在Windows中使用Terraform
更新时间:
复制 MD 格式
本文为您介绍在Windows中,如何快速使用Terraform创建阿里云资源。
使用Terraform进行基础设施即代码(IaC)管理,包含以下几个主要步骤。
-
安装Terraform:确保您的系统能够识别并执行Terraform命令。
-
编写Terraform配置文件:配置文件是Terraform的核心,用于描述资源的创建、配置和依赖关系,如创建VPC、ECS、OSS等。
-
初始化与创建资源:将基础设施设计变为现实的关键步骤。
-
查看和管理资源:在部署后,可以便捷地查看和管理基础设施环境,确保其符合最新的需求和设计。
-
销毁资源:当不再需要所创建的资源时,可以销毁相应目录下已创建资源。
1. 安装Terraform
-
访问Terraform官网,下载适合您的Windows操作系统版本的Terraform二进制文件并解压。
下载页面提供 386 和 AMD64 两种架构的安装包,选择适合的架构后单击 Download 下载。
-
配置环境变量,将Terraform的安装路径添加到系统环境变量Path中。
-
在桌面右键单击此电脑,选择属性 -> 高级系统设置 -> 环境变量 -> 系统变量/用户变量。
-
在系统变量/用户变量中单击Path,选择编辑 -> 新建,输入文件所在目录的路径,单击确定完成配置。
-
-
验证安装成功,同时按下Win+R键,输入
cmd单击确定,打开命令提示符。执行terraform --version,如果出现以下信息则表示安装成功。Terraform v1.9.3 on windows_amd64
2. 编写Terraform配置文件
配置文件是Terraform的核心,用于定义在云端或本地部署的基础设施资源,如VPC、ECS、OSS等。
-
创建一个新的文件夹,例如命名为ecs,并在该文件夹下创建一个Terraform配置文件,例如配置文件名称为main.tf。
为每个Terraform项目创建独立执行目录可以确保资源组织清晰,避免状态文件混淆,便于版本控制和团队协作,同时有利于实现环境隔离和模块化管理,提高配置管理的可维护性和安全性。
-
编写Terraform配置文件,以创建ECS为例。将 ECS 实例及其依赖的资源(VPC,安全组等)以代码化的方式定义到配置文件中。为了方便起见,您可以将以下代码复制到main.tf中。
重要-
示例中创建的ECS为按量计费,资源创建后将会产生相关费用。
-
示例中使用了环境变量作为Terraform认证方式,更多信息,请参见Terraform身份认证。
创建ECS所需要的资源如下:
Resource
说明
创建VPC实例
创建vSwitch实例
创建安全组实例
创建安全组的出入访问规则
创建ECS实例
variable "name" { type = string default = "tf-test" } # 设置地域 variable "region" { type = string default = "cn-beijing" } # 公网带宽,当大于0的时候,将为实例分配一个公网。 variable "internet_max_bandwidth_out" { type = number default = 10 } # 设置ECS实例规格 variable "instance_type" { type = string default = "ecs.e-c1m1.large" } # 设置镜像ID variable "image_id" { default = "ubuntu_18_04_64_20G_alibase_20190624.vhd" } # 设置标签 variable "tags" { type = map(string) default = { From = "Terraform" Usage = "demo" } } provider "alicloud" { region = var.region } # 获取zone_id data "alicloud_zones" "default" { available_instance_type = var.instance_type available_resource_creation = "VSwitch" available_disk_category = "cloud_ssd" } # 创建VPC resource "alicloud_vpc" "vpc" { vpc_name = var.name cidr_block = "172.16.0.0/12" } # 创建vswitch resource "alicloud_vswitch" "vsw" { vpc_id = alicloud_vpc.vpc.id cidr_block = "172.16.0.0/21" zone_id = data.alicloud_zones.default.zones[0].id } # 创建安全组 resource "alicloud_security_group" "default" { name = var.name vpc_id = alicloud_vpc.vpc.id } # 向安全组添加入方向放行规则 resource "alicloud_security_group_rule" "allow_tcp_22" { type = "ingress" ip_protocol = "tcp" nic_type = "intranet" policy = "accept" port_range = "22/22" priority = 1 security_group_id = alicloud_security_group.default.id cidr_ip = "0.0.0.0/0" } # 创建ECS resource "alicloud_instance" "instance" { availability_zone = data.alicloud_zones.default.zones.0.id security_groups = alicloud_security_group.default.*.id instance_type = var.instance_type system_disk_category = "cloud_essd_entry" image_id = var.image_id instance_name = var.name vswitch_id = alicloud_vswitch.vsw.id internet_max_bandwidth_out = var.internet_max_bandwidth_out tags = var.tags } output "ecs_id" { value = alicloud_instance.instance.id } output "ecs_ip" { value = alicloud_instance.instance.public_ip } -
3. 初始化与创建资源
Terraform配置文件编写完成后,需要先初始化工作目录,然后再创建资源。
3.1 Terraform初始化
在cmd中切换到步骤2所创建的文件夹,然后执行terraform init命令进行初始化。terraform init命令是使用任何Terraform配置文件之前必须执行的第一个命令,主要目的是初始化一个Terraform工作目录,包括下载必要的阿里云提供商插件以及各种其他记录文件。
# 切换到D盘
d:
# 切换到步骤2中的文件夹路径的命令,tool/terraform/projects/ecs是步骤2创建的文件夹路径,您可根据实际路径替换。
cd tool/terraform/projects/ecs
# 执行初始化命令
terraform init
说明
当您因网络延迟等原因导致terraform init超时,无法正常下载Provider等情况时,可通过配置阿里云镜像站解决,具体操作步骤,请参见Terraform Init 加速方案配置。
3.2 创建资源
-
执行
terraform plan创建一个执行计划,并详细展示了在执行 terraform apply 时将创建、修改或销毁的所有资源信息。... + router_table_id = (known after apply) + secondary_cidr_blocks = (known after apply) + status = (known after apply) + user_cidrs = (known after apply) + vpc_name = "tf_vpc_test" } # alicloud_vswitch.vsw will be created + resource "alicloud_vswitch" "vsw" { + availability_zone = (known after apply) + cidr_block = "172.16.0.0/21" + create_time = (known after apply) + id = (known after apply) + ipv6_cidr_block = (known after apply) + ipv6_cidr_block_mask = (known after apply) + name = (known after apply) + status = (known after apply) + vpc_id = (known after apply) + vswitch_name = (known after apply) + zone_id = "cn-beijing-a" } Plan: 5 to add, 0 to change, 0 to destroy. Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now. -
执行
terraform apply时,将根据terraform plan生成的执行计划来创建资源。在创建过程中,需要按照提示输入yes,以继续创建资源。关于变量如何传值,请参见Variable中的变量设置方式。Plan: 5 to add, 0 to change, 0 to destroy. Changes to Outputs: + ecs_id = (known after apply) + ecs_ip = (known after apply) Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_vpc.vpc: Creating... alicloud_vpc.vpc: Creation complete after 7s [id=vpc-2zexxx5: xxxk5w] alicloud_security_group.default: Creating... alicloud_vswitch.vsw: Creating... alicloud_security_group.default: Creation complete after 2s [id=sg-2zexxx4xxx9pa] alicloud_security_group_rule.allow_tcp_22: Creating... alicloud_security_group_rule.allow_tcp_22: Creation complete after 0s [id=sg-2zexxx4xxx9pa:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1] alicloud_vswitch.vsw: Creation complete after 4s [id=vsw-2zexxxxxxxxxxxgwdf] alicloud_instance.instance: Creating... alicloud_instance.instance: Still creating... [10s elapsed] alicloud_instance.instance: Creation complete after 14s [id=i-2zexxxxxxxxxxxkmo] Apply complete! Resources: 5 added, 0 changed, 0 destroyed. Outputs: ecs_id = "i-2zexxxxxxxxxxxkmo" ecs_ip = "3x.1xx.1xx.x41"
4. 查看和管理资源
在部署后,您也能轻松地管理和维护您的基础设施环境,确保其符合最新的需求和设计。
4.1 查看资源
-
通过
terraform show命令查看资源的详细信息。D:\tool\terraform\projects\ecs>terraform show # data.alicloud_zones.default: data "alicloud_zones" "default" { available_disk_category = "cloud_ssd" available_instance_type = "ecs.e-c1m1.large" available_resource_creation = "VSwitch" enable_details = false id = "2398922967" ids = [ "cn-beijing-a", "cn-beijing-c", "cn-beijing-e", "cn-beijing-f", "cn-beijing-g", "cn-beijing-h", "cn-beijing-i", ] instance_charge_type = "PostPaid" multi = false spot_strategy = "NoSpot" zones = [ { available_disk_categories = [] available_instance_types = [] available_resource_creation = [] id = "cn-beijing-a" local_name = null multi_zone_ids = [] slb_slave_zone_ids = [] } ] } -
通过
terraform state list命令列出所有已创建的资源。D:\tool\terraform\projects\ecs>terraform state list data.alicloud_zones.default alicloud_instance.instance alicloud_security_group.default alicloud_security_group_rule.allow_tcp_22 alicloud_vpc.vpc alicloud_vswitch.vsw -
通过
terraform state show <资源类型>.<资源名称>查看某个资源的详细信息。D:\tool\terraform\projects\ecs>terraform state show alicloud_vpc.vpc # alicloud_vpc.vpc: resource "alicloud_vpc" "vpc" { cidr_block = "172.16.0.0/12" classic_link_enabled = false create_time = "2024-09-09T05:54:41Z" description = null enable_ipv6 = false id = "vpc-2zexxx" ipv6_cidr_block = null ipv6_cidr_blocks = [] name = "tf-test" resource_group_id = "rg-acfxxx" route_table_id = "vtb-2zexxx" router_id = "vrt-2zexxx" router_table_id = "vtb-2zexxx" secondary_cidr_blocks = [] status = "Available" system_route_table_description = null system_route_table_name = null user_cidrs = [] vpc_name = "tf-test" } -
通过 阿里云控制台 查看已创建资源信息。
4.2 管理资源
Terraform在完成资源的创建和修改后,会将资源的状态和属性信息保存在terraform.tfstate文件中。我们可以使用terraform state相关命令对state进行管理。更多信息,请参见状态原理介绍。
4.3 资源变更
-
修改配置文件(如main.tf或者其他.tf文件)中需要变更的资源定义,例如您想添加新的安全组入方向放行规则。
resource "alicloud_security_group_rule" "allow_tcp_443" { type = "ingress" ip_protocol = "tcp" nic_type = "intranet" policy = "accept" port_range = "443/443" priority = 1 security_group_id = alicloud_security_group.default.id cidr_ip = "0.0.0.0/0" } -
执行
terraform plan命令预览所做的变更。Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # alicloud_security_group_rule.allow_tcp_22 will be created + resource "alicloud_security_group_rule" "allow_tcp_22" { + cidr_ip = "0.0.0.0/0" + id = (known after apply) + ip_protocol = "tcp" + nic_type = "intranet" + policy = "accept" + port_range = "22/22" + prefix_list_id = (known after apply) + priority = 1 + security_group_id = "sg-2zexxx9pa" + type = "ingress" } # alicloud_security_group_rule.allow_tcp_443 will be created + resource "alicloud_security_group_rule" "allow_tcp_443" { + cidr_ip = "0.0.0.0/0" + id = (known after apply) + ip_protocol = "tcp" + nic_type = "intranet" + policy = "accept" + port_range = "443/443" + prefix_list_id = (known after apply) + priority = 1 + security_group_id = "sg-2zexxx9pa" + type = "ingress" } Plan: 2 to add, 0 to change, 0 to destroy. -
如果变更符合预期,执行
terraform apply命令,来应用这些变更到您的基础设施。执行此命令时,Terraform会要求您确认是否确实要进行这些变更。输入yes并回车后,变更会被应用。Plan: 2 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_security_group_rule.allow_tcp_22: Creating... alicloud_security_group_rule.allow_tcp_443: Creating... alicloud_security_group_rule.allow_tcp_22: Creation complete after 1s [id=sg-2zexxx:xxx:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1] alicloud_security_group_rule.allow_tcp_443: Creation complete after 1s [id=sg-2zexxx:xxx:ingress:tcp:443/443:intranet:0.0.0.0/0:accept:1] Apply complete! Resources: 2 added, 0 changed, 0 destroyed. Outputs: ecs_id = "i-2zexxx" ecs_ip = "3x.xxx.xxx.x41"
5. 资源销毁
当不再需要所创建的资源时,可以通过terraform destroy命令销毁所有已创建的资源。
Plan: 0 to add, 0 to change, 6 to destroy.
Changes to Outputs:
- ecs_id = "i-2zxxx" -> null
- ecs_ip = "3xxx" -> null
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
alicloud_security_group_rule.allow_tcp_443: Destroying... [id=sg-2zexxx:ingress:tcp:443/443:intranet:0.0.0.0/0:accept:1]
alicloud_security_group_rule.allow_tcp_22: Destroying... [id=sg-2zexxx:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1]
alicloud_instance.instance: Destroying... [id=i-2zexxxkmo]
alicloud_security_group_rule.allow_tcp_443: Destruction complete after 1s
alicloud_security_group_rule.allow_tcp_22: Destruction complete after 1s
alicloud_instance.instance: Still destroying... [id=i-2zexxxkmo, 10s elapsed]
alicloud_instance.instance: Destruction complete after 12s
alicloud_security_group.default: Destroying... [id=sg-2zexxxpa]
alicloud_vswitch.vsw: Destroying... [id=vsw-2zexxxvdf]
alicloud_security_group.default: Destruction complete after 2s
alicloud_vswitch.vsw: Destruction complete after 8s
alicloud_vpc.vpc: Destroying... [id=vpc-2zexxxk5w]
alicloud_vpc.vpc: Destruction complete after 6s
Destroy complete! Resources: 6 destroyed.相关文档
该文章对您有帮助吗?