Terraform基础设施即代码
Terraform基础设施即代码
什么是Terraform
Terraform是HashiCorp开发的基础设施即代码(IaC)工具,用于定义和管理云资源。
核心特点
- 声明式配置
- 多云支持
- 计划和预览变更
- 依赖关系管理
- 状态管理
安装Terraform
# macOS
brew install terraform
# Linux
wget https://releases.hashicorp.com/terraform/1.5.0/terraform_1.5.0_linux_amd64.zip
unzip terraform_1.5.0_linux_amd64.zip
sudo mv terraform /usr/local/bin/
# 验证
terraform --version
基本使用
初始化
# 初始化工作目录
terraform init
# 下载提供商插件
terraform get
编写配置
# main.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
provider "aws" {
region = "us-west-2"
}
resource "aws_instance" "web" {
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
tags = {
Name = "web-server"
}
}
常用命令
# 预览变更
terraform plan
# 应用变更
terraform apply
# 销毁资源
terraform destroy
# 查看状态
terraform show
# 列出资源
terraform state list
状态管理
本地状态
# 查看状态
terraform state show aws_instance.web
# 移动资源
terraform state mv aws_instance.web aws_instance.new_name
# 移除资源
terraform state rm aws_instance.web
# 导入现有资源
terraform import aws_instance.web i-1234567890abcdef0
远程状态
# 远程状态存储
terraform {
backend "s3" {
bucket = "my-terraform-state"
key = "prod/terraform.tfstate"
region = "us-west-2"
}
}
实践:创建AWS基础设施
# main.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
backend "s3" {
bucket = "my-terraform-state"
key = "infra/terraform.tfstate"
region = "us-west-2"
}
}
provider "aws" {
region = var.aws_region
}
# VPC
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "main-vpc"
}
}
# 子网
resource "aws_subnet" "public" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.1.0/24"
availability_zone = "us-west-2a"
map_public_ip_on_launch = true
tags = {
Name = "public-subnet"
}
}
# 安全组
resource "aws_security_group" "web" {
name = "web-sg"
description = "Web server security group"
vpc_id = aws_vpc.main.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# EC2实例
resource "aws_instance" "web" {
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
subnet_id = aws_subnet.public.id
vpc_security_group_ids = [aws_security_group.web.id]
user_data = <<-EOF
#!/bin/bash
yum update -y
yum install httpd -y
systemctl start httpd
systemctl enable httpd
EOF
tags = {
Name = "web-server"
}
}
变量和输出
# variables.tf
variable "aws_region" {
description = "AWS region"
default = "us-west-2"
}
variable "instance_type" {
description = "EC2 instance type"
default = "t2.micro"
}
# outputs.tf
output "instance_id" {
value = aws_instance.web.id
}
output "public_ip" {
value = aws_instance.web.public_ip
}
模块
# modules/vpc/main.tf
resource "aws_vpc" "this" {
cidr_block = var.cidr_block
}
# 使用模块
module "vpc" {
source = "./modules/vpc"
cidr_block = "10.0.0.0/16"
}
总结
Terraform是基础设施即代码的标准工具。通过声明式配置,可以实现基础设施的版本化管理和自动化部署。