技术学堂
Terraform是一套IT基础架构自动化编排工具,实现对所有资源的管理。高呼“Write, Plan, and create Infrastructure as Code”之口号,高举“基础架构即代码”之旗帜。
本文枚举一些使用Terraform操作OPenstack的常用命令,点击此处查看参考源。
Terraform常用命令
terraform init # 初始化包含*.tf文件的文件夹 terraform plan # 检查将要执行的计划 terraform apply # 执行操作 terraform destroy # 删除在*.tf文件中定义的资源 terraform destroy -target=xxx # 删除指定的资源 terraform state list # 列出已执行的操作 terraform state show <list-id> # 列出已执行的操作的详情
Openstack操作举例
Provider
Username/Password:
provider "openstack" {
user_name = "admin"
tenant_name = "admin"
user_domain_name = "default"
project_domain_name = "default"
region = "RegionOne"
auth_url = "http://10.10.200.201:5000/v3"
password= "*********"
}
Vault Role and Secret:
variable "vault_role_id" {
default = "d2a8215f-04bd-c714-c0ee-9c23ecd56d14-xxx" #delete '-xxx'
}
variable "vault_secret_id" {
default = "9ece2a12-f153-73eb-a448-51f88235c3a8-xxx" #delete '-xxx'
}
provider "null" {
}
provider "vault" {
address = "http://10.10.200.202:8200"
auth_login {
path = "auth/approle/login"
parameters = {
role_id = "d2a8215f-04bd-c714-c0ee-9c23ecd56d14"
secret_id = "9ece2a12-f153-73eb-a448-51f88235c3a8"
}
}
}
data "vault_generic_secret" "cvim_creds" {
path = "everest/neteng/cvim_creds"
}
data "vault_generic_secret" "cvim_oracle_creds" {
path = "everest/neteng/cvim_configs/cvim_oracle_creds"
}
data "vault_generic_secret" "certs" {
path = "everest/neteng/certs"
}
provider "openstack" {
user_name = "${data.vault_generic_secret.cvim_creds.data["os_username"]}"
tenant_name = "${data.vault_generic_secret.cvim_creds.data["os_tenant_name"]}"
user_domain_name = "${data.vault_generic_secret.cvim_creds.data["os_user_domain_name"]}"
project_domain_name = "${data.vault_generic_secret.cvim_creds.data["os_project_domain_name"]}"
region = "${data.vault_generic_secret.cvim_creds.data["os_region_name"]}"
auth_url = "${data.vault_generic_secret.cvim_creds.data["os_auth_url"]}"
}
Identity(认证)
创建用户:
resource "openstack_identity_user_v3" "alexju_terraform" {
default_project_id = "e75f662a7a7a457e8742f6bd4cc2e31c"
for_each={
user1 = "terraform_user1"
user2 = "terraform_user2"
}
name = each.value
description = "A user created by terraform"
password = "ju000000"
ignore_change_password_upon_first_use = true
multi_factor_auth_enabled = true
multi_factor_auth_rule {
rule = ["password", "totp"]
}
multi_factor_auth_rule {
rule = ["password"]
}
extra = {
email = "alexju@foobar.com"
}
}
Instance(实例)
创建Flavor:
resource "openstack_compute_flavor_v2" "test-flavor" {
name = "terraform-test"
ram = "8096"
vcpus = "2"
disk = "20"
is_public = true
extra_specs = {
"capabilities:hypervisor_type" = "s!= ironic"
}
}
创建没有卷的实例:
resource "openstack_compute_instance_v2" "terraform-test01" {
name = "terraform-test01"
image_name = "CirrOS 0.5.0 test"
flavor_name = "generic-tiny"
availability_zone = "Normal-IO"
key_pair = "alexju-new"
security_groups = ["Allow_All_Igress"]
metadata = {
this = "that"
}
network {
name = "PROVIDER-NETWORK"
}
}
创建实例和卷,并将卷作为块设备附加到实例:
resource "openstack_compute_instance_v2" "terraform-test02" {
name = "terraform-test02"
image_name = "CirrOS 0.5.0 test"
flavor_name = "generic-tiny"
availability_zone = "Normal-IO"
key_pair = "alexju-new"
security_groups = ["Allow_All_Igress"]
metadata = {
this = "that"
}
network {
name = "PROVIDER-NETWORK"
}
block_device {
uuid = "76ad48fa-9431-4ef6-9163-9479d515f3e9"
source_type = "image"
destination_type = "local"
boot_index = 0
delete_on_termination = true
}
block_device {
source_type = "blank"
destination_type = "volume"
volume_size = 20
boot_index = 1
delete_on_termination = true
}
}
Provisioner:
resource "openstack_compute_instance_v2" "terraform-test03" {
name = "terraform-test03"
image_name = "CirrOS 0.5.0 test"
flavor_name = "generic-tiny"
availability_zone = "Normal-IO"
key_pair = "alexju-new"
security_groups = ["Allow_All_Igress"]
metadata = {
this = "that"
}
network {
name = "PROVIDER-NETWORK"
}
block_device {
uuid = "76ad48fa-9431-4ef6-9163-9479d515f3e9"
source_type = "image"
destination_type = "local"
boot_index = 0
delete_on_termination = true
}
block_device {
source_type = "blank"
destination_type = "volume"
volume_size = 20
boot_index = 1
delete_on_termination = true
}
provisioner "file" {
connection {
type = "ssh"
user = "cirros"
password = "gocubsgo"
host = "${openstack_compute_instance_v2.terraform-test03.access_ip_v4}"
}
source = "test.txt"
destination = "/home/cirros/ha.txt"
}
provisioner "local-exec" {
command = "echo ${openstack_compute_instance_v2.terraform-test03.access_ip_v4} >> access_ip_v4.txt"
}
provisioner "remote-exec" {
connection {
type = "ssh"
user = "cirros"
password = "gocubsgo"
host = "${openstack_compute_instance_v2.terraform-test03.access_ip_v4}"
}
inline = [
"chmod a+x /tmp/*.sh",
"cat /home/cirros/ha.txt"
]
}
}
Network(网络)
创建安全组和规则:
resource "openstack_networking_secgroup_v2" "terraform_test01" {
name = "terraform_test01"
description = "My neutron security group"
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_22" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 22
port_range_max = 22
remote_ip_prefix = "0.0.0.0/0"
security_group_id = "${openstack_networking_secgroup_v2.terraform_test01.id}"
}
创建负载均衡、监听器、池、成员、健康监视器:
data "openstack_networking_subnet_v2" "provider_network_subnet" {
name = "provider-network-subnet"
}
#Add loadbalancer
resource "openstack_lb_loadbalancer_v2" "terraform_lb" {
name = "terraform_lb"
vip_subnet_id = "${data.openstack_networking_subnet_v2.provider_network_subnet.id}"
}
#Add listener
resource "openstack_lb_listener_v2" "terraform_listener" {
name = "terraform_listener"
protocol = "HTTP"
protocol_port = 8080
loadbalancer_id = "${openstack_lb_loadbalancer_v2.terraform_lb.id}"
insert_headers = {
X-Forwarded-For = "true"
}
}
#Add Pool
resource "openstack_lb_pool_v2" "terraform_pool" {
name = "terraform_pool"
protocol = "HTTP"
lb_method = "ROUND_ROBIN"
listener_id = "${openstack_lb_listener_v2.terraform_listener.id}"
persistence {
type = "APP_COOKIE"
cookie_name = "testCookie"
}
}
#Add member
resource "openstack_lb_member_v2" "terraform_member1" {
name = "member1"
pool_id = "${openstack_lb_pool_v2.terraform_pool.id}"
subnet_id = "${data.openstack_networking_subnet_v2.provider_network_subnet.id}"
address = "10.192.26.61"
protocol_port = 8080
}
resource "openstack_lb_member_v2" "terraform_member2" {
name = "member2"
pool_id = "${openstack_lb_pool_v2.terraform_pool.id}"
subnet_id = "${data.openstack_networking_subnet_v2.provider_network_subnet.id}"
address = "10.192.26.57"
protocol_port = 8080
}
#Add health monitor
resource "openstack_lb_monitor_v2" "terraform_monitor" {
name = "terraform_monitor"
pool_id = "${openstack_lb_pool_v2.terraform_pool.id}"
type = "TCP"
delay = 20
timeout = 10
max_retries = 5
}
Storage(存储)
创建卷并附加至实例:
resource "openstack_blockstorage_volume_v2" "test" {
region = "RegionOne"
name = "tf-test"
description = "first test volume"
size = 3
}
resource "openstack_compute_volume_attach_v2" "va_1" {
instance_id = "18d32680-6fc0-42d1-bd06-ec56e8f6deee"
volume_id = "${openstack_blockstorage_volume_v2.test.id}"
}
Image(镜像)
创建镜像:
resource "openstack_images_image_v2" "CirrOS_0_5_1" {
name = "CirrOS 0.5.1"
image_source_url = "http://download.cirros-cloud.net/0.5.1/cirros-0.5.1-x86_64-disk.img"
container_format = "bare"
disk_format = "qcow2"
visibility = "public"
properties = {
description = "CirrOS is a Tiny OS that specializes in running on a cloud"
original_source_url = "http://download.cirros-cloud.net/0.5.1/cirros-0.5.1-x86_64-disk.img"
username = "cirros"
password = "gocubsgo"
}
}
原创文章禁止转载:技术学堂 » Terraform操作Openstack常用命令举例
