本人在上一篇的文章中已经介绍了如何去创建 google cloud的 vm 的image 和 instance template了
url:
快速构建自定义配置好的VM - 使用GCP instance-template 和 custom-image
但是里面的操作是基于gcloud CLI的。
在实际项目上, 我们对google cloud infra的change 更常有的是terraform。 这里也简单介绍下如何利用terraform去创建vm instance template 和对应的vm
下面的内容都是参考自官方terraform 文档:
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance_from_template
创建 实例模板 vm instance template
首先在terraform的vm module里新建1个tf 文件 instance_template.tf, 其实terraform的module folder 内是支持把内容写在多个文件的, 比起单一的main.tf 来讲更加容易管理
接下来就简单了, 我们可以把vm module原来了定义vm的代码块抄过来, 只是下面的部分需要注意修改:
resource "google_compute_instance_template" "vm-template-vpc0-subnet0-e2-small-tomcat" {
name = "vm-template-vpc0-subnet0-e2-small-tomcat"
machine_type = "e2-small"
disk {
source_image = "https://compute.googleapis.com/compute/v1/projects/jason-hsbc/global/images/e2-small-tomcat-image"
auto_delete = true
disk_size_gb = 20
boot = true
}
network_interface {
network = var.vpc0
subnetwork = var.vpc0_subnet0
}
service_account {
email = "vm-common@jason-hsbc.iam.gserviceaccount.com"
scopes = ["https://www.googleapis.com/auth/cloud-platform"]
}
# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#provisioning_model
# to reduce cost
scheduling {
automatic_restart = false # Scheduling must have preemptible be false when AutomaticRestart is true.
provisioning_model = "SPOT"
preemptible = true
instance_termination_action = "STOP"
}
can_ip_forward = false
}
注意修改的部分:
- resource 是google_compute_instance_template 而不是 google_compute_instance
- source image 记得改成你自定义的image, 如果你需要预安装配置某些软件的话(jdk/tomcat…)
当执行玩terraform 一套命令后(init/plan/apply) , 1个新的vm instance template 就会被创建vm-template-vpc0-subnet0-e2-small-tomcat
[gateman@manjaro-x13 ~]$ gcloud compute instance-templates list
NAME MACHINE_TYPE PREEMPTIBLE CREATION_TIMESTAMP
e2-small-tomcat e2-small true 2023-12-18T11:31:14.226-08:00
vm-template-vpc0-subnet0-e2-small-tomcat e2-small true 2023-12-21T08:47:49.748-08:00
[gateman@manjaro-x13 ~]$ gcloud compute instance-templates describe vm-template-vpc0-subnet0-e2-small-tomcat
creationTimestamp: '2023-12-21T08:47:49.748-08:00'
description: ''
id: '7261720283884147418'
kind: compute#instanceTemplate
name: vm-template-vpc0-subnet0-e2-small-tomcat
properties:
disks:
- autoDelete: true
boot: true
deviceName: persistent-disk-0
index: 0
initializeParams:
diskSizeGb: '20'
diskType: pd-standard
sourceImage: projects/jason-hsbc/global/images/e2-small-tomcat-image
interface: SCSI
kind: compute#attachedDisk
mode: READ_WRITE
type: PERSISTENT
machineType: e2-small
metadata:
fingerprint: t09GrcHA4z0=
kind: compute#metadata
networkInterfaces:
- kind: compute#networkInterface
name: nic0
network: https://www.googleapis.com/compute/v1/projects/jason-hsbc/global/networks/tf-vpc0
subnetwork: https://www.googleapis.com/compute/v1/projects/jason-hsbc/regions/europe-west2/subnetworks/tf-vpc0-subnet0
scheduling:
automaticRestart: false
instanceTerminationAction: STOP
onHostMaintenance: TERMINATE
preemptible: true
provisioningModel: SPOT
serviceAccounts:
- email: vm-common@jason-hsbc.iam.gserviceaccount.com
scopes:
- https://www.googleapis.com/auth/cloud-platform
selfLink: https://www.googleapis.com/compute/v1/projects/jason-hsbc/global/instanceTemplates/vm-template-vpc0-subnet0-e2-small-tomcat
[gateman@manjaro-x13 ~]$
创建 基于vm instance template 创建vm
这个也很简单
首先继续在vm module里添加1个新的tf文件 vm_from_template.tf
接下来, 使用下面的terraform代码创建1个vm
resource "google_compute_instance_from_template" "tf-vpc0-subnet0-vm21" {
name = "tf-vpc0-subnet0-vm21"
project = var.project_id
zone = var.zone_id
# from a instance template
source_instance_template = google_compute_instance_template.vm-template-vpc0-subnet0-e2-small-tomcat.self_link_unique
}
注意的是resource 那么不能是google_compute_instance 而是 google_compute_instance_from_template
但执行玩terraform 命令一套后, 1个新的vm会被创建
[gateman@manjaro-x13 ~]$ gcloud compute ssh tf-vpc0-subnet0-vm21 │
No zone specified. Using zone [europe-west2-c] for instance: [tf-vpc0-subnet0-vm21]. │
External IP address was not found; defaulting to using IAP tunneling. │
WARNING: │
│
To increase the performance of the tunnel, consider installing NumPy. For instructions, │
please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the_tcp_upload_bandwidth │
│
Warning: Permanently added 'compute.442217657071685871' (ED25519) to the list of known hosts. │
Linux tf-vpc0-subnet0-vm21 5.10.0-26-cloud-amd64 #1 SMP Debian 5.10.197-1 (2023-09-29) x86_64 │
│
The programs included with the Debian GNU/Linux system are free software; │
the exact distribution terms for each program are described in the │
individual files in /usr/share/doc/*/copyright. │
│
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent │
permitted by applicable law. │
Last login: Mon Dec 18 17:25:44 2023 from 35.235.242.0 │
gateman@tf-vpc0-subnet0-vm21:~$ ps -ef | grep java │
gateman 608 1 9 16:55 ? 00:00:06 /usr/bin/java -Djava.util.logging.config.file=/home/gateman/server/tomcat10/conf/logging.properties -Djava.util.logging.│
manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security│
.SecurityListener.UMASK=0027 --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=j│
ava.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED -classpath /home/gateman/server/tomcat10/bin/bootstrap.jar:/home/gateman/server│
/tomcat10/bin/tomcat-juli.jar -Dcatalina.base=/home/gateman/server/tomcat10 -Dcatalina.home=/home/gateman/server/tomcat10 -Djava.io.tmpdir=/home/gateman/server/tomcat10/tem│
p org.apache.catalina.startup.Bootstrap start │
gateman 981 976 0 16:57 pts/0 00:00:00 grep java │
gateman@tf-vpc0-subnet0-vm21
测试过, 可以正确加载我们的自定义镜像, 也就是tomcat 已经被安装和启动了
创建 基于vm 的单独设置 可以覆盖 Instance template 上相应的值
这里做个测试
我在terraform加多1个resource tf-vpc0-subnet1-vm1
resource "google_compute_instance_from_template" "tf-vpc0-subnet0-vm21" {
name = "tf-vpc0-subnet0-vm21"
project = var.project_id
zone = var.zone_id
# from a instance template
source_instance_template = google_compute_instance_template.vm-template-vpc0-subnet0-e2-small-tomcat.self_link_unique
}
# The custom properties of vm_from_template could overwrite the pre-defined properties in instance template
resource "google_compute_instance_from_template" "tf-vpc0-subnet1-vm1" {
name = "tf-vpc0-subnet1-vm1"
project = var.project_id
zone = var.zone_id
network_interface {
network = "tf-vpc0"
subnetwork = "tf-vpc0-subnet1" # here the subnet property will overwrite the setting in instance template
}
# from a instance template
source_instance_template = google_compute_instance_template.vm-template-vpc0-subnet0-e2-small-tomcat.self_link_unique
}
其中 subnetwork 我显式设为了 tf-vpc0-subnet1 , 而 模板上的subnet 是 tf-vpc0-subnet0
当资源创建后, 可以见到subnet的值被 覆盖了, 相当方便。
[gateman@manjaro-x13 ~]$ gcloud compute instances describe tf-vpc0-subnet1-vm1
No zone specified. Using zone [europe-west2-c] for instance: [tf-vpc0-subnet1-vm1].
cpuPlatform: Intel Broadwell
creationTimestamp: '2023-12-21T10:20:06.917-08:00'
deletionProtection: false
disks:
- architecture: X86_64
autoDelete: true
boot: true
deviceName: persistent-disk-0
diskSizeGb: '20'
guestOsFeatures:
- type: UEFI_COMPATIBLE
- type: VIRTIO_SCSI_MULTIQUEUE
- type: GVNIC
- type: SEV_CAPABLE
index: 0
interface: SCSI
kind: compute#attachedDisk
licenses:
- https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-11-bullseye
mode: READ_WRITE
source: https://www.googleapis.com/compute/v1/projects/jason-hsbc/zones/europe-west2-c/disks/tf-vpc0-subnet1-vm1
type: PERSISTENT
fingerprint: 5624YdVwPFw=
id: '9061352765349510970'
kind: compute#instance
labelFingerprint: 42WmSpB8rSM=
lastStartTimestamp: '2023-12-21T10:20:12.479-08:00'
machineType: https://www.googleapis.com/compute/v1/projects/jason-hsbc/zones/europe-west2-c/machineTypes/e2-small
metadata:
fingerprint: t09GrcHA4z0=
kind: compute#metadata
name: tf-vpc0-subnet1-vm1
networkInterfaces:
- fingerprint: z9Z5YCAsnOo=
kind: compute#networkInterface
name: nic0
network: https://www.googleapis.com/compute/v1/projects/jason-hsbc/global/networks/tf-vpc0
networkIP: 192.168.1.5
stackType: IPV4_ONLY
subnetwork: https://www.googleapis.com/compute/v1/projects/jason-hsbc/regions/europe-west2/subnetworks/tf-vpc0-subnet1
satisfiesPzs: true
scheduling:
automaticRestart: false
instanceTerminationAction: STOP
onHostMaintenance: TERMINATE
preemptible: true
provisioningModel: SPOT
selfLink: https://www.googleapis.com/compute/v1/projects/jason-hsbc/zones/europe-west2-c/instances/tf-vpc0-subnet1-vm1
serviceAccounts:
- email: vm-common@jason-hsbc.iam.gserviceaccount.com
scopes:
- https://www.googleapis.com/auth/cloud-platform
shieldedInstanceConfig:
enableIntegrityMonitoring: true
enableSecureBoot: false
enableVtpm: true
shieldedInstanceIntegrityPolicy:
updateAutoLearnPolicy: true
startRestricted: false
status: RUNNING
tags:
fingerprint: 42WmSpB8rSM=
zone: https://www.googleapis.com/compute/v1/projects/jason-hsbc/zones/europe-west2-c
[gateman@manjaro-x13 ~]$
