Terraform编排腾讯云资源

Terraform是一个IT基础架构自动化编排工具，它的口号是 “Write, Plan, and create Infrastructure as Code”, 基础架构即代码。Terraform几乎可以支持所有市面上能见到的云服务。

Terraform的使用可以参考文档https://registry.terraform.io/，下面我们来用Terraform来编排下腾讯云上的资源。

Terraform安装部署

下载安装包

下载安装包，解压二进制文件，能查看版本号则说明安装成功

# mkdir tf
# cd tf/
# wget https://releases.hashicorp.com/terraform/1.0.5/terraform_1.0.5_linux_amd64.zip
# unzip terraform_1.0.5_linux_amd64.zip
# mv terraform /usr/local/bin

# terraform -version
Terraform v1.0.5
on linux_amd64

Your version of Terraform is out of date! The latest version
is 1.0.6. You can update by downloading from https://www.terraform.io/downloads.html

初始化terraform

初始化会发送请求到Terraform官方GitHub下载最新版本腾讯云资源的模块和插件，如果版本有更新也可以terraform init -upgrade来更新，secret_id和secret_key是云账号的secret

# cat << EOF >  /root/tf/provider.tf
terraform {
  required_providers {
    tencentcloud = {
      source = "tencentcloudstack/tencentcloud"
    }
  }
}


provider "tencentcloud" {
    secret_id  = "AKIDxxxxxxTITii"
    secret_key = "608zbx5xxxxZAVaN7"
    region     = "ap-guangzhou"
}
EOF

# terraform init

Initializing the backend...

Initializing provider plugins...
- Reusing previous version of tencentcloudstack/tencentcloud from the dependency lock file
- Using previously-installed tencentcloudstack/tencentcloud v1.58.4

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

部署云资源

这里我们简单的部署一个安全组，其他资源的部署可以参考文档https://registry.terraform.io/providers/tencentcloudstack/tencentcloud/latest/docs

编写需要创建资源的tf文件

cat << EOF >  /root/tf/security_group.tf
resource "tencentcloud_security_group" "sglab_1" {
  name        = "mysg_1"
  description = "favourite sg_1"
  project_id  = 0
}

resource "tencentcloud_security_group_rule" "sglab_1" {
  security_group_id = tencentcloud_security_group.sglab_1.id
  type              = "ingress"
  cidr_ip           = "10.0.0.0/16"
  ip_protocol       = "TCP"
  port_range        = "80"
  policy            = "ACCEPT"
  description       = "favourite sg rule_1"
}
EOF

terraform可使用命令可以参考下面

[root@VM-0-13-centos tf]# terraform
Usage: terraform [global options] <subcommand> [args]

The available commands for execution are listed below.
The primary workflow commands are given first, followed by
less common or more advanced commands.

Main commands:
  init          Prepare your working directory for other commands
  validate      Check whether the configuration is valid
  plan          Show changes required by the current configuration
  apply         Create or update infrastructure
  destroy       Destroy previously-created infrastructure

All other commands:
  console       Try Terraform expressions at an interactive command prompt
  fmt           Reformat your configuration in the standard style
  force-unlock  Release a stuck lock on the current workspace
  get           Install or upgrade remote Terraform modules
  graph         Generate a Graphviz graph of the steps in an operation
  import        Associate existing infrastructure with a Terraform resource
  login         Obtain and save credentials for a remote host
  logout        Remove locally-stored credentials for a remote host
  output        Show output values from your root module
  providers     Show the providers required for this configuration
  refresh       Update the state to match remote systems
  show          Show the current state or a saved plan
  state         Advanced state management
  taint         Mark a resource instance as not fully functional
  test          Experimental support for module integration testing
  untaint       Remove the 'tainted' state from a resource instance
  version       Show the current Terraform version
  workspace     Workspace management

Global options (use these before the subcommand, if any):
  -chdir=DIR    Switch to a different working directory before executing the
                given subcommand.
  -help         Show this help output, or the help for a specified subcommand.
  -version      An alias for the "version" subcommand.

terraform plan可以查看部署计划，如果plan执行没问题，然后apply创建即可

# terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # tencentcloud_security_group.sglab_1 will be created
  + resource "tencentcloud_security_group" "sglab_1" {
      + description = "favourite sg_1"
      + id          = (known after apply)
      + name        = "mysg_1"
      + project_id  = 0
    }

  # tencentcloud_security_group_rule.sglab_1 will be created
  + resource "tencentcloud_security_group_rule" "sglab_1" {
      + cidr_ip           = "10.0.0.0/16"
      + description       = "favourite sg rule_1"
      + id                = (known after apply)
      + ip_protocol       = "TCP"
      + policy            = "ACCEPT"
      + port_range        = "80"
      + security_group_id = (known after apply)
      + source_sgid       = (known after apply)
      + type              = "ingress"

      + address_template {
          + group_id    = (known after apply)
          + template_id = (known after apply)
        }

      + protocol_template {
          + group_id    = (known after apply)
          + template_id = (known after apply)
        }
    }

Plan: 2 to add, 0 to change, 0 to destroy.

────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.

terraform apply创建安全组

[root@VM-0-13-centos tf]# terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # tencentcloud_security_group.sglab_1 will be created
  + resource "tencentcloud_security_group" "sglab_1" {
      + description = "favourite sg_1"
      + id          = (known after apply)
      + name        = "mysg_1"
      + project_id  = 0
    }

  # tencentcloud_security_group_rule.sglab_1 will be created
  + resource "tencentcloud_security_group_rule" "sglab_1" {
      + cidr_ip           = "10.0.0.0/16"
      + description       = "favourite sg rule_1"
      + id                = (known after apply)
      + ip_protocol       = "TCP"
      + policy            = "ACCEPT"
      + port_range        = "80"
      + security_group_id = (known after apply)
      + source_sgid       = (known after apply)
      + type              = "ingress"

      + address_template {
          + group_id    = (known after apply)
          + template_id = (known after apply)
        }

      + protocol_template {
          + group_id    = (known after apply)
          + template_id = (known after apply)
        }
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

tencentcloud_security_group.sglab_1: Creating...
tencentcloud_security_group.sglab_1: Creation complete after 1s [id=sg-gdo50olf]
tencentcloud_security_group_rule.sglab_1: Creating...
tencentcloud_security_group_rule.sglab_1: Creation complete after 0s [id=eyJzZ19pZCI6InNnLWdkbzUwb2xmIiwicG9saWN5X3R5cGUiOiJpbmdyZXNzIiwiY2lkcl9pcCI6IjEwLjAuMC4wLzE2IiwicHJvdG9jb2wiOiJUQ1AiLCJwb3J0X3JhbmdlIjoiODAiLCJhY3Rpb24iOiJBQ0NFUFQiLCJzb3VyY2Vfc2dfaWQiOiIiLCJkZXNjcmlwdGlvbiI6ImZhdm91cml0ZSBzZyBydWxlXzEifQ==]

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.