前沿的技术和标准。相对于其他云上资源管理方式,具有快速创建基础设施、高效部署多云环境和大幅降低管理成本三大功能特性。
Terraform 通过代码管理维护云资源,可保存基础设施资源的状态,快速创建和维护管理云主机、网络、负载均衡等云资源,并通过代码与其他人共享云资源的编排配置。
Terraform支持200多个基础设施提供商,适用于多云方案,可快速将用户的环境部署到京东云、其他云厂商或者本地的数据中心。开发者可同时管理不同云厂商的资源,也可快速方便地迁移到另外一个云厂商。Terraform通过代码批量按计划地管理资源,可编排、重复地自动化管理云资源,减少人为因素造成的不确定管理错误,同时能快速创建相同的开发、测试、预发和生成环境,降低开发者的管理成本。
本文通过简单demo做一个技术入门的演示,目的是帮助大家了解如何采用Terraform来自动化管理京东云上的资源。
Terraform安装
Terraform 是一个 IT 基础架构自动化编排工具,它的口号是 “Write, Plan, and create Infrastructure as Code”, 其程序安装在客户的终端PC上,可以运行于多种操作系统平台。本文实例采用的是CentOS操作系统。
登录到主机后先下载一下安装包
1 [jdc@mysandbox ~]$ mkdir tf
2 [jdc@mysandbox ~]$ cd tf
3 [jdc@mysandbox tf]$ wget https://releases.hashicorp.com/terraform/0.11.13/terraform_0.11.13_linux_amd64.zip
4 --2019-05-16 14:41:57-- https://releases.hashicorp.com/terraform/0.11.13/terraform_0.11.13_linux_amd64.zip
5 Resolving releases.hashicorp.com (releases.hashicorp.com)... 151.101.109.183, 2a04:4e42:1a::439
6 Connecting to releases.hashicorp.com (releases.hashicorp.com)|151.101.109.183|:443... connected.
7 HTTP request sent, awaiting response... 200 OK
8 Length: 21128942 (20M) [application/zip]
9 Saving to: ‘terraform_0.11.13_linux_amd64.zip’
10
11 100%[============================================================================================================================================================>] 21,128,942 4.30MB/s in 66s
12
13 2019-05-16 14:43:05 (312 KB/s) - ‘terraform_0.11.13_linux_amd64.zip’ saved [21128942/21128942]解压缩
1 [jdc@mysandbox tf]$ ls
2 terraform_0.11.13_linux_amd64.zip[jdc@mysandbox tf]$ unzip terraform_0.11.13_linux_amd64.zip
3 Archive: terraform_0.11.13_linux_amd64.zip
4 inflating: terraform
直接运行程序可以看到以下命令行的帮助信息:
1 $ terraform
2 Usage: terraform [--version] [--help] <command> [args]
3
4 The available commands for execution are listed below.
5 The most common, useful commands are shown first, followed byless common or more advanced commands. If you're just gettingstarted with Terraform, stick with the common commands. For theother commands, please read the help and docs before usage.
6
7 Common commands:
8 apply Builds or changes infrastructure
9 console Interactive console for Terraform interpolations destroy Destroy Terraform-managed infrastructure
10 fmt Rewrites config files to canonical format
11 get Download and install modules for the configuration
12 graph Create a visual graph of Terraform resources import Import existing infrastructure into Terraform init Initialize a new or existing Terraform configurati
13 output Read an output from a state file
14 plan Generate and show an execution plan
15 providers Prints a tree of the providers used in the configuration
16 push Upload this Terraform module to Terraform Enterprise to run
17 refresh Update local state file against real resources
18 show Inspect Terraform state or plan
19 taint Manually mark a resource for recreation
20 untaint Manually unmark a resource as tainted
21 validate Validates the Terraform files
22 version Prints the Terraform version
23 workspace Workspace management
24
25 All other commands:
26 debug Debug output management (experimental)
27 force-unlock Manually unlock the terraform state
28 state Advanced state management
举例:查看Terraform版本
1 [jdc@mysandbox tf]$ ./terraform version
2 Terraform v0.11.13初始化环境
Terraform访问京东云的服务,首先需要身份认证鉴权。认证采用Access Key与Secret key来完成。从控制台取得AK、SK身份鉴权信息两种方法保存:
方法1:将AK,SK加入运行环境
1 [jdc@mysandbox tf]$ cat >> ~/.bash_profile <<EOF
2 > #### add Hongwei 20190516
3 > export access_key="D4xxxxxxxxxxxxxxxxxxxxxxxxxxxx8D"
4 > export secret_key="7xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE"
5 > export region="cn-north-1"> EOF
6 [jdc@mysandbox tf]$ . ~/.bash_profile
方法2:将AK,SK放入json文件
1 cat >> jdcloud.tf <<EOF
2 provider "jdcloud" {
3 access_key = "D4xxxxxxxxxxxxxxxxxxxxxxxxxxxx8D"
4 secret_key = "7xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE "
5 region = "cn-north-1"}
6 EOF
初始化环境
1 [jdc@mysandbox tf]$ ./terraform init
2
3 Initializing provider plugins...
4 - Checking for available provider plugins on https://releases.hashicorp.com...
5 - Downloading plugin for provider "jdcloud" (0.0.1)...
6
7 The following providers do not have any version constraints in configuration,so the latest version was installed.
8
9 To prevent automatic upgrades to new major versions that may contain breakingchanges, it is recommended to add version = "..." constraints to thecorresponding provider blocks in configuration, with the constraint stringssuggested below.
10
11 * provider.jdcloud: version = "~> 0.0"
12
13 Terraform has been successfully initialized!
14
15 You may now begin working with Terraform. Try running "terraform plan" to seeany changes that are required for your infrastructure. All Terraform commandsshould now work.
16
17 If you ever set or change modules or backend configuration for Terraform,rerun this command to reinitialize your working directory. If you forget, othercommands will detect it and remind you to do so if necessary.
演示:创建一个云主机实例
参考Terraform的联机文档(https://www.terraform.io/docs/providers/jdcloud/jdcloud_instance.html),创建以下tf文件:jdcloud_instance.tf
1 resource "jdcloud_instance" "vm-1" {
2 az = "cn-north-1a"
3 instance_name = "vm-1"
4 instance_type = "g.n2.medium"
5 image_id = "bba85cab-dfdc-4359-9218-7a2de429dd80"
6 password = "cNXOxJywMU6IY7c0CgIj"
7 subnet_id = "subnet-35h6keqh4m"
8 network_interface_name = "example_ni_name"
9 primary_ip = "10.0.0.27"
10 secondary_ip_count = 0
11 security_group_ids = ["sg-chx9tv75xa"]
12
13 system_disk = {
14 disk_category = "local"
15 device_name = "vda"
16 disk_type="ssd"
17 disk_size_gb = 40
18 }
19
20 data_disk = {
21 disk_category = "cloud"
22 device_name = "vdc"
23 disk_type = "ssd"
24 disk_name = "exampleDisk"
25 disk_size_gb = 50
26 az = "cn-north-1a"
27
28 auto_delete = true
29 disk_name = "vm1-datadisk-1"
30 description = "test"
31 }
32 }
plan命令可以显示执行计划:
1 [jdc@mysandbox tf]$ ./terraform plan
2 Refreshing Terraform state in-memory prior to plan...
3 The refreshed state will be used to calculate this plan, but will not bepersisted to local or remote state storage.
4
5 jdcloud_instance.vm-1: Refreshing state... (ID: i-y8ye9jd6ny)
6
7 ------------------------------------------------------------------------
8
9 An execution plan has been generated and is shown below.
10 Resource actions are indicated with the following symbols:-/+ destroy and then create replacement
11
12 Terraform will perform the following actions:
13
14 -/+ jdcloud_instance.vm-1 (new resource required)
15 id: "i-y8ye9jd6ny" => <computed> (forces new resource)
16 az: "cn-north-1a" => "cn-north-1a"
17 data_disk.#: "1" => "1"
18 data_disk.0.auto_delete: "true" => "true"
19 data_disk.0.az: "cn-north-1a" => "cn-north-1a"
20 data_disk.0.description: "test" => "test"
21 data_disk.0.device_name: "vdc" => "vdc"
22 data_disk.0.disk_category: "cloud" => "cloud"
23 data_disk.0.disk_id: "vol-fhvqnjyxw7" => <computed>
24 data_disk.0.disk_name: "vm1-datadisk-1" => "vm1-datadisk-1"
25 data_disk.0.disk_size_gb: "50" => "50"
26 data_disk.0.disk_type: "ssd" => "ssd" image_id: "bba85cab-dfdc-4359-9218-7a2de429dd80" => "bba85cab-dfdc-4359-9218-7a2de429dd80"
27 instance_name: "vm-1" => "vm-1"
28 instance_type: "g.n2.medium" => "g.n2.medium"
29 ip_addresses.#: "0" => <computed>
30 network_interface_name: "example_ni_name" => "example_ni_name"
31 password: <sensitive> => <sensitive> (attribute changed)
32 primary_ip: "10.0.0.27" => "10.0.0.27"
33 secondary_ip_count: <sensitive> => <sensitive> (attribute changed)
34 security_group_ids.#: "1" => "1"
35 security_group_ids.4008937636: "sg-chx9tv75xa" => "sg-chx9tv75xa"
36 subnet_id: "subnet-35h6keqh4m" => "subnet-35h6keqh4m"
37 system_disk.#: "1" => "1"
38 system_disk.0.auto_delete: "true" => <computed>
39 system_disk.0.az: "" => <computed>
40 system_disk.0.device_name: "vda" => "vda"
41 system_disk.0.disk_category: "local" => "local"
42 system_disk.0.disk_id: "" => <computed>
43 system_disk.0.disk_name: "" => <computed>
44 system_disk.0.disk_size_gb: "40" => "40"
45 system_disk.0.disk_type: "" => "ssd" (forces new resource)
提交执行:
1 [jdc@mysandbox tf]$ ./terraform apply -auto-approve
2 jdcloud_instance.vm-1: Creating...
3 az: "" => "cn-north-1a"
4 data_disk.#: "" => "1"
5 data_disk.0.auto_delete: "" => "true"
6 data_disk.0.az: "" => "cn-north-1a"
7 data_disk.0.description: "" => "test"
8 data_disk.0.device_name: "" => "vdc"
9 data_disk.0.disk_category: "" => "cloud"
10 data_disk.0.disk_id: "" => "<computed>"
11 data_disk.0.disk_name: "" => "vm1-datadisk-1"
12 data_disk.0.disk_size_gb: "" => "50"
13 data_disk.0.disk_type: "" => "ssd"
14 image_id: "" => "bba85cab-dfdc-4359-9218-7a2de429dd80"
15 instance_name: "" => "vm-1"
16 instance_type: "" => "g.n2.medium"
17 ip_addresses.#: "" => "<computed>"
18 network_interface_name: "" => "example_ni_name"
19 password: "<sensitive>" => "<sensitive>"
20 primary_ip: "" => "10.0.0.27"
21 secondary_ip_count: "<sensitive>" => "<sensitive>"
22 security_group_ids.#: "" => "1"
23 security_group_ids.4008937636: "" => "sg-chx9tv75xa"
24 subnet_id: "" => "subnet-35h6keqh4m"
25 system_disk.#: "" => "1"
26 system_disk.0.auto_delete: "" => "<computed>"
27 system_disk.0.az: "" => "<computed>"
28 system_disk.0.device_name: "" => "vda"
29 system_disk.0.disk_category: "" => "local"
30 system_disk.0.disk_id: "" => "<computed>"
31 system_disk.0.disk_name: "" => "<computed>"
32 system_disk.0.disk_size_gb: "" => "40" system_disk.0.
33 disk_type: "" => "ssd"jdcloud_instance.vm-1: Still creating... (10s elapsed)
34 jdcloud_instance.vm-1: Still creating... (20s elapsed)
35 jdcloud_instance.vm-1: Still creating... (30s elapsed)
36 jdcloud_instance.vm-1: Still creating... (40s elapsed)
37 jdcloud_instance.vm-1: Still creating... (50s elapsed)
38 jdcloud_instance.vm-1: Still creating... (1m0s elapsed)
39 jdcloud_instance.vm-1: Creation complete after 1m1s (ID: i-y8ye9jd6ny)
40 Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
成功提交后,我们可以在控制台看到正在运行的实例创建过程:
创建完成后登录主机查看是否与定义文件符合:
-
查看磁盘划分是否一致:
-
查看IP地址是否一致:
演示:销毁实例
通过destroy命令可以方便的删除实例。
1 [jdc@mysandbox tf]$ ./terraform destroy
2 jdcloud_instance.vm-1: Refreshing state... (ID: i-y8ye9jd6ny)
3
4 An execution plan has been generated and is shown below.
5 Resource actions are indicated with the following symbols: - destroy
6
7 Terraform will perform the following actions:
8 - jdcloud_instance.vm-1
9
10 Plan: 0 to add, 0 to change, 1 to destroy.
11
12 Do you really want to destroy all resources?
13 Terraform will destroy all your managed infrastructure, as shown above.
14 There is no undo. Only 'yes' will be accepted to confirm.
15
16 Enter a value: yesjdcloud_instance.vm-1: Destroying... (ID: i-y8ye9jd6ny)
17
18 jdcloud_instance.vm-1: Still destroying... (ID: i-y8ye9jd6ny, 10s elapsed)
19 jdcloud_instance.vm-1: Still destroying... (ID: i-y8ye9jd6ny, 20s elapsed)
20 jdcloud_instance.vm-1: Still destroying... (ID: i-y8ye9jd6ny, 30s elapsed)
21 jdcloud_instance.vm-1: Still destroying... (ID: i-y8ye9jd6ny, 40s elapsed)
22 jdcloud_instance.vm-1: Destruction complete after 41s
23
24 Destroy complete! Resources: 1 destroyed.
在控制台上查看删除进度:
Terraform自动编排的流程
以上只是演示了Terraform管理京东云最简单的流程。实际上通过Terraform完成复杂的编排,完全可以完成一个复杂的大型环境的部署与管理。以下是Terraform的流程:
到此,我们的演示就结束了。
大家可以自己动手试一下这种简洁高效的京东云自动化管理工具了。
点击京东云了解更多详情
京东云618大促,正在进行时!
最低1折!
推荐阅读
RECOMMEND
Developer Friendly | 基础设施即代码的事实标准Terraform已支持京东云!
322
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
