Mun ƙaddamar da mai ba da sabis na Terraform don aiki tare da Selectel. Wannan samfurin yana ba masu amfani damar aiwatar da cikakken sarrafa kayan aiki ta hanyar Kayayyakin kayan more rayuwa-as-code.
A halin yanzu mai bayarwa yana goyan bayan sarrafa albarkatun sabis (nan gaba ake kira VPC). A nan gaba, muna shirin ƙara sarrafa albarkatun don sauran ayyukan da Selectel ke bayarwa.
Kamar yadda kuka riga kuka sani, an gina sabis ɗin VPC akan OpenStack. Koyaya, saboda gaskiyar cewa OpenStack baya samar da kayan aikin asali don bautar gajimare na jama'a, mun aiwatar da ayyukan da suka ɓace a cikin ƙarin APIs waɗanda ke sauƙaƙe sarrafa abubuwan haɗaɗɗun abubuwa kuma suna sa aikin ya fi dacewa. Wasu ayyukan da ake samu a cikin OpenStack ba su da amfani kai tsaye, amma ana samun su ta hanyar .
Mai ba da Selectel Terraform yanzu ya haɗa da ikon sarrafa albarkatun VPC masu zuwa:
- ayyuka da adadinsu;
- masu amfani, matsayinsu da alamun su;
- na jama'a subnets, ciki har da giciye-yanki da VRRP;
- lasisin software.
Mai bayarwa yana amfani da ɗakin karatu na Go na jama'a don aiki tare da VPC API. Duk ɗakin karatu da mai ba da ita kanta buɗaɗɗen tushe ne, ana aiwatar da ci gaban su akan Github:
- ma'ajiyar ɗakin karatu ,
- ma'ajiyar mai badawa .
Don sarrafa sauran albarkatun girgije, kamar injina, fayafai, gungu na Kubernetes, zaku iya amfani da mai ba da OpenStack Terraform. Ana samun takaddun takaddun hukuma na duka masu samarwa a hanyoyin haɗin yanar gizo masu zuwa:
- Takardun albarkatu na Zaɓi: ,
- Takardun albarkatun albarkatu na OpenStack: .
FarawaEND_LINK
Don farawa, kuna buƙatar shigar da Terraform (ana iya samun umarni da hanyoyin haɗi zuwa fakitin shigarwa a ).
Don aiki, mai badawa yana buƙatar maɓallin Zaɓin API, wanda aka ƙirƙira a ciki .
An ƙirƙira abubuwan bayyanawa don aiki tare da Selectel ta amfani da Terraform ko ta amfani da saitin misalan shirye-shiryen da ake samu a ma'ajiyar Github: .
An raba ma'ajiyar da ke da misalai zuwa kundayen adireshi biyu:
- kayayyaki, dauke da ƙananan nau'i-nau'i da za a sake amfani da su wanda ke ɗaukar saitin sigogi a matsayin shigarwa da sarrafa ƙananan kayan aiki;
- misalai, dauke da misalan cikakken saitin na'urori masu alaƙa.
Bayan shigar da Terraform, ƙirƙirar maɓallin Selectel API da sanin kanku da misalan, bari mu matsa zuwa misalai masu amfani.
Misali na ƙirƙirar uwar garken tare da faifan gida
Bari mu kalli misali na ƙirƙirar aiki, mai amfani tare da rawar gani da injin kama-da-wane tare da faifan gida: .
A cikin fayil wuta.tf duk sigogin da za a yi amfani da su lokacin da aka bayyana samfuran kira. Wasu daga cikinsu suna da ƙima na asali, misali, za a ƙirƙiri uwar garken a yankin ru-3a tare da tsari mai zuwa:
variable "server_vcpus" {
default = 4
}
variable "server_ram_mb" {
default = 8192
}
variable "server_root_disk_gb" {
default = 8
}
variable "server_image_name" {
default = "Ubuntu 18.04 LTS 64-bit"
}
A cikin fayil babban.tf An fara mai bada Selectel:
provider "selectel" {
token = "${var.sel_token}"
}
Wannan fayil ɗin kuma ya ƙunshi ƙimar tsoho don maɓallin SSH wanda za'a shigar akan sabar:
module "server_local_root_disk" {
...
server_ssh_key = "${file("~/.ssh/id_rsa.pub")}"
}
Idan ya cancanta, zaku iya saka maɓalli na jama'a daban. Ba dole ba ne a bayyana maɓalli azaman hanyar fayil; Hakanan zaka iya ƙara ƙimar azaman kirtani.
Bugu da ari a cikin wannan fayil an ƙaddamar da kayayyaki project_with_mai amfani и uwar garke_local_root_disk, wanda ke sarrafa abubuwan da ake bukata.
Bari mu dubi waɗannan kayayyaki dalla-dalla.
Ƙirƙirar aiki da mai amfani tare da rawar gani
Tsarin farko ya ƙirƙiri aiki da mai amfani tare da rawa a waccan aikin: .
Mai amfani da aka ƙirƙira zai iya shiga OpenStack kuma ya sarrafa albarkatunsa. Tsarin yana da sauƙi kuma yana sarrafa abubuwa uku kawai:
- selectel_vpc_project_v2,
- selectel_vpc_user_v2,
- selectel_vpc_role_v2.
Ƙirƙirar uwar garken kama-da-wane tare da faifan gida
Nau'i na biyu yana hulɗa da sarrafa abubuwan OpenStack, waɗanda suke da mahimmanci don ƙirƙirar uwar garken tare da faifan gida.
Ya kamata ku kula da wasu gardama waɗanda aka ƙayyade a cikin wannan tsarin don albarkatun openstack_compute_instance_v2:
resource "openstack_compute_instance_v2" "instance_1" {
...
lifecycle {
ignore_changes = ["image_id"]
}
vendor_options {
ignore_resize_confirmation = true
}
}
shaida watsi_canji ba ka damar watsi da sifa canje-canje id don hoton da aka yi amfani da shi don ƙirƙirar injin kama-da-wane. A cikin sabis na VPC, yawancin hotunan jama'a ana sabunta su ta atomatik sau ɗaya a mako kuma a lokaci guda nasu id kuma yana canzawa. Wannan ya faru ne saboda abubuwan ban mamaki na ɓangaren OpenStack - Glance, wanda ake ɗaukar hotuna abubuwan da ba za su iya canzawa ba.
Idan kana ƙirƙira ko gyara wani uwar garken da ke akwai ko faifai wanda ke da hujja image_id ana amfani dashi id hoton jama'a, sannan bayan an sabunta wannan hoton, sake gudanar da bayanan Terraform zai sake ƙirƙirar uwar garken ko faifai. Amfani da hujja watsi_canji yana ba ku damar guje wa irin wannan yanayin.
Note: gardama watsi_canji ya bayyana a cikin Terraform tsawon lokaci mai tsawo: .
shaida watsi da_resize_confirmation da ake buƙata don samun nasarar sake girman faifai na gida, murhu, ko ƙwaƙwalwar uwar garken. Ana yin irin waɗannan canje-canje ta ɓangaren OpenStack Nova ta amfani da buƙata sake mayar da hankali. Default Nova bayan buƙata sake mayar da hankali yana sanya uwar garken cikin matsayi tabbatar da girman girman kuma yana jiran ƙarin tabbaci daga mai amfani. Koyaya, ana iya canza wannan ɗabi'ar ta yadda Nova bata jira ƙarin ayyuka daga mai amfani ba.
Ƙididdigar ƙayyadaddun hujja ta ba Terraform damar kada ya jira matsayi tabbatar da girman girman don uwar garken kuma ku kasance a shirye don uwar garken ya kasance cikin matsayi mai aiki bayan canza sigoginsa. Ana samun hujja daga sigar 1.10.0 na mai ba da sabis na OpenStack Terraform: .
Ƙirƙirar albarkatu
Kafin gudanar da bayyanar, da fatan za a lura cewa a cikin misalinmu, an ƙaddamar da masu samarwa guda biyu daban-daban, kuma mai ba da sabis na OpenStack ya dogara da albarkatun mai ba da sabis na Selectel, tunda ba tare da ƙirƙirar mai amfani ba a cikin aikin, ba shi yiwuwa a sarrafa abubuwan da ke cikinsa. . Abin takaici, saboda wannan dalili ba za mu iya gudanar da umarni kawai ba terraform shafi cikin misalinmu. Da farko muna bukatar mu yi amfani don module project_with_mai amfani kuma bayan haka ga komai.
Lura: Har yanzu ba a warware wannan batun a cikin Terraform ba, zaku iya bin tattaunawar akan Github a и .
Don ƙirƙirar albarkatun, je zuwa kundin adireshi , abinda ke cikinsa yakamata ya kasance kamar haka:
$ ls
README.md main.tf vars.tf
Muna fara kayan aikin ta amfani da umarni:
$ terraform init
Fitowar ta nuna cewa Terraform yana zazzage sabbin nau'ikan masu samarwa da yake amfani da su kuma yana bincika duk samfuran da aka kwatanta a cikin misalin.
Da farko bari mu yi amfani da tsarin project_with_mai amfani. Wannan yana buƙatar ƙaddamar da ƙima da hannu don masu canji waɗanda ba a saita su ba:
- sel_account tare da lambar asusun ku na Selectel;
- sel_token tare da maɓallin ku don Selectel API;
- kalmar sirrin mai amfani tare da kalmar sirri don mai amfani da OpenStack.
Dole ne a ɗau nauyin kimar masu canji biyu na farko daga .
Don canji na ƙarshe, zaku iya fito da kowane kalmar sirri.
Don amfani da tsarin kuna buƙatar maye gurbin ƙimar SEL_ACCOUNT, SEL_TOKEN и USER_PASSWORD gudanar da umarni:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform apply -target=module.project_with_user
Bayan gudanar da umarnin, Terraform zai nuna abubuwan da yake son ƙirƙirar kuma ya nemi tabbaci:
Plan: 3 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
Da zarar an ƙirƙiri aikin, mai amfani da rawar, za ku iya fara ƙirƙirar sauran albarkatun:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform apply
Lokacin ƙirƙirar albarkatu, kula da fitowar Terraform tare da adireshin IP na waje inda uwar garken da aka ƙirƙira za ta sami dama ga:
module.server_local_root_disk.openstack_networking_floatingip_associate_v2.association_1: Creating...
floating_ip: "" => "x.x.x.x"
Kuna iya aiki tare da na'ura mai mahimmanci ta hanyar SSH ta amfani da ƙayyadadden IP.
Abubuwan Gyarawa
Baya ga ƙirƙirar albarkatu ta hanyar Terraform, ana kuma iya gyara su.
Misali, bari mu ƙara adadin maƙalli da ƙwaƙwalwar ajiya don uwar garken mu ta hanyar canza dabi'u don sigogi uwar garke_vcpus и uwar garke_ram_mb cikin fayil misalai/vpc/server_local_root_disk/main.tf:
- server_vcpus = "${var.server_vcpus}"
- server_ram_mb = "${var.server_ram_mb}"
+ server_vcpus = 8
+ server_ram_mb = 10240
Bayan wannan, muna duba menene canje-canje wannan zai haifar da amfani da umarni mai zuwa:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform plan
Sakamakon haka, Terraform ya yi canjin albarkatun ƙasa openstack_compute_instance_v2 и openstack_compute_flavor_v2.
Lura cewa wannan zai haifar da sake kunna na'urar kama-da-wane da aka ƙirƙira.
Don amfani da sabon saitin injin kama-da-wane, yi amfani da umarnin terraform shafi, wanda muka riga muka kaddamar a baya.
Za a nuna duk abubuwan da aka ƙirƙira a ciki :
A cikin namu Hakanan zaka iya ganin bayyanuwar don ƙirƙirar injunan kama-da-wane tare da faifan cibiyar sadarwa.
Misalin ƙirƙirar gungu na Kubernetes
Kafin mu ci gaba zuwa misali na gaba, za mu tsaftace albarkatun da muka ƙirƙira a baya. Don yin wannan a cikin tushen aikin Bari mu gudanar da umarni don share abubuwan OpenStack:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform destroy -target=module.server_local_root_disk
Sannan gudanar da umarni don share abubuwan API na Selectel VPC:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform destroy -target=module.project_with_user
A kowane hali, kuna buƙatar tabbatar da goge duk abubuwan:
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
Misali mai zuwa yana cikin kundin adireshi .
Wannan misalin yana ƙirƙira aikin, mai amfani tare da rawa a cikin aikin, kuma yana ɗaga gungu Kubernetes ɗaya. A cikin fayil wuta.tf kuna iya ganin ƙimar tsoho, kamar adadin nodes, halayensu, sigar Kubernetes, da sauransu.
Don ƙirƙirar albarkatu masu kama da misalin farko, da farko za mu fara fara ƙirƙirar kayayyaki da ƙirƙirar albarkatun module project_with_mai amfanisa'an nan kuma ƙirƙirar kowane abu:
$ terraform init
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform apply -target=module.project_with_user
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform apply
Za mu canja wurin ƙirƙira da sarrafa gungu na Kubernetes ta ɓangaren OpenStack Magnum. Kuna iya samun ƙarin bayani game da yadda ake aiki tare da tari a ɗayan mu kazalika .
Lokacin shirya gungu, za a ƙirƙiri fayafai da injunan kama-da-wane kuma za a shigar da duk abubuwan da suka dace. Shiri yana ɗaukar kusan mintuna 4, lokacin da Terraform zai nuna saƙonni kamar:
module.kubernetes_cluster.openstack_containerinfra_cluster_v1.cluster_1: Still creating... (3m0s elapsed)
Da zarar an gama shigarwa, Terraform zai nuna cewa gungu ya shirya kuma ya nuna ID ɗin sa:
module.kubernetes_cluster.openstack_containerinfra_cluster_v1.cluster_1: Creation complete after 4m20s (ID: 3c8...)
Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
Don sarrafa gungun Kubernetes da aka ƙirƙira ta hanyar mai amfani kubectl kuna buƙatar samun fayil ɗin shiga gungu. Don yin wannan, je zuwa aikin da aka ƙirƙira ta hanyar Terraform a cikin jerin ayyukan a cikin asusunku:
Na gaba, bi hanyar haɗi kamar wanda ya bayyana a ƙarƙashin sunan aikin:
Don bayanin shiga, yi amfani da sunan mai amfani da kalmar wucewa da kuka ƙirƙira ta hanyar Terraform. Idan ba ku yi ha'inci ba wuta.tf ko babban.tf ga misalinmu, mai amfani zai sami sunan tf_mai amfani. Dole ne ku yi amfani da ƙimar canjin azaman kalmar sirri TF_VAR_password_mai amfani, wanda aka ƙayyade a farawa terraform shafi a baya.
A cikin aikin kuna buƙatar zuwa shafin Kubernetes:
Anan ne gungu da aka ƙirƙira ta Terraform yake. Zazzage fayil ɗin don kubectl Za ka iya a kan "Access" tab:
Ana samun umarnin shigarwa akan wannan shafin. kubectl da kuma amfani da zazzagewa config.yaml.
Bayan kaddamarwa kubectl da saita canjin yanayi KUBECONFIG Kuna iya amfani da Kubernetes:
$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-9578f5c87-g6bjf 1/1 Running 0 8m
kube-system coredns-9578f5c87-rvkgd 1/1 Running 0 6m
kube-system heapster-866fcbc879-b6998 1/1 Running 0 8m
kube-system kube-dns-autoscaler-689688988f-8cxhf 1/1 Running 0 8m
kube-system kubernetes-dashboard-7bdb5d4cd7-jcjq9 1/1 Running 0 8m
kube-system monitoring-grafana-84c97bb64d-tc64b 1/1 Running 0 8m
kube-system monitoring-influxdb-7c8ccc75c6-dzk5f 1/1 Running 0 8m
kube-system node-exporter-tf-cluster-rz6nggvs4va7-minion-0 1/1 Running 0 8m
kube-system node-exporter-tf-cluster-rz6nggvs4va7-minion-1 1/1 Running 0 8m
kube-system openstack-cloud-controller-manager-8vrmp 1/1 Running 3 8m
prometeus-monitoring grafana-76bcb7ffb8-4tm7t 1/1 Running 0 8m
prometeus-monitoring prometheus-75cdd77c5c-w29gb 1/1 Running 0 8m
Ana iya canza adadin nodes ɗin tari cikin sauƙi ta hanyar Terraform.
A cikin fayil babban.tf An ƙayyade ƙimar mai zuwa:
cluster_node_count = "${var.cluster_node_count}"
An canza wannan ƙimar daga wuta.tf:
variable "cluster_node_count" {
default = 2
}
Kuna iya canza ko dai tsohuwar ƙimar ciki wuta.tf, ko saka ƙimar da ake buƙata kai tsaye a ciki babban.tf:
- cluster_node_count = "${var.cluster_node_count}"
+ cluster_node_count = 3
Don amfani da canje-canje, kamar a cikin yanayin misali na farko, yi amfani da umarnin terraform shafi:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform apply
Lokacin da adadin nodes ya canza, gungu zai kasance da samuwa. Bayan ƙara kumburi ta hanyar Terraform, zaku iya amfani da shi ba tare da ƙarin tsari ba:
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
tf-cluster-rz6nggvs4va7-master-0 Ready,SchedulingDisabled master 8m v1.12.4
tf-cluster-rz6nggvs4va7-minion-0 Ready <none> 8m v1.12.4
tf-cluster-rz6nggvs4va7-minion-1 Ready <none> 8m v1.12.4
tf-cluster-rz6nggvs4va7-minion-2 Ready <none> 3m v1.12.4
ƙarshe
A cikin wannan labarin mun san manyan hanyoyin yin aiki da su ta hanyar Terraform. Za mu yi farin ciki idan kun yi amfani da mai ba da sabis na Selectel Terraform kuma ku ba da amsa.
Duk wani kwaro da aka samu a cikin mai bada sabis na Selectel Terraform ana iya bayar da rahoton ta .
source: www.habr.com