从Terraform的入门到精通(整理命令)
总结
在这里,我将为您介绍经常在Terraform中使用的命令。
命令列表
-
- terraform init
-
- terraform fmt
-
- terraform plan
-
- terraform apply
-
- terraform state list
-
- terraform state show
-
- terraform output
-
- terraform refresh
- terraform destroy
请参考DOC
前提条件
- リソースを作成するためのAWSの権限設定をもつiamユーザーのアクセスキー(access_key,secret_key)
解释
初始化Terraform
初始化工作区的命令。
为了执行Terraform,必须首先使用terraform init命令来初始化工作区。执行terraform init将运行下载插件(如先前提到的aws provider)等的过程。
创建一个名为test.tf的文件,并将以下代码输入到test.tf中。
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
}
}
# Configure the AWS Provider
provider "aws" {
region = "ap-northeast-1"
}
运行terraform init命令。
% terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "~> 3.0"...
- Installing hashicorp/aws v3.75.2...
- Installed hashicorp/aws v3.75.2 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
插件文件将会下载到.terraform文件夹的顶级目录下。
ls -al
total 16
drwxr-xr-x 5 youyonghua staff 160 7 11 10:15 .
drwxr-xr-x 4 youyonghua staff 128 7 11 10:05 ..
drwxr-xr-x 3 youyonghua staff 96 7 11 10:15 .terraform
-rw-r--r-- 1 youyonghua staff 1181 7 11 10:15 .terraform.lock.hcl
-rw-r--r-- 1 youyonghua staff 192 7 11 10:14 test.tf
youyonghua@youyonghuadeMacBook-Pro project-2 % ls -lR .terraform
total 0
drwxr-xr-x 3 youyonghua staff 96 7 11 10:15 providers
.terraform/providers:
total 0
drwxr-xr-x 3 youyonghua staff 96 7 11 10:15 registry.terraform.io
.terraform/providers/registry.terraform.io:
total 0
drwxr-xr-x 3 youyonghua staff 96 7 11 10:15 hashicorp
.terraform/providers/registry.terraform.io/hashicorp:
total 0
drwxr-xr-x 3 youyonghua staff 96 7 11 10:15 aws
.terraform/providers/registry.terraform.io/hashicorp/aws:
total 0
drwxr-xr-x 3 youyonghua staff 96 7 11 10:15 3.75.2
.terraform/providers/registry.terraform.io/hashicorp/aws/3.75.2:
total 0
drwxr-xr-x 3 youyonghua staff 96 7 11 10:15 darwin_arm64
.terraform/providers/registry.terraform.io/hashicorp/aws/3.75.2/darwin_arm64:
total 576360
-rwxr-xr-x 1 youyonghua staff 295094370 7 11 10:15 terraform-provider-aws_v3.75.2_x5
用中文原生地表达以下内容,只需要一个选项:
展望 Terraform
查询使用Terraform生成的执行计划的命令。
将以下代码输入到test.tf文件中。
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
}
}
# Configure the AWS Provider
provider "aws" {
region = "ap-northeast-1"
access_key = "xxxxx"
secret_key = "xxxxxx"
}
resource "aws_vpc" "test" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "test"
}
}
执行 terraform plan 命令
% terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
+ create
Terraform will perform the following actions:
# aws_vpc.test will be created
+ resource "aws_vpc" "test" {
+ arn = (known after apply)
+ cidr_block = "10.0.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = (known after apply)
+ enable_dns_support = true
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "test"
}
+ tags_all = {
+ "Name" = "test"
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you
run "terraform apply" now.
根据这个案例,需要创建一个VPC,因此输出为“+创建”。
使用terraform应用
根据.tf文件中的信息创建资源的命令。
terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
+ create
Terraform will perform the following actions:
# aws_vpc.test will be created
+ resource "aws_vpc" "test" {
+ arn = (known after apply)
+ cidr_block = "10.0.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = (known after apply)
+ enable_dns_support = true
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "test"
}
+ tags_all = {
+ "Name" = "test"
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_vpc.test: Creating...
aws_vpc.test: Creation complete after 2s [id=vpc-00b4d82db2030a8e2]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
每次执行terraform apply时,需要在控制台输入[yes]。
使用–auto-approve就不需要输入[yes]了。
terraform apply --auto-approve
列出 Terraform 状态
您可以查看已创建的资源列表。
% terraform state list
aws_vpc.test
展示terraform状态资源
你可以查看创建的资源的详细信息。
terraform state show aws_vpc.test
# aws_vpc.test:
resource "aws_vpc" "test" {
arn = "arn:aws:ec2:ap-northeast-1:694047010837:vpc/vpc-00b4d82db2030a8e2"
assign_generated_ipv6_cidr_block = false
cidr_block = "10.0.0.0/16"
default_network_acl_id = "acl-0b7fe43792506fd6f"
default_route_table_id = "rtb-0b82672bf77e1c269"
default_security_group_id = "sg-007ac38cba387147b"
dhcp_options_id = "dopt-b816fbde"
enable_classiclink = false
enable_classiclink_dns_support = false
enable_dns_hostnames = false
enable_dns_support = true
id = "vpc-00b4d82db2030a8e2"
instance_tenancy = "default"
ipv6_netmask_length = 0
main_route_table_id = "rtb-0b82672bf77e1c269"
owner_id = "694047010837"
tags = {
"Name" = "test"
}
tags_all = {
"Name" = "test"
}
}
terraform刷新
执行此命令时,将参考远程提供商的资源信息并更新terraform.tfstate文件。
输出terraform
在日常工作中,我们使用terraform创建了资源。当我们想要了解部分资源的信息时,通常会在AWS控制台上查看资源的信息,但其实在使用terraform创建资源后,我们也可以输出所需的信息。例如,如果我们想要获取创建的VPC的arn,我们可以将以下代码添加到test.tf文件中,并执行terraform refresh和terraform output来获取信息。
output "vpc_arn" {
value = aws_vpc.test.arn
}
terraform output
vpc_arn = "arn:aws:ec2:ap-northeast-1:694047010837:vpc/vpc-00b4d82db2030a8e2"
摧毁terraform
根据.tf文件中包含的信息删除资源的命令。
% terraform destroy
aws_vpc.test: Refreshing state... [id=vpc-00b4d82db2030a8e2]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
- destroy
Terraform will perform the following actions:
# aws_vpc.test will be destroyed
- resource "aws_vpc" "test" {
- arn = "arn:aws:ec2:ap-northeast-1:694047010837:vpc/vpc-00b4d82db2030a8e2" -> null
- assign_generated_ipv6_cidr_block = false -> null
- cidr_block = "10.0.0.0/16" -> null
- default_network_acl_id = "acl-0b7fe43792506fd6f" -> null
- default_route_table_id = "rtb-0b82672bf77e1c269" -> null
- default_security_group_id = "sg-007ac38cba387147b" -> null
- dhcp_options_id = "dopt-b816fbde" -> null
- enable_classiclink = false -> null
- enable_classiclink_dns_support = false -> null
- enable_dns_hostnames = false -> null
- enable_dns_support = true -> null
- id = "vpc-00b4d82db2030a8e2" -> null
- instance_tenancy = "default" -> null
- ipv6_netmask_length = 0 -> null
- main_route_table_id = "rtb-0b82672bf77e1c269" -> null
- owner_id = "694047010837" -> null
- tags = {
- "Name" = "test"
} -> null
- tags_all = {
- "Name" = "test"
} -> null
}
Plan: 0 to add, 0 to change, 1 to destroy.
Changes to Outputs:
- vpc_arn = "arn:aws:ec2:ap-northeast-1:694047010837:vpc/vpc-00b4d82db2030a8e2" -> null
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
aws_vpc.test: Destroying... [id=vpc-00b4d82db2030a8e2]
aws_vpc.test: Destruction complete after 1s
Destroy complete! Resources: 1 destroyed
先前创建的VPC将被删除。
terraform destroy --auto-approve
不再需要在控制台输入[yes]了
terraform destroy -target リソース名
可以通过单个单位删除资源。
