HashiCorp Terraform 是一个IT基础架构自动化编排工具,可以用代码来管理维护 IT 资源。Terraform的命令行接口(CLI)提供一种简单机制,用于将配置文件部署到阿里云或其他任意支持的云上,并对其进行版本控制。它编写了描述云资源拓扑的配置文件中的基础结构,例如虚拟机、存储账户和网络接口。
Terraform是一个高度可扩展的工具,通过 Provider 来支持新的基础架构。Terraform能够让您在阿里云上轻松使用 简单模板语言 来定义、预览和部署云基础结构。您可以使用Terraform来创建、修改、删除ECS、VPC、RDS、SLB等多种资源。
阿里云作为中国内地第一家与 Terraform 集成的云厂商,terraform-provider-alicloud目前已经提供了超过 163 个 Resource 和 113 个 Data Source,覆盖计算,存储,网络,负载均衡,CDN,容器服务,中间件,访问控制,数据库等超过35款产品,已经满足了大量大客户的自动化上云需求。
若本地未安装Terraform,您可以通过Cloud Shell配置Terraform。阿里云Cloud Shell是一款帮助提升运维效率的免费产品,预装了Terraform的组件,并配置好身份凭证(credentials),因此您可直接在Cloud Shell中运行Terraform的命令。具体操作请参见在Cloud Shell中使用Terraform。
以下的操作流程以在Cloud Shell中使用Terraform为DCDN域名添加规则引擎配置,实现对用户请求URL中URI信息包含“/*/my_path/*”
打开浏览器,访问Cloud Shell的地址https://shell.aliyun.com。
更多Cloud Shell入口及使用请参见使用云命令行。
登录Cloud Shell。
shell@Alicloud:~$ vim add_condition_config.tf
文件的示例内容:说明resource参数的可选字段可以在terraform官网文档 Alibaba Cloud Provider DCDN产品目录下查找到。
function_name参数的可选字段以及function_arg 的配置方法请参见域名配置功能函数。
# 定义provider是阿里云 provider "alicloud" {} # 为加速域名添加一个规则引擎配置 resource "alicloud_cdn_domain_config" "config" { domain_name = "example.com" function_name = "condition" function_args { arg_name = "rule" arg_value = "{\"match\":{\"logic\":\"and\",\"criteria\":[{\"matchType\":\"uri\",\"matchObject\":\"\",\"matchOperator\":\"contains\",\"matchValue\":[\"/*/my_path/*\"],\"caseSensitive\":true,\"negate\":false}]},\"name\":\"example\",\"status\":\"enable\"}" } }
执行terraform init命令初始化配置。
文件中的provider字段,然后发送请求到Terraform官方GitHub下载最新版本相关资源的模块和插件。若打印如下信息,则表示初始化成功。shell@Alicloud:~$ terraform init Initializing the backend... Initializing provider plugins... The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, it is recommended to add version = "..." constraints to the corresponding provider blocks in configuration, with the constraint strings suggested below. * provider.alicloud: version = "~> 1.215" Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
执行terraform plan命令预览配置,用于校验配置。
shell@Alicloud:~$ terraform plan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. alicloud_cdn_domain_config.config: Refreshing state... [id=example.com:condition:344657186060288] ------------------------------------------------------------------------ An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # alicloud_cdn_domain_config.config will be created + resource "alicloud_cdn_domain_config" "config" { + config_id = (known after apply) + domain_name = "example.com" + function_name = "condition" + id = (known after apply) + status = (known after apply) + function_args { + arg_name = "rule" + arg_value = jsonencode( { + match = { + criteria = [ + { + caseSensitive = true + matchObject = "" + matchOperator = "contains" + matchType = "uri" + matchValue = [ + "/*/my_path/*", ] + negate = false }, ] + logic = "and" } + name = "example" + status = "enable" } ) } } Plan: 1 to add, 0 to change, 0 to destroy. ------------------------------------------------------------------------ Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run.
执行terraform apply添加DCDN加速域名和对应的配置。
符号标识。shell@Alicloud:~$ terraform apply An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # alicloud_cdn_domain_config.config will be created + resource "alicloud_cdn_domain_config" "config" { + config_id = (known after apply) + domain_name = "example.com" + function_name = "condition" + id = (known after apply) + status = (known after apply) + function_args { + arg_name = "rule" + arg_value = jsonencode( { + match = { + criteria = [ + { + caseSensitive = true + matchObject = "" + matchOperator = "contains" + matchType = "uri" + matchValue = [ + "/*/my_path/*", ] + negate = false }, ] + logic = "and" } + name = "example" + status = "enable" } ) } } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_cdn_domain_config.config: Creating... alicloud_cdn_domain_config.config: Still creating... [10s elapsed] alicloud_cdn_domain_config.config: Still creating... [20s elapsed] alicloud_cdn_domain_config.config: Still creating... [30s elapsed] alicloud_cdn_domain_config.config: Still creating... [40s elapsed] alicloud_cdn_domain_config.config: Still creating... [50s elapsed] alicloud_cdn_domain_config.config: Still creating... [1m0s elapsed]
alicloud_cdn_domain_config.config: Creation complete after 1m7s [id=example.com:condition:344661009180672] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.