Mun ƙaddamar da mai ba da sabis na Terraform don aiki tare da Selectel. Wannan samfurin yana ba masu amfani damar aiwatar da cikakken sarrafa kayan aiki ta hanyar Kayayyakin kayan more rayuwa-as-code.
A halin yanzu mai bayarwa yana goyan bayan sarrafa albarkatun sabis "Virtual Private girgije" (nan gaba ake kira VPC). A nan gaba, muna shirin ƙara sarrafa albarkatun don sauran ayyukan da Selectel ke bayarwa.
Kamar yadda kuka riga kuka sani, an gina sabis ɗin VPC akan OpenStack. Koyaya, saboda gaskiyar cewa OpenStack baya samar da kayan aikin asali don bautar gajimare na jama'a, mun aiwatar da ayyukan da suka ɓace a cikin ƙarin APIs waɗanda ke sauƙaƙe sarrafa abubuwan haɗaɗɗun abubuwa kuma suna sa aikin ya fi dacewa. Wasu ayyukan da ake samu a cikin OpenStack ba su da amfani kai tsaye, amma ana samun su ta hanyar API ɗin mu.
Mai ba da Selectel Terraform yanzu ya haɗa da ikon sarrafa albarkatun VPC masu zuwa:
ayyuka da adadinsu;
masu amfani, matsayinsu da alamun su;
na jama'a subnets, ciki har da giciye-yanki da VRRP;
lasisin software.
Mai bayarwa yana amfani da ɗakin karatu na Go na jama'a don aiki tare da VPC API. Duk ɗakin karatu da mai ba da ita kanta buɗaɗɗen tushe ne, ana aiwatar da ci gaban su akan Github:
Don sarrafa sauran albarkatun girgije, kamar injina, fayafai, gungu na Kubernetes, zaku iya amfani da mai ba da OpenStack Terraform. Ana samun takaddun takaddun hukuma na duka masu samarwa a hanyoyin haɗin yanar gizo masu zuwa:
Don farawa, kuna buƙatar shigar da Terraform (ana iya samun umarni da hanyoyin haɗi zuwa fakitin shigarwa a official website).
Don aiki, mai badawa yana buƙatar maɓallin Zaɓin API, wanda aka ƙirƙira a ciki bangarorin kula da asusun.
An ƙirƙira abubuwan bayyanawa don aiki tare da Selectel ta amfani da Terraform ko ta amfani da saitin misalan shirye-shiryen da ake samu a ma'ajiyar Github: terraform-misali.
An raba ma'ajiyar da ke da misalai zuwa kundayen adireshi biyu:
kayayyaki, dauke da ƙananan nau'i-nau'i da za a sake amfani da su wanda ke ɗaukar saitin sigogi a matsayin shigarwa da sarrafa ƙananan kayan aiki;
misalai, dauke da misalan cikakken saitin na'urori masu alaƙa.
Bayan shigar da Terraform, ƙirƙirar maɓallin Selectel API da sanin kanku da misalan, bari mu matsa zuwa misalai masu amfani.
Misali na ƙirƙirar uwar garken tare da faifan gida
A cikin fayil wuta.tf duk sigogin da za a yi amfani da su lokacin da aka bayyana samfuran kira. Wasu daga cikinsu suna da ƙima na asali, misali, za a ƙirƙiri uwar garken a yankin ru-3a tare da tsari mai zuwa:
Idan ya cancanta, zaku iya saka maɓalli na jama'a daban. Ba dole ba ne a bayyana maɓalli azaman hanyar fayil; Hakanan zaka iya ƙara ƙimar azaman kirtani.
Bugu da ari a cikin wannan fayil an ƙaddamar da kayayyaki project_with_mai amfani и uwar garke_local_root_disk, wanda ke sarrafa abubuwan da ake bukata.
shaida watsi_canji ba ka damar watsi da sifa canje-canje id don hoton da aka yi amfani da shi don ƙirƙirar injin kama-da-wane. A cikin sabis na VPC, yawancin hotunan jama'a ana sabunta su ta atomatik sau ɗaya a mako kuma a lokaci guda nasu id kuma yana canzawa. Wannan ya faru ne saboda abubuwan ban mamaki na ɓangaren OpenStack - Glance, wanda ake ɗaukar hotuna abubuwan da ba za su iya canzawa ba.
Idan kana ƙirƙira ko gyara wani uwar garken da ke akwai ko faifai wanda ke da hujja image_id ana amfani dashi id hoton jama'a, sannan bayan an sabunta wannan hoton, sake gudanar da bayanan Terraform zai sake ƙirƙirar uwar garken ko faifai. Amfani da hujja watsi_canji yana ba ku damar guje wa irin wannan yanayin.
Note: gardama watsi_canji ya bayyana a cikin Terraform tsawon lokaci mai tsawo: cire #2525.
shaida watsi da_resize_confirmation da ake buƙata don samun nasarar sake girman faifai na gida, murhu, ko ƙwaƙwalwar uwar garken. Ana yin irin waɗannan canje-canje ta ɓangaren OpenStack Nova ta amfani da buƙata sake mayar da hankali. Default Nova bayan buƙata sake mayar da hankali yana sanya uwar garken cikin matsayi tabbatar da girman girman kuma yana jiran ƙarin tabbaci daga mai amfani. Koyaya, ana iya canza wannan ɗabi'ar ta yadda Nova bata jira ƙarin ayyuka daga mai amfani ba.
Ƙididdigar ƙayyadaddun hujja ta ba Terraform damar kada ya jira matsayi tabbatar da girman girman don uwar garken kuma ku kasance a shirye don uwar garken ya kasance cikin matsayi mai aiki bayan canza sigoginsa. Ana samun hujja daga sigar 1.10.0 na mai ba da sabis na OpenStack Terraform: cire #422.
Ƙirƙirar albarkatu
Kafin gudanar da bayyanar, da fatan za a lura cewa a cikin misalinmu, an ƙaddamar da masu samarwa guda biyu daban-daban, kuma mai ba da sabis na OpenStack ya dogara da albarkatun mai ba da sabis na Selectel, tunda ba tare da ƙirƙirar mai amfani ba a cikin aikin, ba shi yiwuwa a sarrafa abubuwan da ke cikinsa. . Abin takaici, saboda wannan dalili ba za mu iya gudanar da umarni kawai ba terraform shafi cikin misalinmu. Da farko muna bukatar mu yi amfani don module project_with_mai amfani kuma bayan haka ga komai.
Lura: Har yanzu ba a warware wannan batun a cikin Terraform ba, zaku iya bin tattaunawar akan Github a fitowa #2430 и fitowa #4149.
Fitowar ta nuna cewa Terraform yana zazzage sabbin nau'ikan masu samarwa da yake amfani da su kuma yana bincika duk samfuran da aka kwatanta a cikin misalin.
Da farko bari mu yi amfani da tsarin project_with_mai amfani. Wannan yana buƙatar ƙaddamar da ƙima da hannu don masu canji waɗanda ba a saita su ba:
sel_account tare da lambar asusun ku na Selectel;
sel_token tare da maɓallin ku don Selectel API;
kalmar sirrin mai amfani tare da kalmar sirri don mai amfani da OpenStack.
Dole ne a ɗau nauyin kimar masu canji biyu na farko daga kula da bangarori.
Don canji na ƙarshe, zaku iya fito da kowane kalmar sirri.
Don amfani da tsarin kuna buƙatar maye gurbin ƙimar SEL_ACCOUNT, SEL_TOKEN и USER_PASSWORD gudanar da umarni:
Bayan gudanar da umarnin, Terraform zai nuna abubuwan da yake son ƙirƙirar kuma ya nemi tabbaci:
Plan: 3 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
Da zarar an ƙirƙiri aikin, mai amfani da rawar, za ku iya fara ƙirƙirar sauran albarkatun:
Kuna iya aiki tare da na'ura mai mahimmanci ta hanyar SSH ta amfani da ƙayyadadden IP.
Abubuwan Gyarawa
Baya ga ƙirƙirar albarkatu ta hanyar Terraform, ana kuma iya gyara su.
Misali, bari mu ƙara adadin maƙalli da ƙwaƙwalwar ajiya don uwar garken mu ta hanyar canza dabi'u don sigogi uwar garke_vcpus и uwar garke_ram_mb cikin fayil misalai/vpc/server_local_root_disk/main.tf:
A cikin namu misali wuraren ajiya Hakanan zaka iya ganin bayyanuwar don ƙirƙirar injunan kama-da-wane tare da faifan cibiyar sadarwa.
Misalin ƙirƙirar gungu na Kubernetes
Kafin mu ci gaba zuwa misali na gaba, za mu tsaftace albarkatun da muka ƙirƙira a baya. Don yin wannan a cikin tushen aikin terraform-misali/misali/vpc/server_local_root_disk Bari mu gudanar da umarni don share abubuwan OpenStack:
A kowane hali, kuna buƙatar tabbatar da goge duk abubuwan:
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
Wannan misalin yana ƙirƙira aikin, mai amfani tare da rawa a cikin aikin, kuma yana ɗaga gungu Kubernetes ɗaya. A cikin fayil wuta.tf kuna iya ganin ƙimar tsoho, kamar adadin nodes, halayensu, sigar Kubernetes, da sauransu.
Don ƙirƙirar albarkatu masu kama da misalin farko, da farko za mu fara fara ƙirƙirar kayayyaki da ƙirƙirar albarkatun module project_with_mai amfanisa'an nan kuma ƙirƙirar kowane abu:
Za mu canja wurin ƙirƙira da sarrafa gungu na Kubernetes ta ɓangaren OpenStack Magnum. Kuna iya samun ƙarin bayani game da yadda ake aiki tare da tari a ɗayan mu labaran da suka gabatakazalika tushe ilimi.
Lokacin shirya gungu, za a ƙirƙiri fayafai da injunan kama-da-wane kuma za a shigar da duk abubuwan da suka dace. Shiri yana ɗaukar kusan mintuna 4, lokacin da Terraform zai nuna saƙonni kamar:
module.kubernetes_cluster.openstack_containerinfra_cluster_v1.cluster_1: Still creating... (3m0s elapsed)
Da zarar an gama shigarwa, Terraform zai nuna cewa gungu ya shirya kuma ya nuna ID ɗin sa:
Don sarrafa gungun Kubernetes da aka ƙirƙira ta hanyar mai amfani kubectl kuna buƙatar samun fayil ɗin shiga gungu. Don yin wannan, je zuwa aikin da aka ƙirƙira ta hanyar Terraform a cikin jerin ayyukan a cikin asusunku:
Na gaba, bi hanyar haɗi kamar xxxxxx.selvpc.ruwanda ya bayyana a ƙarƙashin sunan aikin:
Don bayanin shiga, yi amfani da sunan mai amfani da kalmar wucewa da kuka ƙirƙira ta hanyar Terraform. Idan ba ku yi ha'inci ba wuta.tf ko babban.tf ga misalinmu, mai amfani zai sami sunan tf_mai amfani. Dole ne ku yi amfani da ƙimar canjin azaman kalmar sirri TF_VAR_password_mai amfani, wanda aka ƙayyade a farawa terraform shafi a baya.
A cikin aikin kuna buƙatar zuwa shafin Kubernetes:
Anan ne gungu da aka ƙirƙira ta Terraform yake. Zazzage fayil ɗin don kubectl Za ka iya a kan "Access" tab:
Ana samun umarnin shigarwa akan wannan shafin. kubectl da kuma amfani da zazzagewa config.yaml.
Bayan kaddamarwa kubectl da saita canjin yanayi KUBECONFIG Kuna iya amfani da Kubernetes:
Lokacin da adadin nodes ya canza, gungu zai kasance da samuwa. Bayan ƙara kumburi ta hanyar Terraform, zaku iya amfani da shi ba tare da ƙarin tsari ba:
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
tf-cluster-rz6nggvs4va7-master-0 Ready,SchedulingDisabled master 8m v1.12.4
tf-cluster-rz6nggvs4va7-minion-0 Ready <none> 8m v1.12.4
tf-cluster-rz6nggvs4va7-minion-1 Ready <none> 8m v1.12.4
tf-cluster-rz6nggvs4va7-minion-2 Ready <none> 3m v1.12.4
ƙarshe
A cikin wannan labarin mun san manyan hanyoyin yin aiki da su "Virtual Private girgije" ta hanyar Terraform. Za mu yi farin ciki idan kun yi amfani da mai ba da sabis na Selectel Terraform kuma ku ba da amsa.
Duk wani kwaro da aka samu a cikin mai bada sabis na Selectel Terraform ana iya bayar da rahoton ta Matsalolin Github.