使用Terraform添加Google Compute Engine实例

2 年 ago
文, 翔
4 minutes

总结

可以在Google Cloud Platform的控制台上创建和删除Google Compute Engine(Google Cloud Platform上的虚拟机)实例,但本文将使用Terraform进行实例的创建和删除。

Terraform的安装(Linux)

我正在使用Arch Linux,根据我所了解,[community]库中应该有terraform软件包。但是,当我尝试安装并运行该terraform软件包时,它告诉我版本已经过时。

❯ terraform --version
Terraform v0.9.9

Your version of Terraform is out of date! The latest version
is 0.9.11. You can update by downloading from www.terraform.io

既然没有其他办法,我们可以从Terraform的官方网站上下载二进制分发包。解压缩下载的zip文件,将执行文件(terraform)复制到已在PATH环境变量中的目录(如/usr/local/bin),这样就完成了安装。

下载GCP凭据

要操作GCP服务,需要在Terraform中设置Google Cloud提供程序。在这个提供程序的设置中,文档中提供了以下示例。

// Configure the Google Cloud provider
provider "google" {
  credentials = "${file("account.json")}"
  project     = "my-gce-project"
  region      = "us-central1"
}

// Create a new instance
resource "google_compute_instance" "default" {
  # ...
}

在这里,有关凭据的信息如下所示在文件中进行了解释。

凭证 -(可选)JSON 文件的内容,用于描述您的帐户凭证,从Google云控制台下载。有关提取此文件的更多详细信息请参阅以下内容。如果您正在从具有正确配置的计算引擎服务帐户的GCE实例上运行Terraform,则凭证可能为空。

换句话说,当从GCE实例执行Terraform时,有时可以将credentials字段留空。但是由于我们这次是从(GCP上不存在的)本地计算机执行Terraform,因此必须下载credentials文件。

按照文件中的步骤,下载credentials文件。

    1. 打开GCP控制台,选择API Manager的Credentials选项。

 

    1. 在”Create credentials”中选择”Service account key”。

 

    1. 选择”Compute Engine default service account”作为Service account,并将Key type设置为JSON(默认值),然后点击”Create”。

 

    将下载的文件复制到Terraform项目相同的目录中。

创建实例

下载了Credentials之后,您可以使用以下配置文件从Terraform创建GCE实例。

provider "google" {
  credentials = "${file("account.json")}"
  project     = "myproject-123456"
  region      = "asia-northeast1-a"
}

resource "google_compute_instance" "default" {
  name         = "terraform"
  machine_type = "f1-micro"
  zone         = "asia-northeast1-a"

  tags = []

  disk {
    image = "debian-cloud/debian-8"
  }

  network_interface {
    network = "default"
  }

  service_account {
    scopes = ["userinfo-email", "compute-ro", "storage-ro"]
  }
}

在这里,account.json是刚刚下载的凭据文件的名称,project是GCP的项目ID。

使用Terraform plan命令来确认计划(将返回类似以下的输出),

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.

Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.

+ google_compute_instance.default
    can_ip_forward:                      "false"
    create_timeout:                      "4"
    disk.#:                              "1"
    disk.0.auto_delete:                  "true"
    disk.0.disk_encryption_key_sha256:   "<computed>"
    disk.0.image:                        "debian-cloud/debian-8"
    machine_type:                        "f1-micro"
    metadata_fingerprint:                "<computed>"
    name:                                "terraform"
    network_interface.#:                 "1"
    network_interface.0.address:         "<computed>"
    network_interface.0.name:            "<computed>"
    network_interface.0.network:         "default"
    self_link:                           "<computed>"
    service_account.#:                   "1"
    service_account.0.email:             "<computed>"
    service_account.0.scopes.#:          "3"
    service_account.0.scopes.1632638332: "https://www.googleapis.com/auth/devstorage.read_only"
    service_account.0.scopes.2428168921: "https://www.googleapis.com/auth/userinfo.email"
    service_account.0.scopes.2862113455: "https://www.googleapis.com/auth/compute.readonly"
    tags_fingerprint:                    "<computed>"
    zone:                                "asia-northeast1-a"

在terraform apply命令中执行计划的应用。

google_compute_instance.default: Creating...
  can_ip_forward:                      "" => "false"
  create_timeout:                      "" => "4"
  disk.#:                              "" => "1"
  disk.0.auto_delete:                  "" => "true"
  disk.0.disk_encryption_key_sha256:   "" => "<computed>"
  disk.0.image:                        "" => "debian-cloud/debian-8"
  machine_type:                        "" => "f1-micro"
  metadata_fingerprint:                "" => "<computed>"
  name:                                "" => "terraform"
  network_interface.#:                 "" => "1"
  network_interface.0.address:         "" => "<computed>"
  network_interface.0.name:            "" => "<computed>"
  network_interface.0.network:         "" => "default"
  self_link:                           "" => "<computed>"
  service_account.#:                   "" => "1"
  service_account.0.email:             "" => "<computed>"
  service_account.0.scopes.#:          "" => "3"
  service_account.0.scopes.1632638332: "" => "https://www.googleapis.com/auth/devstorage.read_only"
  service_account.0.scopes.2428168921: "" => "https://www.googleapis.com/auth/userinfo.email"
  service_account.0.scopes.2862113455: "" => "https://www.googleapis.com/auth/compute.readonly"
  tags_fingerprint:                    "" => "<computed>"
  zone:                                "" => "asia-northeast1-a"
google_compute_instance.default: Still creating... (10s elapsed)
google_compute_instance.default: Creation complete (ID: terraform)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.

State path:

我在GCP控制台上确认后发现,确实创建了GCE的虚拟机实例。

vminstance-from-terraform.png

删除实例

您也可以使用Terraform删除由Terraform创建的实例。

首先,使用terraform plan -destroy命令确认销毁计划:

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

google_compute_instance.default: Refreshing state... (ID: terraform)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.

Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.

- google_compute_instance.default


Plan: 0 to add, 0 to change, 1 to destroy.

使用 Terraform destroy 进行执行。

Do you really want to destroy?
  Terraform will delete all your managed infrastructure.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes

google_compute_instance.default: Refreshing state... (ID: terraform)
google_compute_instance.default: Destroying... (ID: terraform)
google_compute_instance.default: Still destroying... (ID: terraform, 10s elapsed)
google_compute_instance.default: Still destroying... (ID: terraform, 20s elapsed)
google_compute_instance.default: Destruction complete

Destroy complete! Resources: 1 destroyed.

总结

这次只是在GCP上创建了一个VM实例,非常基础的内容。但是通过这个应用,我们可以使用Terraform来构建更复杂的基础设施。通过使用像Terraform这样的基于配置文件的工具来构建基础设施(即基础设施即代码),我们可以对基础设施的配置进行版本控制,并且轻松地重复创建和销毁相同配置的基础设施。

广告
将在 10 秒后关闭
bannerAds