运维 用 Terraform 自动化构建基础设施

heroyct · December 12, 2018 · Last by naitly replied at February 16, 2024 · 9114 hits

目前为了更快的开发产品,现在很多项目都对基础设施进行了代码化 (Infrastructure as Code)。

现在的项目中使用 Terraform 对基础设施进行了代码化,分享下 Terraform 的使用。

为什么要让基础设施代码化

在使用 Terraform 之前,基本上是在 AWS 管理画面进行操作或者用 AWS CLI 写一些脚本来构建。

主要有以下一些问题

  • 在 AWS 的管理画面上面操作,比较费时间
  • 不容易管理每个人 AWS 的操作记录
  • 对操作的审查比较麻烦,容易误操作
  • 使用了哪些 AWS 的资源必须一个一个查看,不容易对整体进行把握

用 Terraform 可以比较好的解决以上问题,以下是用 Terraform 修改的流程

  1. 把需要修改的部分用 Terraform 代码写好,然后 Pull Request
  2. 相关人员进行代码审查 (Code Review)
  3. 没问题的话 merge,然后在 CI 自动执行

好处是修改流程类似 app 修改的流程,大家很容易上手。

操作时间短,所有的更改记录都进行了版本管理,容易对修改进行审查。

使用了什么资源,看代码一目了然。

什么是 Terraform

开发了 Vagrant 的hashicorp 公司开发的用代码来管理基础设施的一个工具,支持绝大多数的平台。查看支持的平台

我觉的最大的优点是学习成本低,非常简单

只需要了解三个概念就完全可以进行开发了。

开发文档可以在这里查看,很多 sample,很多时候稍微修改一下就可以用

1. resource

对应于 aws 的 resouce

# 建立VPC
resource "aws_vpc" "app" {
  cidr_block                       = "10.1.0.0/16"
  assign_generated_ipv6_cidr_block = "true"

  tags {
    Name = "sample-vpc"
  }
}

# 建立ecs cluster
resource "aws_ecs_cluster" "foo" {
  name = "white-hart"
}

2. data

有时候需要从 AWS 中获取信息的时候可以使用 data

比如获取目前操作中的 AWS 账号信息

data "aws_caller_identity" "current" {}

3. 变量

# 定义变量
variable "region" {
  default = "sample-region"
}
variable "access_key" {}
variable "secret_key" {}

# 使用变量
provider "aws" {
    access_key = "${var.access_key}"
    secret_key = "${var.secret_key}"
    region = "${var.region}"
}

执行 Terraform

Terraform 会执行当前文件夹下面的所有.tf 文件

预执行,不会对 AWS 作出任何改动,可以确认下下有哪些改变

$ terraform plan

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + module.shared_fluentd.aws_vpc.app
      id:                               <computed>
      arn:                              <computed>
      assign_generated_ipv6_cidr_block: "true"
      cidr_block:                       "10.1.0.0/16"
      tags.Name:                        "sample-vpc"

Plan: 1 to add, 0 to change, 0 to destroy.

实际执行,这里会再次输出有哪些改变,然后输入 yes 就会在 AWS 上面进行构建

$ terraform apply

一些技巧总结

1. 使用 module

比如要同时创建 sandbox 和 production 的 fluentd 服务器,基本都是一样的,只是一些参数不同。

这时候就可以使用 module 来归类类似的代码,然后传入变量来构建。

比如要同时创建 sandbox 和 production 的的 fluentd 服务器。

# 文件结构
terraform
├── modules
│   ├── fluentd
│   │   ├── main.tf
├── production_instance.tf
├── sandbox_instance.tf
# terraform/sandbox_instance.tf
module "sandbox_fluentd" {
  source                   = "./modules/fluentd"
  vpc_id                   = "your sandbox vpc id"
}

# terraform/production_instance.tf
module "production_fluentd" {
  source                   = "./modules/fluentd"
  vpc_id                   = "your production vpc id"
  # 其他的变量
}

这时候可以指定执行的对象来缩小执行范围。

terraform plan -target module.shared_fluentd
terraform plan -target module.production_fluentd

2. 按照 resource 分类文件

写在一个文件里面虽然也可以执行,但是内容多的时候,阅读起来不太容易,这个时候可以分成几个文件。

比如按照 aws resource,变量,data 来分类。

├── fluentd
│   ├── cloud_watch.tf
│   ├── data.tf
│   ├── ecs.tf
│   ├── security_group.tf
│   ├── task_role.tf
│   └── variable.tf

3. 使用 depends_on 来指定依赖

用的很少,基本不用指定,只有必须当某个操作依赖于另外一个操作时才用。

比如在使用 AWS Service Discovery 的时候,必须当 aws_service_discovery 构建以后,才可以获得被创建的 DNS,这个时候就可以使用 depends_on

data "aws_route53_zone" "fluentd" {
  name       = "${aws_service_discovery_public_dns_namespace.fluentd.name}"
  depends_on = ["aws_service_discovery_public_dns_namespace.fluentd"]
}

4. 从已有的环境生成 terraform 代码

官方没有提供这个功能,有人做了个 GEM,用了一下,AWS 基本都可以自动生成代码

terraforming

如果你已经构建好了环境,可以用这个来自动生成代码,避免打字手酸。

总结

简单介绍了 Terraform 的优点和基本使用方法。

我觉的它最大的优点是学习成本低,使用方便。

如果你想简单高效的构建你的基础设施,可以考虑使用 terraform。

很方便的工具,很好用

terraform apply vs terraform destroy 都得考虑,团队上的话需要考虑好 terraform destroy 的问题,所以有了 Terraform Collaboration for Everyone

@wppurking

Terraform Collaboration for Everyone 目前还没用过,还没感觉到使用的必要性 (以后也许会)

terraform apply 目前是在 sandbox 构建以后,merge 到 mater,然后自动在 CI 上面进行

也许有点多余了,让固定的一个人从本地执行也许就够了,毕竟更改不是那么频繁

terraform destroy 基本只在 sandbox 测试的时候用,production 目前还没用到

@heroyct 那现在核心是 "让一人负责基础设施" 的部署,小团队没有问题,再大一点的团队可能会有基础设施的构建权限或者基础设施的变化的问题。

terraform destroy 的存在心里还是很怕的,基础设施越大这个担心越可怕,所以如果有 Terraform Collaboration for Everyone 将 terraform 的最后执行在类似 github 那样允许的 merge 操作会放心很多。有时候不是故意,而是运维会"手抖 + tab 补全", 然后整个基础设施就全部通过 API destroy 掉了 - -||

我在测试部署 DO 的时候,terraform plan/apply 很便捷,terraform destroy 很恐怖....

虽然 destroy 指令 让我很恐怖,但现在使用 terraform 我觉得时机非常不错,terraform 开源到现在 Infrastructure as Code 的概念在现在的不同公用云已经很多都落地并且成熟。 大多数云厂商都为 hashicorp/terraform 提供了自己 API 的兼容 resource, 这使得 Infrastructure as Code 的范围扩张可以扩张得很广:

  • 基础使用的服务器 (AWS, Alicloud, TencentCloud, HuaweiCloud, 青云,DO, vultr, Linode ....)
    • VPC, 防火墙,ssh key ... (只要对应公有云有 API, 并提供 terraform 的 resource 支持)
  • 网络上的 DNS (cloudflare, dnsimple ...)
  • 对象存储 (AWS S3, S3 compatible ...) ...

可以想象一下,所有程序运营的基础设施无论是服务器还是中间件,都可以通过 terraform 的 code 来定义,再利用 ansible (或者其官方的 Packer) 来解决服务器本身的初始化构建问题。项目越大,这套管理方法带来的收益越高。

所以推荐 terraform 还是很赞的!

@wppurking

那现在核心是 "让一人负责基础设施" 的部署,小团队没有问题,再大一点的团队可能会有基础设施的构建权限或者基础设施的变化的问题。

多谢回复。

是的,目前不到 10 个人,IAM 权限没有分那么细,实际进行terraform plan限制成 2 个人来减少误操作。

从安全问题考虑的话,我觉的主要是在 IAM 对开发人员的权限进行分配。

比如一般的人员只可以执行获取 resource 的操作,无法删除,更改之类的

这样一般开发人员即使terraform destroy,并且输入 yes 以后,也不会被拉出去祭天。。

当然相应的开发就没那么方便了,如何取舍取决于你目前的团队

Assuming that you're significant about a profession in IT and distributed computing, getting confirmed is energetically suggested. Getting your AWS certificate, specifically, can assist you with standing apart among the opposition. In addition to the fact that it assist with canning you get a new line of work by and large, yet it can assist you with finding a more lucrative line of work. It's absolutely an interest in your future that merits making.

Regards: AWS Course in Pune

Hello! my name is Kunal, by profession a web developer, web development is an career oriented field, with the help of different languages you can create how to make a website , for a list of courses checkout the web development courses in Delhi

Hey, I am Aman and I am working as a web developer.

I have completed my web design courses from ADMEC MULTIMEDIA.

During the course journey ,I have learned about how things work in web designing and also learn many programming languages . there are many web designing courses but you should join a professional diploma in web design and development to attain expert level skills from a well-reputed institute.

Hi, I am a Graphic designer. If you are interested in making your career in designing then you must go for a Graphic design courses in Delhi under the guidance of experts.

Hey, I am priya and I am working as a textile designer I have completed my textile design courses from ADMEC MULTIMEDIA.

During the course journey I have learned about how things work in textile designing and also learn many designing software like photoshop, illustrator and many more.

There are many textile designing courses but you should join a professional Diploma in textile design to attain expert level skills from a well-reputed institute.

Java is an object-oriented programming language with many applications and helps you construct games, social media apps, video applications, etc., efficiently. You dream about it, and it can be developed in Java. However, to build anything, you need java developers. When it comes to Hire Java Developers, Mobisoft has profoundly talented and experienced java developers, engineers, coders, and architects that have a strong hand in handling different java platforms like Java cards, Micro Edition(J2ME), Standard Edition(J2SE), and Enterprise Edition(J2EE). Hire java back-end and frontend developers from FasTrax and leave all the worries aside. digital health solutions

If you’re looking the best institute for graphic designing in Delhi then you should go for ADMEC Multimedia Institute. This institute provides the top graphic design courses in Delhi with 100% job placement. By learning graphic design course, you can learn software applications easily and also develop your designing skills. So, you must join graphic design course in Delhi.

13 Floor has deleted

Build up your career as a professional video editor while joining video editing course in Delhi at ADMEC Multimedia Institute. This training institute is considered as the best video editing institute which offers the top video editing courses with online as well as offline training modes. These courses will cover leading software applications through which you can upgrade your career as a video editor. Video editing courses are online after effects course, Lightroom course, Premiere pro online course, Photoshop course online, and many more.

Join the best front end development course and start your career as a front end developer. This course is offered by experts at ADMEC Multimedia Institute which is the best web development institute in Rohini. It offers job oriented courses in web. These courses are worthy for those individuals who wanna learn designing and programming. So, if you also interested to learn designing as well as programming then you must join web development classes under expert.

16 Floor has deleted

If you want to make your career as a professional video editor then you should join video editing courses at ADMEC Multimedia Institute. By learning video editing course you can know about leading software applications easily. After completing a video editing course you can get a big opportunity as a video editor. The job oriented video editor courses are both advanced and certificate courses like online after effects course, final cut pro x course, premiere pro online course, photoshop course online, etc. So, if you desire to know more then you can visit ADMEC. This institute is also considered as the best Adobe premiere pro training.

Great post!

Start your bight career as an architecture designer while joining architecture and interior design course at ADMEC Multimedia Institute in Delhi. This training institute offers job oriented courses in architecture designing and these courses are diploma in architecture in Delhi also certificate course in architecture. These courses will cover leading software applications such as 3ds max, revit architecture, AutoCAD, revit structure, Photoshop, and many more.

Looking for a promising career after graduatioon? Join a web development classes such as a Python course in Delhi from a Web development institute in Delhi. I joined a web development institute in Rohini which was also a PHP Training Institute in Delhi. The institute will provide you knowledge and training and will make your learning easier and you will be able to learn how to create websites easily.

Hi! This is me Rani! I wanted to learn web designing. Therefore, I joined Web design courses in Delhi. I joined ADMEC as it is the best Web design institute in Rohini. I joined 12 months course that was a Diploma in web design and development. You must search the Best institute for web designing in Delhi before joining any course as the best instituite will always provide you proper guidance and training.

21 Floor has deleted

Hire Best Flutter Mobile App Development Services Company USA that can provide you with top-notch development services. With Flutter, you can create beautiful and performant apps that work seamlessly on both iOS and Android platforms.

Want to become an animator or post-production expert? Now join Video Editing Courses in Delhi where you learn basics as well as advanced Video Editing Classes in Delhi. These Online Video Editing Courses at the best Video Editing Training in Delhi enhances your video editing skills.

Interested in learning web design and development? Master these skills by joining the Best Web Design and Development Courses in Delhi from the Web Design Training Institute in Rohini. At Web Development Institute in Delhi, you learn programming languages and you also get proper Web Development Training in Delhi from industry experts.

Want to learn leading software applications in architecture design? ADMEC Multimedia Institute offers comprehensive Architecture courses in Delhi that includes diploma as well as Architecture and Interior Design Course covers leading software applications such as Revit, 3Ds Max, etc. Being the best AutoCAD training institute in Delhi, it also offers various AutoCAD courses for students who want to master AutoCAD. Therefore, if you also want to become an expert in AutoCAD, you can join this AutoCAD Institute in Rohini and master AutoCAD.

The reasons why people love to play satta matka are multifaceted and complex. From the thrill and excitement it offers to the socioeconomic and cultural factors that drive participation, the popularity of the game continues to endure.

Alaska Airlines is a major American airline serving travelers for almost 90 years. The airline is known for its comfortable cabins, exceptional service, and affordable prices. As one of the most popular airlines in the United States, Alaska Airlines’ Black Friday deals help travelers looking to save on their next trip. Call now +1-845-459-2806 for Alaska Airlines Black Friday Deals.

Every pupil expects to get excellent scores when studying for any online examinations. During this critical period, students frequently seek productive ways to utilize their time educating themselves. However, there is a plethora of educational services available online. But you need to keep this in mind as using take my online biology class service can only assist you in understanding the topic and taking it seriously is your job. There are a few strategies that may assist learners in concentrating more successfully and achieving higher exam scores in online exams we know Biology class excellence involves time, attention, and memorizing. Even if you aren't interested in pursuing an occupation in biology, there are ways to interact with the topic and score your next exam.

If you're seeking assignment help in Qatar for your academic needs, consider reliable online platforms or local services that offer assistance with various subjects and assignments. Look for providers with experienced tutors or experts who can provide customized support to meet your specific requirements. Ensure the service maintains academic integrity and confidentiality. You may explore online platforms, university resources, or local tutoring services that align with Qatar's educational standards. Always communicate your expectations clearly and choose services that prioritize quality and timely delivery to enhance your academic performance.

If you are looking for reasonably priced travel options, you can get in touch with Ryanair telefono españa to improve your travel experience. They can help you with booking, flight details, special needs, managing your booking, refunds and compensation, travel policies, group travel, feedback, and inquiries. By saving the number in your phonebook, you can easily reach out for assistance whenever you need it.

As a seasoned nutritionist with over 7 years of dedicated experience, I, Dietician Deepti Gupta, am thrilled to unveil a holistic approach to nurturing the health of moms and tots. At Moto Nutrition, we understand the pivotal role nutrition plays in shaping the future of our families. With a fervent passion for empowering parents with knowledge and practical solutions, our comprehensive programs cater to every stage of parenthood.

Embark on a transformative journey with our specialized Moto Nutrition Diet Plans, meticulously crafted to meet the unique nutritional needs of both mothers and their little ones. From personalized meal plans to expert guidance, we ensure optimal health and well-being for the entire family.

For expecting mothers, our Pregnancy Diet Plan is a game-changer. Packed with essential nutrients and tailored to Indian dietary preferences, it supports maternal health and fetal development, ensuring a smooth and healthy pregnancy journey.

But our commitment doesn't stop there. We recognize the significance of postnatal nutrition, especially for breastfeeding mothers. Our expertly curated diet plans prioritize maternal recovery, lactation support, and baby's nutritional needs, ensuring both mom and baby thrive.

Furthermore, we shed light on crucial topics like the importance of folic acid and iron during pregnancy, offering practical tips and a wealth of information to empower expectant mothers.

At Moto Nutrition, we're not just providing a service; we're igniting a revolution in family health. Join us in embracing the power of nutrition to shape a brighter, healthier future for you and your loved ones.

Hello Arogyam Nutrition team,

I recently stumbled upon your website, and as a seasoned Dietician myself (Dr. Richa Garg), I must commend you on the comprehensive array of nutrition services offered since 2009. Your commitment to guiding individuals towards healthier lives through specialized dietetics and nutrition plans truly shines through.

Your page on health nutritionist caught my eye, showcasing a wealth of expertise and dedication to promoting overall well-being. It's evident that Arogyam Nutrition is a beacon of transformation, providing valuable insights and personalized guidance.

I was particularly intrigued by your article on how to lose weight after delivery. It's a topic that resonates with many, and your approach to combining postpartum health with effective nutrition strategies is both informative and practical.

The diet for diabetes page stood out to me as well, showcasing your commitment to addressing specific health concerns. Your tailored plans for managing diabetes through nutrition reflect a deep understanding of the intersection between diet and chronic conditions.

Additionally, your insights on weight loss diet and pcos diet plan to lose weight provide valuable resources for those seeking sustainable and personalized solutions.

In conclusion, your website is a treasure trove of information, and the user-friendly interface makes it easy for individuals to navigate and find the guidance they need. Keep up the fantastic work in empowering individuals on their journey to optimal health!

I recently came across your blog, and I must say, the journey from manually operating on the AWS management screen to the efficiency offered by Terraform resonated with my experience in legal operations. Just as Terraform streamlines the infrastructure, Legal Cloud, founded by Advocate Prateek Singhania, has been revolutionizing the legal landscape with its seamless services.

Legal Cloud, a trusted name in the legal consultancy realm, boasts a legacy of over 8 years under the guidance of Advocate Singhania. The platform caters to a myriad of legal needs, providing expert assistance and a profound understanding of the law. What caught my attention was the user-friendly interface and the comprehensive services offered by Legal Cloud.

Navigating through your website, I found a treasure trove of legal services, each page dedicated to addressing specific needs. Whether it's GST registration for a partnership firm, crafting a commercial rental agreement, handling the intricacies of terminating a lease, ensuring compliance with revenue stamp paper, or obtaining an FSSAI state license, Legal Cloud covers it all.

The user-friendly design of the website makes the legal process accessible to everyone, ensuring that even those unfamiliar with legal intricacies can navigate through the pages effortlessly. I appreciate the effort put into making legal services more approachable and efficient.

Kudos to Legal Cloud for being a beacon of trust and professionalism in the legal realm!

Hello there! I recently stumbled upon your blog and couldn't help but share my experience. As the proud owner of bigvalueshop an e-commerce portal that caters to a diverse range of products including sports, medicine, nutrients, and more, I can truly appreciate the transformation that tools like Terraform bring to the table.

Before incorporating Terraform into our operations, I found myself navigating the AWS management screen or resorting to AWS CLI scripts for building processes. The transition has been a game-changer, streamlining our operations and enhancing overall efficiency.

Speaking of efficiency, our e-commerce platform takes pride in offering a variety of high-quality products, and I couldn't help but notice your interest in Patanjali Nutrela products. Our range includes the buy Patanjali Nutrela Bone Health online in india, Patanjali Nutrela Collagen Builder price, buy Patanjali Nutrela Daily Active, Patanjali Nutrela Daily Energy price, Patanjali Nutrela Iron Complex online in india, and Patanjali Nutrela Mens Superfood online.

Our customers rave about the convenience of purchasing these products online, and the competitive pricing adds to the appeal. If you're on the lookout for top-notch health and wellness products, I highly recommend exploring our Nutrela range.

Feel free to check out the provided links for more details on each product. I hope you find them as beneficial as our customers have. Happy shopping!

I must say, the transition from manually operating on the AWS management screen to embracing Terraform has been a game-changer for our e-commerce portal, www.festmarket.com. Before Terraform, navigating through AWS or scripting with the AWS CLI was the norm, but the switch has brought about a significant shift in how we approach and manage our resources.

At FestMarket, we take pride in offering a diverse range of products, including jewelries, medicines, nutrients, and much more. Our commitment to providing top-notch e-commerce services reflects in the seamless user experience on our platform.

Speaking of products, have you checked out our exquisite range of paan-inspired delicacies? The Paan Smith Marwadi Mukhwas online is a flavorful delight that you can now conveniently buy online. The richness of the Marwadi flavors encapsulated in this mukhwas is bound to tantalize your taste buds.

If you're a fan of mixing things up, explore our Paan Smith Mix Supari price. Not only is it a unique blend of ingredients, but you'll also be pleased with the competitive pricing that adds value to your shopping experience.

For those seeking the essence of Banarasi paan, the Paan Smith Paan Banarasi cost is available at a cost that ensures you get authenticity without breaking the bank.

And let's not forget the Punjabi touch with our buy Paan Smith Punjabi Mukhwas online. It's a must-try for anyone who appreciates the bold and robust flavors that Punjabi cuisine is known for.

Last but not least, if you have a sweet tooth, indulge in the deliciousness of Paan Smith Ram Ladoo price available online. It's a treat that combines tradition with modern convenience.

Terraform has not only streamlined our backend processes but has also empowered us to showcase and deliver an extensive product line efficiently. The future of e-commerce at FestMarket looks promising, and we invite you to explore our offerings and experience the convenience of online shopping at its best.

You need to Sign in before reply, if you don't have an account, please Sign up first.