首次创建Pluralith~EC2的配置图书
首先
我在业务中使用Terragrunt来管理AWS配置的一部分,但随着配置变得越来越复杂,阅读代码和理解配置变得困难,因为无法直观地知道是否达到了预期的配置。当我发现Pluralith时,我想尝试使用它。
由于上次安装有点偏差,所以我进行了安装。
这次我想创建一个使用Terraform创建EC2的文件,并根据创建的EC2使用Pluralith来创建配置图。
由于我是Terraform初学者,所以我参考了以下书籍内的部分步骤:“使用Terraform开始AWS配置管理”来操作。
- ソフトウェアデザイン 2022年1月号
想做的事情 zuò de
我想使用Pluralith便捷地创建AWS环境的配置图!
环境
操作系统:Windows11专业版
Terraform版本:v1.5.2
Pluralith CLI版本:0.2.2
Pluralith图形模块版本:0.2.1
AWS CLI版本:2.4.23
上次所做的事情
我之前已经安装了Terraform、Pluralith和AWS CLI。请查看以下详细信息。
- はじめてのPluralith ~インストール編~
试试用Terraform创建EC2实例。
1.凭证设置
在AWS管理控制台上创建一个附加了”AdministratorAccess”策略的访问密钥。
有关访问密钥的详细创建方法,请参考官方文档。
这里虽然不是官方推荐,但也相当易懂,我会推荐的。
当你成功创建后,执行aws configure命令,并输入所创建的访问密钥,在默认区域中选择东京区域。
然后,执行aws sts get-caller-identity命令来确认设置的UserId、Account、Arn是否被输出。
由于成功显示,接下来我会尝试编写Terraform代码。
2. 代码实施。
本次我们将创建一个用于测试的Amazon Linux 2023 AMI的t2.micro类型的EC2实例。
以下是main.tf文件的内容。
resource "aws_instance" "learn_pluralith" {
ami = "ami-08c84d37db8aafe00"# Amazon Linux 2023 AMI
instance_type = "t2.micro"
tags = {
Name = "learn_pluralith"
}
}
provider "aws" {
region = "ap-northeast-1"
}
在resource块中,描述了AWS实例的信息,在provider块中描述了所使用的云服务提供商的信息。
ami中设置了EC2的AMI为Amazon Linux 2023 AMI,并指定了实例类型为t2.micro。
标签可以不进行特别设置,但为了Pluralith的学习目的,我们将其设置为learn_pluralith。
同时,将云服务提供商指定为AWS,并将地区设置为东京地区。
由于已经创建了用于创建EC2实例所需的terraform文件,接下来将执行Terraform操作。
3. 初始化。
当您首次执行时,需要进行初始化操作,因此执行`terraform init`命令。
PS C:\Users\ユーザー名\workspace\learn_pluralith> terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/aws...
- Installing hashicorp/aws v5.13.0...
- Installed hashicorp/aws v5.13.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
看起来命令执行成功了。
当检查文件夹时,发现以下文件已添加。
学习多元化
│
└─ .terraform\providers\…\terraform-provider-aws_v5.13.0_x5.exe
│
└─ .terraform.lock.hcl
│
└─ main.tf
4. 确认执行内容
接下来,执行terraform plan命令,以确认main.tf文件中的内容是否没有问题。
PS C:\Users\ユーザー名\workspace\learn_pluralith> terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
+ create
Terraform will perform the following actions:
# aws_instance.learn_pluralith will be created
+ resource "aws_instance" "learn_pluralith" {
+ ami = "ami-08c84d37db8aafe00"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ disable_api_stop = (known after apply)
+ disable_api_termination = (known after apply)
+ ebs_optimized = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ host_resource_group_arn = (known after apply)
+ iam_instance_profile = (known after apply)
+ id = (known after apply)
+ instance_initiated_shutdown_behavior = (known after apply)
+ instance_lifecycle = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = (known after apply)
+ monitoring = (known after apply)
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ placement_partition_number = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ips = (known after apply)
+ security_groups = (known after apply)
+ source_dest_check = true
+ spot_instance_request_id = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "Name" = "learn_pluralith"
}
+ tags_all = {
+ "Name" = "learn_pluralith"
}
+ tenancy = (known after apply)
+ user_data = (known after apply)
+ user_data_base64 = (known after apply)
+ user_data_replace_on_change = false
+ vpc_security_group_ids = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if
you run "terraform apply" now.
确认没有发生任何错误,并且已确认EC2的AMI、实例类型和标签信息按预期进行设置。
接下来我们将实际执行并应用到环境中。
5. 对环境的反应
为了将其实际应用于AWS环境,需要运行terraform apply命令。
PS C:\Users\ユーザー名\workspace\learn_pluralith> terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
+ create
Terraform will perform the following actions:
# aws_instance.learn_pluralith will be created
+ resource "aws_instance" "learn_pluralith" {
+ ami = "ami-08c84d37db8aafe00"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ disable_api_stop = (known after apply)
+ disable_api_termination = (known after apply)
+ ebs_optimized = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ host_resource_group_arn = (known after apply)
+ iam_instance_profile = (known after apply)
+ id = (known after apply)
+ instance_initiated_shutdown_behavior = (known after apply)
+ instance_lifecycle = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = (known after apply)
+ monitoring = (known after apply)
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ placement_partition_number = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ips = (known after apply)
+ security_groups = (known after apply)
+ source_dest_check = true
+ spot_instance_request_id = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "Name" = "learn_pluralith"
}
+ tags_all = {
+ "Name" = "learn_pluralith"
}
+ tenancy = (known after apply)
+ user_data = (known after apply)
+ user_data_base64 = (known after apply)
+ user_data_replace_on_change = false
+ vpc_security_group_ids = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_instance.learn_pluralith: Creating...
aws_instance.learn_pluralith: Still creating... [10s elapsed]
aws_instance.learn_pluralith: Still creating... [20s elapsed]
aws_instance.learn_pluralith: Still creating... [30s elapsed]
aws_instance.learn_pluralith: Creation complete after 32s [id=i-00e372ff3399e558f]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
在进行到这一步之前,会输出与执行terraform plan命令相同的内容,并要求输入”yes”。
由于这次是预期的结果,所以输入”yes”。
然后,将创建一个新的terraform.tfstate文件。
看起来已经成功创建了EC2实例。
让我们通过AWS管理控制台来确认创建的EC2实例。
从管理控制台查看已创建的EC2实例。
我成功地完成了!接下来,我将尝试创建大家都期待的构图。
试着创建一个使用pluralith创建的EC2架构图。
创建结构图需要执行”pluralith graph”命令。
PS C:\Users\ユーザー名\workspace\learn_pluralith> pluralith graph
⠿ Initiating Graph ⇢ Posting Diagram To Pluralith Dashboard
→ Authentication
✔ API key is valid, you are authenticated!
→ Plan
✔ Local Execution Plan Generated
✔ Local Plan Cache Created
✔ Secrets Stripped
- Cost Calculation Skipped
→ Graph
✔ Local Diagram Generated
✔ Diagram Posted To Pluralith Dashboard
→ Diagram Pushed To: https://app.pluralith.com/.../pluralith-local-project/runs/.../
当成功创建构成图后,
将在learn_pluralith文件夹的直接下方添加一个名为.pluralith的目录。
learn_pluralith/
│
├─.pluralith
│ │
│ ├─pluralith.cache.json
│ │
│ ├─pluralith.plan.bin
│ │
│ └─pluralith.state.json
│
├─ .terraform\providers\…\terraform-provider-aws_v5.13.0_x5.exe
│
├─ .terraform.lock.hcl
│
└─ main.tf
另外,最后会输出URL,并将用户重定向到Pluralith的页面上。
只有EC2,所以感觉有些孤单,但是配置图已经做好了。
既然如此,我想把每种情况的差异都输出出来,所以让我试试并勾选每个选项。
不仅能够显示标签,而且在执行导出时还会显示指定的版本和输出日期。
整理房间
如果保留创建的EC2环境不变,将继续产生费用,因此需要执行terraform destroy命令来终止EC2实例。
在执行destroy时,还会显示要删除的环境信息,并要求您输入yes。
由于这也是预期的内容,我们输入yes。
PS C:\Users\ユーザー名\workspace\learn_pluralith> terraform destroy
aws_instance.learn_pluralith: Refreshing state... [id=...]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
- destroy
Terraform will perform the following actions:
# aws_instance.learn_pluralith will be destroyed
- resource "aws_instance" "learn_pluralith" {
- ami = "ami-08c84d37db8aafe00" -> null
- arn = "arn:aws:ec2:ap-northeast-1:...:instance/i-00e372ff3399e558f" -> null
- associate_public_ip_address = true -> null
- availability_zone = "ap-northeast-1a" -> null
- cpu_core_count = 1 -> null
- cpu_threads_per_core = 1 -> null
- disable_api_stop = false -> null
- disable_api_termination = false -> null
- ebs_optimized = false -> null
- get_password_data = false -> null
- hibernation = false -> null
- id = "インスタンスID" -> null
- instance_initiated_shutdown_behavior = "stop" -> null
- instance_state = "running" -> null
- instance_type = "t2.micro" -> null
- ipv6_address_count = 0 -> null
- ipv6_addresses = [] -> null
- monitoring = false -> null
- placement_partition_number = 0 -> null
- primary_network_interface_id = "network_interface_id" -> null
- private_dns = "private_dns" -> null
- private_ip = "private_ip" -> null
- public_dns = "public_dns" -> null
- public_ip = "public_ip" -> null
- secondary_private_ips = [] -> null
- security_groups = [
- "default",
] -> null
- source_dest_check = true -> null
- subnet_id = "subnet_id" -> null
- tags = {
- "Name" = "learn_pluralith"
} -> null
- tags_all = {
- "Name" = "learn_pluralith"
} -> null
- tenancy = "default" -> null
- user_data_replace_on_change = false -> null
- vpc_security_group_ids = [
- "sg-00bb2eea8f818d4e7",
] -> null
- capacity_reservation_specification {
- capacity_reservation_preference = "open" -> null
}
- cpu_options {
- core_count = 1 -> null
- threads_per_core = 1 -> null
}
- credit_specification {
- cpu_credits = "standard" -> null
}
- enclave_options {
- enabled = false -> null
}
- maintenance_options {
- auto_recovery = "default" -> null
}
- metadata_options {
- http_endpoint = "enabled" -> null
- http_protocol_ipv6 = "disabled" -> null
- http_put_response_hop_limit = 2 -> null
- http_tokens = "required" -> null
- instance_metadata_tags = "disabled" -> null
}
- private_dns_name_options {
- enable_resource_name_dns_a_record = false -> null
- enable_resource_name_dns_aaaa_record = false -> null
- hostname_type = "ip-name" -> null
}
- root_block_device {
- delete_on_termination = true -> null
- device_name = "/dev/xvda" -> null
- encrypted = false -> null
- iops = 3000 -> null
- tags = {} -> null
- throughput = 125 -> null
- volume_id = "volume_id" -> null
- volume_size = 8 -> null
- volume_type = "gp3" -> null
}
}
Plan: 0 to add, 0 to change, 1 to destroy.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
aws_instance.learn_pluralith: Destroying... [id=...]
aws_instance.learn_pluralith: Still destroying... [id=..., 10s elapsed]
aws_instance.learn_pluralith: Still destroying... [id=..., 20s elapsed]
aws_instance.learn_pluralith: Destruction complete after 30s
Destroy complete! Resources: 1 destroyed.
成功关闭了EC2实例,一切顺利!
感受
我再次认识到,通过使用Terraform,可以更容易地查看基于代码创建的AWS环境的配置内容,并且只要编写代码,就能够通过一行命令进行环境的创建和删除,这非常方便。此外,使用Pluralith创建的配置图也可以通过一行命令快速生成,这真是令人高兴。
顺便说一句,在删除EC2之后,即使在48小时内,您仍然可以运行pluralith graph来确认图形,而且即使过了48小时,只需再次运行pluralith graph,也可以再次确认图形。这在本地使用也非常方便。
由于不仅可以显示区域,还可以显示费用,所以我想创建一个使用其他一些服务的AWS环境,并在运行一段时间后创建一个配置图。
请参考
2022年1月的软件设计杂志
