云生态下的基础架构资源管理利器Terraform

简介: ## About Terraform Terraform (https://www.terraform.io/)是HashiCorp旗下的一款开源(Go语言开发)的DevOps 基础架构资源管理运维工具,可以看下对应的DevOps工具链: ![image.

About Terraform

Terraform (https://www.terraform.io/) 是HashiCorp旗下的一款开源(Go语言开发)的DevOps 基础架构资源管理运维工具,可以看下对应的DevOps工具链:
image.png

Terraform可以安全高效的构建、更改和合并多个云厂商的各种服务资源,当前支持有阿里云、AWS、微软Azure、Vmware、Google Cloud Platform等多个云厂商云产品的资源创建。
image.png

Write, Plan, and Create Infrastructure as Code

Terraform通过模板配置文件定义所有资源类型(有如主机,OS,存储类型,中间件,网络VPC,SLB,DB,Cache等)和资源的数量、规格类型、资源创建依赖关系,基于资源厂商的OpenAPI快速创建一键创建定义的资源列表,同时也支持资源的一键销毁。

通过模板配置化的方式,我们可以得知整个资源关系,也可以做相应的资源版本化管理,甚至可以把该资源模板直接复制建立多可用区的服务,包括资源的弹性伸缩,可以说在提高运维自动化生产力上是一个绝好的利器。

这里引用@箫竹 一次分享中提供的一个创建阿里云资源的Terraform产品介绍图 :
image.png
最左边栏通过一个main.tf文件(只需要是.tf 文件)定义了ECS(镜像、实例类型)、VPC(CIDR、VPC Name)、OSS资源(ACL、实例Name)信息,通过Terraform 对资源配置参数做解析,调用阿里cloud OpenAPI 进行资源校验于创建,同时把整个资源创建状态化到一个.tf.state文件中,基于该文件则可以得知资源创建的所有信息,包括资源数量调整,规格调整,实例变更都依赖这种非常重要的文件。 具体后续综合一些案例,比如Terraform 实现WordPress的一键自动化搭建,可以更好的理解该产品的执行过程。

下面先讲述下Terraform的安装,模板配置文件的编写,后续再专门写几个案例作为分享。

Install Terraform

Terraform 可以随意部署在任意的C端上,只要可以连通公网即可(Initializing provider plugins and Call Cloud OpenAPI)
通过 https://www.terraform.io/downloads.html 下载对应平台的可执行二进制包,解压出来Executable Binary 放指定目录,配置好相应的PATH则可使用terraform 指令。

wangzhipengs-MacBook-Pro:~ wangzhipeng$ which terraform
/usr/local/bin/terraform
wangzhipengs-MacBook-Pro:~ wangzhipeng$ terraform 
Usage: terraform [--version] [--help] <command> [args]

The available commands for execution are listed below.
The most common, useful commands are shown first, followed by
less common or more advanced commands. If you're just getting
started with Terraform, stick with the common commands. For the
other commands, please read the help and docs before usage.

Common commands:
    apply              Builds or changes infrastructure
    console            Interactive console for Terraform interpolations
    destroy            Destroy Terraform-managed infrastructure
    env                Workspace management
    fmt                Rewrites config files to canonical format
    get                Download and install modules for the configuration
    graph              Create a visual graph of Terraform resources
    import             Import existing infrastructure into Terraform
    init               Initialize a Terraform working directory
    output             Read an output from a state file
    plan               Generate and show an execution plan
    providers          Prints a tree of the providers used in the configuration
    push               Upload this Terraform module to Atlas to run
    refresh            Update local state file against real resources
    show               Inspect Terraform state or plan
    taint              Manually mark a resource for recreation
    untaint            Manually unmark a resource as tainted
    validate           Validates the Terraform files
    version            Prints the Terraform version
    workspace          Workspace management

All other commands:
    debug              Debug output management (experimental)
    force-unlock       Manually unlock the terraform state
    state              Advanced state management

这里需要特别说明一下的是目前Terraform官网的版本只支持阿里cloud比较有效的几个大产品的resource,因此如果要创建阿里cloud多个resource需要引入阿里cloud的provider:
https://github.com/alibaba/terraform-provider/releases
通过下载alicloud的provider binary (bin/terraform-provider-alicloud) 放置到Terraform的安装目录下。

Build Infrastructure

整个架构资源创建的过程,可以分成如下四部分:
image.png
通过一个*.tf 后缀的模板文件,描述指定厂商的所有资源配置信息,比如说创建一个alicloud ECS的模板配置:

# Configure the Alicloud Provider
provider "alicloud" {
  access_key = "${var.access_key}"
  secret_key = "${var.secret_key}"
  region     = "${var.region}"
}

# Create a web server
resource "alicloud_instance" "web" {
  # cn-beijing
  provider          = "alicloud"
  availability_zone = "cn-beijing-a"
  image_id          = "ubuntu_140405_32_40G_cloudinit_20161115.vhd"

  internet_charge_type  = "PayByBandwidth"

  instance_type        = "ecs.n1.medium"
  io_optimized         = "optimized"
  system_disk_category = "cloud_efficiency"
  security_groups      = ["${alicloud_security_group.default.id}"]
  instance_name        = "web"
}

# Create security group
resource "alicloud_security_group" "default" {
  name        = "default"
  provider    = "alicloud"
  description = "default"
}

# Output message
output "ecs instance name" {
  value = "${alicloud_instance.web.instance_name}"
}

output "ecs private ip" {
  value = "${alicloud_instance.web.private_ip}"
}

如上access_key,secret_key 填写创建资源账号的AK,该Config File涵盖了Region,可用区,ECS镜像,带宽计费方式,实例规格,IO类型,存储类型,安全组,实例名称多个信息。
完成如上配置信息后,需要通过terraform init 做cloud provider plugins的初始化操作:

wangzhipengs-MacBook-Pro:terraform_dir wangzhipeng$ terraform init

Initializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...
- Downloading plugin for provider "alicloud" (0.1.0)...

The following providers do not have any version constraints in configuration,
so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.

* provider.alicloud: version = "~> 0.1"

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

此时会在当前目录下创建一个.terraform目录,保存有该平台下的provider可执行文件。
上面信息也做了提示,我们可以running "terraform plan" 查看将要创建的资源信息:

wangzhipengs-MacBook-Pro:terraform_dir wangzhipeng$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + alicloud_instance.web
      id:                   <computed>
      allocate_public_ip:   "false"
      availability_zone:    "cn-beijing-a"
      host_name:            <computed>
      image_id:             "ubuntu_140405_32_40G_cloudinit_20161115.vhd"
      instance_name:        "web"
      instance_type:        "ecs.n1.medium"
      internet_charge_type: "PayByBandwidth"
      io_optimized:         "optimized"
      private_ip:           <computed>
      public_ip:            <computed>
      security_groups.#:    <computed>
      status:               <computed>
      subnet_id:            <computed>
      system_disk_category: "cloud_efficiency"
      system_disk_size:     <computed>

  + alicloud_security_group.default
      id:                   <computed>
      description:          "default"
      name:                 "default"


Plan: 2 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

通过apply可以预览模板对应创建2个资源,已经对应的属性信息:

  • alicloud_instance.web
  • alicloud_security_group.default (该安全组暂时未设置自定义放行规则)
    其中computed标识为暂时无法得知最终创建出来的信息,所以也可以理解成系统默认分配。

接下通过指令terraform apply执行资源创建:

wangzhipengs-MacBook-Pro:terraform_dir wangzhipeng$ terraform apply
alicloud_security_group.default: Creating...
  description: "" => "default"
  name:        "" => "default"
alicloud_security_group.default: Creation complete after 1s (ID: sg-2zec9v8aq2hgb244qrqf)
alicloud_instance.web: Creating...
  allocate_public_ip:         "" => "false"
  availability_zone:          "" => "cn-beijing-a"
  host_name:                  "" => "<computed>"
  image_id:                   "" => "ubuntu_140405_32_40G_cloudinit_20161115.vhd"
  instance_name:              "" => "web"
  instance_type:              "" => "ecs.n1.medium"
  internet_charge_type:       "" => "PayByBandwidth"
  io_optimized:               "" => "optimized"
  private_ip:                 "" => "<computed>"
  public_ip:                  "" => "<computed>"
  security_groups.#:          "" => "1"
  security_groups.2344301974: "" => "sg-2zec9v8aq2hgb244qrqf"
  status:                     "" => "<computed>"
  subnet_id:                  "" => "<computed>"
  system_disk_category:       "" => "cloud_efficiency"
  system_disk_size:           "" => "<computed>"
alicloud_instance.web: Still creating... (10s elapsed)
alicloud_instance.web: Still creating... (20s elapsed)
alicloud_instance.web: Still creating... (30s elapsed)
alicloud_instance.web: Still creating... (40s elapsed)
alicloud_instance.web: Still creating... (50s elapsed)
alicloud_instance.web: Creation complete after 51s (ID: i-2zedvfowy4m39sg1xdig)

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

Outputs:

ecs instance name = web
ecs private ip = 10.31.28.93

分钟级功夫该ECS就创建好了
image.png

Input/Output Variables

回顾上面通过Terraform 创建资源的过程,最关键的还是如何描述模板配置信息,这里主要说明一下参数配置2个输入输出的变量实现。

# Configure the Alicloud Provider
provider "alicloud" {
  access_key = "${var.access_key}"
  secret_key = "${var.secret_key}"
  region     = "${var.region}"
}

我们可以在当前文件,但最好另创建一个*.tf后缀结尾文件,存放对应的ak和region信息,这样我们就可以把一些变量信息提取出来避免硬编码,这对整个配置文件具备更好的可维护性:

wangzhipengs-MacBook-Pro:terraform_dir wangzhipeng$ cat variable.tf
variable "access_key" {
  default = "xxx"
}
variable "secret_key" {
  default = "xxx"
}
variable "region" {
  default = "cn-beijing"
}

此外,如上配置指定了output的变量信息,本身如果不指定output的内容也不影响整个资源创建的过程,但通过输出output的信息可以彻底脱离控制台,对于如下的output变量信息也可以存放在另一个*.tf后缀文件,对于resource的输出变量可以参阅每个provider resource的attribute信息。

# Output message
output "ecs instance name" {
  value = "${alicloud_instance.web.instance_name}"
}

output "ecs private ip" {
  value = "${alicloud_instance.web.private_ip}"
}

Destroy Infrastructure

资源使用后如果想要释放,以往通过控制台,往往需要存在资源依赖,导致资源释放的时候需要先释放被依赖的资源,所以整个资源释放的过程还是比较繁琐的,甚至可能存在忘记释放个别资源造成资源浪费,Terraform通过指令terraform destroy 可以一键释放资源:

wangzhipengs-MacBook-Pro:terraform_dir wangzhipeng$ terraform destroy
alicloud_security_group.default: Refreshing state... (ID: sg-2zec9v8aq2hgb244qrqf)
alicloud_instance.web: Refreshing state... (ID: i-2zedvfowy4m39sg1xdig)

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  - alicloud_instance.web

  - alicloud_security_group.default


Plan: 0 to add, 0 to change, 2 to destroy.

Do you really want to destroy?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes

alicloud_instance.web: Destroying... (ID: i-2zedvfowy4m39sg1xdig)
alicloud_instance.web: Still destroying... (ID: i-2zedvfowy4m39sg1xdig, 10s elapsed)
alicloud_instance.web: Destruction complete after 11s
alicloud_security_group.default: Destroying... (ID: sg-2zec9v8aq2hgb244qrqf)
alicloud_security_group.default: Destruction complete after 1s

Destroy complete! Resources: 2 destroyed.
目录
相关文章
|
3月前
|
资源调度 分布式计算 监控
【揭秘Hadoop YARN背后的奥秘!】从零开始,带你深入了解YARN资源管理框架的核心架构与实战应用!
【8月更文挑战第24天】Hadoop YARN(Yet Another Resource Negotiator)是Hadoop生态系统中的资源管理器,为Hadoop集群上的应用提供统一的资源管理和调度框架。YARN通过ResourceManager、NodeManager和ApplicationMaster三大核心组件实现高效集群资源利用及多框架支持。本文剖析YARN架构及组件工作原理,并通过示例代码展示如何运行简单的MapReduce任务,帮助读者深入了解YARN机制及其在大数据处理中的应用价值。
81 0
|
5月前
|
分布式计算 资源调度 监控
分布式资源管理和调度架构
分布式资源管理和调度架构
|
6月前
|
Kubernetes Cloud Native 持续交付
探索云原生架构的未来:如何优化资源管理和服务部署
【5月更文挑战第6天】 随着云计算的快速发展,云原生技术已成为企业数字化转型的关键驱动力。此篇文章深入探讨了云原生架构的核心组件及其在资源管理和服务部署方面的优化策略。通过分析容器化、微服务及自动化管理的实践案例,本文旨在为读者提供一套系统的方法论,以利用云原生技术实现更高效、灵活且可靠的IT基础设施。
112 2
|
架构师
HRMS(人力资源管理系统)-从单机应用到SaaS应用-架构分析(功能性、非功能性、关键约束)-上篇
原文:HRMS(人力资源管理系统)-从单机应用到SaaS应用-架构分析(功能性、非功能性、关键约束)-上篇 一、开篇       上一篇《HRMS(人力资源管理系统)-从单机应用到SaaS应用-系统介绍》我们已经详细的分析了HRMS系统具备的功能,并且从HRMS系统的概念、系统功能、HR行业管理现状及痛点、发展趋势及行业前景、行业内的服务提供商情况、HRMS系统的建设意义及价值等方面进行了系统化的分析梳理。
1811 0
|
架构师
HRMS(人力资源管理系统)-从单机应用到SaaS应用-架构分析(功能性、非功能性、关键约束)-上篇
一、开篇       上一篇《HRMS(人力资源管理系统)-从单机应用到SaaS应用-系统介绍》我们已经详细的分析了HRMS系统具备的功能,并且从HRMS系统的概念、系统功能、HR行业管理现状及痛点、发展趋势及行业前景、行业内的服务提供商情况、HRMS系统的建设意义及价值等方面进行了系统化的分析梳理。
2082 0
|
5天前
|
弹性计算 Kubernetes Cloud Native
云原生架构下的微服务设计原则与实践####
本文深入探讨了在云原生环境中,微服务架构的设计原则、关键技术及实践案例。通过剖析传统单体架构面临的挑战,引出微服务作为解决方案的优势,并详细阐述了微服务设计的几大核心原则:单一职责、独立部署、弹性伸缩和服务自治。文章还介绍了容器化技术、Kubernetes等云原生工具如何助力微服务的高效实施,并通过一个实际项目案例,展示了从服务拆分到持续集成/持续部署(CI/CD)流程的完整实现路径,为读者提供了宝贵的实践经验和启发。 ####
|
2天前
|
监控 安全 应用服务中间件
微服务架构下的API网关设计策略与实践####
本文深入探讨了在微服务架构下,API网关作为系统统一入口点的设计策略、实现细节及其在实际应用中的最佳实践。不同于传统的摘要概述,本部分将直接以一段精简的代码示例作为引子,展示一个基于NGINX的简单API网关配置片段,随后引出文章的核心内容,旨在通过具体实例激发读者兴趣,快速理解API网关在微服务架构中的关键作用及实现方式。 ```nginx server { listen 80; server_name api.example.com; location / { proxy_pass http://backend_service:5000;
|
4天前
|
缓存 监控 API
探索微服务架构中的API网关模式
随着微服务架构的兴起,API网关成为管理和服务间交互的关键组件。本文通过在线零售公司的案例,探讨了API网关在路由管理、认证授权、限流缓存、日志监控和协议转换等方面的优势,并详细介绍了使用Kong实现API网关的具体步骤。
18 3
|
5天前
|
运维 NoSQL Java
后端架构演进:微服务架构的优缺点与实战案例分析
【10月更文挑战第28天】本文探讨了微服务架构与单体架构的优缺点,并通过实战案例分析了微服务架构在实际应用中的表现。微服务架构具有高内聚、低耦合、独立部署等优势,但也面临分布式系统的复杂性和较高的运维成本。通过某电商平台的实际案例,展示了微服务架构在提升系统性能和团队协作效率方面的显著效果,同时也指出了其带来的挑战。
35 4
|
4天前
|
存储 缓存 监控
探索微服务架构中的API网关模式
探索微服务架构中的API网关模式
18 2

热门文章

最新文章