使用OCI进行Terraform的配置

2 年 ago
文, 翔
5 minutes

首先

根据OCI手册的参考,将进行Terraform配置。
为了确认操作,将显示可用域列表。

 

Terraform 的配置对象是已安装 OCI CLI 的 Oracle Linux 实例。

$ cat /etc/oracle-release 
Oracle Linux Server release 8.8
$ oci -v
3.23.2

安装Terraform (Terraform installation)

请点击此URL,确认Terraform的最新版本。
这次我们将使用1.6.2版本。

 

下载档案。

$ wget https://releases.hashicorp.com/terraform/1.6.2/terraform_1.6.2_linux_amd64.zip
--2023-11-01 05:30:16--  https://releases.hashicorp.com/terraform/1.6.2/terraform_1.6.2_linux_amd64.zip
Resolving releases.hashicorp.com (releases.hashicorp.com)... 13.224.181.83, 13.224.181.111, 13.224.181.15, ...
Connecting to releases.hashicorp.com (releases.hashicorp.com)|13.224.181.83|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 24738688 (24M) [application/zip]
Saving to: ‘terraform_1.6.2_linux_amd64.zip’

terraform_1.6.2_linux_amd64.zip             100%[==========================================================================================>]  23.59M  --.-KB/s    in 0.09s   

2023-11-01 05:30:16 (277 MB/s) - ‘terraform_1.6.2_linux_amd64.zip’ saved [24738688/24738688]

解压文件并移动到相应的文件夹中,然后确认版本。

$ unzip -q terraform_1.6.2_linux_amd64.zip 
$ sudo mv terraform /usr/local/bin

$ terraform -v
Terraform v1.6.2
on linux_amd64

创建RSA密钥

由于已经在OCI CLI安装后进行了设置,因此省略已创建的部分。

$ ls -l ~/.oci
total 12
-rw-------. 1 opc opc  299 Nov  1 03:55 config
-rw-------. 1 opc opc 1703 Nov  1 03:57 oci_api_key.pem
-rw-rw-r--. 1 opc opc  451 Nov  1 03:56 oci_api_key_public.pem

创建配置文件

設定认证

创建一个目录,并创建provider.tf文件。
此文件将用于实例授权到OCI的认证。

$ mkdir tf-provider
$ cd tf-provider

provider "oci" {
  tenancy_ocid = "<tenancy-ocid>"
  user_ocid = "<user-ocid>" 
  private_key_path = "<rsa-private-key-path>"
  fingerprint = "<fingerprint>"
  region = "<region-identifier>"
}

设置数据源

这是一个用于配置通过Terraform创建和获取数据的设置文件。
在这里,将显示在provider.tf中指定的区域的可用域。
由于没有租户级别的权限,需要指定自己的部门OCID。

data "oci_identity_availability_domains" "ads" {
  compartment_id = "<tenancy-ocid>"
}

设定功率

设定输出数据的格式。

# Output the "list" of all availability domains.
output "all-availability-domains-in-your-tenancy" {
  value = data.oci_identity_availability_domains.ads.availability_domains
}

到目前为止,我已经创建了三个配置文件。

$ ls -l
total 12
-rw-rw-r--. 1 opc opc 155 Nov  1 05:57 availability-domains.tf
-rw-rw-r--. 1 opc opc 176 Nov  1 05:59 outputs.tf
-rw-rw-r--. 1 opc opc 356 Nov  1 05:44 provider.tf

执行Terraform

初始

进行初始化。

$ terraform init

Initializing the backend...

Initializing provider plugins...
- Finding latest version of hashicorp/oci...
- Installing hashicorp/oci v5.18.0...
- Installed hashicorp/oci v5.18.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

╷
│ Warning: Additional provider information from registry
│ 
│ The remote registry returned warnings for registry.terraform.io/hashicorp/oci:
│ - For users on Terraform 0.13 or greater, this provider has moved to oracle/oci. Please update your source in required_providers.
╵

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

虽然成功了,但出现了警告。
提供者建议更换为 Oracle 提供的注册表,而不是 Hashicorp 的注册表。

在provider.tf中追加内容后,再次进行初始化。

provider "oci" {
  tenancy_ocid = "<tenancy-ocid>"
  user_ocid = "<user-ocid>" 
  private_key_path = "<rsa-private-key-path>"
  fingerprint = "<fingerprint>"
  region = "<region-identifier>"
}

## 追記
terraform {
  required_providers {
    oci = {
      source  = "oracle/oci"
    }
  }
}
## ここまで

$ terraform init

Initializing the backend...

Initializing provider plugins...
- Finding latest version of oracle/oci...
- Installing oracle/oci v5.18.0...
- Installed oracle/oci v5.18.0 (signed by a HashiCorp partner, key ID 1533A49284137CEB)

Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html

Terraform has made some changes to the provider dependency selections recorded
in the .terraform.lock.hcl file. Review those changes and commit them to your
version control system if they represent changes you intended to make.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

查看日志发现这次没有警告。

初始化提供商插件…
– 查找 hashicorp/oci 的最新版本…
– 安装 hashicorp/oci v5.18.0…
– 已成功安装 hashicorp/oci v5.18.0(由HashiCorp签名)。

开始初始化提供商插件…
– 查找 hashicorp/oci 的最新版本…
– 正在安装 hashicorp/oci v5.18.0…
– 成功安装 hashicorp/oci v5.18.0(经HashiCorp签名)。

可以

初始化提供商插件…
– 查找oracle/oci的最新版本…
– 安装oracle/oci v5.18.0…
– 安装了oracle/oci v5.18.0(由HashiCorp合作伙伴签名,密钥ID为1533A49284137CEB)

已经发生了变化。

计划

创建执行计划。

$ terraform plan
data.oci_identity_availability_domains.ads: Reading...
data.oci_identity_availability_domains.ads: Read complete after 1s [id=IdentityAvailabilityDomainsDataSource-23752778]

Changes to Outputs:
  + all-availability-domains-in-your-tenancy = [
      + {
          + compartment_id = "ocid1.compartment.oc1..aaaaaaaamyemvazvbgl42f5pi7gzlpgq5tcmxlipjm2uitoihfschylliy5a"
          + id             = "ocid1.availabilitydomain.oc1..aaaaaaaalhnzffyixz4hyhp7gtcdskahy22cekpcgndvwdjffrdv6d5iqi5a"
          + name           = "TGjA:AP-SYDNEY-1-AD-1"
        },
    ]

You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.

──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.

提交申请

进行。

$ terraform apply
data.oci_identity_availability_domains.ads: Reading...
data.oci_identity_availability_domains.ads: Read complete after 0s [id=IdentityAvailabilityDomainsDataSource-23752778]

Changes to Outputs:
  + all-availability-domains-in-your-tenancy = [
      + {
          + compartment_id = "ocid1.compartment.oc1..aaaaaaaamyemvazvbgl42f5pi7gzlpgq5tcmxlipjm2uitoihfschylliy5a"
          + id             = "ocid1.availabilitydomain.oc1..aaaaaaaalhnzffyixz4hyhp7gtcdskahy22cekpcgndvwdjffrdv6d5iqi5a"
          + name           = "TGjA:AP-SYDNEY-1-AD-1"
        },
    ]

You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes


Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Outputs:

all-availability-domains-in-your-tenancy = tolist([
  {
    "compartment_id" = "ocid1.compartment.oc1..aaaaaaaamyemvazvbgl42f5pi7gzlpgq5tcmxlipjm2uitoihfschylliy5a"
    "id" = "ocid1.availabilitydomain.oc1..aaaaaaaalhnzffyixz4hyhp7gtcdskahy22cekpcgndvwdjffrdv6d5iqi5a"
    "name" = "TGjA:AP-SYDNEY-1-AD-1"
  },
])

只是表示一下,资源:0 添加,0 修改,0 销毁。

广告
将在 10 秒后关闭
bannerAds