使用inframap来创建配置图
首先
你知道 Terraform state和定义生成架构图的工具inframap吗?我已经尝试运行inframap了。
Inframap是在Terraform图表中输出更易理解的配置的动机下开发的。
安装 inframap
如果你正在使用macOS,并且已经设置好了Homebrew,只需要运行下面的命令即可完成。
此外,如果你在后续步骤中要使用dot或graph-easy,也请先安装graphviz等工具。
同时,请不要忘记根据需要将路径添加到环境变量中。
brew install inframap
brew install graphviz # dot を利用する場合
cpan Graph::Easy # graph-easy を利用する場合
执行inframap
假设为了执行本次的inframap任务,我们假设使用S3 + CloudFront来管理静态网站。
由于采用了S3 + CloudFront的结构,应该会有以下描述。
provider "aws" {
region = "ap-northeast-1"
}
resource "aws_s3_bucket" "test" {}
resource "aws_s3_bucket_acl" "example_bucket_acl" {
bucket = aws_s3_bucket.test.id
acl = "private"
}
resource "aws_s3_bucket_website_configuration" "test" {
bucket = aws_s3_bucket.test.bucket
index_document {
suffix = "index.html"
}
error_document {
key = "error.html"
}
}
resource "aws_s3_bucket_policy" "test" {
bucket = aws_s3_bucket.test.id
policy = data.aws_iam_policy_document.test.json
}
data "aws_iam_policy_document" "test" {
statement {
sid = "Allow from CloudFront"
effect = "Allow"
actions = ["s3:GetObject"]
resources = ["${aws_s3_bucket.test.arn}/*"]
principals {
type = "AWS"
identifiers = [aws_cloudfront_origin_access_identity.test.iam_arn]
}
}
}
resource "aws_cloudfront_distribution" "test" {
enabled = true
default_root_object = "index.html"
origin {
domain_name = aws_s3_bucket.test.bucket_regional_domain_name
origin_id = aws_s3_bucket.test.id
s3_origin_config {
origin_access_identity = aws_cloudfront_origin_access_identity.test.cloudfront_access_identity_path
}
}
default_cache_behavior {
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
target_origin_id = aws_s3_bucket.test.id
viewer_protocol_policy = "redirect-to-https"
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
restrictions {
geo_restriction {
restriction_type = "none"
locations = []
}
}
viewer_certificate {
cloudfront_default_certificate = true
}
}
resource "aws_cloudfront_origin_access_identity" "test" {}
那么,我们来对准备好的 main.tf 文件进行 inframap 的执行试试看。
$ inframap generate main.tf
strict digraph G {
"aws_cloudfront_distribution.test"->"aws_s3_bucket.test";
"aws_cloudfront_distribution.test" [ height=1.15, image="/Users/mziyut/Library/Caches/inframap/assets/aws/Networking_and_Content_Delivery/Amazon-CloudFront.png", imagepos=tc, labelloc=b, shape=plaintext ];
"aws_s3_bucket.test" [ height=1.15, image="/Users/mziyut/Library/Caches/inframap/assets/aws/Storage/Amazon-Simple-Storage-Service-S3.png", imagepos=tc, labelloc=b, shape=plaintext ];
}
$ inframap generate main.tf | dot -Tpng > inframap_generate.png
# generate inframap_generate.png
$ inframap generate main.tf | dot -Tsvg > inframap_generate.svg
# generate inframap_generate.svg
$ inframap generate main.tf | /usr/local/Cellar/perl/5.36.0/bin/graph-easy
aws_cloudfront_distribution.test
|
|
v
aws_s3_bucket.test
如果使用更复杂的结构,将能更充分地受益于inframap,但本次只使用了S3和CloudFront,所以图示也相对简单。
其他
为了参考,也会记录terraform graph的执行结果。
terraform graph能够像inframap一样以图像或文本的形式进行输出。
$ terraform graph
digraph {
compound = "true"
newrank = "true"
subgraph "root" {
"[root] aws_cloudfront_distribution.test (expand)" [label = "aws_cloudfront_distribution.test", shape = "box"]
"[root] aws_cloudfront_origin_access_identity.test (expand)" [label = "aws_cloudfront_origin_access_identity.test", shape = "box"]
"[root] aws_s3_bucket.test (expand)" [label = "aws_s3_bucket.test", shape = "box"]
"[root] aws_s3_bucket_acl.example_bucket_acl (expand)" [label = "aws_s3_bucket_acl.example_bucket_acl", shape = "box"]
"[root] aws_s3_bucket_policy.test (expand)" [label = "aws_s3_bucket_policy.test", shape = "box"]
"[root] aws_s3_bucket_website_configuration.test (expand)" [label = "aws_s3_bucket_website_configuration.test", shape = "box"]
"[root] data.aws_iam_policy_document.test (expand)" [label = "data.aws_iam_policy_document.test", shape = "box"]
"[root] provider[\"registry.terraform.io/hashicorp/aws\"]" [label = "provider[\"registry.terraform.io/hashicorp/aws\"]", shape = "diamond"]
"[root] aws_cloudfront_distribution.test (expand)" -> "[root] aws_cloudfront_origin_access_identity.test (expand)"
"[root] aws_cloudfront_distribution.test (expand)" -> "[root] aws_s3_bucket.test (expand)"
"[root] aws_cloudfront_origin_access_identity.test (expand)" -> "[root] provider[\"registry.terraform.io/hashicorp/aws\"]"
"[root] aws_s3_bucket.test (expand)" -> "[root] provider[\"registry.terraform.io/hashicorp/aws\"]"
"[root] aws_s3_bucket_acl.example_bucket_acl (expand)" -> "[root] aws_s3_bucket.test (expand)"
"[root] aws_s3_bucket_policy.test (expand)" -> "[root] data.aws_iam_policy_document.test (expand)"
"[root] aws_s3_bucket_website_configuration.test (expand)" -> "[root] aws_s3_bucket.test (expand)"
"[root] data.aws_iam_policy_document.test (expand)" -> "[root] aws_cloudfront_origin_access_identity.test (expand)"
"[root] data.aws_iam_policy_document.test (expand)" -> "[root] aws_s3_bucket.test (expand)"
"[root] provider[\"registry.terraform.io/hashicorp/aws\"] (close)" -> "[root] aws_cloudfront_distribution.test (expand)"
"[root] provider[\"registry.terraform.io/hashicorp/aws\"] (close)" -> "[root] aws_s3_bucket_acl.example_bucket_acl (expand)"
"[root] provider[\"registry.terraform.io/hashicorp/aws\"] (close)" -> "[root] aws_s3_bucket_policy.test (expand)"
"[root] provider[\"registry.terraform.io/hashicorp/aws\"] (close)" -> "[root] aws_s3_bucket_website_configuration.test (expand)"
"[root] root" -> "[root] provider[\"registry.terraform.io/hashicorp/aws\"] (close)"
}
}
$ terraform graph | dot -Tpng > terraform_graph.png
# generate terraform_graph.png
$ terraform graph | dot -Tsvg > terraform_graph.svg
# generate terraform_graph.svg
$ terraform graph | /usr/local/Cellar/perl/5.36.0/bin/graph-easy
+ - - - - - - - - - - - - - - - - - - - - - - - - - - +
' root '
' '
' +-------------------------------------------------+ '
' | [root] root | '
' +-------------------------------------------------+ '
' | '
' | '
' | '
+- - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -+
' v '
' +------------------------------------------+ +---------------------------------------------------------------------------------------+ +--------------------------------------+ '
' | aws_s3_bucket_website_configuration.test | <---- | [root] provider["registry.terraform.io/hashicorp/aws"] (close) | ----> | aws_s3_bucket_acl.example_bucket_acl | '
' +------------------------------------------+ +---------------------------------------------------------------------------------------+ +--------------------------------------+ '
' | | | | '
' | | | | '
' | v v | '
' | +-------------------------------------------------+ +----------------------------------+ | '
' | | aws_s3_bucket_policy.test | | aws_cloudfront_distribution.test | ---+ | '
' | +-------------------------------------------------+ +----------------------------------+ | | '
' | | | | | '
' | | | | | '
' | v | | | '
' | +-------------------------------------------------+ | | | '
' | +--- | data.aws_iam_policy_document.test | | | | '
' | | +-------------------------------------------------+ | | | '
' | | | | | | '
' | | | | | | '
' | | v | | | '
' | | +-------------------------------------------------+ | | | '
' | | | aws_cloudfront_origin_access_identity.test | <--+ | | '
' | | +-------------------------------------------------+ | | '
' | | | | | '
' | | | - - - - - - - - - - - - - - - - - - | | '
' | | | ' ' | | '
' | | | ' ' | | '
' | | v ' ' | | '
' | | +-------------------------------------------------+ ' ' | | '
' | | | provider["registry.terraform.io/hashicorp/aws"] | ' ' | | '
' | | +-------------------------------------------------+ ' ' | | '
+ - - - | | ^ ' ' | | '
' | | | ' ' | | '
' | | | ' ' | | '
' +------+-------------------------------------------+ | ' ' | | '
' | | | ' ' | | '
' | | | - - - - - - - - - - - - - - - - - - | | '
' | | | | | '
' | | +---------------------------------------------------------------------------------------+ | | '
' | +----------------------------------------------> | aws_s3_bucket.test | <--+ | '
' | +---------------------------------------------------------------------------------------+ | '
' | ^ ^ | '
' +---------------------------------------------------------+ +------------------------------------------+ '
' '
' '
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -+
最后
这次我们从 HCL 文件 main.tf 中导出了配置,但也可以从状态文件等输出。详细信息,请参阅 README。
参考文献
-
- cycloidio/inframap: Read your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.
-
- Command: graph | Terraform | HashiCorp Developer
-
- Download | Graphviz
-
- ironcamel/Graph-Easy: Convert or render graphs (as ASCII, HTML, SVG or via Graphviz)
-
- aws_s3_bucket_acl | Resources | hashicorp/aws | Terraform Registry
-
- aws_s3_bucket_website_configuration | Resources | hashicorp/aws | Terraform Registry
-
- aws_s3_bucket_policy | Resources | hashicorp/aws | Terraform Registry
-
- aws_cloudfront_distribution | Resources | hashicorp/aws | Terraform Registry
- aws_cloudfront_origin_access_identity | Resources | hashicorp/aws | Terraform Registry
