Introduction to Terraform
HashiCorp Terraform is an IT infrastructure automation orchestration tool that can use code to manage and maintain IT resources. Terraform's command line interface (CLI) provides an easy mechanism to deploy and version control configuration files to Alibaba Cloud or any other supported cloud. It writes infrastructure in configuration files that describe the topology of cloud resources, such as virtual machines, storage accounts, and network interfaces.
Terraform is a highly extensible tool that supports new infrastructures through Providers. Terraform allows you to easily use a simple template language to define, preview, and deploy cloud infrastructure on Alibaba Cloud. You can use Terraform to create, modify, and delete ECS, VPC, RDS, SLB and other resources.
Install and configure Terraform
Using Terraform in Cloud Shell
Alibaba Cloud Cloud Shell is a
free product to help you operate and maintain. It is pre-installed with Terraform components and configured with credentials. So you can run Terraform commands directly in Cloud Shell.
Open a browser and visit the Cloud Shell address https://shell.aliyun.com.
Install and configure Terraform locally
Log in to the Terraform official website to download and install the package for your operating system.
After the command runs, it will display a list of available Terraform options as shown below, indicating that the installation is complete.
username:~$ terraform
Usage: terraform [-version] [-help] <command> [args]
Create environment variables to store identity authentication
information.
export ALICLOUD_ACCESS_KEY="LTAIUrZCw3********"
export ALICLOUD_SECRET_KEY="zfwwWAMWIAiooj14GQ2*************"
export ALICLOUD_REGION="cn-beijing"
Write terraform scripts
Here choose to use Terraform in Cloud Shell and create relevant directories:
mkdir /home/shell/terraform_ecs
cd /home/shell/terraform_ecs
The terraform script is as follows:
variable "profile" {
default = "default"
}
#Region
variable "region" {
default = "cn-shanghai"
}
#将公钥拷贝到ECS上
locals {
user_data_ecs = <<TEOF
#!/bin/bash
cp ~/.ssh/authorized_keys /root/.ssh
TEOF
}
provider "alicloud" {
region = var.region
profile = var.profile
}
#VPC
module "vpc" {
source = "alibaba/vpc/alicloud"
region = var.region
profile = var.profile
vpc_name = "ecs_terraform"
vpc_cidr = "10.10.0.0/16"
availability_zones = ["cn-shanghai-b"]
vswitch_cidrs = ["10.10.1.0/24"]
}
#安全组
module "security_group" {
source = "alibaba/security-group/alicloud"
profile = var.profile
region = var.region
vpc_id = module.vpc.this_vpc_id
ingress_cidr_blocks = ["0.0.0.0/0"]
ingress_ports = [22]
ingress_with_cidr_blocks_and_ports = [
{
protocol = "tcp"
priority = 1
description = "ingress for ssh"
}
]
}
#ECS
module "ecs" {
source = "alibaba/ecs-instance/alicloud"
profile = var.profile
region = var.region
internet_max_bandwidth_out = 1
associate_public_ip_address = true
name = "terraform_ecs"
image_id = "centos_7_9_x64_20G_alibase_20201228.vhd"
instance_type = "ecs.t5-c1m2.xlarge" #实例规格
vswitch_id = module.vpc.this_vswitch_ids.0
security_group_ids = [module.security_group.this_security_group_id]
system_disk_size = 30
number_of_instances = 3 #实例数量
user_data = local.user_data_ecs
}
#设置本地~/.ssh/config的ssh信息
resource "local_file" "ssh_config" {
content = <<EOF
%{ for ip in module.ecs.this_public_ip }
Host ecs${index(module.ecs.this_public_ip, ip) + 1}
StrictHostKeyChecking no
HostName ${ip}
User terraform
%{ endfor }
EOF
filename = "/home/shell/.ssh/config"
}
#屏幕输出提示信息
resource "local_file" "info" {
content = <<EOF
登录服务器:
%{ for ip in module.ecs.this_public_ip }
ssh root@ecs${index(module.ecs.this_public_ip, ip) + 1}%{ endfor }
公网 IP 地址(用于 ssh 登陆):
%{ for ip in module.ecs.this_public_ip }
ecs${index(module.ecs.this_public_ip, ip) + 1}: ${ip}%{ endfor }
内网 IP 地址(用于集群内部通信,没有端口限制):
%{ for ip in module.ecs.this_private_ip }
ecs${index(module.ecs.this_private_ip, ip) + 1}: ${ip}%{ endfor }
销毁服务器:
cd /home/shell/terraform_ecs
terraform destroy --auto-approve
EOF
filename = "/home/shell/terraform_ecs/readme.txt"
}
output "服务器信息" {
value = <<EOF
登录服务器:
%{ for ip in module.ecs.this_public_ip }
ssh root@ecs${index(module.ecs.this_public_ip, ip) + 1}%{ endfor }
公网 IP 地址(用于 ssh 登录):
%{ for ip in module.ecs.this_public_ip }
ecs${index(module.ecs.this_public_ip, ip) + 1}: ${ip}%{ endfor }
内网 IP 地址(用于集群内部通信,没有端口限制):
%{ for ip in module.ecs.this_private_ip }
ecs${index(module.ecs.this_private_ip, ip) + 1}: ${ip}%{ endfor }
销毁服务器:
cd /home/shell/terraform_ecs
terraform destroy --auto-approve
查看以上信息:
cat /home/shell/terraform_ecs/readme.txt
EOF
}
Run the following command to start ECS:
terraform init #安装相关module
terraform apply --auto-approve #创建ECS
After successful creation, the following output will appear:
Apply complete! Resources: 11 added, 0 changed, 0 destroyed.
Outputs:
服务器信息 =
登录服务器:
ssh root@ecs1
ssh root@ecs2
ssh root@ecs3
公网 IP 地址(用于 ssh 登录):
ecs1: 47.117.170.15
ecs2: 47.117.172.214
ecs3: 47.117.152.20
内网 IP 地址(用于集群内部通信,没有端口限制):
ecs1: 10.10.1.151
ecs2: 10.10.1.152
ecs3: 10.10.1.153
销毁服务器:
cd /home/shell/terraform_ecs
terraform destroy --auto-approve
查看以上信息:
cat /home/shell/terraform_ecs/readme.txt
View the created ECS:
Log in to ECS:
#脚本已经将在Cloud shell的公钥传到ECS上了,并且在~/.ssh/config配置了登录信息
ssh root@ecs1
Official documentation: