使用Terraform操作AWS Route53(DNS)

1 年 ago
清, 扬
4 minutes

简述

使用Terraform尝试更改Route 53的DNS配置。不使用AWS管理控制台,确保能够注册区域信息、添加/删除记录。同时,所有操作都将从Terraform中执行。

事先准备

    Terraform の動作環境

添加区域信息

创建一个名为aws_region.tf的文件,在相同的目录下定义身份验证信息,并创建一个名为aws_route53.tf的文件来定义区域信息。此外,使用的域名为over.moe,但可以使用任意域名。

provider "aws" {
    access_key = "自分のアクセスキー"
    secret_key = "自分のシークレットキー"
    region = "us-east-1"
}

resource "aws_route53_zone" "over_moe" {
   name = "over.moe"
}

这是将资源名称 “aws_route53_zone” 分配给资源名称 “over_moe” 。在 “name” 中指定的是实际使用的域名 “over.moe”(例如:在这里写上 “example.jp” 等)。

在应用设置之前,请执行terraform plan计划,并确认更改内容。

$ ./terraform plan
Refreshing Terraform state prior to plan...


The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed.

Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.

+ aws_route53_zone.over_moe
    name:    "" => "over.moe"
    zone_id: "" => "<computed>"

这个显示内容意味着要添加资源aws_route53_zone.over_moe,并且实际追加的域名是over.moe。

要应用设置,需执行 “terraform apply”。

$ ./terraform apply
aws_route53_zone.over_moe: Creating...
  name: "" => "over.moe"
aws_route53_zone.over_moe: Creation complete

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.

State path: terraform.tfstate

执行后,等待约十几秒钟,屏幕上会显示处理结果。结果显示为”添加了1″,说明处理已经成功完成。

可以使用terraform show命令来查看处理结果的详细信息。

$ ./terraform show ./terraform.tfstate
aws_route53_zone.over_moe:
  id = ZNUSNIH3530EG
  name = over.moe
  zone_id = ZNUSNIH3530EG

使用AWS Management Console,区域信息的注册已经完成。在确认画面上,可以看到域名信息,同时在目标域名的评论中写着”由Terraform管理”。

Route53でドメインを追加した直後.png

然后,确认NS记录并更新每个注册商的域名服务器信息,以便能够反映域名的设置。

添加记录

确认可以在区域信息后继续添加或更改记录。要定义资源用于记录,请向之前的 aws_route53.tf 添加。要定义 www.over.moe,请按照以下步骤进行。

resource "aws_route53_zone" "over_moe" {
   name = "over.moe"
}

resource "aws_route53_record" "www" {
   zone_id = "ZNUSNIH3530EG"
   name = "www.over.moe"
   type = "A"
   ttl = "300"
   records = ["210.239.46.254"]
}

在这里,将资源aws_route53_record分配给资源名为www。而zone_id是先前确认的区域ID。name是www.over.moe,类型为A(地址)记录,TTL是TTL秒,并且在records中记录IP地址。

在应用配置之前,请使用terraform plan确认更改的内容。

$ ./terraform plan
Refreshing Terraform state prior to plan...

aws_route53_zone.over_moe: Refreshing state... (ID: ZNUSNIH3530EG)

The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed.

Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.

+ aws_route53_record.www
    name:      "" => "www.over.moe"
    records.#: "" => "1"
    records.0: "" => "210.239.46.254"
    ttl:       "" => "300"
    type:      "" => "A"
    zone_id:   "" => "ZNUSNIH3530EG"

可以看出,正在尝试添加名为www.over.moe的A记录。如果内容没有问题,就可以应用并生效。

$ ./terraform apply
aws_route53_zone.over_moe: Refreshing state... (ID: ZNUSNIH3530EG)
aws_route53_record.www: Creating...
  name:      "" => "www.over.moe"
  records.#: "" => "1"
  records.0: "" => "210.239.46.254"
  ttl:       "" => "300"
  type:      "" => "A"
  zone_id:   "" => "ZNUSNIH3530EG"
aws_route53_record.www: Creation complete

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.

State path: terraform.tfstate

在这个阶段,处理已成功,并且可以确认设置已在AWS管理控制台上反映出来。

www.moeが追加されている.png

可以通过terraform show来确认反映的信息。

$ ./terraform show ./terraform.tfstate
aws_route53_record.www:
  id = ZNUSNIH3530EG_www.over.moe_A
  name = www.over.moe
  records.# = 1
  records.0 = 210.239.46.254
  ttl = 300
  type = A
  zone_id = ZNUSNIH3530EG
aws_route53_zone.over_moe:
  id = ZNUSNIH3530EG
  name = over.moe
  zone_id = ZNUSNIH3530EG

如果要删除记录,请删除www.over.moe的设置并执行plan→apply。

如需进一步添加记录,请在.tf文件中描述要添加的资源。例如,如果想要添加一个名为game.over.moe的记录,则可以按照以下方式进行修改。

resource "aws_route53_zone" "over_moe" {
   name = "over.moe"
}

resource "aws_route53_record" "www" {
   zone_id = "ZNUSNIH3530EG"
   name = "www.over.moe"
   type = "A"
   ttl = "300"
   records = ["210.239.46.254"]
}

resource "aws_route53_record" "game" {
   zone_id = "${aws_route53_zone.over_moe.zone_id}"
   name = "game.over.moe"
   type = "A"
   ttl = "300"
   records = ["210.239.46.254"]
}

在执行完terraform plan,并且没有出现错误后,执行terraform apply以应用设置。执行一段时间后,可以通过dig等工具实现名称解析。

$ dig game.over.moe a +norec

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> game.over.moe a +norec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24365
;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;game.over.moe.                 IN      A

;; ANSWER SECTION:
game.over.moe.          297     IN      A       210.239.46.254

此外,如果尝试同时进行记录的删除和添加操作,可能会出现错误:错误:请求失败,状态码:400。这是因为在前一个请求结束之前进行了下一个请求。在当前的Terraform版本中,最好将删除和添加操作分别作为独立的任务进行。

请参照下列内容并进行适当的中文表达。

AWS: aws_route53_record – Terraform

http://www.terraform.io/docs/providers/aws/r/route53_record.html

AWS: aws_route53_zone – Terraform

http://www.terraform.io/docs/providers/aws/r/route53_zone.html

广告
将在 10 秒后关闭
bannerAds