Terraform是一套IT基础架构自动化编排工具,实现对所有资源的管理。高呼“Write, Plan, and create Infrastructure as Code”之口号,高举“基础架构即代码”之旗帜。
本文枚举一些使用Terraform操作OPenstack的常用命令,点击此处查看参考源。
Terraform常用命令
terraform init # 初始化包含*.tf文件的文件夹 terraform plan # 检查将要执行的计划 terraform apply # 执行操作 terraform destroy # 删除在*.tf文件中定义的资源 terraform destroy -target=xxx # 删除指定的资源 terraform state list # 列出已执行的操作 terraform state show <list-id> # 列出已执行的操作的详情
Openstack操作举例
Provider
Username/Password:
provider "openstack" { user_name = "admin" tenant_name = "admin" user_domain_name = "default" project_domain_name = "default" region = "RegionOne" auth_url = "http://10.10.200.201:5000/v3" password= "*********" }
Vault Role and Secret:
variable "vault_role_id" { default = "d2a8215f-04bd-c714-c0ee-9c23ecd56d14-xxx" #delete '-xxx' } variable "vault_secret_id" { default = "9ece2a12-f153-73eb-a448-51f88235c3a8-xxx" #delete '-xxx' } provider "null" { } provider "vault" { address = "http://10.10.200.202:8200" auth_login { path = "auth/approle/login" parameters = { role_id = "d2a8215f-04bd-c714-c0ee-9c23ecd56d14" secret_id = "9ece2a12-f153-73eb-a448-51f88235c3a8" } } } data "vault_generic_secret" "cvim_creds" { path = "everest/neteng/cvim_creds" } data "vault_generic_secret" "cvim_oracle_creds" { path = "everest/neteng/cvim_configs/cvim_oracle_creds" } data "vault_generic_secret" "certs" { path = "everest/neteng/certs" } provider "openstack" { user_name = "${data.vault_generic_secret.cvim_creds.data["os_username"]}" tenant_name = "${data.vault_generic_secret.cvim_creds.data["os_tenant_name"]}" user_domain_name = "${data.vault_generic_secret.cvim_creds.data["os_user_domain_name"]}" project_domain_name = "${data.vault_generic_secret.cvim_creds.data["os_project_domain_name"]}" region = "${data.vault_generic_secret.cvim_creds.data["os_region_name"]}" auth_url = "${data.vault_generic_secret.cvim_creds.data["os_auth_url"]}" }
Identity(认证)
创建用户:
resource "openstack_identity_user_v3" "alexju_terraform" { default_project_id = "e75f662a7a7a457e8742f6bd4cc2e31c" for_each={ user1 = "terraform_user1" user2 = "terraform_user2" } name = each.value description = "A user created by terraform" password = "ju000000" ignore_change_password_upon_first_use = true multi_factor_auth_enabled = true multi_factor_auth_rule { rule = ["password", "totp"] } multi_factor_auth_rule { rule = ["password"] } extra = { email = "alexju@foobar.com" } }
Instance(实例)
创建Flavor:
resource "openstack_compute_flavor_v2" "test-flavor" { name = "terraform-test" ram = "8096" vcpus = "2" disk = "20" is_public = true extra_specs = { "capabilities:hypervisor_type" = "s!= ironic" } }
创建没有卷的实例:
resource "openstack_compute_instance_v2" "terraform-test01" { name = "terraform-test01" image_name = "CirrOS 0.5.0 test" flavor_name = "generic-tiny" availability_zone = "Normal-IO" key_pair = "alexju-new" security_groups = ["Allow_All_Igress"] metadata = { this = "that" } network { name = "PROVIDER-NETWORK" } }
创建实例和卷,并将卷作为块设备附加到实例:
resource "openstack_compute_instance_v2" "terraform-test02" { name = "terraform-test02" image_name = "CirrOS 0.5.0 test" flavor_name = "generic-tiny" availability_zone = "Normal-IO" key_pair = "alexju-new" security_groups = ["Allow_All_Igress"] metadata = { this = "that" } network { name = "PROVIDER-NETWORK" } block_device { uuid = "76ad48fa-9431-4ef6-9163-9479d515f3e9" source_type = "image" destination_type = "local" boot_index = 0 delete_on_termination = true } block_device { source_type = "blank" destination_type = "volume" volume_size = 20 boot_index = 1 delete_on_termination = true } }
Provisioner:
resource "openstack_compute_instance_v2" "terraform-test03" { name = "terraform-test03" image_name = "CirrOS 0.5.0 test" flavor_name = "generic-tiny" availability_zone = "Normal-IO" key_pair = "alexju-new" security_groups = ["Allow_All_Igress"] metadata = { this = "that" } network { name = "PROVIDER-NETWORK" } block_device { uuid = "76ad48fa-9431-4ef6-9163-9479d515f3e9" source_type = "image" destination_type = "local" boot_index = 0 delete_on_termination = true } block_device { source_type = "blank" destination_type = "volume" volume_size = 20 boot_index = 1 delete_on_termination = true } provisioner "file" { connection { type = "ssh" user = "cirros" password = "gocubsgo" host = "${openstack_compute_instance_v2.terraform-test03.access_ip_v4}" } source = "test.txt" destination = "/home/cirros/ha.txt" } provisioner "local-exec" { command = "echo ${openstack_compute_instance_v2.terraform-test03.access_ip_v4} >> access_ip_v4.txt" } provisioner "remote-exec" { connection { type = "ssh" user = "cirros" password = "gocubsgo" host = "${openstack_compute_instance_v2.terraform-test03.access_ip_v4}" } inline = [ "chmod a+x /tmp/*.sh", "cat /home/cirros/ha.txt" ] } }
Network(网络)
创建安全组和规则:
resource "openstack_networking_secgroup_v2" "terraform_test01" { name = "terraform_test01" description = "My neutron security group" } resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_22" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 22 port_range_max = 22 remote_ip_prefix = "0.0.0.0/0" security_group_id = "${openstack_networking_secgroup_v2.terraform_test01.id}" }
创建负载均衡、监听器、池、成员、健康监视器:
data "openstack_networking_subnet_v2" "provider_network_subnet" { name = "provider-network-subnet" } #Add loadbalancer resource "openstack_lb_loadbalancer_v2" "terraform_lb" { name = "terraform_lb" vip_subnet_id = "${data.openstack_networking_subnet_v2.provider_network_subnet.id}" } #Add listener resource "openstack_lb_listener_v2" "terraform_listener" { name = "terraform_listener" protocol = "HTTP" protocol_port = 8080 loadbalancer_id = "${openstack_lb_loadbalancer_v2.terraform_lb.id}" insert_headers = { X-Forwarded-For = "true" } } #Add Pool resource "openstack_lb_pool_v2" "terraform_pool" { name = "terraform_pool" protocol = "HTTP" lb_method = "ROUND_ROBIN" listener_id = "${openstack_lb_listener_v2.terraform_listener.id}" persistence { type = "APP_COOKIE" cookie_name = "testCookie" } } #Add member resource "openstack_lb_member_v2" "terraform_member1" { name = "member1" pool_id = "${openstack_lb_pool_v2.terraform_pool.id}" subnet_id = "${data.openstack_networking_subnet_v2.provider_network_subnet.id}" address = "10.192.26.61" protocol_port = 8080 } resource "openstack_lb_member_v2" "terraform_member2" { name = "member2" pool_id = "${openstack_lb_pool_v2.terraform_pool.id}" subnet_id = "${data.openstack_networking_subnet_v2.provider_network_subnet.id}" address = "10.192.26.57" protocol_port = 8080 } #Add health monitor resource "openstack_lb_monitor_v2" "terraform_monitor" { name = "terraform_monitor" pool_id = "${openstack_lb_pool_v2.terraform_pool.id}" type = "TCP" delay = 20 timeout = 10 max_retries = 5 }
Storage(存储)
创建卷并附加至实例:
resource "openstack_blockstorage_volume_v2" "test" { region = "RegionOne" name = "tf-test" description = "first test volume" size = 3 } resource "openstack_compute_volume_attach_v2" "va_1" { instance_id = "18d32680-6fc0-42d1-bd06-ec56e8f6deee" volume_id = "${openstack_blockstorage_volume_v2.test.id}" }
Image(镜像)
创建镜像:
resource "openstack_images_image_v2" "CirrOS_0_5_1" { name = "CirrOS 0.5.1" image_source_url = "http://download.cirros-cloud.net/0.5.1/cirros-0.5.1-x86_64-disk.img" container_format = "bare" disk_format = "qcow2" visibility = "public" properties = { description = "CirrOS is a Tiny OS that specializes in running on a cloud" original_source_url = "http://download.cirros-cloud.net/0.5.1/cirros-0.5.1-x86_64-disk.img" username = "cirros" password = "gocubsgo" } }
原创文章禁止转载:技术学堂 » Terraform操作Openstack常用命令举例