背景:
紧接:Terraform系列一腾讯云CVM相关简单创建,Terraform系列二腾讯云CVM进一步相关玩法。cvm创建完成,准备初始化一下系统,挂载一下数据盘,在cvm中安装一些软件,做一些简单的配置!
Terraform系列三腾讯云CVM中的玩法
1. Terraform output
我们通过terraform创建了cvm相关资源,我们该如何获取cvm的相关信息呢?前面我都是登陆控制台后台查看的。我能不能通过terraform获取相关的我需要的信息输出呢?可以的!这里顺路提一下output......
1. 首先拿一个简单的例子来演示一下:
我需要打印出cvm_almalinux cvm云主机 的区域,id ,名称,公网ip相关信息。这样我就可以获取公网ip信息,不用去控制台查找ip信息,可以直接登陆服务器了。
1. cat output.tf
output "cvm_az" {
value = "https://www.it610.com/article/${tencentcloud_instance.cvm_almalinux.availability_zone}"
}
output "cvm_id" {
value = "https://www.it610.com/article/${tencentcloud_instance.cvm_almalinux.id}"
}
output "cvm_name" {
value = "https://www.it610.com/article/${tencentcloud_instance.cvm_almalinux.instance_name}"
}
output "cvm_public_ip" {
value = "https://www.it610.com/article/${tencentcloud_eip.cvm_almalinux_eip.public_ip}"
}
2. terraform apply and terraform out
文章图片
这样我们就可以获取到服务器的公网ip了,可以至今ssh登陆服务器!当然了这里只是抛砖引玉。你可以通过output输出各种资源相关的信息-你所需要的!
3. terraform output 其他的用法 从腾讯云的腾讯云Terraform应用指南学到的
[root@zhangpeng terraform]# terraform output cvm_id
"ins-hsakr7ah"
同理也可以打印其他相关信息.了解一个命令的最好方法还是通过--hlep看文档
[root@zhangpeng terraform]# terraform output --help
Usage: terraform [global options] output [options] [NAME]Reads an output variable from a Terraform state file and prints
the value. With no additional arguments, output will display all
the outputs for the root module.If NAME is not specified, all
outputs are printed.Options:-state=pathPath to the state file to read. Defaults to
"terraform.tfstate".-no-colorIf specified, output won't contain any color.-jsonIf specified, machine readable output will be
printed in JSON format.-rawFor value types that can be automatically
converted to a string, will print the raw
string directly, rather than a human-oriented
representation of the value.
竟然可以json输出?体验一下!
[root@zhangpeng terraform]# terraform output -json
{
"cvm_az": {
"sensitive": false,
"type": "string",
"value": "ap-beijing-2"
},
"cvm_id": {
"sensitive": false,
"type": "string",
"value": "ins-hsxxxx"
},
"cvm_name": {
"sensitive": false,
"type": "string",
"value": "cvm-almalinux"
},
"cvm_public_ip": {
"sensitive": false,
"type": "string",
"value": "xxx.xxx.xxx.xxx"
}
}
更多的用法以后慢慢区发现了。这只是获取公网ip引申出来的!
2. 如何通过terraform给cvm运行shell 1. 格式化vdb并挂载到data目录
1. 创建格式化tf配置文件 cat mkfs.tf
resource "null_resource" "connect_private" {
connection {
host= "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"
type= "ssh"
user= "root"
}# set hostname
provisioner "remote-exec" {
inline = [
"sudo mkfs -t ext4 /dev/vdb",
"sudo mkdir /data",
"sudo mount /dev/vdb /data"
]
}
}
2. terraform plan and terraform init --upgrade
[root@zhangpeng terraform]# terraform plan
恩?提示我要uprade?什么鬼先执行一下!目测是要安装一个null的组件好吧......
[root@zhangpeng terraform]# terraform init --upgrade
文章图片
3. terraform apply
[root@zhangpeng terraform]# terraform apply
文章图片
我以为我设置免密不用设置私钥或者密码就可以的.....这是不对的。设置一下私钥再走一遍!
4.正确的方式---特别强调 【Terraform系列三腾讯云CVM中的玩法】cat mkfs.tf
resource "null_resource" "connect_private" {
connection {
host= "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"
type= "ssh"
user= "root"
private_key = "${file("~/.ssh/id_rsa")}"
}# set hostname
provisioner "remote-exec" {
inline = [
"sudo mkfs -t ext4 /dev/vdb",
"sudo mkdir /data",
"sudo mount /dev/vdb /data"
]
}
}
注:增加了private_key配置
terraform plan and terraform apply
文章图片
ssh登陆服务器查看验证:
[root@cvm-almalinux /]# lsblk
文章图片
ok 格式化硬盘的任务就算是成功了!当然了也可以在remote-exec中将配置写入fstab防止服务器重启失效!
2.安装一个软件,比如nginx?
1. 创建nginx.tf配置文件 cat nginx.tf
resource "null_resource" "connect_private_nginx" {
connection {
host= "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"
type= "ssh"
user= "root"
private_key = "${file("~/.ssh/id_rsa")}"
}# set hostname
provisioner "remote-exec" {
inline = [
"sudo yum update -y",
"sudo yum install nginx -y",
"sudo systemctl start nginx"
]
}
}
2. terraform plan and terraform apply
文章图片
install 滚动条一直0怎么会事情.......登陆服务器查看一下
文章图片
调用的是一个platform-python安装软件没有仔细区看接着等待ing.....
文章图片
连接不到yum源?突然就想到了防火墙......
果不其然,出口默认都是deny拒绝!
文章图片
修改安全组配置文件如下:
[root@zhangpeng terraform]# cat security_group.tf
resource "tencentcloud_security_group" "sg_bj" {
name = "sg-bj"
}resource "tencentcloud_security_group_rule" "sg_bj_1" {
security_group_id = "${tencentcloud_security_group.sg_bj.id}"
type = "ingress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "tcp"
port_range = "22,80"
policy = "accept"
}
resource "tencentcloud_security_group_rule" "sg_bj_2" {
security_group_id = "${tencentcloud_security_group.sg_bj.id}"
type = "egress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "tcp"
policy = "accept"
}
继续terrafrom plan terraform apply
文章图片
文章图片
进度条可以走了总算!等待任务结束
文章图片
访问公网Ip nginx正常访问成功!
文章图片
3.其他的方式?
不想讲脚本写在tf文件里面,我可不可以写一个shell脚本,然后用remote-exec去运行呢?可以的!安装一个httpd如下:
1. 编写install-http.sh脚本 install-httpd.sh
[root@k8s-master-01 terraform]# cat install-httpd.sh
#!/bin/bash
systemctl stop nginx
yum install -y httpd
systemctl start httpd
注:主机名变了....放假回家拿另外服务器跑的。嗯id_isa也搞了过来!前面安装过nginx了不做复杂设置,先把!nginx停止了!
2. 编写httpd.tf httpd.tf
resource "null_resource" "connect_private_httpd" {
provisioner "file" {
source = "install-httpd.sh"
destination = "/tmp/install-httpd.sh"
}
# set hostname
provisioner "remote-exec" {
inline = [
"chmod +x /tmp/install-httpd.sh && sh /tmp/install-httpd.sh"
]
}
connection {
host= "${tencentcloud_eip.cvm_almalinux_eip.public_ip}"
type= "ssh"
user= "root"
private_key = "${file("~/.ssh/id_rsa")}"
}
}
3. terraform plain and terraform apply
[root@k8s-master-01 terraform]# terraform plan
[root@k8s-master-01 terraform]# terraform apply
文章图片
文章图片
访问80也是可以的。当然了复杂的脚本自己编写测试吧只是抛砖引玉!
文章图片
另外看方法还有local-exec?看其他文章笔记还有ansible结合的?有时间都可以尝试一下
下一步的计划
- 讲腾讯云后台的现有资源导出成terraform的配置。嗯就是导出资产...将资产统一管理一下配置即代码。
- tf文件更规范的模块化管理?
- 变量的更合理运用?
- ansible或者其他软件的整合?
- 日志输出的规范标准化