使用Terraform在OpenStack上部署资源
首先
我之前在OpenStack上部署实例等时使用了Heat,但决定试试用Terraform。
环境
-
- Ubuntu 20.04.3
-
- Terraform 1.0.6
- OpenStack Queens
任务日志
安装Terraform
请按照以下Ubuntu/Debian的步骤进行安装。
https://learn.hashicorp.com/tutorials/terraform/install-cli?in=terraform/aws-get-started#install-terraform
似乎是AWS相关的步骤,但我看不出特别针对AWS的步骤,所以可以放心继续进行。
由于环境限制,无法访问HashiCorp的软件库,因此只能通过手动安装来进行安装。
请从以下页面下载zip文件并解压以获取二进制文件:
https://www.terraform.io/downloads.html
$ wget https://releases.hashicorp.com/terraform/1.0.6/terraform_1.0.6_linux_amd64.zip
--2021-09-07 01:21:20-- https://releases.hashicorp.com/terraform/1.0.6/terraform_1.0.6_linux_amd64.zip
Connecting to 172.16.70.1:63128... connected.
Proxy request sent, awaiting response... 200 OK
Length: 32677516 (31M) [application/zip]
Saving to: ‘terraform_1.0.6_linux_amd64.zip’
terraform_1.0.6_linux_amd64.zip 100%[============================================================================>] 31.16M 8.44MB/s in 3.9s
2021-09-07 01:21:24 (7.89 MB/s) - ‘terraform_1.0.6_linux_amd64.zip’ saved [32677516/32677516]
$ unzip terraform_1.0.6_linux_amd64.zip
Archive: terraform_1.0.6_linux_amd64.zip
inflating: terraform
$ ll terraform
-rwxr-xr-x 1 ubuntu ubuntu 79350901 Sep 3 14:36 terraform*
将二进制文件移动到可通过路径的目录中。
$ sudo mv terraform /usr/local/bin/
$ ll /usr/local/bin/terraform
-rwxr-xr-x 1 ubuntu ubuntu 79350901 Sep 3 14:36 /usr/local/bin/terraform*
确认一下能否使用命令行
$ terraform -v
Terraform v1.0.6
on linux_amd64
命令补全设置
$ terraform -install-autocomplete
$ cat ~/.bashrc
... snip ...
complete -C /usr/local/bin/terraform terraform
$ source ~/.bashrc
使用Terraform在OpenStack上部署资源。
当使用terraform和openstack关键字进行搜索时,以下页面排在首位:
https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs
提供者的定义如下。
Terraform 依赖于被称为“提供者”的插件与云服务提供商、SaaS提供商和其他API进行交互。
Terraform配置必须声明所需的提供者,以便Terraform可以安装和使用它们。同时,一些提供者在使用之前需要配置(如终端URL或云区域)。
这是一个用于与基础设施(如OpenStack或AWS云)进行协作的模块,它是Terraform插件的一部分。
首先,按照例子创建一个定义文件(tf文件)。
$ mkdir openstack
$ cd openstack/
$ vim main.tf
以下是已创建的定义文件。
# Define required providers
terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source = "terraform-provider-openstack/openstack"
version = "~> 1.35.0"
}
}
}
# Configure the OpenStack Provider
provider "openstack" {
user_name = "user01"
tenant_name = "prj01"
password = "p@$$w0rd"
auth_url = "https://172.16.71.80:5000/"
region = "RegionOne"
cacert_file = "/etc/ssl/certs/openstack-ca-certificates.crt"
}
# Create a web server
resource "openstack_compute_instance_v2" "test-server" {
name = "my_instance"
image_id = "4128a986-1f77-4201-9bbf-90de4037dee1"
flavor_id = "2ce31fef-68b6-4953-81bc-b1c79d22f1b0 "
key_pair = "user01key"
network {
uuid = "b1bec6fb-a3af-4280-befc-decb376ac5ef"
}
}
初始化terraform
首先,初始化工作空间。
$ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding terraform-provider-openstack/openstack versions matching "~> 1.35.0"...
- Installing terraform-provider-openstack/openstack v1.35.0...
- Installed terraform-provider-openstack/openstack v1.35.0 (self-signed, key ID 4F80527A391BEFD2)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
在执行terraform init命令时,会进行插件的下载等操作。
terraform计划
确认 Terraform 执行后会有哪些更改内容。
$ terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# openstack_compute_instance_v2.test-server will be created
+ resource "openstack_compute_instance_v2" "test-server" {
+ access_ip_v4 = (known after apply)
+ access_ip_v6 = (known after apply)
+ all_metadata = (known after apply)
+ all_tags = (known after apply)
+ availability_zone = (known after apply)
+ flavor_id = "2ce31fef-68b6-4953-81bc-b1c79d22f1b0 "
+ flavor_name = (known after apply)
+ force_delete = false
+ id = (known after apply)
+ image_id = "4128a986-1f77-4201-9bbf-90de4037dee1"
+ image_name = (known after apply)
+ key_pair = "user01key"
+ name = "my_instance"
+ power_state = "active"
+ region = (known after apply)
+ security_groups = (known after apply)
+ stop_before_destroy = false
+ network {
+ access_network = false
+ fixed_ip_v4 = (known after apply)
+ fixed_ip_v6 = (known after apply)
+ floating_ip = (known after apply)
+ mac = (known after apply)
+ name = (known after apply)
+ port = (known after apply)
+ uuid = "b1bec6fb-a3af-4280-befc-decb376ac5ef"
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
使用terraform执行
如果在tf文件中定义的资源被创建,则执行。在terraform plan确认无问题后执行。
ubuntu@terraform:~/terraform$ terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# openstack_compute_instance_v2.test-server will be created
+ resource "openstack_compute_instance_v2" "test-server" {
+ access_ip_v4 = (known after apply)
+ access_ip_v6 = (known after apply)
+ all_metadata = (known after apply)
+ all_tags = (known after apply)
+ availability_zone = (known after apply)
+ flavor_id = "2ce31fef-68b6-4953-81bc-b1c79d22f1b0 "
+ flavor_name = (known after apply)
+ force_delete = false
+ id = (known after apply)
+ image_id = "4128a986-1f77-4201-9bbf-90de4037dee1"
+ image_name = (known after apply)
+ key_pair = "user01key"
+ name = "my_instance"
+ power_state = "active"
+ region = (known after apply)
+ security_groups = (known after apply)
+ stop_before_destroy = false
+ network {
+ access_network = false
+ fixed_ip_v4 = (known after apply)
+ fixed_ip_v6 = (known after apply)
+ floating_ip = (known after apply)
+ mac = (known after apply)
+ name = (known after apply)
+ port = (known after apply)
+ uuid = "b1bec6fb-a3af-4280-befc-decb376ac5ef"
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
openstack_compute_instance_v2.test-server: Creating...
openstack_compute_instance_v2.test-server: Still creating... [10s elapsed]
openstack_compute_instance_v2.test-server: Still creating... [20s elapsed]
openstack_compute_instance_v2.test-server: Creation complete after 25s [id=8d1715e9-e276-4480-bf03-7b0776ea7bfa]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
确认资源已经创建。
$ openstack server show 8d1715e9-e276-4480-bf03-7b0776ea7bfa
+-------------------------------------+----------------------------------------------------------+
| Field | Value |
+-------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | cmp001 |
| OS-EXT-SRV-ATTR:hypervisor_hostname | cmp001.mcp-smmr18.fujitsu.local |
| OS-EXT-SRV-ATTR:instance_name | instance-0000334a |
| OS-EXT-STS:power_state | Running |
| OS-EXT-STS:task_state | None |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2021-09-21T02:58:41.000000 |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | maintenance-net=10.0.0.16 |
| config_drive | True |
| created | 2021-09-21T02:58:22Z |
| flavor | m1.medium (2ce31fef-68b6-4953-81bc-b1c79d22f1b0) |
| hostId | ee90af4ebb1eb84986019854bb9618db381c570845f36a65ecc891cd |
| id | 8d1715e9-e276-4480-bf03-7b0776ea7bfa |
| image | ubuntu_20.04.3 (4128a986-1f77-4201-9bbf-90de4037dee1) |
| key_name | user01key |
| name | my_instance |
| progress | 0 |
| project_id | cfeb198dbfa2414e8b32534ac0511d52 |
| properties | |
| security_groups | name='default' |
| status | ACTIVE |
| updated | 2021-09-21T02:58:41Z |
| user_id | a430f45e0f6c4290863b869593cdae6e |
| volumes_attached | |
+-------------------------------------+----------------------------------------------------------+
我能够确认已创建了在tf文件中定义的实例。
删除资源
terraform计划 -销毁
确认要删除的资源
$ terraform plan -destroy
openstack_compute_instance_v2.test-server: Refreshing state... [id=8d1715e9-e276-4480-bf03-7b0776ea7bfa]
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the last "terraform apply":
# openstack_compute_instance_v2.test-server has been changed
~ resource "openstack_compute_instance_v2" "test-server" {
id = "8d1715e9-e276-4480-bf03-7b0776ea7bfa"
name = "my_instance"
+ tags = []
# (14 unchanged attributes hidden)
# (1 unchanged block hidden)
}
Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# openstack_compute_instance_v2.test-server will be destroyed
- resource "openstack_compute_instance_v2" "test-server" {
- access_ip_v4 = "10.0.0.16" -> null
- all_metadata = {} -> null
- all_tags = [] -> null
- availability_zone = "nova" -> null
- flavor_id = "2ce31fef-68b6-4953-81bc-b1c79d22f1b0" -> null
- flavor_name = "m1.medium" -> null
- force_delete = false -> null
- id = "8d1715e9-e276-4480-bf03-7b0776ea7bfa" -> null
- image_id = "4128a986-1f77-4201-9bbf-90de4037dee1" -> null
- image_name = "ubuntu_20.04.3" -> null
- key_pair = "user01key" -> null
- name = "my_instance" -> null
- power_state = "active" -> null
- region = "RegionOne" -> null
- security_groups = [
- "default",
] -> null
- stop_before_destroy = false -> null
- tags = [] -> null
- network {
- access_network = false -> null
- fixed_ip_v4 = "10.0.0.16" -> null
- mac = "fa:16:3e:c2:41:5f" -> null
- name = "maintenance-net" -> null
- uuid = "b1bec6fb-a3af-4280-befc-decb376ac5ef" -> null
}
}
Plan: 0 to add, 0 to change, 1 to destroy.
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
销毁基础设施
如果使用 “terraform plan -destroy” 命令确认删除目标资源没有问题,就执行删除操作。
$ terraform destroy
openstack_compute_instance_v2.test-server: Refreshing state... [id=8d1715e9-e276-4480-bf03-7b0776ea7bfa]
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the last "terraform apply":
# openstack_compute_instance_v2.test-server has been changed
~ resource "openstack_compute_instance_v2" "test-server" {
id = "8d1715e9-e276-4480-bf03-7b0776ea7bfa"
name = "my_instance"
+ tags = []
# (14 unchanged attributes hidden)
# (1 unchanged block hidden)
}
Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# openstack_compute_instance_v2.test-server will be destroyed
- resource "openstack_compute_instance_v2" "test-server" {
- access_ip_v4 = "10.0.0.16" -> null
- all_metadata = {} -> null
- all_tags = [] -> null
- availability_zone = "nova" -> null
- flavor_id = "2ce31fef-68b6-4953-81bc-b1c79d22f1b0" -> null
- flavor_name = "m1.medium" -> null
- force_delete = false -> null
- id = "8d1715e9-e276-4480-bf03-7b0776ea7bfa" -> null
- image_id = "4128a986-1f77-4201-9bbf-90de4037dee1" -> null
- image_name = "ubuntu_20.04.3" -> null
- key_pair = "user01key" -> null
- name = "my_instance" -> null
- power_state = "active" -> null
- region = "RegionOne" -> null
- security_groups = [
- "default",
] -> null
- stop_before_destroy = false -> null
- tags = [] -> null
- network {
- access_network = false -> null
- fixed_ip_v4 = "10.0.0.16" -> null
- mac = "fa:16:3e:c2:41:5f" -> null
- name = "maintenance-net" -> null
- uuid = "b1bec6fb-a3af-4280-befc-decb376ac5ef" -> null
}
}
Plan: 0 to add, 0 to change, 1 to destroy.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
openstack_compute_instance_v2.test-server: Destroying... [id=8d1715e9-e276-4480-bf03-7b0776ea7bfa]
openstack_compute_instance_v2.test-server: Still destroying... [id=8d1715e9-e276-4480-bf03-7b0776ea7bfa, 10s elapsed]
openstack_compute_instance_v2.test-server: Destruction complete after 10s
Destroy complete! Resources: 1 destroyed.
确认在OpenStack上已被删除。
$ openstack server show 8d1715e9-e276-4480-bf03-7b0776ea7bfa
No server with a name or ID of '8d1715e9-e276-4480-bf03-7b0776ea7bfa' exists.
我确认删除了。
这篇文章的内容到此为止。
