使用Terraform创建GCP项目资源 入门指南

公式教程的指南

这边有一个更好的选项：公式指引在这里。
https://cloud.google.com/community/tutorials/managing-gcp-projects-with-terraform

以下是我简化整理的，关于GCP × Terraform的第一步的记录。

这是什么让你开心的东西？

• 環境をテンプレート化できるので、作ったり削除したりが1コマンドで出来る

• 複数環境（開発環境、検証環境、本番環境）を用意するときに横展開しやすい

環境と定義ファイルの差分が見れるので、いつの間にか設定が変わった（変えていた）ことに気付ける、すぐ直せる

在中文中的同义表达：假设

• GCPプロジェクトが作れる（GUIで作れる、またはgcloudコマンドが使える）、もしくは既に存在する

• terraformコマンドが使える

インストールはMacならbrew install terraform

创建GCP项目

准备一个由Terraform管理的GCP项目。也可以使用图形用户界面进行创建。

$ gcloud projects create sandbox-terraform-xxxxx
Create in progress for [https://cloudresourcemanager.googleapis.com/v1/projects/sandbox-terraform-xxxxx].
Waiting for [operations/cp.8749279776492160000] to finish...done. 

创建一个tf文件并放在工作文件夹中。

.tf文件是用文本定义基础设施资源的文件。扩展名为.tf。
https://www.terraform.io/docs/configuration/index.html

在Terraform中，为不同的环境（如AWS、Azure、OpenStack）提供了相应的provider插件以管理资源。
要在tf文件中描述GCP的资源，需要使用google provider插件。
详见：https://www.terraform.io/docs/providers/google/index.html

首先设定最小配置，并试着仅记录GCS存储桶的定义。
我认为最好一开始就指定Terraform和provider的所需版本。

terraform {
  required_version = "0.11.8" # Terraformの要求バージョン
}

## project ##

provider "google" {
  credentials = "${file("account.json")}"
  project     = "sandbox-terraform-xxxxx"
  region      = "us-central1"
  version     = "1.17.1" # google providerプラグインの要求バージョン
}

### storage ###

resource "google_storage_bucket" "test-bucket" {
  name          = "sandbox-terraform-xxxxx-test" # バケット名
  location      = "us-central1"
  storage_class = "REGIONAL"
}

为 Terraform 进行初始化设置（terraform init）。

初始化包含 TF 文件的工作目录。
https://www.terraform.io/docs/commands/init.html
这里已安装了提供者插件。

$ terraform init

Initializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...
- Downloading plugin for provider "google" (1.17.1)...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.


$ tree .terraform/
.terraform/
└── plugins
    └── darwin_amd64
        ├── lock.json
        └── terraform-provider-google_v1.17.1_x4

格式化tf文件（terraform fmt）

可以将其重写为指定格式和样式。

$ terraform fmt
main.tf

准备用于认证的JSON文件

由于密钥可下载，请将其命名为 account.json，并将其放置在与tf文件相同的文件夹中。

$ ls
account.json    main.tf

确认执行时的计划（terraform plan）。

在执行该tf文件时，会显示执行计划，即显示有关何等变更的信息。
https://www.terraform.io/docs/commands/plan.html

$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + google_storage_bucket.raw-data
      id:            <computed>
      force_destroy: "false"
      location:      "US-CENTRAL1"
      name:          "sandbox-terraform-xxxxx-test"
      project:       <computed>
      self_link:     <computed>
      storage_class: "REGIONAL"
      url:           <computed>


Plan: 1 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

根据确认过的计划进行应用 (terraform apply)。

当运行此tf文件时，将显示执行计划，即显示有哪些变化发生。
https://www.terraform.io/docs/commands/plan.html

$ terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + google_storage_bucket.raw-data
      id:            <computed>
      force_destroy: "false"
      location:      "US-CENTRAL1"
      name:          "sandbox-terraform-xxxxx-test"
      project:       <computed>
      self_link:     <computed>
      storage_class: "REGIONAL"
      url:           <computed>


Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

google_storage_bucket.raw-data: Creating...
  force_destroy: "" => "false"
  location:      "" => "US-CENTRAL1"
  name:          "" => "sandbox-terraform-xxxxx-test"
  project:       "" => "<computed>"
  self_link:     "" => "<computed>"
  storage_class: "" => "REGIONAL"
  url:           "" => "<computed>"
google_storage_bucket.raw-data: Creation complete after 1s (ID: sandbox-terraform-xxxxx-test)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

想到这一点的未来思考

• 環境ごとの差異を表したい

• 基本的に使うリージョンやゾーンは固定なので、定数化したい

tfstateファイルをどう管理するか
tfファイルを分割したい