完全理解terraform
以下是2022年12月23日的デジタルキューブ&ヘプタゴン Advent Calendar的帖子。
因为我从来没有使用过terraform,所以可能会觉得现在学入门有点晚,但我会完全理解它的概念。
要做的事情 zuò de shì
通过 Terraform 的教程创建/更新/销毁 EC2 实例。教程可能与下列内容有所不同。
状态
我在IaC方面的知识如下所述。
-
- cloudformation完全に理解した
-
- aws cdk完全に理解した
- chefやansibleなどの構成管理ツールは使ったことがない
完全理解
terraform 是什么
作为一个IaC工具,它支持与AWS/Google Cloud/Azure等多个提供商的集成。
本地环境搭建
为了建立本地环境,使用asdf。
由于有另一篇文章,这里省略。
暂时将其更新至最新版本。
% asdf latest terraform
1.3.6
% asdf install terraform latest
% asdf global terraform 1.3.6
% terraform -v
Terraform v1.3.6
on darwin_arm64
建立
准备aws账户。
省略 means “omit” or “to leave out”. If you’d like a paraphrase of “省略” in Chinese, there are a few options:
1. 忽略
2. 跳过
3. 省去
4. 去掉
创建具有管理员权限的IAM用户并注册配置文件。
tf文件
% mkdir terraform-tutorials
% cd terraform-tutorials
% touch main.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "4.47.0"
}
}
required_version = ">= 1.2.0"
}
provider "aws" {
region = "us-west-2"
profile = "sandbox-sugo"
}
resource "aws_instance" "tutorial_instance" {
ami = "ami-0ceecbb0f30a902a6"
instance_type = "t2.micro"
tags = {
Name = "TutorialInstance"
}
}
terraform区块
使用terraform来配置本身和插件设置。
从terraform注册表中安装并使用所需提供程序的插件来执行必要的操作。
本次的指令是指示”获取并使用这个版本的AWS插件来完成任务”。
提供者方块
在terraform块中编写声明的aws插件配置。
资源区
在定义了 resource “リソース種別” “名前” {} 的情况下,这是管理资源的信息。
在以下的资源类型中,例如 aws_vpc 和 aws_s3_bucket,可以查看参数的指定内容和其他信息。
执行
第一次必須執行下載插件等操作
% terraform init
在提交之前执行该操作,对缩进等样式进行格式化。
% terraform fmt
检查句子结构是否存在问题。
% terraform validate
确认反映的内容
% terraform plan
请键入”yes”并进行反映。
% terraform apply
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
.
.
.
aws_instance.tutorial_instance: Creating...
aws_instance.tutorial_instance: Still creating... [10s elapsed]
aws_instance.tutorial_instance: Still creating... [20s elapsed]
aws_instance.tutorial_instance: Still creating... [30s elapsed]
aws_instance.tutorial_instance: Creation complete after 35s [id=i-xxxxxxxxxxxxxxxxx]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
我可以确认这是从管理系统中创建的。
当我查看该目录时,会生成 terraform.tfstate 文件,这是最重要的文件。
terraform 通过参考这个文件来管理资源状态。
您可以使用以下命令来确认目前资源的状态和管理情况。
% terraform show
另外,使用以下指令只能查看资源列表。
% terraform state list
更新 – 换新
试试改变实例类型。
- instance_type = "t2.micro"
+ instance_type = "t2.small"
确认反馈内容
% terraform plan
aws_instance.tutorial_instance: Refreshing state... [id=i-xxxxxxxxxxxxxxxxx]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_instance.tutorial_instance will be updated in-place
~ resource "aws_instance" "tutorial_instance" {
id = "i-xxxxxxxxxxxxxxxxx"
~ instance_type = "t2.micro" -> "t2.small"
tags = {
"Name" = "TutorialInstance"
}
# (29 unchanged attributes hidden)
# (7 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
输入“是”并进行反映
% terraform apply
.
.
.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_instance.tutorial_instance: Modifying... [id=i-xxxxxxxxxxxxxxxxx]
aws_instance.tutorial_instance: Still modifying... [id=i-xxxxxxxxxxxxxxxxx, 10s elapsed]
aws_instance.tutorial_instance: Still modifying... [id=i-xxxxxxxxxxxxxxxxx, 20s elapsed]
aws_instance.tutorial_instance: Still modifying... [id=i-xxxxxxxxxxxxxxxxx, 30s elapsed]
aws_instance.tutorial_instance: Still modifying... [id=i-xxxxxxxxxxxxxxxxx, 40s elapsed]
aws_instance.tutorial_instance: Still modifying... [id=i-xxxxxxxxxxxxxxxxx, 50s elapsed]
aws_instance.tutorial_instance: Still modifying... [id=i-xxxxxxxxxxxxxxxxx, 1m0s elapsed]
aws_instance.tutorial_instance: Modifications complete after 1m3s [id=i-xxxxxxxxxxxxxxxxx]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
可以从管理控制台确认已经更新过了
由于对实例类型进行了更改,所以一切顺利地进行了更改。例如,如果更改的是 ami 等内容,可能会发生替换(删除现有资源并创建新资源),所以在 plan 阶段确保确认内容是很重要的。
放弃
确认反映的内容
% terraform plan -destroy
aws_instance.tutorial_instance: Refreshing state... [id=i-xxxxxxxxxxxxxxxxx]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# aws_instance.tutorial_instance will be destroyed
- resource "aws_instance" "tutorial_instance" {
.
.
.
}
Plan: 0 to add, 0 to change, 1 to destroy.
输入”yes”并进行反映
% terraform destroy
.
.
.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
aws_instance.tutorial_instance: Destroying... [id=i-xxxxxxxxxxxxxxxxx]
aws_instance.tutorial_instance: Still destroying... [id=i-xxxxxxxxxxxxxxxxx, 10s elapsed]
aws_instance.tutorial_instance: Still destroying... [id=i-xxxxxxxxxxxxxxxxx, 20s elapsed]
aws_instance.tutorial_instance: Still destroying... [id=i-xxxxxxxxxxxxxxxxx, 30s elapsed]
aws_instance.tutorial_instance: Still destroying... [id=i-xxxxxxxxxxxxxxxxx, 40s elapsed]
aws_instance.tutorial_instance: Still destroying... [id=i-xxxxxxxxxxxxxxxxx, 50s elapsed]
aws_instance.tutorial_instance: Destruction complete after 51s
Destroy complete! Resources: 1 destroyed.
我可以从经理人那里确认到也得到了更新。
我完全了解了
这是基本的内容,接下来已经能看到的是以下的部分。
-
- stateファイルは大体クラウドで管理するっぽい
最新の状態をみんなで参照できないといけないから
awsならs3で、とか
module化とかインポートして利用ができるようで、宗派によっていろんなおすすめフォルダ構成があるっぽい
moduleってのが今後便利に使うには必ずおさえないといけない概念っぽい
providerブロックやresourceブロックを別ファイルにまとめたり、とか
グローバル変数定義ファイルとか用意していい感じにしたりするっぽい
hoge.tfvarsとかvariables.tfというものがあるっぽい
因为完全理解了,所以先将上述内容作为下一步行动的参考,以达到稍微激动的目标。
