A cikin wannan labarin za mu kalli abin da Terraform ya kunsa, sannan kuma a hankali za mu ƙaddamar da namu abubuwan more rayuwa
Game da komai daki-daki kuma a cikin matakai uku:
1. Terraform - bayanin, abũbuwan amfãni da aka gyara
Terraform kayan aiki ne na IaC (Infrastructure-as-Code) don ginawa da sarrafa abubuwan more rayuwa ta amfani da lamba.
Mun lura da fa'idodi da yawa a cikin aiki tare da kayan aiki:
-
Saurin tura sabbin masu haya (yanayin kama-da-wane na al'ada). Yawanci, ƙarin sababbin abokan ciniki akwai, ƙarin "danna" ma'aikatan tallafin fasaha suna buƙatar yin don buga sababbin albarkatu. Tare da Terraform, masu amfani za su iya canza saitunan injin kama-da-wane (misali, rufe OS ta atomatik da haɓaka ɓangaren diski mai kama-da-wane) ba tare da buƙatar tallafin fasaha ko rufe injin kanta ba.
-
Tabbatarwa nan take na shirin kunnawa sabon Tennant. Yin amfani da bayanin lambar kayan aikin, za mu iya bincika nan da nan abin da za a ƙara kuma a cikin wane tsari, da kuma a wane yanayi na ƙarshe wannan ko na'ura mai mahimmanci ko cibiyar sadarwa mai mahimmanci tare da haɗin kai zuwa na'urori masu mahimmanci.
-
Ikon kwatanta mafi mashahurin dandamali na girgije. Kuna iya amfani da kayan aiki daga Amazon da Google Cloud, zuwa dandamali masu zaman kansu dangane da Daraktan VMware vCloud, suna ba da sabis a cikin mafita na IaaS, SaaS da PaaS.
-
Sarrafa masu samar da girgije da yawa da rarraba abubuwan more rayuwa a tsakanin su don haɓaka haɓakawa, ta amfani da tsari guda ɗaya don ƙirƙirar, tantancewa da sarrafa albarkatun girgije.
-
Amfani mai dacewa don ƙirƙirar matakan demo don gwada software da gyara kurakurai. Kuna iya ƙirƙira da canja wurin ma'auni don sashin gwaji, gwada software a cikin mahalli daban-daban a layi daya, kuma nan take canza da share albarkatun ta hanyar ƙirƙirar tsarin gina albarkatu guda ɗaya kawai.
"Terrarium" da aka yi amfani da shi
Mun yi magana a taƙaice game da fa'idodin kayan aiki, yanzu bari mu raba shi cikin sassansa
Masu bayarwa.
A cikin Terraform, kusan kowane nau'in ababen more rayuwa ana iya wakilta su azaman albarkatu. Ana ba da haɗin kai tsakanin albarkatu da dandamali na API ta hanyar samar da kayayyaki, waɗanda ke ba ku damar ƙirƙirar albarkatu a cikin takamaiman dandamali, misali, Azure ko VMware vCloud Director.
A matsayin ɓangare na aikin, zaku iya hulɗa tare da masu samarwa daban-daban akan dandamali daban-daban.
Albarkatu (bayanin albarkatu).
Bayanin albarkatu yana ba ku damar sarrafa abubuwan dandali, kamar injina ko cibiyoyin sadarwa.
Kuna iya ƙirƙirar bayanin albarkatu don mai ba da Daraktan VMware vCloud da kanku kuma yi amfani da wannan bayanin don ƙirƙirar albarkatu tare da kowane mai ba da sabis wanda ke amfani da Daraktan vCloud. Kuna buƙatar canza sigogin tantancewa da sigogin haɗin cibiyar sadarwa zuwa mai ba da sabis da ake buƙata
Masu bayarwa.
Wannan bangaren yana ba da damar yin ayyuka don shigarwa na farko da kuma kula da tsarin aiki bayan ƙirƙirar injuna masu kama da juna. Da zarar kun ƙirƙiri kayan aikin injin kama-da-wane, za ku iya amfani da masu samarwa don daidaitawa da haɗawa ta hanyar SSH, sabunta tsarin aiki, da zazzagewa da gudanar da rubutun.
Matsalolin shigarwa da fitarwa.
Matsalolin shigarwa - masu canjin shigarwa don kowane nau'in toshe.
Matsalolin fitarwa suna ba ku damar adana ƙima bayan ƙirƙirar albarkatu kuma ana iya amfani da su azaman masu canji a cikin wasu kayayyaki, misali a cikin toshe masu ba da izini.
Jihohi.
Fayilolin Jihohi suna adana bayanai game da daidaita albarkatun dandamali na mai bayarwa. Lokacin da aka fara ƙirƙirar dandamali, babu wani bayani game da albarkatun kuma kafin kowane aiki, Terraform yana sabunta jihar tare da ainihin kayan aikin albarkatun da aka riga aka kwatanta.
Babban manufar jihohi shine adana tarin abubuwa na albarkatun da aka riga aka ƙirƙira don kwatanta daidaitawar albarkatu da abubuwa don gujewa maimaita ƙirƙira da canje-canje ga dandamali.
Ta hanyar tsoho, ana adana bayanan jihar a cikin fayil na gida terraform.tfstate, amma idan ya cancanta, yana yiwuwa a yi amfani da ma'ajiya mai nisa don aikin ƙungiya.
Hakanan zaka iya shigo da albarkatun dandamali na yanzu zuwa cikin jiha don ƙarin hulɗa tare da sauran albarkatun waɗanda aka ƙirƙira ba tare da taimakon Terraform ba.
2. Samar da ababen more rayuwa
An tsara abubuwan da aka gyara, yanzu ta amfani da Terraform za mu ƙirƙiri kayan aiki a hankali tare da injuna guda uku. Na farko tare da uwar garken wakili na nginx, na biyu tare da ajiyar fayil dangane da Nextcloud da na uku tare da CMS Bitrix.
Za mu rubuta code kuma mu aiwatar da shi ta amfani da misalinmu
Da farko, bari mu ƙirƙiri kundin adireshi don sabon aikin namu wanda za a sanya fayilolin da ke bayyana abubuwan more rayuwa.
mkdir project01
Na gaba, mun bayyana abubuwan abubuwan more rayuwa. Terraform yana ƙirƙira alaƙa da aiwatar da fayiloli dangane da bayanin da ke cikin fayilolin. Fayilolin da kansu za a iya suna dangane da manufar tubalan da aka kwatanta, alal misali, network.tf - ya bayyana sigogin cibiyar sadarwa don abubuwan more rayuwa.
Don bayyana abubuwan haɗin gwiwar kayan aikin mu, mun ƙirƙiri fayiloli masu zuwa:
Jerin fayiloli.
main.tf - bayanin sigogi don yanayin kama-da-wane - inji mai kama-da-wane, kwantena masu kama-da-wane;
network.tf - bayanin sigogin cibiyar sadarwar kama-da-wane da dokokin NAT da Firewall;
variables.tf - jerin masu canji waɗanda muke amfani da su;
vcd.tfvars - dabi'u masu canzawa na aikin don VMware vCloud Director module.
Harshen daidaitawa a cikin Terraform yana bayyanawa kuma tsari na tubalan ba shi da mahimmanci, sai ga tubalan tanadi, saboda A cikin wannan toshe mun bayyana umarnin da za a aiwatar yayin shirya kayan aikin kuma za a aiwatar da su cikin tsari.
Tsarin toshewa.
<BLOCK TYPE> "<BLOCK LABEL>" "<BLOCK LABEL>" {
# Block body
<IDENTIFIER> = <EXPRESSION> # Argument
}
Don bayyana tubalan, ana amfani da harshensa na shirye-shiryen HCL (HashiCorp Configuration Language); yana yiwuwa a kwatanta abubuwan more rayuwa ta amfani da JSON. Kuna iya ƙarin koyo game da haɗin gwiwa
Tsare-tsaren canjin muhalli, variables.tf da vcd.tfvars
Da farko, bari mu ƙirƙiri fayiloli guda biyu waɗanda ke bayyana jerin duk masu canjin da aka yi amfani da su da ƙimar su don VMware vCloud Director module. Da farko, bari mu ƙirƙiri fayilolin variables.tf.
Abubuwan da ke cikin fayil variables.tf.
variable "vcd_org_user" {
description = "vCD Tenant User"
}
variable "vcd_org_password" {
description = "vCD Tenant Password"
}
variable "vcd_org" {
description = "vCD Tenant Org"
}
variable "vcd_org_vdc" {
description = "vCD Tenant VDC"
}
variable "vcd_org_url" {
description = "vCD Tenant URL"
}
variable "vcd_org_max_retry_timeout" {
default = "60"
}
variable "vcd_org_allow_unverified_ssl" {
default = "true"
}
variable "vcd_org_edge_name" {
description = "vCD edge name"
}
variable "vcd_org_catalog" {
description = "vCD public catalog"
}
variable "vcd_template_os_centos7" {
description = "OS CentOS 7"
default = "CentOS7"
}
variable "vcd_org_ssd_sp" {
description = "Storage Policies"
default = "Gold Storage Policy"
}
variable "vcd_org_hdd_sp" {
description = "Storage Policies"
default = "Bronze Storage Policy"
}
variable "vcd_edge_local_subnet" {
description = "Organization Network Subnet"
}
variable "vcd_edge_external_ip" {
description = "External public IP"
}
variable "vcd_edge_local_ip_nginx" {}
variable "vcd_edge_local_ip_bitrix" {}
variable "vcd_edge_local_ip_nextcloud" {}
variable "vcd_edge_external_network" {}
Daban-daban dabi'u waɗanda muke karɓa daga mai bayarwa.
-
vcd_org_user - sunan mai amfani tare da haƙƙin Gudanarwar Ƙungiya,
-
vcd_org_password - kalmar sirrin mai amfani,
-
vcd_org - sunan kungiyar,
-
vcd_org_vdc - sunan cibiyar bayanan kama-da-wane,
-
vcd_org_url - API URL,
-
vcd_org_edge_name - sunan mai amfani da hanyar sadarwa,
-
vcd_org_catalog - sunan directory tare da samfuran injin kama-da-wane,
-
vcd_edge_external_ip - adireshin IP na jama'a,
-
vcd_edge_external_network - sunan cibiyar sadarwar waje,
-
vcd_org_hdd_sp - sunan manufar ajiyar HDD,
-
vcd_org_ssd_sp — sunan manufofin ajiya na SSD.
Kuma shigar da masu canjin mu:
-
vcd_edge_local_ip_nginx - Adireshin IP na injin kama-da-wane tare da NGINX,
-
vcd_edge_local_ip_bitrix - Adireshin IP na injin kama-da-wane tare da 1C: Bitrix,
-
vcd_edge_local_ip_nextcloud - Adireshin IP na injin kama-da-wane tare da Nextcloud.
Tare da fayil na biyu mun ƙirƙira da ƙirƙira masu canji don VMware vCloud Director module a cikin fayil vcd.tfvars: Bari mu tuna cewa a cikin misalinmu muna amfani da su.
Abubuwan da ke cikin fayil vcd.tfvars.
vcd_org_url = "https://vcloud.mclouds.ru/api"
vcd_org_user = "orgadmin"
vcd_org_password = "*"
vcd = "org"
vcd_org_vdc = "orgvdc"
vcd_org_maxretry_timeout = 60
vcd_org_allow_unverified_ssl = true
vcd_org_catalog = "Templates"
vcd_templateos_centos7 = "CentOS7"
vcd_org_ssd_sp = "Gold Storage Policy"
vcd_org_hdd_sp = "Bronze Storage Policy"
vcd_org_edge_name = "MCLOUDS-EDGE"
vcd_edge_external_ip = "185.17.66.1"
vcd_edge_local_subnet = "192.168.110.0/24"
vcd_edge_local_ip_nginx = "192.168.110.1"
vcd_edge_local_ip_bitrix = "192.168.110.10"
vcd_edge_local_ip_nextcloud = "192.168.110.11"
vcd_edge_external_network = "NET-185-17-66-0"
Tsarin hanyar sadarwa, network.tf.
An saita masu canjin yanayi, yanzu za mu kafa tsarin haɗin injin kama-da-wane - za mu sanya adireshin IP mai zaman kansa ga kowane injin kama-da-wane kuma mu yi amfani da Destination NAT don “gabatar da” tashoshin jiragen ruwa zuwa cibiyar sadarwar waje. Don iyakance damar zuwa tashar jiragen ruwa na gudanarwa, za mu saita hanyar shiga don adireshin IP ɗin mu kawai.
Tsarin hanyar sadarwa don dandalin Terraform da ake ƙirƙira
Mun ƙirƙiri hanyar sadarwa mai kama-da-wane tare da sunan net_lan01, tsohuwar ƙofar: 192.168.110.254, haka kuma tare da sararin adireshi: 192.168.110.0/24.
Muna bayyana hanyar sadarwa mai kama-da-wane.
resource "vcd_network_routed" "net" {
name = "net_lan01"
edge_gateway = var.vcd_org_edge_name
gateway = "192.168.110.254"
dns1 = "1.1.1.1"
dns2 = "8.8.8.8"
static_ip_pool {
start_address = "192.168.110.1"
end_address = "192.168.110.253"
}
}
Bari mu ƙirƙiri dokokin Tacewar zaɓi waɗanda ke ba da damar injunan kama-da-wane don shiga Intanet. A cikin wannan toshe, duk albarkatun da ke cikin gajimare za su sami damar shiga Intanet:
Mun bayyana dokoki don samun damar VM zuwa Intanet.
resource "vcd_nsxv_firewall_rule" "fw_internet_access" {
edge_gateway = var.vcdorgedgename
name = "Internet Access"
source {
gateway_interfaces = ["internal"]
}
destination {
gateway_interfaces = ["external"]
}
service {
protocol = "any"
}
depends_on = [vcdnetworkrouted.net]
}
Bayan tabbatar da dogaro da cewa bayan sarrafa toshe vcdnetworkrouted.net, za mu ci gaba da saita toshe vcdnsxvfirewallrule., ta hanyar amfani dogara. Muna amfani da wannan zaɓin saboda ana iya gane wasu abubuwan dogaro a fakaice a cikin tsarin.
Na gaba, za mu ƙirƙiri dokoki waɗanda ke ba da damar shiga tashar jiragen ruwa daga cibiyar sadarwar waje kuma mu nuna adireshin IP ɗin mu don haɗawa ta hanyar SSH zuwa sabobin. Duk wani mai amfani da Intanet yana da damar zuwa tashar jiragen ruwa 80 da 443 akan sabar yanar gizo, kuma mai amfani da adireshin IP na 90.1.15.1 yana da damar zuwa tashoshin SSH na sabar sabar.
Bada damar shiga tashoshin jiragen ruwa daga cibiyar sadarwar waje.
resource "vcd_nsxv_firewall_rule" "fwnatports" {
edge_gateway = var.vcd_org_edge_name
name = "HTTPs Access"
source {
gateway_interfaces = ["external"]
}
destination {
gateway_interfaces = ["internal"]
}
service {
protocol = "tcp"
port = "80"
}
service {
protocol = "tcp"
port = "443"
}
depends_on = [vcd_network_routed.net]
}
resource "vcd_nsxv_firewall_rule" "fw_nat_admin_ports" {
edge_gateway = var.vcd_org_edge_name
name = "Admin Access"
source {
ip_addresses = [ "90.1.15.1" ]
}
destination {
gateway_interfaces = ["internal"]
}
service {
protocol = "tcp"
port = "58301"
}
service {
protocol = "tcp"
port = "58302"
}
service {
protocol = "tcp"
port = "58303"
}
depends_on = [vcd_network_routed.net]
}
Mun ƙirƙiri ka'idodin NAT Source don samun damar Intanet daga cibiyar sadarwar gida ta girgije:
Mun bayyana ka'idojin Source NAT.
resource "vcd_nsxv_snat" "snat_local" {
edge_gateway = var.vcd_org_edge_name
network_type = "ext"
network_name = var.vcdedgeexternalnetwork
original_address = var.vcd_edge_local_subnet
translated_address = var.vcd_edge_external_ip
depends_on = [vcd_network_routed.net]
}
Kuma don kammala daidaitawar toshe hanyar sadarwa, muna ƙara dokokin NAT Destination don samun damar sabis daga hanyar sadarwar waje:
Ƙara Dokokin NAT Destination.
resource "vcd_nsxv_dnat" "dnat_tcp_nginx_https" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"
description = "NGINX HTTPs"
original_address = var.vcd_edge_external_ip
original_port = 443
translated_address = var.vcd_edge_local_ip_nginx
translated_port = 443
protocol = "tcp"
depends_on = [vcd_network_routed.net]
}
resource "vcd_nsxv_dnat" "dnat_tcp_nginx_http" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"
description = "NGINX HTTP"
original_address = var.vcd_edge_external_ip
original_port = 80
translated_address = var.vcd_edge_local_ip_nginx
translated_port = 80
protocol = "tcp"
depends_on = [vcd_network_routed.net]
}
Ƙara dokar NAT don fassarar tashar jiragen ruwa zuwa uwar garken SSH a ƙarƙashin Nginx.
resource "vcd_nsxv_dnat" "dnat_tcp-nginx_ssh" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"
description = "SSH NGINX"
original_address = var.vcd_edge_external_ip
original_port = 58301
translated_address = var.vcd_edge_local_ip_nginx
translated_port = 22
protocol = "tcp"
depends_on = [vcd_network_routed.net]
}
Ƙara dokar NAT don fassarar tashar jiragen ruwa zuwa uwar garken SSH tare da 1C-Bitrix.
resource "vcd_nsxv_dnat" "dnat_tcp_bitrix_ssh" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"
description = "SSH Bitrix"
original_address = var.vcd_edge_external_ip
original_port = 58302
translated_address = var.vcd_edge_local_ip_bitrix
translated_port = 22
protocol = "tcp"
depends_on = [vcd_network_routed.net]
}
Ƙara dokar NAT don fassarar tashar jiragen ruwa zuwa uwar garken SSH tare da Nextcloud.
resource "vcd_nsxv_dnat" "dnat_tcp_nextcloud_ssh" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"
description = "SSH Nextcloud"
original_address = var.vcd_edge_external_ip
original_port = 58303
translated_address = var.vcd_edge_local_ip_nextcloud
translated_port = 22
protocol = "tcp"
depends_on = [vcd_network_routed.net]
}
Main.tf daidaitaccen yanayin muhalli
Kamar yadda muka shirya a farkon labarin, za mu ƙirƙiri injunan kama-da-wane guda uku. Za a shirya su ta amfani da "Guest Customization". Za mu saita sigogin cibiyar sadarwa bisa ga saitunan da muka ayyana, kuma kalmar sirrin mai amfani za ta haifar ta atomatik.
Bari mu bayyana vApp ɗin da za a sami injunan kama-da-wane da tsarin su.
Tsarin na'ura mai mahimmanci
Bari mu ƙirƙiri akwati vApp. Don mu iya haɗa vApp da VM nan da nan zuwa cibiyar sadarwar kama-da-wane, muna kuma ƙara ma'aunin dogara_on:
Ƙirƙiri akwati
resource "vcd_vapp" "vapp" {
name = "web"
power_on = "true"
depends_on = [vcd_network_routed.net]
}
Bari mu ƙirƙiri na'ura mai kama da hoto tare da kwatance
resource "vcd_vapp_vm" "nginx" {
vapp_name = vcd_vapp.vapp.name
name = "nginx"
catalog_name = var.vcd_org_catalog
template_name = var.vcd_template_os_centos7
storage_profile = var.vcd_org_ssd_sp
memory = 8192
cpus = 1
cpu_cores = 1
network {
type = "org"
name = vcd_network_routed.net.name
is_primary = true
adapter_type = "VMXNET3"
ip_allocation_mode = "MANUAL"
ip = var.vcd_edge_local_ip_nginx
}
override_template_disk {
bus_type = "paravirtual"
size_in_mb = "32768"
bus_number = 0
unit_number = 0
storage_profile = var.vcd_org_ssd_sp
}
}
Babban sigogi a cikin bayanin VM:
-
suna - sunan na'urar kama-da-wane,
-
vappname - sunan vApp wanda za a ƙara sabon VM,
-
catalogname / templatename - sunan kasida da sunan samfurin injin kama-da-wane,
-
profileprofile - tsoho tsarin ajiya.
Sigar toshe hanyar sadarwa:
-
nau'in - nau'in hanyar sadarwar da aka haɗa,
-
suna - wacce hanyar sadarwa mai kama-da-wane don haɗa VM zuwa,
-
isprimary - adaftar cibiyar sadarwa na farko,
-
ipallocation_mode - MANUAL / DHCP / Yanayin rarraba adireshin POOL,
-
ip - Adireshin IP don injin kama-da-wane, za mu tantance shi da hannu.
override_template_disk block:
-
sizeinmb - girman faifan taya don injin kama-da-wane
-
storage_profile - manufofin ajiya don faifai
Bari mu ƙirƙiri VM na biyu tare da bayanin ajiyar fayil na Nextcloud
resource "vcd_vapp_vm" "nextcloud" {
vapp_name = vcd_vapp.vapp.name
name = "nextcloud"
catalog_name = var.vcd_org_catalog
template_name = var.vcd_template_os_centos7
storage_profile = var.vcd_org_ssd_sp
memory = 8192
cpus = 1
cpu_cores = 1
network {
type = "org"
name = vcd_network_routed.net.name
is_primary = true
adapter_type = "VMXNET3"
ip_allocation_mode = "MANUAL"
ip = var.vcd_edge_local_ip_nextcloud
}
override_template_disk {
bus_type = "paravirtual"
size_in_mb = "32768"
bus_number = 0
unit_number = 0
storage_profile = var.vcd_org_ssd_sp
}
}
resource "vcd_vm_internal_disk" "disk1" {
vapp_name = vcd_vapp.vapp.name
vm_name = "nextcloud"
bus_type = "paravirtual"
size_in_mb = "102400"
bus_number = 0
unit_number = 1
storage_profile = var.vcd_org_hdd_sp
allow_vm_reboot = true
depends_on = [ vcd_vapp_vm.nextcloud ]
}
A cikin vcdvminternal_disk za mu bayyana sabon faifan diski wanda aka haɗa da injin kama-da-wane.
Bayanin toshe vcdvminternaldisk:
-
bustype - nau'in mai sarrafa diski
-
sizeinmb - girman diski
-
busnumber/lambar naúrar - wurin haɗi a cikin adaftar
-
storage_profile - manufofin ajiya don faifai
Bari mu bayyana sabon VM akan Bitrix
resource "vcd_vapp_vm" "bitrix" {
vapp_name = vcd_vapp.vapp.name
name = "bitrix"
catalog_name = var.vcd_org_catalog
template_name = var.vcd_template_os_centos7
storage_profile = var.vcd_org_ssd_sp
memory = 8192
cpus = 1
cpu_cores = 1
network {
type = "org"
name = vcd_network_routed.net.name
is_primary = true
adapter_type = "VMXNET3"
ip_allocation_mode = "MANUAL"
ip = var.vcd_edge_local_ip_bitrix
}
override_template_disk {
bus_type = "paravirtual"
size_in_mb = "81920"
bus_number = 0
unit_number = 0
storage_profile = var.vcd_org_ssd_sp
}
}
Ana ɗaukaka OS da shigar da ƙarin rubutun
An shirya hanyar sadarwa, an kwatanta injunan kama-da-wane. Kafin shigo da kayan aikin mu, zamu iya aiwatar da samarwa na farko a gaba ta amfani da tubalan tanadi kuma ba tare da amfani da Mai yiwuwa ba.
Bari mu kalli yadda ake sabunta OS da gudanar da rubutun shigarwa na CMS Bitrix ta amfani da toshe mai ba da izini.
Da farko, bari mu shigar da fakitin sabuntawa na CentOS.
resource "null_resource" "nginx_update_install" {
provisioner "remote-exec" {
connection {
type = "ssh"
user = "root"
password = vcd_vapp_vm.nginx.customization[0].admin_password
host = var.vcd_edge_external_ip
port = "58301"
timeout = "30s"
}
inline = [
"yum -y update && yum -y upgrade",
"yum -y install wget nano epel-release net-tools unzip zip" ]
}
}
}
Zayyana abubuwa:
-
mai ba da “remote-exec” - haɗa katangar samar da nesa
-
A cikin toshe haɗin haɗin mun bayyana nau'in da sigogi don haɗin:
-
nau'in - yarjejeniya, a cikin yanayinmu SSH;
-
mai amfani - sunan mai amfani;
-
kalmar sirri - mai amfani kalmar sirri. A cikin yanayinmu, muna nuna ma'aunin vcdvappvm.nginx.customization[0].admin_password, wanda ke adana kalmar sirri da aka samar don mai amfani da tsarin.
-
mai watsa shiri - adireshin IP na waje don haɗi;
-
tashar jiragen ruwa - tashar jiragen ruwa don haɗi, wanda aka ƙayyade a baya a cikin saitunan DNAT;
-
inline - jera jerin umarnin da za a shigar. Za a shigar da umarni cikin tsari kamar yadda aka nuna a wannan sashe.
A matsayin misali, bari kuma mu aiwatar da rubutun shigarwa na 1C-Bitrix. Fitar da sakamakon aiwatar da rubutun zai kasance yayin da shirin ke gudana. Don shigar da rubutun, da farko mun bayyana toshe:
Bari mu bayyana shigarwa na 1C-Bitrix.
provisioner "file" {
source = "prepare.sh"
destination = "/tmp/prepare.sh"
connection {
type = "ssh"
user = "root"
password = vcd_vapp_vm.nginx.customization[0].admin_password
host = var.vcd_edge_external_ip
port = "58301"
timeout = "30s"
}
}
provisioner "remote-exec" {
inline = [
"chmod +x /tmp/prepare.sh", "./tmp/prepare.sh"
]
}
Kuma nan da nan za mu bayyana sabuntawar Bitrix.
Misali na samar da 1C-Bitrix.
resource "null_resource" "install_update_bitrix" {
provisioner "remote-exec" {
connection {
type = "ssh"
user = "root"
password = vcd_vapp_vm.bitrix.customization[0].admin_password
host = var.vcd_edge_external_ip
port = "58302"
timeout = "60s"
}
inline = [
"yum -y update && yum -y upgrade",
"yum -y install wget nano epel-release net-tools unzip zip",
"wget http://repos.1c-bitrix.ru/yum/bitrix-env.sh -O /tmp/bitrix-env.sh",
"chmod +x /tmp/bitrix-env.sh",
"/tmp/bitrix-env.sh"
]
}
}
Muhimmanci! Rubutun na iya yin aiki idan ba ku kashe SELinux a gaba ba! Idan kuna buƙatar cikakken labarin akan shigarwa da daidaitawa CMS 1C-Bitrix ta amfani da bitrix-env.sh, oo za ku iya.
3. Farkon kayan aiki
Ƙaddamar da kayayyaki da plugins
Don aiki, muna amfani da sauƙi "kayan mai ladabi": kwamfutar tafi-da-gidanka tare da Windows 10 OS da kayan rarrabawa daga gidan yanar gizon hukuma. terraform.exe init
Bayan da aka kwatanta na'urorin kwamfuta da hanyoyin sadarwa, mun ƙaddamar da shirin don gwada tsarin mu, inda za mu ga abin da za a ƙirƙira da yadda za a haɗa shi da juna.
-
Yi umarnin
- terraform plan -var-file=vcd.tfvars
. -
Muna samun sakamako
- Plan: 16 to add, 0 to change, 0 to destroy.
Wato bisa ga wannan tsari, za a samar da albarkatun guda 16. -
Mun kaddamar da shirin a kan umarni
- terraform.exe apply -var-file=vcd.tfvars
.
Za a ƙirƙira injuna na zahiri, sannan za a aiwatar da fakitin da muka jera a cikin sashin mai samarwa - za a sabunta OS kuma za a shigar da CMS Bitrix.
Karɓar bayanan haɗin kai
Bayan aiwatar da shirin, muna son karɓar bayanai ta hanyar rubutu don haɗawa da sabobin, don haka za mu tsara sashin fitarwa kamar haka:
output "nginxpassword" {
value = vcdvappvm.nginx.customization[0].adminpassword
}
Kuma fitarwa mai zuwa yana gaya mana kalmar sirri don injin kama-da-wane da aka ƙirƙira:
Outputs: nginx_password = F#4u8!!N
Sakamakon haka, muna samun damar yin amfani da na'urori masu kama-da-wane tare da sabunta tsarin aiki da fakitin da aka riga aka shigar don ƙarin aikinmu. Duk yana shirye!
Amma idan kun riga kuna da abubuwan more rayuwa?
3.1. Aiki Terraform tare da abubuwan more rayuwa
Abu ne mai sauƙi, zaku iya shigo da injunan kama-da-wane na yanzu da kwantenan vApp ɗin su ta amfani da umarnin shigo da kaya.
Bari mu kwatanta albarkatun vAPP da injin kama-da-wane.
resource "vcd_vapp" "Monitoring" {
name = "Monitoring"
org = "mClouds"
vdc = "mClouds"
}
resource "vcd_vapp_vm" "Zabbix" {
name = "Zabbix"
org = "mClouds"
vdc = "mClouds"
vapp = "Monitoring"
}
Mataki na gaba shine shigo da kaddarorin albarkatun vApp a cikin tsari vcdvapp.<vApp> <org>.<orgvdc>.<vApp>
, inda:
-
vApp - sunan vApp;
-
org - sunan kungiyar;
-
org_vdc - sunan cibiyar bayanan kama-da-wane.
Ana shigo da kaddarorin albarkatun vAPP
Bari mu shigo da kaddarorin albarkatun VM a cikin tsari: vcdvappvm.<VM> <org>.<orgvdc>.<vApp>.<VM>
, a cikinsa:
-
VM - VM sunan;
-
vApp - sunan vApp;
-
org - sunan kungiyar;
-
orgvdc shine sunan cibiyar bayanan kama-da-wane.
An yi nasara shigo da kaya
C:UsersMikhailDesktopterraform>terraform import vcd_vapp_vm.Zabbix mClouds.mClouds.Monitoring.Zabbix
vcd_vapp_vm.Zabbix: Importing from ID "mClouds.mClouds.Monitoring.Zabbix"...
vcd_vapp_vm.Zabbix: Import prepared!
Prepared vcd_vapp_vm for import
vcd_vapp_vm.Zabbix: Refreshing state... [id=urn:vcloud:vm:778f4a89-1c8d-45b9-9d94-0472a71c4d1f]
Import successful!
The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.
Yanzu za mu iya duba sabon albarkatun da aka shigo da su:
An shigo da albarkatun
> terraform show
...
# vcd_vapp.Monitoring:
resource "vcd_vapp" "Monitoring" {
guest_properties = {}
href = "https://vcloud.mclouds.ru/api/vApp/vapp-fe5db285-a4af-47c4-93e8-55df92f006ec"
id = "urn:vcloud:vapp:fe5db285-a4af-47c4-93e8-55df92f006ec"
ip = "allocated"
metadata = {}
name = "Monitoring"
org = "mClouds"
status = 4
status_text = "POWERED_ON"
vdc = "mClouds"
}
…
# vcd_vapp_vm.Zabbix:
resource "vcd_vapp_vm" "Zabbix" {
computer_name = "Zabbix"
cpu_cores = 1
cpus = 2
expose_hardware_virtualization = false
guest_properties = {}
hardware_version = "vmx-14"
href = "https://vcloud.mclouds.ru/api/vApp/vm-778f4a89-1c8d-45b9-9d94-0472a71c4d1f"
id = "urn:vcloud:vm:778f4a89-1c8d-45b9-9d94-0472a71c4d1f"
internal_disk = [
{
bus_number = 0
bus_type = "paravirtual"
disk_id = "2000"
iops = 0
size_in_mb = 122880
storage_profile = "Gold Storage Policy"
thin_provisioned = true
unit_number = 0
},
]
memory = 8192
metadata = {}
name = "Zabbix"
org = "mClouds"
os_type = "centos8_64Guest"
storage_profile = "Gold Storage Policy"
vapp_name = "Monitoring"
vdc = "mClouds"
customization {
allow_local_admin_password = true
auto_generate_password = true
change_sid = false
enabled = false
force = false
join_domain = false
join_org_domain = false
must_change_password_on_first_login = false
number_of_auto_logons = 0
}
network {
adapter_type = "VMXNET3"
ip_allocation_mode = "DHCP"
is_primary = true
mac = "00:50:56:07:01:b1"
name = "MCLOUDS-LAN01"
type = "org"
}
}
Yanzu muna da shakka a shirye - mun gama tare da batu na ƙarshe (shigo da kayan more rayuwa) kuma mun yi la'akari da duk mahimman abubuwan aiki tare da Terraform.
Kayan aikin ya juya ya zama mai dacewa sosai kuma yana ba ku damar siffanta kayan aikin ku azaman lamba, farawa daga injunan kama-da-wane na mai samar da gajimare ɗaya don bayyana albarkatun abubuwan haɗin yanar gizo.
A lokaci guda, 'yancin kai daga yanayin yana ba da damar yin aiki tare da gida, albarkatun girgije, har ma da sarrafa dandamali. Kuma idan babu wani dandamali mai tallafi kuma kuna son ƙara sabo, kuna iya rubuta naku mai ba da sabis ɗin ku yi amfani da shi.
source: www.habr.com