Terraform one-click deployment of ECS instances

Introduction to Terraform

HashiCorp Terraform is an IT infrastructure automation orchestration tool that can use code to manage and maintain IT resources. Terraform's command line interface (CLI) provides an easy mechanism to deploy and version control configuration files to Alibaba Cloud or any other supported cloud. It writes infrastructure in configuration files that describe the topology of cloud resources, such as virtual machines, storage accounts, and network interfaces.

Terraform is a highly extensible tool that supports new infrastructures through Providers. Terraform allows you to easily use a simple template language to define, preview, and deploy cloud infrastructure on Alibaba Cloud. You can use Terraform to create, modify, and delete ECS, VPC, RDS, SLB and other resources.

Install and configure Terraform

Using Terraform in Cloud Shell

Alibaba Cloud Cloud Shell is a
free product to help you operate and maintain. It is pre-installed with Terraform components and configured with credentials. So you can run Terraform commands directly in Cloud Shell.

Open a browser and visit the Cloud Shell address https://shell.aliyun.com.

Install and configure Terraform locally

Log in to the Terraform official website to download and install the package for your operating system.

After the command runs, it will display a list of available Terraform options as shown below, indicating that the installation is complete.

username:~$ terraform
Usage: terraform [-version] [-help] <command> [args]

Create environment variables to store identity authentication
information.

export ALICLOUD_ACCESS_KEY="LTAIUrZCw3********"
export ALICLOUD_SECRET_KEY="zfwwWAMWIAiooj14GQ2*************"
export ALICLOUD_REGION="cn-beijing"

Write terraform scripts

Here choose to use Terraform in Cloud Shell and create relevant directories:

mkdir /home/shell/terraform_ecs
cd /home/shell/terraform_ecs

The terraform script is as follows:

variable "profile" {
  default = "default"
}

#Region
variable "region" {
  default = "cn-shanghai"
}

#将公钥拷贝到ECS上
locals {
  user_data_ecs = <<TEOF
#!/bin/bash
cp ~/.ssh/authorized_keys /root/.ssh
TEOF
}

provider "alicloud" {
  region  = var.region
  profile = var.profile
}

#VPC
module "vpc" {
  source  = "alibaba/vpc/alicloud"
  region  = var.region
  profile = var.profile
  vpc_name = "ecs_terraform"
  vpc_cidr          = "10.10.0.0/16"
  availability_zones = ["cn-shanghai-b"]
  vswitch_cidrs      = ["10.10.1.0/24"]
}

#安全组
module "security_group" {
  source  = "alibaba/security-group/alicloud"
  profile = var.profile
  region  = var.region
  vpc_id  = module.vpc.this_vpc_id

  ingress_cidr_blocks = ["0.0.0.0/0"]
  ingress_ports = [22]

  ingress_with_cidr_blocks_and_ports = [
    {
      protocol    = "tcp"
      priority    = 1
      description = "ingress for ssh"
    }
  ]
}

#ECS
module "ecs" {
  source  = "alibaba/ecs-instance/alicloud"
  profile = var.profile
  region  = var.region
  internet_max_bandwidth_out  = 1
  associate_public_ip_address = true

  name                        = "terraform_ecs"
  image_id                    = "centos_7_9_x64_20G_alibase_20201228.vhd"
  instance_type               = "ecs.t5-c1m2.xlarge"  #实例规格
  vswitch_id                  = module.vpc.this_vswitch_ids.0
  security_group_ids          = [module.security_group.this_security_group_id]

  system_disk_size     = 30
  number_of_instances = 3  #实例数量

  user_data = local.user_data_ecs
}

#设置本地~/.ssh/config的ssh信息
resource "local_file" "ssh_config" {
    content     = <<EOF
%{ for ip in module.ecs.this_public_ip }
Host ecs${index(module.ecs.this_public_ip, ip) + 1}
    StrictHostKeyChecking no
    HostName ${ip}
    User terraform
%{ endfor }
EOF
    filename = "/home/shell/.ssh/config"
}

#屏幕输出提示信息
resource "local_file" "info" {
    content     =  <<EOF
登录服务器：
%{ for ip in module.ecs.this_public_ip }
ssh root@ecs${index(module.ecs.this_public_ip, ip) + 1}%{ endfor }

公网 IP 地址（用于 ssh 登陆）：
%{ for ip in module.ecs.this_public_ip }
ecs${index(module.ecs.this_public_ip, ip) + 1}:    ${ip}%{ endfor }

内网 IP 地址（用于集群内部通信，没有端口限制）：
%{ for ip in module.ecs.this_private_ip }
ecs${index(module.ecs.this_private_ip, ip) + 1}:    ${ip}%{ endfor }

销毁服务器:
cd /home/shell/terraform_ecs
terraform destroy --auto-approve
EOF
    filename = "/home/shell/terraform_ecs/readme.txt"
}

output "服务器信息" {
   value = <<EOF

登录服务器：
%{ for ip in module.ecs.this_public_ip }
ssh root@ecs${index(module.ecs.this_public_ip, ip) + 1}%{ endfor }

公网 IP 地址（用于 ssh 登录）：
%{ for ip in module.ecs.this_public_ip }
ecs${index(module.ecs.this_public_ip, ip) + 1}:    ${ip}%{ endfor }

内网 IP 地址（用于集群内部通信，没有端口限制）：
%{ for ip in module.ecs.this_private_ip }
ecs${index(module.ecs.this_private_ip, ip) + 1}:    ${ip}%{ endfor }

销毁服务器:
cd /home/shell/terraform_ecs
terraform destroy --auto-approve

查看以上信息:
cat /home/shell/terraform_ecs/readme.txt

EOF
}

Run the following command to start ECS:

terraform init #安装相关module
terraform apply --auto-approve #创建ECS

After successful creation, the following output will appear:

Apply complete! Resources: 11 added, 0 changed, 0 destroyed.

Outputs:

服务器信息 = 
登录服务器：

ssh root@ecs1
ssh root@ecs2
ssh root@ecs3

公网 IP 地址（用于 ssh 登录）：

ecs1:    47.117.170.15
ecs2:    47.117.172.214
ecs3:    47.117.152.20

内网 IP 地址（用于集群内部通信，没有端口限制）：

ecs1:    10.10.1.151
ecs2:    10.10.1.152
ecs3:    10.10.1.153

销毁服务器:
cd /home/shell/terraform_ecs
terraform destroy --auto-approve

查看以上信息:
cat /home/shell/terraform_ecs/readme.txt

View the created ECS:

Log in to ECS:

#脚本已经将在Cloud shell的公钥传到ECS上了，并且在~/.ssh/config配置了登录信息
ssh root@ecs1

Official documentation:

Terraform Registry

Terraform Alibaba Cloud Modules · GitHub