目录
一、实验
1.环境
2.Terraform 连接 tencentcloud 腾讯云COS
3.申请VPC专有网络资源
4.申请安全组资源
5.申请CVM资源
6.申请CLB资源
7.申请DNS资源
8.销毁资源
二、问题
1. Terraform申请安全组资源失败
2.Terraform验证云主机资源报错
3. A记录和CNAME的区别
4. 存储桶无法删除
一、实验
1.环境
(1)主机
表1-1 主机
主机 | 系统 | 软件 | 工具 | 备注 |
jia | Windows | Terraform 1.6.6 | VS Code、 PowerShell、 Chocolatey |
2.Terraform 连接 tencentcloud 腾讯云COS
(1)验证版本
terraform version
terraform -v
(2)连接
参考本人上一篇博客:
IaC基础设施即代码:使用Terraform 连接 tencentcloud腾讯云 并创建后端COS-CSDN博客
3.申请VPC专有网络资源
(1)查看目录
(2)创建主配置文件
main.tf
# Configure the TencentCloud Provider
provider "tencentcloud" {
secret_id = var.secret_id
secret_key = var.secret_key
region = var.region
}
(3) 创建密钥配置文件
terraform.tfvars
secret_id = "XXXXX"
secret_key = "XXXXX"
(4)创建版本配置文件
versions.tf
terraform {
required_providers {
tencentcloud = {
source = "tencentcloudstack/tencentcloud"
version = "1.81.69"
}
}
}
(5)创建变量配置文件
variables.tf
variable "secret_id" {
type = string
}
variable "secret_key" {
type = string
}
variable "region" {
type = string
default = "ap-nanjing"
sensitive = true
}
(6)创建后端配置文件
backend.tf
(8) 初始化
terraform init
(7)格式化代码
terraform fmt
(8)验证代码
terraform validate
(9) 创建网络模块
主配置文件 main.tf
resource "tencentcloud_vpc" "vpc" {
name = var.vpc_name
cidr_block = var.vpc_cidr_block
tags = {
"env" = var.env_name
}
}
resource "tencentcloud_subnet" "subnet" {
availability_zone = var.availability_zone
name = var.subnet_name
vpc_id = tencentcloud_vpc.vpc.id
cidr_block = var.subnet_cidr_block
}
变量配置文件 variables.tf
variable "vpc_name" {
type = string
default = "vpc"
sensitive = true
}
variable "vpc_cidr_block" {
type = string
sensitive = true
}
variable "env_name" {
type = string
}
variable "subnet_cidr_block" {
type = string
}
variable "subnet_name" {
type = string
}
variable "availability_zone" {
type = string
}
版本配置文件 versions.tf
terraform {
required_providers {
tencentcloud = {
source = "tencentcloudstack/tencentcloud"
version = "1.81.69"
}
}
}
(10)查看网络模块目录
(11)创建专有网络资源配置文件
vpc.tf
locals {
vpc_name = "dev-vpc"
vpc_cidr_block = "172.16.0.0/12"
env_name = "dev"
subnet_cidr_block = "172.16.0.0/21"
availability_zone = "ap-nanjing-1"
subnet_name = "dev-subnet"
}
module "dev-vpc" {
source = "../../../modules/vpc"
vpc_name = local.vpc_name
vpc_cidr_block = local.vpc_cidr_block
env_name = local.env_name
subnet_name = local.subnet_name
availability_zone = local.availability_zone
subnet_cidr_block = local.subnet_cidr_block
}
(12)查看网路服务目录
(13) 初始化
terraform init
(14)格式化代码
terraform fmt
(15)验证代码
terraform validate
(16)计划与预览
terraform plan
(17)申请资源
terraform apply
(18)登录腾讯云系统查看
存储桶已添加网络服务配置文件
私有网络
子网
4.申请安全组资源
(1) 创建安全组模块
主配置文件 main.tf
# Create security group
resource "tencentcloud_security_group" "default" {
name = var.security_group_name
description = var.security_group_desc
}
resource "tencentcloud_security_group_lite_rule" "web" {
security_group_id = tencentcloud_security_group.default.id
ingress = [
"ACCEPT#0.0.0.0/0#80#TCP",
"ACCEPT#0.0.0.0/0#8080#TCP",
"ACCEPT#0.0.0.0/0#443#TCP",
"ACCEPT#0.0.0.0/0#22#TCP"
]
egress = [
"ACCEPT#0.0.0.0/0#22#TCP",
"ACCEPT#0.0.0.0/0#80#TCP",
"ACCEPT#0.0.0.0/0#8080#TCP",
"ACCEPT#0.0.0.0/0#443#TCP"
]
}
变量配置文件 variables.tf
variable "security_group_name" {
type = string
}
variable "security_group_desc" {
type = string
}
版本配置文件 versions.tf
terraform {
required_providers {
tencentcloud = {
source = "tencentcloudstack/tencentcloud"
version = "1.81.69"
}
}
}
(2)查看安全组模块目录
(3)创建安全配置文件
security_group.tf
locals {
security_group_name = "dev-sec-group"
security_group_desc = "dev env group"
}
module "dev-sec-group" {
source = "../../../modules/security_group"
security_group_desc = local.security_group_desc
security_group_name = local.security_group_name
}
(4)创建输出配置文件
output "vpc_id" {
value = module.dev-vpc.vpc_id
}
output "subnet_id" {
value = module.dev-vpc.subnet_id
}
output "security_group_id" {
value = module.dev-sec-group.security_group_id
}
(5)查看网络服务目录
(6)格式化代码
terraform fmt
(7)验证代码
terraform validate
(8)计划与预览
terraform plan
(9)申请资源
terraform apply
(10)登录腾讯云系统查看
安全组
入站规则
出站规则
5.申请CVM资源
(1)查看目录
(2)创建配置文件
主配置文件main.tf 、密钥配置文件terraform.tfvars、版本配置文件versions.tf 与之前的网络服务相同。
(3)创建后端配置文件
backend.tf
(4) 修改主配置文件
main.tf
(5) 初始化
terraform init
(6)创建云主机模块
主配置文件main.tf
resource "tencentcloud_instance" "instance" {
instance_name = var.instance_name
availability_zone = var.availability_zone
image_id = var.image_id
instance_type = var.instance_type
system_disk_type = "CLOUD_PREMIUM"
system_disk_size = 50
allocate_public_ip = false
# internet_charge_type = "BANDWIDTH_POSTPAID_BY_HOUR"
internet_max_bandwidth_out = 0
orderly_security_groups = var.security_group_id
vpc_id = var.vpc_id
subnet_id = var.subnet_id
password = "root@123"
user_data_raw = <<-EOF
#!/bin/bash
yum -y install nginx
echo `hostname` >/usr/share/nginx/html/index.html
systemctl restart nginx
EOF
lifecycle {
create_before_destroy = true
}
}
输出配置文件outputs.tf
output "instance_id" {
value = tencentcloud_instance.instance.id
}
变量配置文件cariables.tf
variable "instance_name" {
type = string
}
variable "availability_zone" {
type = string
}
variable "image_id" {
type = string
}
variable "instance_type" {
type = string
}
variable "security_group_id" {
type = list(string)
}
variable "vpc_id" {
}
variable "subnet_id" {
}
版本配置文件versions.tf
terraform {
required_providers {
tencentcloud = {
source = "tencentcloudstack/tencentcloud"
version = "1.81.69"
}
}
}
(7)查看云主机模块
(8) 创建云主机配置文件
cvm.tf
data "tencentcloud_instance_types" "t2c2g" {
cpu_core_count = 2
memory_size = 2
exclude_sold_out = true
filter {
name = "instance-family"
values = ["S5"]
}
filter {
name = "zone"
values = ["ap-nanjing-1"]
}
filter {
name = "instance-charge-type"
values = ["POSTPAID_BY_HOUR"]
}
}
data "tencentcloud_images" "images" {
image_type = ["PUBLIC_IMAGE"]
os_name = "centos 7.9"
}
output "instance_type" {
value = data.tencentcloud_instance_types.t2c2g.instance_types.0.instance_type
}
output "image_id" {
value = data.tencentcloud_images.images.images[0].image_id
}
(9) 计划与预览
terraform plan
拿到镜像id和实例类型
(10)修改云主机配置文件
cvm.tf ,添加如下代码
locals {
instance_name = "dev-instance"
instance_type = data.tencentcloud_instance_types.t2c2g.instance_types.0.instance_type
image_id = data.tencentcloud_images.images.images[0].image_id
security_group_id = [data.terraform_remote_state.network-data.outputs.security_group_id]
availability_zone = "ap-nanjing-1"
counts = 2
vpc_id = data.terraform_remote_state.network-data.outputs.vpc_id
subnet_id = data.terraform_remote_state.network-data.outputs.subnet_id
}
module "dev-cvm" {
source = "../../../modules/cvm"
count = local.counts
instance_name = "${local.instance_name}-${count.index}"
instance_type = local.instance_type
image_id = local.image_id
security_group_id = local.security_group_id
availability_zone = local.availability_zone
vpc_id = local.vpc_id
subnet_id = local.subnet_id
}
(11)初始化
terraform init
(12)格式化代码
terraform fmt
(13)验证代码
terraform validate
(14)计划与预览
terraform plan
(15)申请资源
terraform apply
yes
(16) 登录腾讯云系统查看
已新增2台云主机
(17)远程登录
(18)登录成功
(19) 测试
curl 127.0.0.1
返回当前主机名
(20) 查看存储桶
已新增service配置文件
(21)查看服务目录
6.申请CLB资源
(1)创建CLB模块
主配置文件main.tf
resource "tencentcloud_clb_instance" "internal_clb" {
network_type = "OPEN"
clb_name = var.clb_name
vpc_id = var.vpc_id
# subnet_id = var.subnet_id
tags = {
test = var.env_name
}
}
resource "tencentcloud_clb_listener" "listener" {
clb_id = tencentcloud_clb_instance.internal_clb.id
listener_name = var.listener_name
port = var.listener_port
protocol = var.listener_protocol
health_check_switch = true
health_check_time_out = 2
health_check_interval_time = 5
health_check_health_num = 3
health_check_unhealth_num = 3
session_expire_time = 30
scheduler = var.scheduler
}
resource "tencentcloud_clb_attachment" "foo" {
clb_id = tencentcloud_clb_instance.internal_clb.id
listener_id = tencentcloud_clb_listener.listener.listener_id
dynamic "targets" {
for_each = [for instance in var.instance_ids : instance]
content {
instance_id = targets.value
port = var.backend_port
weight = var.backend_weight
}
}
}
输出配置文件outputs.tf
output "clb_instance_id" {
value = tencentcloud_clb_instance.internal_clb.id
}
output "clb_instance_vip" {
value = tencentcloud_clb_instance.internal_clb.clb_vips
}
变量配置文件cariables.tf
variable "clb_name" {
}
variable "vpc_id" {
}
variable "subnet_id" {
}
variable "env_name" {
}
variable "listener_name" {
}
variable "listener_port" {
}
variable "listener_protocol" {
}
variable "scheduler" {
}
variable "instance_ids" {
}
variable "backend_port" {
}
variable "backend_weight" {
}
版本配置文件versions.tf
terraform {
required_providers {
tencentcloud = {
source = "tencentcloudstack/tencentcloud"
version = "1.81.69"
}
}
}
(7)查看CLB模块
(8) 创建CLB配置文件
clb.tf
locals {
clb_name = "dev-clb"
vpc_ids = data.terraform_remote_state.network-data.outputs.vpc_id
subnet_ids = data.terraform_remote_state.network-data.outputs.subnet_id
env_name = "dev"
listener_name = "dev-listener"
listener_port = 80
listener_protocol = "TCP"
scheduler = "WRR"
instance_ids = module.dev-cvm.*.instance_id
backend_port = 80
backend_weight = 100
}
module "dev-clb" {
source = "../../../modules/clb"
clb_name = local.clb_name
vpc_id = local.vpc_ids
subnet_id = local.subnet_ids
env_name = local.env_name
listener_name = local.listener_name
listener_port = local.listener_port
listener_protocol = local.listener_protocol
scheduler = local.scheduler
instance_ids = local.instance_ids
backend_port = local.backend_port
backend_weight = local.backend_weight
}
(9) 初始化
terraform init
(10)格式化代码
terraform fmt
(11)验证代码
terraform validate
(12)计划与预览
terraform plan
3个资源将要被添加
(13)申请资源
terraform apply
yes
(14)登录腾讯云查看
已新增负载均衡
(15)访问地址
(16)查看监听器状态
(17)监听方式
WRR 加权轮询
7.申请DNS资源
(1)创建域名
(2) 查看
(3)创建DNS配置文件
dns.tf
resource "tencentcloud_dnspod_record" "tfdemo" {
domain = "ruwen.site"
record_type = "CNAME"
record_line = "默认"
value = "lb-eahy08p4-wyklophm18uf9sxj.clb.ap-nanjing.tencentclb.com"
sub_domain = "tfdemo"
}
(3) 计划与预览
terraform plan
(4) 申请资源
terraform apply
(5)登录腾讯云系统查看
云解析DNS
(6)测试
dig tfdemo.ruwen.site
8.销毁资源
(1) 销毁服务资源
yes ,6个资源将要被删除
(2)销毁网络资源
yes,4个资源将要被删除
(3)登录腾讯云系统查看
云主机CVM 已删除
DNS云解析已移除
CLB负载均衡已删除
存储桶
(4)查看完整目录
二、问题
1. Terraform申请安全组资源失败
(1)报错
╷
│ Warning: Deprecated Resource
│
│ with module.dev-sec-group.tencentcloud_security_group_rule.web,
│ on ..\..\..\modules\security_group\main.tf line 7, in resource "tencentcloud_security_group_rule" "web":
│ 7: resource "tencentcloud_security_group_rule" "web" {
│
│ This resource will be offline and no longer supported, beacause single security rule is hardly ordered. Please use 'tencentcloud_security_group_lite_rule' instead.
│
│ (and 2 more similar warnings elsewhere)
╵
╷
│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to module.dev-sec-group.tencentcloud_security_group_rule.ssh, provider "provider[\"registry.terraform.io/tencentcloudstack/tencentcloud\"]" produced an unexpected new value: Root object was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
(2)原因分析
Terraform Registry
resource "tencentcloud_security_group" "foo" {
name = "ci-temp-test-sg"
}
resource "tencentcloud_security_group_lite_rule" "foo" {
security_group_id = tencentcloud_security_group.foo.id
ingress = [
"ACCEPT#192.168.1.0/24#80#TCP",
"DROP#8.8.8.8#80,90#UDP",
"ACCEPT#0.0.0.0/0#80-90#TCP",
"ACCEPT#sg-7ixn3foj#80-90#TCP",
"ACCEPT#ipm-epjq5kn0#80-90#TCP",
"ACCEPT#ipmg-3loavam6#80-90#TCP",
"ACCEPT#0.0.0.0/0##ppm-xxxxxxxx"
"ACCEPT#0.0.0.0/0##ppmg-xxxxxxxx"
]
egress = [
"ACCEPT#192.168.0.0/16#ALL#TCP",
"ACCEPT#10.0.0.0/8#ALL#ICMP",
"DROP#0.0.0.0/0#ALL#ALL",
]
}
安全组规则采用最新的字段:tencentcloud_security_group_lite_rule
(3)解决方法
修改配置文件。
修改前:
# Create security group
resource "tencentcloud_security_group" "default" {
name = var.security_group_name
description = var.security_group_desc
}
resource "tencentcloud_security_group_rule" "web" {
security_group_id = tencentcloud_security_group.default.id
type = "ingress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "tcp"
port_range = "80,8080"
policy = "accept"
}
resource "tencentcloud_security_group_rule" "ssh" {
security_group_id = tencentcloud_security_group.default.id
type = "ingress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "tcp"
port_range = "22"
policy = "accept"
}
resource "tencentcloud_security_group_rule" "all" {
security_group_id = tencentcloud_security_group.default.id
type = "egress"
cidr_ip = "0.0.0.0/0"
policy = "accept"
}
修改后:
# Create security group
resource "tencentcloud_security_group" "default" {
name = var.security_group_name
description = var.security_group_desc
}
resource "tencentcloud_security_group_lite_rule" "web" {
security_group_id = tencentcloud_security_group.default.id
ingress = [
"ACCEPT#0.0.0.0/0#80#TCP",
"ACCEPT#0.0.0.0/0#8080#TCP",
"ACCEPT#0.0.0.0/0#22#TCP"
]
egress = [
"ACCEPT#0.0.0.0/0#ALL#ALL",
]
}
计划与预览
terraform plan
申请资源
terraform apply
先删除旧的
yes
2.Terraform验证云主机资源报错
(1)报错
(2)原因分析
security_groups 已被弃用,现在使用的是 orderly_security_groups
(3)解决方法
修改配置文件。
orderly_security_groups = var.security_group_id
成功:
3. A记录和CNAME的区别
(1)区别
1)区别一
A 记录直接将域名映射到一个 IPv4 地址,而 CNAME 记录将域名映射到另一个域名。
2)区别二
A 记录速度较快,因为它直接映射到 IP 地址,不会引入额外的查询步骤。CNAME 记录可能稍微减慢解析速度,因为它需要额外的查询步骤以查找目标域名的 IP 地址。
3)区别三
A 记录适用于需要直接映射到 IP 地址的情况,而 CNAME 记录适用于创建别名或者需要更灵活管理目标位置的情况。
4. 存储桶无法删除
(1)查看
(2)删除
(3)清空
(4)确定
(5)再次删除
(6)成功