Bari mu haskaka ƴan matsaloli, gami da waɗanda ke da alaƙa da madaukai, idan bayanai, da dabarun turawa, da kuma ƙarin batutuwan da suka shafi Terraform gabaɗaya:
- Ƙidaya da ga_kowane sigogi suna da iyaka;
- Ƙayyadaddun ƙaddamar da lokacin saukarwa;
- ko da kyakkyawan shiri na iya gazawa;
- refactoring na iya samun ramummuka;
- daidaiton da aka jinkirta yayi daidai da… jinkiri.
Ƙidaya da ga_kowane sigogi suna da iyaka
Misalai a cikin wannan babin suna yin amfani da yawa na ma'aunin ƙidaya da ma'anar_kowace magana a madaukai da dabaru na sharaɗi. Duk da yake waɗannan suna da tasiri, suna da iyakoki biyu masu mahimmanci don sanin su.
- Ba za a iya yin la'akari da abubuwan da ake fitarwa a ƙididdiga ko don_kowa ba.
- ƙidaya kuma don_kowa ba za a iya amfani da shi ba a cikin tsarin tsarin.
Ba za a iya yin la'akari da abubuwan da ake fitarwa a ƙididdiga ko don_kowa ba
Ka yi tunanin kana buƙatar tura sabar EC2 da yawa kuma saboda wasu dalilai ba sa son amfani da ASG. Lambar ku na iya zama kamar haka:
resource "aws_instance" "example_1" {
count = 3
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
}
Mu duba su daya bayan daya.
Saboda an saita ma'aunin ƙidaya zuwa ƙima mai mahimmanci, wannan lambar za ta yi aiki ba tare da fitowa ba: lokacin da kake gudanar da umarnin da aka yi, zai ƙirƙiri sabar EC2 guda uku. Amma menene idan kuna son tura sabar guda ɗaya a cikin kowane Wurin Samun Samun (AZ) a cikin Yankin AWS na yanzu? Kuna iya sa lambar ku ta loda jerin yankuna daga tushen bayanan aws_availability_zones sannan ku latsa kowane ɗayan, ƙirƙirar sabar EC2 a ciki ta amfani da ma'aunin ƙidaya da samun dama ga tsararru ta fihirisa:
resource "aws_instance" "example_2" {
count = length(data.aws_availability_zones.all.names)
availability_zone = data.aws_availability_zones.all.names[count.index]
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
}
data "aws_availability_zones" "all" {}Wannan lambar kuma za ta yi aiki da kyau, tunda ma'aunin ƙidayar na iya yin la'akari da tushen bayanai ba tare da wata matsala ba. Amma menene zai faru idan adadin sabar da kuke buƙatar ƙirƙira ya dogara da fitowar wasu albarkatu? Don nuna wannan, hanya mafi sauƙi ita ce amfani da albarkatun random_integer, wanda, kamar yadda zaku iya tsammani daga sunansa, ya dawo da adadin bazuwar:
resource "random_integer" "num_instances" {
min = 1
max = 3
}Wannan lambar tana haifar da bazuwar lamba tsakanin 1 da 3. Bari mu ga abin da zai faru idan muka yi ƙoƙarin amfani da fitar da sakamakon wannan albarkatu a cikin ma'aunin ƙidaya na albarkatun aws_instance:
resource "aws_instance" "example_3" {
count = random_integer.num_instances.result
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
}Idan kun gudanar da shirin terraform akan wannan lambar, zaku sami kuskure mai zuwa:
Error: Invalid count argument
on main.tf line 30, in resource "aws_instance" "example_3":
30: count = random_integer.num_instances.result
The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only the resources that the count depends on.Terraform yana buƙatar ƙididdigewa kuma don_kowane a kimanta shi a lokacin tsara lokaci, kafin a ƙirƙiri ko gyara kowane albarkatu. Wannan yana nufin ƙidaya kuma don_kowane zai iya yin la'akari da zahiri, masu canji, tushen bayanai, har ma da jerin abubuwan albarkatu (idan har za'a iya ƙayyade tsayin su a lokacin tsara lokaci), amma ba ƙididdige ma'auni na fitar da albarkatu ba.
ƙidaya kuma don_kowa ba za a iya amfani da shi ba a cikin tsarin tsarin
A wani lokaci ana iya jarabtar ku don ƙara ma'aunin ƙidayar zuwa tsarin tsarin:
module "count_example" {
source = "../../../../modules/services/webserver-cluster"
count = 3
cluster_name = "terraform-up-and-running-example"
server_port = 8080
instance_type = "t2.micro"
}Wannan lambar tana ƙoƙarin yin amfani da ƙidaya a cikin tsarin don ƙirƙirar kwafi uku na albarkatun yanar gizo-cluster. Ko, ƙila kuna son sanya haɗawar module ɗin zaɓi na zaɓi bisa wasu yanayin Boolean ta saita ma'aunin ƙidayar sa zuwa 0. Wannan lambar na iya zama mai ma'ana, amma lokacin da kuke gudanar da Tsarin Terraform, zaku sami kuskure mai zuwa:
Error: Reserved argument name in module block
on main.tf line 13, in module "count_example":
13: count = 3
The name "count" is reserved for use in a future version of Terraform.Abin baƙin ciki, kamar na Terraform 0.12.6, yin amfani da ƙidayar ko don_kowanne a cikin kayan masarufi ba a tallafawa. Dangane da bayanan sakin Terraform 0.12 (http://bit.ly/3257bv4), HashiCorp yana shirin ƙara wannan fasalin nan gaba, don haka ya danganta da lokacin da kuke karanta wannan, ƙila ya riga ya kasance. Don sanin tabbas, .
Iyakance na Aiwatar da Lokacin Wuta
Yin amfani da block_before_destroy block tare da ASG shine babban mafita don ƙaddamar da lokacin raguwar sifili, sai dai fa'ida ɗaya: baya goyan bayan ƙa'idodin autoscaling. Hakazalika, yana sake saita girman ASG baya zuwa min_size akan kowane turawa, wanda zai iya zama matsala idan kun yi amfani da ƙa'idodin autoscaling don ƙara yawan sabar masu gudana.
Misali, tsarin sabar yanar gizo-cluster yana ƙunshe da wasu albarkatun aws_autoscaling_schedule waɗanda ke ƙara adadin sabar a cikin tarin daga biyu zuwa goma a 9:00 na safe. Idan ka tura a, ka ce, 11:00 na safe, sabon ASG zai tashi da sabar guda biyu kawai maimakon goma, kuma zai ci gaba da kasancewa a wannan jihar har zuwa karfe 9:00 na safe washegari.
Ana iya kewaye wannan iyakance ta hanyoyi da yawa.
- Canja madaidaicin maimaitawa a cikin aws_autoscaling_schedule daga 0 9 * * * ("gudu a 9 AM") zuwa wani abu kamar 0-59 9-17 * * * ("gudu kowane minti daga 9 na safe zuwa 5 na yamma"). Idan ASG ta riga tana da sabobin goma, sake kunna wannan ka'idar autoscaling ba zai canza komai ba, wanda shine abin da muke so. Koyaya, idan ASG ta kasance sabon tura, wannan doka tana ba da garantin cewa zata kai sabobin goma cikin matsakaicin minti ɗaya. Wannan ba daidai ba ne kyakkyawar hanya, kuma manyan tsalle daga sabar goma zuwa biyu da baya kuma na iya haifar da matsala ga masu amfani.
- Ƙirƙirar rubutun al'ada wanda ke amfani da API na AWS don ƙayyade adadin sabar masu aiki a cikin ASG, kira shi ta amfani da tushen bayanan waje (duba "Tsarin Bayanai na waje" a shafi na 249), kuma saita ma'auni_capacity na ASG zuwa ƙimar da wannan rubutun ya dawo. Wannan yana tabbatar da cewa kowane sabon misalin ASG koyaushe yana farawa da ƙarfi iri ɗaya da tsohuwar lambar Terraform, yana sa ya fi wahalar kiyayewa.
Tabbas, da kyau Terraform zai sami ginanniyar tallafi don jigilar lokaci-lokaci, amma har zuwa Mayu 2019, ƙungiyar HashiCorp ba ta da shirin ƙara wannan aikin ().
Za a iya yin rashin nasarar aiwatar da ingantaccen tsari
Wani lokaci, gudanar da umurnin shirin yana samar da ingantaccen tsarin turawa, amma umarnin da aka yi yana mayar da kuskure. Misali, gwada ƙara albarkatun aws_iam_user tare da suna ɗaya da kuka yi amfani da shi don mai amfani da IAM da kuka ƙirƙira a baya a Babi na 2:
resource "aws_iam_user" "existing_user" {
# Подставьте сюда имя уже существующего пользователя IAM,
# чтобы попрактиковаться в использовании команды terraform import
name = "yevgeniy.brikman"
}Yanzu, idan kuna gudanar da umarnin shirin, Terraform zai fitar da shirin turawa wanda yayi kama da ma'ana a kallon farko:
Terraform will perform the following actions:
# aws_iam_user.existing_user will be created
+ resource "aws_iam_user" "existing_user" {
+ arn = (known after apply)
+ force_destroy = false
+ id = (known after apply)
+ name = "yevgeniy.brikman"
+ path = "/"
+ unique_id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.Idan kun gudanar da umarnin da aka yi amfani da shi, za ku sami kuskure mai zuwa:
Error: Error creating IAM User yevgeniy.brikman: EntityAlreadyExists:
User with name yevgeniy.brikman already exists.
on main.tf line 10, in resource "aws_iam_user" "existing_user":
10: resource "aws_iam_user" "existing_user" {Matsalar, ba shakka, ita ce mai amfani da IAM mai wannan sunan ya riga ya wanzu. Wannan na iya faruwa ba kawai ga masu amfani da IAM ba, amma ga kusan kowane albarkatu. Wataƙila wani ya ƙirƙiri albarkatun da hannu ko ta hanyar layin umarni, amma ta kowace hanya, rikicin ID yana haifar da rikice-rikice. Wannan kuskuren yana da bambance-bambance masu yawa, galibi yana kama sabbin shigowar Terraform ba tare da tsaro ba.
Mahimmin mahimmin batu shine umarnin tsarin terraform yana la'akari da albarkatun da aka ƙayyade a cikin fayil ɗin jihar Terraform. Idan an ƙirƙiri albarkatu ta kowace hanya (misali, da hannu, ta danna linzamin kwamfuta a cikin na'ura wasan bidiyo na AWS), ba za a haɗa su cikin fayil ɗin jihar ba kuma, sabili da haka, Terraform ba zai yi la'akari da su ba yayin aiwatar da umarnin shirin. A sakamakon haka, shirin da ake ganin daidai zai gaza.
Akwai darussa guda biyu da za mu koya daga wannan.
- Idan kun riga kun fara aiki tare da Terraform, kada ku yi amfani da wani abu dabam. Idan wani ɓangare na kayan aikin ku ana sarrafa shi tare da Terraform, ba za ku iya sake gyara shi da hannu ba. In ba haka ba, ba kawai kuna yin haɗarin baƙon kurakurai na Terraform ba amma har ma kuna watsi da yawancin fa'idodin IaC, tunda lambar ba za ta sake wakiltar kayan aikin ku daidai ba.
- Idan kuna da wasu abubuwan more rayuwa, yi amfani da umarnin shigo da kaya. Idan kuna fara amfani da Terraform tare da abubuwan more rayuwa, zaku iya ƙara shi zuwa fayil ɗin ku ta amfani da umarnin shigo da terraform. Wannan yana gaya wa Terraform waɗanne kayan aikin da za su sarrafa. Umurnin shigo da kaya yana ɗaukar gardama biyu. Na farko shine adireshin albarkatu a cikin fayilolin daidaitawar ku. Yana amfani da maƙasudi iri ɗaya kamar nassoshi na albarkatu: _. (kamar aws_iam_user.existing_user). Hujja ta biyu ita ce ID na albarkatun don shigo da kaya. Misali, ID na albarkatun aws_iam_user shine sunan mai amfani (misali, yevgeniy.brikman), kuma aws_instance albarkatun ID shine ID na uwar garken EC2 (kamar i-190e22e5). Yadda ake shigo da albarkatu yawanci ana ƙayyadadden ƙayyadaddun takaddun da ke ƙasan shafin sa.
Anan ga umarnin shigo da kaya wanda ke daidaita albarkatun aws_iam_user da kuka ƙara zuwa tsarin Terraform ɗinku tare da mai amfani da IAM a Babi na 2 (masanya sunan ku don yevgeniy.brikman, ba shakka):
$ terraform import aws_iam_user.existing_user yevgeniy.brikmanTerraform zai shiga API ɗin AWS don nemo mai amfani da IAM ɗin ku kuma ya ƙirƙiri ƙungiyar fayil ɗin jiha tsakaninsa da albarkatun aws_iam_user.existing_user a cikin tsarin Terraform ɗin ku. Daga wannan gaba, lokacin da kuke gudanar da umarnin shirin, Terraform zai san cewa mai amfani da IAM ya riga ya wanzu kuma ba zai sake yin ƙoƙarin ƙirƙirar shi ba.
Yana da kyau a lura cewa idan kuna da albarkatu da yawa da kuke son shigo da su cikin Terraform, rubuta lambar da hannu da shigo da kowane ɗaya a lokaci ɗaya na iya zama da wahala. Saboda haka, yana da daraja la'akari da kayan aiki kamar Terraforming (http://terraforming.dtan4.net/), wanda zai iya shigo da lamba ta atomatik daga asusun AWS na ku.
Refactoring na iya samun ramummuka
Refactoring Refactoring al'ada ce ta gama gari inda zaku canza tsarin lamba yayin barin halin waje mara canzawa. Anyi wannan ne don ƙara fahimtar lambar, daidaitacce, da kiyayewa. Refactoring wata dabara ce da ba makawa wacce yakamata a yi amfani da ita akai-akai. Amma idan ya zo ga Terraform ko duk wani kayan aikin IaC, ya kamata ku yi taka tsantsan game da abin da kuke nufi da "halayen waje" na wani sashe na lambar, in ba haka ba matsalolin da ba zato ba tsammani zasu taso.
Misali, sake fasalin gama gari shine canza canji ko sunaye masu aiki zuwa waɗanda za a iya fahimta. Yawancin IDEs suna da ginanniyar goyan bayan sake fasalin kuma suna iya sake suna masu canji da ayyuka ta atomatik cikin aikin. A cikin yarukan shirye-shirye na gaba ɗaya, wannan hanya ce mara nauyi da za a iya yin watsi da ita, amma a cikin Terraform, ana buƙatar taka tsantsan don guje wa haifar da fita.
Misali, tsarin sabar yanar gizo-cluster yana da madaidaicin shigarwar cluster_name:
variable "cluster_name" { description = "The name to use for all the cluster resources" type = string }Ka yi tunanin ka fara amfani da wannan tsarin don tura microservice mai suna foo. Daga baya, kuna son sake suna sabis ɗin ku zuwa mashaya. Wannan canji na iya zama kamar maras muhimmanci, amma a zahiri, yana iya haifar da fita.
Ma'anar ita ce tsarin sabar yanar gizo-cluster yana amfani da madaidaicin cluster_name a cikin adadin albarkatu, gami da sigar sunan ƙungiyoyin tsaro guda biyu da ALB:
resource "aws_lb" "example" { name = var.cluster_name load_balancer_type = "application" subnets = data.aws_subnet_ids.default.ids security_groups = [aws_security_group.alb.id] }Idan ka canza siginar suna na albarkatun, Terraform zai share tsohuwar sigar wannan albarkatun kuma ya ƙirƙiri sabo a wurinsa. Koyaya, idan albarkatun ALB ne, ba za ku sami hanyar karkatar da zirga-zirgar ababen hawa zuwa sabar gidan yanar gizon ku tsakanin shafewarsa da lodin sabon sigar ba. Hakazalika, idan an share ƙungiyar tsaro, sabobin naku za su fara ƙin duk zirga-zirgar hanyar sadarwa har sai an ƙirƙiri sabuwar ƙungiya.
Wani sake fasalin da zaku iya sha'awar shine canza mai gano Terraform. Bari mu ɗauki albarkatun aws_security_group a cikin tsarin sabar-cluster a matsayin misali:
resource "aws_security_group" "instance" { # (...) }Ana kiran mai gano wannan albarkatun misali. Ka yi tunanin cewa yayin sake fasalin, ka yanke shawarar canza shi zuwa mafi bayanin (a ra'ayinka) suna cluster_instance:
resource "aws_security_group" "cluster_instance" { # (...) }Menene zai faru a ƙarshe? Haka ne: katsewar sabis.
Terraform yana haɗa kowane ID na albarkatu tare da ID na mai ba da girgije. Misali, iam_user yana da alaƙa da ID na mai amfani na AWS IAM, kuma aws_instance yana da alaƙa da ID na uwar garken AWS EC2. Idan kun canza ID ɗin albarkatu (a ce, daga misali zuwa cluster_intance, kamar yadda yake tare da aws_security_group), Terraform zai gan shi kamar kun share tsohuwar albarkatun kuma ƙara sabo. Yin amfani da waɗannan canje-canjen zai sa Terraform ya share tsohuwar ƙungiyar tsaro kuma ya ƙirƙiri wani sabo, yayin da sabobin ku za su fara ƙin duk zirga-zirgar hanyar sadarwa.
Ga muhimman darussa guda huɗu da ya kamata ku ɗauka daga wannan tattaunawa.
- Yi amfani da umarnin tsari koyaushe. Yana iya gano duk waɗannan batutuwa. Yi nazarin abubuwan da aka fitar a hankali kuma ku kula da yanayin da Terraform ke shirin share albarkatun da wataƙila bai kamata a share su ba.
- Ƙirƙiri kafin ku halaka. Idan kuna son maye gurbin kayan aiki, yi la'akari da kyau ko kuna buƙatar ƙirƙirar maye kafin share asalin. Idan haka ne, ƙirƙirar_before_destroy zai iya taimakawa. Za'a iya samun sakamako iri ɗaya da hannu cikin matakai biyu: na farko, ƙara sabon kayan aiki zuwa daidaitawa kuma gudanar da umarnin da ake nema, sannan cire tsohon albarkatun daga tsarin sai a sake sake aiwatar da umarnin.
- Canza masu ganowa yana buƙatar canza jihar. Idan kana son canza mai ganowa mai alaƙa da albarkatu (misali, sake suna aws_security_group daga misali zuwa cluster_intance) ba tare da share albarkatun ba da ƙirƙirar sabon sigar, dole ne ka sabunta fayil ɗin Terraform daidai da haka. Kada ku taɓa yin wannan da hannu - yi amfani da umarnin jihar terraform maimakon. Lokacin canza masu gano suna, ya kamata ku gudanar da umarnin mv na jihar terraform, wanda ke da ma'ana mai zuwa:
terraform state mv <ORIGINAL_REFERENCE> <NEW_REFERENCE>ORIGINAL_REFERENCE magana ce dake nuni da albarkatun a halin yanzu, kuma NEW_REFERENCE shine wurin da kake son motsa shi. Misali, don sake suna aws_security_group daga misali zuwa cluster_intance, zaku aiwatar da umarni mai zuwa:
$ terraform state mv aws_security_group.instance aws_security_group.cluster_instanceWannan yana gaya wa Terraform cewa jihar da a baya ke da alaƙa da aws_security_group.intance ya kamata a haɗa su da aws_security_group.cluster_instance. Idan Tsarin Terraform bai nuna canje-canje ba bayan sake suna da gudanar da wannan umarni, kun yi komai daidai.
- Wasu sigogi ba za a iya canza su ba. Yawancin ma'auni na albarkatu ba su canzawa. Idan kuna ƙoƙarin canza su, Terraform zai share tsohuwar albarkatun kuma ya ƙirƙiri wani sabo a wurinsa. Kowane shafi na albarkatun yawanci yana ƙayyadaddun abin da ke faruwa lokacin da aka canza siga, don haka tabbatar da tuntuɓar takaddun. Yi amfani da umarnin tsari koyaushe kuma la'akari da amfani da dabarun ƙirƙirar_before_destroy.
Daidaiton da aka jinkirta yayi daidai da… jinkiri
APIs na wasu masu samar da gajimare, kamar AWS, ba su daidaita kuma sun jinkirta daidaito. Asynchony yana nufin mai dubawa zai iya dawo da martani nan da nan, ba tare da jiran aikin da aka nema ya kammala ba. Daidaitaccen jinkiri yana nufin cewa canje-canje na iya ɗaukar lokaci don yaduwa cikin tsarin; yayin da wannan ke faruwa, martanin ku na iya zama rashin daidaituwa kuma ya dogara da wane kwafi na tushen bayanai ya amsa kiran API ɗin ku.
Misali, tunanin kuna yin kiran API zuwa AWS yana neman ƙirƙirar sabar EC2. API ɗin zai dawo da amsa "nasara" (201 Created) kusan nan da nan, ba tare da jira don ƙirƙirar sabar kanta ba. Idan kun yi ƙoƙarin haɗawa da shi nan da nan, kusan tabbas zai yi kasala, kamar yadda AWS ke ƙaddamar da albarkatu ko, a madadin, uwar garken bai yi booting ba tukuna. Bugu da ƙari, idan kun sake yin wani kira don samun bayani game da wannan uwar garken, za ku iya samun kuskure (404 Ba a samo ba). Wannan saboda bayanin game da wannan uwar garken EC2 na iya har yanzu yana yaduwa cikin AWS, don haka zai ɗauki ƴan daƙiƙa kaɗan kafin ya samu a wani wuri.
Duk lokacin da kuka yi amfani da API asynchronous tare da daidaiton kasala, dole ne ku sake gwada buƙatarku lokaci-lokaci har sai aikin ya cika kuma ya yaɗu cikin tsarin. Abin takaici, AWS SDK ba ya samar da kowane kayan aiki masu kyau don wannan, kuma aikin Terraform ya sha fama da kwari da yawa kamar 6813 (https://github.com/hashicorp/terraform/issues/6813):
$ terraform apply aws_subnet.private-persistence.2: InvalidSubnetID.NotFound: The subnet ID 'subnet-xxxxxxx' does not existA wasu kalmomi, kuna ƙirƙira kayan aiki (misali, subnet) sannan ku yi ƙoƙarin samun wasu bayanai game da shi (kamar ID na sabon subnet ɗin da aka ƙirƙira), kuma Terraform ba zai same shi ba. Yawancin waɗannan kurakurai (ciki har da 6813) an gyara su, amma har yanzu suna tashi daga lokaci zuwa lokaci, musamman lokacin da Terraform ya ƙara tallafi don sabon nau'in albarkatu. Wannan abin ban haushi ne, amma a mafi yawan lokuta, ba shi da illa. Ya kamata a sake yin amfani da terraform mai gudana, saboda bayanan za su yaɗu cikin tsarin nan da nan.
Wannan nassi daga littafin Evgeny Brickman ne .
source: www.habr.com
