在Azure上使用Terraform创建虚拟机
这是2021年AP Communications圣诞日历的第22篇文章。
由于在这里自学Terraform(AWS),所以我只需要一种选择。
我想在Azure上尝试一下,看看是否可行。
终点
-
- VM作成し、秘密鍵も取得する(GUIでのVM作成と同じようにしたい)
- OSはCentOS
除了创建虚拟机之外,还需要创建其他必要的资源(这些资源也将使用Terraform创建)。
-
- リソースグループ
-
- 仮想ネットワーク
-
- サブネット
-
- パブリックIP
-
- NSGと通信ルール(SSH許可)
-
- NIC
- ディスク
这里不讨论的事情。
在中文中,有许多种表达方式,这里给出一个可能的选项:
如何创建Terraform执行环境
tf文件的内容
文件结构仅包含main.tf。
位置为东日本(japaneast)。
provider "azurerm" {
features {}
}
# リソースグループの作成
resource "azurerm_resource_group" "myazrg" {
name = "aztest_rg"
location = "japaneast"
}
# 仮想ネットワークの作成
resource "azurerm_virtual_network" "vnet" {
name = "aztest_vnet"
address_space = ["10.0.0.0/16"]
location = "japaneast"
resource_group_name = azurerm_resource_group.myazrg.name
}
# サブネットの作成
resource "azurerm_subnet" "subnet" {
name = "default"
resource_group_name = azurerm_resource_group.myazrg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
}
# パブリックIPの作成
resource "azurerm_public_ip" "publicip" {
name = "myPublicIP"
location = "japaneast"
resource_group_name = azurerm_resource_group.myazrg.name
allocation_method = "Dynamic"
}
# NSGの作成と通信ルールの設定(SSH許可)
resource "azurerm_network_security_group" "nsg" {
name = "mynsg"
location = "japaneast"
resource_group_name = azurerm_resource_group.myazrg.name
security_rule {
name = "SSH"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "<"*"でも良いですがクライアントのIPに絞るのがセキュリティ的によいと思います>"
destination_address_prefix = "*"
}
}
# ネットワークインターフェイスの作成
resource "azurerm_network_interface" "nic" {
name = "nic"
location = "japaneast"
resource_group_name = azurerm_resource_group.myazrg.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
}
}
# SSHキーの作成
resource "tls_private_key" "myazssh" {
algorithm = "RSA"
rsa_bits = 4096
}
output "tls_private_key" {
value = tls_private_key.myazssh.private_key_pem
sensitive = true
}
# 仮想マシンの作成
# OSはCentOS7.6
resource "azurerm_linux_virtual_machine" "myazvm" {
name = "myszvm"
resource_group_name = azurerm_resource_group.myazrg.name
location = "japaneast"
size = "Standard_DS1_v2"
admin_username = "azureuser"
network_interface_ids = [
azurerm_network_interface.nic.id,
]
admin_ssh_key {
username = "azureuser"
public_key = tls_private_key.myazssh.public_key_openssh
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "OpenLogic"
offer = "CentOS"
sku = "7.6"
version = "latest"
}
}
执行Terraform
初始化 (terraform init)
$ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/tls...
- Reusing previous version of hashicorp/azurerm from the dependency lock file
- Installing hashicorp/tls v3.1.0...
- Installed hashicorp/tls v3.1.0 (self-signed, key ID 34365D9472D7468F)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html
Terraform has made some changes to the provider dependency selections recorded
in the .terraform.lock.hcl file. Review those changes and commit them to your
version control system if they represent changes you intended to make.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
语法检查(terraform validate)
由于大多数错误都发生在这里,我会逐个修正发现的错误。
$ terraform validate
Success! The configuration is valid.
执行预演 (Terraform plan)
在Ansible中,类似于Dry Run的东西
$ terraform plan -out main.tfplan
tls_private_key.myazssh: Refreshing state... [id=xxx]
azurerm_resource_group.rg: Refreshing state... [id=/subscriptions/xxx/resourceGroups/aztest_rg]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
(略)
Plan: 7 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
This plan was saved to: main.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "main.tfplan"
执行(terraform apply)
$ terraform apply main.tfplan
azurerm_resource_group.myazrg: Creating...
(略)
azurerm_linux_virtual_machine.myazvm: Creating...
azurerm_linux_virtual_machine.myazvm: Still creating... [10s elapsed]
azurerm_linux_virtual_machine.myazvm: Still creating... [20s elapsed]
azurerm_linux_virtual_machine.myazvm: Still creating... [30s elapsed]
azurerm_linux_virtual_machine.myazvm: Still creating... [40s elapsed]
azurerm_linux_virtual_machine.myazvm: Still creating... [50s elapsed]
azurerm_linux_virtual_machine.myazvm: Still creating... [1m0s elapsed]
azurerm_linux_virtual_machine.myazvm: Still creating... [1m10s elapsed]
azurerm_linux_virtual_machine.myazvm: Creation complete after 1m17s [id=/subscriptions/xxx/resourceGroups/aztest_rg/providers/Microsoft.Compute/virtualMachines/myszvm]
Apply complete! Resources: 7 added, 0 changed, 0 destroyed.
The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.
State path: terraform.tfstate
Outputs:
tls_private_key = <sensitive>
在这里,您可以查看Azure门户的创建情况。
获取私钥
terraform output -raw tls_private_key
-----BEGIN RSA PRIVATE KEY-----
(略)
-----END RSA PRIVATE KEY-----
你可以在这里获取私钥。
复制并粘贴密钥,通过ssh登录完成。
想法
使用4个命令就能够创建虚拟机,非常方便。
我认为通过更改图形用户界面,不再需要反复修改步骤,这也不再成为问题。
接下来,计划进行主机名、IP更改以及创建多个虚拟机和使用Windows操作系统进行创建等。
非常感谢您的观看。
请提供以下内容的中文原生释义。
“参考”
使用Terraform在Azure上配置Linux虚拟机和基础架构的公式。
使用Terraform在Azure上创建IaaS验证环境。
