Terraform系列一腾讯云CVM相关简单创建

Terraform系列一腾讯云CVM相关简单创建

背景：

记得2019左右就看到过Terraform系列的文章和书籍，当时所有的业务都上云了管理也很是方便，看了一眼就没有作过多的研究。但本着对技术发展的前瞻敏锐性， 还是觉得这个东西是会火起来的。

一、安装Terraform

1. 包管理器 or 二进制

2. Terraform Cloud

3. rocky install terraform

个人的工作环境是一台rocky linux ，选择了centos8/rhel 的yum 安装的方式：

[root@zhangpeng ~]# sudo yum install -y yum-utils [root@zhangpeng ~]# sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo [root@zhangpeng ~]# sudo yum -y install terraform

[root@zhangpeng ~]# terraform -version Terraform v1.1.7 on linux_amd64

二、使用Terraform管理腾讯云

1. 创建帐号并授权：

2. 配置provider文件 and terraform init

创建一个terraform的文件夹并配置id 密钥，参照：~]# mkdir terraform [root@zhangpeng ~]# cd terraform/ [root@zhangpeng terraform]# vim provider.tf [root@zhangpeng terraform]# cat provider.tf provider "tencentcloud" { secret_id = "xxxxxxxxxxxxxxxxxxxx" secret_key = "xxxxxxxxxxxxxxxxxxx" region = "ap-beijing" }

Could not retrieve the list of available versions for provider hashicorp/tencentcloud: provider registry registry.terraform.io │ does not have a provider named registry.terraform.io/hashicorp/tencentcloud

[root@zhangpeng terraform]# export TENCENTCLOUD_SECRET_ID="xxxxxxxx" [root@zhangpeng terraform]# export TENCENTCLOUD_SECRET_KEY="xxxxxx" [root@zhangpeng terraform]# export TENCENTCLOUD_REGION="ap-beijing" [root@zhangpeng terraform]# terraform plan

[root@zhangpeng terraform]# cat provider.tf terraform { required_providers { tencentcloud = { source = "tencentcloudstack/tencentcloud" } } } provider "tencentcloud" { secret_id = "xxxxxxxxxxx" secret_key = "xxxxxxxxxxx" region = "ap-beijing" }

[root@zhangpeng terraform]# terraform init

3.编排部署文件

1. 首先创建一个vpc

cat vpc.ft

resource "tencentcloud_vpc" "vpc_bj" { name = "vpc_bj" cidr_block = "10.0.0.0/16" is_multicast = false }

2. 创建一个路由

cat route_table.tf

resource "tencentcloud_route_table" "rtb_vpc_bj" { vpc_id = tencentcloud_vpc.vpc_bj.id name = "rtb-vpc-bj" }

注：后之后觉 route其实可以不创建的.....毕竟有默认的default......

3. 创建子网

创建子网subset，我这里之间创建了4个子网.......偷懒了，个人习惯而已......cat subnet.tf

resource "tencentcloud_subnet" "subnet_bj_01" { name = "bj-01" cidr_block = "10.0.1.0/24" availability_zone = "ap-beijing-1" vpc_id = "${tencentcloud_vpc.vpc_bj.id}" route_table_id = "${tencentcloud_route_table.rtb_vpc_bj.id}" } resource "tencentcloud_subnet" "subnet_bj_02" { name = "bj-02" cidr_block = "10.0.2.0/24" availability_zone = "ap-beijing-2" vpc_id = "${tencentcloud_vpc.vpc_bj.id}" route_table_id = "${tencentcloud_route_table.rtb_vpc_bj.id}" } resource "tencentcloud_subnet" "subnet_bj_03" { name = "bj-03" cidr_block = "10.0.3.0/24" availability_zone = "ap-beijing-3" vpc_id = "${tencentcloud_vpc.vpc_bj.id}" route_table_id = "${tencentcloud_route_table.rtb_vpc_bj.id}" } resource "tencentcloud_subnet" "subnet_bj_04" { name = "bj-04" cidr_block = "10.0.4.0/24" availability_zone = "ap-beijing-4" vpc_id = "${tencentcloud_vpc.vpc_bj.id}" route_table_id = "${tencentcloud_route_table.rtb_vpc_bj.id}" }

4. 创建安全组

cat security_group.tf

resource "tencentcloud_security_group" "sg_bj" { name = "sg-bj" } resource "tencentcloud_security_group_rule" "sg_bj_1" { security_group_id = "${tencentcloud_security_group.sg_bj.id}" type = "ingress" cidr_ip = "0.0.0.0/0" ip_protocol = "tcp" port_range = "22,80" policy = "accept" }

5. 创建cvm

cat cvm.tf

resource "tencentcloud_instance" "cvm_almalinux" { instance_name = "cvm-almalinux" availability_zone = "ap-beijing-2" image_id = "img-q95tlc25" instance_type = "S2.MEDIUM2" system_disk_type = "CLOUD_PREMIUM" security_groups = [ "${tencentcloud_security_group.sg_bj.id}" ] vpc_id = "${tencentcloud_vpc.vpc_bj.id}" subnet_id = "${tencentcloud_subnet.subnet_bj_02.id}" internet_max_bandwidth_out = 10 count = 1 }

当然了区域镜像都可以自己选择了 .....我img-q95tlc25是一个almalinux的镜像。早先找腾讯云团队问能不能早点上rocky 跟almalinux的镜像。给我分享了一下正好测试一下！

6 . terraform plan

执行 terraform plan 预览部署计划,

[root@zhangpeng terraform]# terraform plan

7. terraform apply

terraform apply 进行资源部署

[root@zhangpeng terraform]# terraform apply

4.验证资源的部署

后续：

给cvm绑定公网ip 调整硬盘大小，添加数据盘 给cvm绑定ssh-key

以上都是针对cvm的管理，其他的想更进一步体验一下其他服务的管理。比如 数据库 负载均衡 tke等其他的相关基础服务！对了删除服务我也体验过了......开始创建有问题删除重新创建的：

terraform show terraform destroy

另外感觉个人对帐号的权限管理玩的不太好。想深入研究一下腾讯云的cam访问控制特别鸣谢：

聂伟星的博客 腾讯云生态产品团队：腾讯云Terraform应用指南（一）（比较早的文章了，有点老） 官方文档：https://registry.terraform.io/providers/tencentcloudstack/tencentcloud/latest/docs/

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。