Yuav Tswj Huab Infrastructure li cas nrog Terraform

Nyob rau hauv tsab xov xwm no peb yuav saib dab tsi Terraform muaj, thiab kuj maj mam tso peb tus kheej infrastructure hauv huab nrog VMware - Peb yuav npaj peb VMs rau ntau lub hom phiaj: npe npe, khaws cov ntaub ntawv thiab CMS.

Hais txog txhua yam hauv kev nthuav dav thiab hauv peb theem:

• Terraform - piav qhia, qhov zoo thiab cov khoom

• Tsim cov infrastructure

• Infrastructure pib

  • Ua haujlwm Terraform nrog cov txheej txheem uas twb muaj lawm

1. Terraform - piav qhia, qhov zoo thiab cov khoom siv

Terraform yog IaC (Infrastructure-as-Code) cov cuab yeej rau kev tsim thiab tswj cov txheej txheem virtual siv code.

Peb tau sau ntau qhov zoo hauv kev ua haujlwm nrog cov cuab yeej:

• Kev xa tawm ceev ntawm cov neeg xauj tsev tshiab (kev cai virtual ib puag ncig). Feem ntau, cov neeg siv khoom tshiab muaj ntau, ntau "nias" cov neeg ua haujlwm pabcuam kev pabcuam yuav tsum tau tshaj tawm cov peev txheej tshiab. Nrog Terraform, cov neeg siv tuaj yeem hloov kho lub tshuab virtual (piv txwv li, cia li kaw lub OS thiab nce lub virtual disk faib) yam tsis tas yuav muaj kev txhawb nqa lossis kaw lub tshuab nws tus kheej.

• Kev tshuaj xyuas tam sim ntawm qhov kev npaj ua kom ua kom tiav tshiab Tennant. Siv cov lus piav qhia ntawm cov txheej txheem kev tsim kho, peb tuaj yeem tshawb xyuas tam sim ntawd dab tsi yuav ntxiv thiab nyob rau hauv qhov kev txiav txim, nrog rau qhov kawg ntawm lub xeev no lossis lub tshuab virtual lossis virtual network nrog kev sib txuas rau cov tshuab virtual yuav yog.

• Muaj peev xwm piav qhia txog huab cua nrov tshaj plaws. Koj tuaj yeem siv lub cuab yeej los ntawm Amazon thiab Google Huab, mus rau cov chaw ntiag tug raws li VMware vCloud Tus Thawj Coj, muab cov kev pabcuam hauv IaaS, SaaS thiab PaaS cov kev daws teeb meem.

• Tswj ntau tus neeg muab kev pabcuam huab thiab faib cov txheej txheem ntawm lawv los txhim kho kev ua txhaum cai, siv ib qho kev teeb tsa los tsim, kuaj xyuas thiab tswj cov peev txheej huab.

• Yooj yim siv los tsim demo stands rau kev kuaj software thiab debugging. Koj tuaj yeem tsim thiab hloov pauv sawv cev rau chav kuaj sim, sim software hauv qhov chaw sib txawv hauv qhov sib npaug, thiab hloov pauv thiab tshem tawm cov peev txheej tam sim los ntawm kev tsim ib qho peev txheej tsim.

"Terrarium" Terraform

Peb luv luv tham txog qhov zoo ntawm cov cuab yeej, tam sim no cia peb tawg rau hauv nws cov khoom

Cov kws kho mob. 

Hauv Terraform, yuav luag txhua hom kev tsim kho vaj tse tuaj yeem sawv cev raws li cov peev txheej. Kev sib txuas ntawm cov peev txheej thiab API platform yog muab los ntawm cov chaw muab kev pabcuam, uas tso cai rau koj los tsim cov peev txheej hauv ib lub platform tshwj xeeb, piv txwv li, Azure lossis VMware vCloud Director.

Raws li ib feem ntawm qhov project, koj tuaj yeem cuam tshuam nrog cov chaw muab kev pabcuam sib txawv ntawm ntau lub platform.

Cov ntaub ntawv (resource description).

Cov lus piav qhia ntawm cov peev txheej tso cai rau koj los tswj cov khoom siv hauv platform, xws li cov tshuab virtual lossis network. 

Koj tuaj yeem tsim cov lus piav qhia rau VMware vCloud Tus Thawj Saib Xyuas koj tus kheej thiab siv cov lus piav qhia no los tsim cov peev txheej nrog txhua tus kws kho mob uas siv vCloud Director. Koj tsuas yog yuav tsum tau hloov qhov kev lees paub qhov tseeb thiab qhov kev sib txuas ntawm lub network mus rau qhov xav tau hosting muab kev pabcuam

Cov kev pab.

Qhov kev tivthaiv no ua rau nws muaj peev xwm ua tau haujlwm rau kev teeb tsa thawj zaug thiab kev saib xyuas kev ua haujlwm tom qab tsim cov tshuab virtual. Thaum koj tau tsim cov peev txheej tshuab virtual, koj tuaj yeem siv cov neeg muab kev pabcuam los teeb tsa thiab txuas ntawm SSH, hloov kho lub operating system, thiab rub tawm thiab khiav ib tsab ntawv. 

Input thiab Output variables.

Input variables - input variables rau txhua hom thaiv. 

Cov khoom tso tawm tso cai rau koj kom txuag tau qhov tseem ceeb tom qab tsim cov peev txheej thiab tuaj yeem siv los ua cov tswv yim sib txawv hauv lwm cov qauv, piv txwv li hauv Provisioners block.

Xeev.

Lub xeev cov ntaub ntawv khaws cov ntaub ntawv hais txog kev teeb tsa ntawm cov chaw muab kev pabcuam platform. Thaum lub platform tau tsim thawj zaug, tsis muaj cov ntaub ntawv hais txog cov peev txheej thiab ua ntej kev ua haujlwm, Terraform hloov kho lub xeev nrog cov txheej txheem tiag tiag ntawm cov peev txheej tau piav qhia.

Lub hom phiaj tseem ceeb ntawm cov xeev yog kom txuag tau ib pawg ntawm cov khoom uas twb tau tsim los los sib piv cov kev teeb tsa ntawm cov peev txheej ntxiv thiab cov khoom siv kom tsis txhob rov tsim dua thiab hloov pauv rau lub platform.

Los ntawm lub neej ntawd, lub xeev cov ntaub ntawv khaws cia hauv cov ntaub ntawv terraform.tfstate hauv zos, tab sis yog tias tsim nyog, nws tuaj yeem siv cov chaw taws teeb cia rau kev ua haujlwm pab pawg.

Koj tseem tuaj yeem xa cov peev txheej tam sim no rau hauv lub xeev kom cuam tshuam nrog lwm cov peev txheej uas tau tsim los ntawm Terraform yam tsis muaj kev pab.  

2. Tsim infrastructure

Cov khoom tau raug txheeb xyuas, tam sim no siv Terraform peb yuav maj mam tsim cov txheej txheem nrog peb lub tshuab virtual. Thawj nrog nginx proxy server ntsia, qhov thib ob nrog cov ntaub ntawv khaws cia raws li Nextcloud thiab thib peb nrog CMS Bitrix.

Peb yuav sau code thiab ua nws siv peb qhov piv txwv huab ntawm VMware vCloud Director. Peb cov neeg siv tau txais ib tus as-qhauj nrog rau Organization Administrator txoj cai.Yog tias koj siv ib tus as-qhauj nrog tib txoj cai hauv lwm VMware huab, koj tuaj yeem tsim cov cai los ntawm peb cov piv txwv. Mus!

Ua ntej, cia peb tsim ib daim ntawv teev npe rau peb txoj haujlwm tshiab uas cov ntaub ntawv piav qhia txog cov txheej txheem yuav muab tso rau.

mkdir project01

Tom ntej no, peb piav qhia txog cov khoom siv hauv tsev. Terraform tsim kev sib raug zoo thiab ua cov ntaub ntawv raws li cov lus piav qhia hauv cov ntaub ntawv. Cov ntaub ntawv lawv tus kheej tuaj yeem raug hu ua raws li lub hom phiaj ntawm cov blocks tau piav qhia, piv txwv li, network.tf - piav qhia txog qhov tsis sib xws ntawm lub network rau cov txheej txheem.

Txhawm rau piav qhia txog cov khoom ntawm peb cov infrastructure, peb tsim cov ntaub ntawv hauv qab no:

Daim ntawv teev cov ntaub ntawv.

main.tf - piav qhia ntawm cov tsis muaj rau lub virtual ib puag ncig - virtual machines, virtual ntim;

network.tf - piav qhia ntawm virtual network parameters thiab NAT thiab Firewall cov cai;

variables.tf - daim ntawv teev cov hloov pauv uas peb siv;

vcd.tfvars - qhov project variable qhov tseem ceeb rau VMware vCloud Director module.

Cov lus teeb tsa hauv Terraform yog tshaj tawm thiab qhov kev txiav txim ntawm cov blocks tsis muaj teeb meem, tshwj tsis yog rau cov blocks, vim nyob rau hauv qhov thaiv no peb piav qhia txog cov lus txib kom ua tiav thaum npaj cov txheej txheem thiab lawv yuav raug txiav txim siab.

Thaiv tus qauv.

<BLOCK TYPE> "<BLOCK LABEL>" "<BLOCK LABEL>" {

# Block body

<IDENTIFIER> = <EXPRESSION> # Argument

}

Txhawm rau piav qhia cov blocks, nws tus kheej cov lus programming HCL (HashiCorp Configuration Language) yog siv; nws muaj peev xwm piav qhia txog kev siv JSON. Koj tuaj yeem kawm paub ntau ntxiv txog cov syntax nyeem ntawm tus tsim tawm lub vev xaib.

Ib puag ncig kuj sib txawv configuration, variables.tf thiab vcd.tfvars

Ua ntej, cia peb tsim ob cov ntaub ntawv uas piav qhia txog cov npe ntawm txhua qhov siv tau thiab lawv cov txiaj ntsig rau VMware vCloud Director module. Ua ntej, cia peb tsim cov ntaub ntawv variables.tf.

Cov ntsiab lus ntawm cov ntaub ntawv variables.tf.

variable "vcd_org_user" {

  description = "vCD Tenant User"

}

variable "vcd_org_password" {

  description = "vCD Tenant Password"

}

variable "vcd_org" {

  description = "vCD Tenant Org"

}

variable "vcd_org_vdc" {

  description = "vCD Tenant VDC"

}

variable "vcd_org_url" {

  description = "vCD Tenant URL"

}

variable "vcd_org_max_retry_timeout" {

  default = "60"

}

variable "vcd_org_allow_unverified_ssl" {

  default = "true"

}

variable "vcd_org_edge_name" {

  description = "vCD edge name"

}

variable "vcd_org_catalog" {

  description = "vCD public catalog"

}

variable "vcd_template_os_centos7" {

  description = "OS CentOS 7"

  default = "CentOS7"

}

variable "vcd_org_ssd_sp" {

  description = "Storage Policies"

  default = "Gold Storage Policy"

}

variable "vcd_org_hdd_sp" {

  description = "Storage Policies"

  default = "Bronze Storage Policy"

}

variable "vcd_edge_local_subnet" {

  description = "Organization Network Subnet"

}

variable "vcd_edge_external_ip" {

  description = "External public IP"

}

variable "vcd_edge_local_ip_nginx" {}

variable "vcd_edge_local_ip_bitrix" {}

variable "vcd_edge_local_ip_nextcloud" {}

variable "vcd_edge_external_network" {}

Cov nqi sib txawv uas peb tau txais los ntawm tus kws kho mob.

• vcd_org_user — username with Organization Administrator txoj cai,

• vcd_org_password - tus neeg siv tus password,

• vcd_org — lub npe ntawm lub koom haum,

• vcd_org_vdc — lub npe ntawm virtual data center,

• vcd_org_url - API URL,

• vcd_org_edge_name - lub npe ntawm lub router virtual,

• vcd_org_catalog - lub npe ntawm cov npe nrog cov qauv tshuab virtual,

• vcd_edge_external_ip — pej xeem IP chaw nyob,

• vcd_edge_external_network - lub npe ntawm lub network sab nraud,

• vcd_org_hdd_sp — lub npe ntawm HDD cia txoj cai,

• vcd_org_ssd_sp — lub npe ntawm SSD txoj cai cia.

Thiab nkag mus rau peb qhov sib txawv:

• vcd_edge_local_ip_nginx — IP chaw nyob ntawm lub tshuab virtual nrog NGINX,

• vcd_edge_local_ip_bitrix - IP chaw nyob ntawm lub tshuab virtual nrog 1C: Bitrix,

• vcd_edge_local_ip_nextcloud — IP chaw nyob ntawm lub tshuab virtual nrog Nextcloud.

Nrog rau cov ntaub ntawv thib ob peb tsim thiab teev cov kev hloov pauv rau VMware vCloud Director module hauv cov ntaub ntawv vcd.tfvars: Cia peb nco qab tias hauv peb qhov piv txwv peb siv tus kheej huab mClouds, yog tias koj ua haujlwm nrog lwm tus neeg muab kev pabcuam, tshawb xyuas qhov tseem ceeb nrog lawv. 

Cov ntsiab lus ntawm cov ntaub ntawv vcd.tfvars.

vcd_org_url = "https://vcloud.mclouds.ru/api"

vcd_org_user = "orgadmin"

vcd_org_password = "*"

vcd = "org"

vcd_org_vdc = "orgvdc"

vcd_org_maxretry_timeout = 60

vcd_org_allow_unverified_ssl = true

vcd_org_catalog = "Templates"

vcd_templateos_centos7 = "CentOS7"

vcd_org_ssd_sp = "Gold Storage Policy"

vcd_org_hdd_sp = "Bronze Storage Policy"

vcd_org_edge_name = "MCLOUDS-EDGE"

vcd_edge_external_ip = "185.17.66.1"

vcd_edge_local_subnet = "192.168.110.0/24"

vcd_edge_local_ip_nginx = "192.168.110.1"

vcd_edge_local_ip_bitrix = "192.168.110.10"

vcd_edge_local_ip_nextcloud = "192.168.110.11"

vcd_edge_external_network = "NET-185-17-66-0"

Network configuration, network.tf.

Cov kev hloov pauv ib puag ncig tau teeb tsa, tam sim no peb yuav teeb tsa lub tswv yim sib txuas ntawm lub tshuab virtual - peb yuav muab qhov chaw nyob IP ntiag tug rau txhua lub tshuab virtual thiab siv Destination NAT rau "xa" cov chaw nres nkoj mus rau sab nraud. Txhawm rau txwv kev nkag mus rau cov chaw tswj hwm, peb yuav teeb tsa kev nkag mus rau peb tus IP chaw nyob nkaus xwb.

Network daim duab rau Terraform platform tau tsim

Peb tsim lub koom haum virtual nrog lub npe net_lan01, lub rooj vag default: 192.168.110.254, thiab nrog rau qhov chaw nyob: 192.168.110.0/24.

Peb piav qhia lub network virtual.

resource "vcd_network_routed" "net" {

  name = "net_lan01"

  edge_gateway = var.vcd_org_edge_name

  gateway = "192.168.110.254"

  dns1 = "1.1.1.1"

  dns2 = "8.8.8.8"

 static_ip_pool {

start_address = "192.168.110.1"

end_address = "192.168.110.253"

  }

}

Cia peb tsim cov cai firewall uas tso cai rau cov tshuab virtual nkag mus rau hauv Is Taws Nem. Hauv qhov thaiv no, tag nrho cov peev txheej virtual hauv huab yuav nkag mus rau Is Taws Nem:

Peb piav qhia txog cov cai rau VM nkag mus rau hauv Internet.

resource "vcd_nsxv_firewall_rule" "fw_internet_access" {

  edge_gateway   = var.vcdorgedgename

  name = "Internet Access"

  source {

gateway_interfaces = ["internal"]

  }

  destination {

gateway_interfaces = ["external"]

  }

  service {

protocol = "any"

  }

  depends_on = [vcdnetworkrouted.net]

}

Tau tsim qhov kev vam khom tias tom qab ua tiav cov vcdnetworkrouted.net thaiv, peb pib teeb tsa vcdnsxvfirewallrule thaiv, s pab nyob ntawm. Peb siv qhov kev xaiv no vim tias qee qhov kev cia siab yuav raug lees paub implicitly hauv kev teeb tsa.

Tom ntej no, peb yuav tsim cov cai uas tso cai rau nkag mus rau cov chaw nres nkoj los ntawm lub network sab nraud thiab qhia peb tus IP chaw nyob rau kev sib txuas ntawm SSH rau cov servers. Txhua tus neeg siv Is Taws Nem tau nkag mus rau cov chaw nres nkoj 80 thiab 443 ntawm lub vev xaib server, thiab tus neeg siv nrog qhov chaw nyob IP ntawm 90.1.15.1 tau nkag mus rau SSH ports ntawm virtual servers.

Tso cai nkag mus rau cov chaw nres nkoj los ntawm lub network sab nraud.

resource "vcd_nsxv_firewall_rule" "fwnatports" {

  edge_gateway   = var.vcd_org_edge_name

  name = "HTTPs Access"

  source {

gateway_interfaces = ["external"]

  }

  destination {

  gateway_interfaces = ["internal"]

  }

  service {

protocol = "tcp"

port = "80"

  }

  service {

protocol = "tcp"

port = "443"

  }

  depends_on = [vcd_network_routed.net]

}

resource "vcd_nsxv_firewall_rule" "fw_nat_admin_ports" {

  edge_gateway   = var.vcd_org_edge_name

  name = "Admin Access"

  source {

  ip_addresses = [ "90.1.15.1" ]

  }

  destination {

  gateway_interfaces = ["internal"]

  }

  service {

protocol = "tcp"

port = "58301"

  }

  service {

protocol = "tcp"

port = "58302"

  }

  service {

protocol = "tcp"

port = "58303"

  }

  depends_on = [vcd_network_routed.net]

}

Peb tsim Source NAT cov cai rau kev nkag mus rau Is Taws Nem los ntawm huab hauv zos network:

Peb piav qhia txog Cov Cai NAT Cov Cai.

resource "vcd_nsxv_snat" "snat_local" {

edge_gateway = var.vcd_org_edge_name

  network_type = "ext"

  network_name = var.vcdedgeexternalnetwork

  original_address   = var.vcd_edge_local_subnet

translated_address = var.vcd_edge_external_ip

  depends_on = [vcd_network_routed.net]

}

Thiab txhawm rau ua kom tiav qhov kev teeb tsa ntawm lub network thaiv, peb ntxiv Destination NAT cov cai rau kev nkag mus rau cov kev pabcuam los ntawm lub network sab nraud:

Ntxiv qhov chaw NAT cov cai.

resource "vcd_nsxv_dnat" "dnat_tcp_nginx_https" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"


  description = "NGINX HTTPs"

original_address = var.vcd_edge_external_ip
original_port = 443

translated_address = var.vcd_edge_local_ip_nginx
translated_port = 443
protocol = "tcp"

depends_on = [vcd_network_routed.net]
}
resource "vcd_nsxv_dnat" "dnat_tcp_nginx_http" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"

description = "NGINX HTTP"

original_address = var.vcd_edge_external_ip
original_port = 80

translated_address = var.vcd_edge_local_ip_nginx
translated_port = 80
protocol = "tcp"

depends_on = [vcd_network_routed.net]

}

Ntxiv NAT txoj cai rau chaw nres nkoj txhais lus rau SSH server hauv Nginx.

resource "vcd_nsxv_dnat" "dnat_tcp-nginx_ssh" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"

description = "SSH NGINX"

original_address = var.vcd_edge_external_ip
original_port = 58301

translated_address = var.vcd_edge_local_ip_nginx
translated_port = 22
protocol = "tcp"

depends_on = [vcd_network_routed.net]

}

Ntxiv NAT txoj cai rau chaw nres nkoj txhais lus rau SSH server nrog 1C-Bitrix.

resource "vcd_nsxv_dnat" "dnat_tcp_bitrix_ssh" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"

description = "SSH Bitrix"

original_address = var.vcd_edge_external_ip
original_port = 58302

translated_address = var.vcd_edge_local_ip_bitrix
translated_port = 22
protocol = "tcp"

depends_on = [vcd_network_routed.net]

}

Ntxiv NAT txoj cai rau chaw nres nkoj txhais lus rau SSH server nrog Nextcloud.

resource "vcd_nsxv_dnat" "dnat_tcp_nextcloud_ssh" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"

description = "SSH Nextcloud"

original_address = var.vcd_edge_external_ip
original_port = 58303 translated_address = var.vcd_edge_local_ip_nextcloud
translated_port = 22
protocol = "tcp"

depends_on = [vcd_network_routed.net]

}

Main.tf virtual ib puag ncig configuration

Raws li peb tau npaj thaum pib ntawm tsab xov xwm, peb yuav tsim peb lub tshuab virtual. Lawv yuav tau npaj siv "Tswj Customization". Peb yuav teeb tsa lub network tsis raws li qhov chaw peb tau teev tseg, thiab tus neeg siv lo lus zais yuav raug tsim tawm.

Cia peb piav qhia lub vApp uas lub tshuab virtual yuav nyob thiab lawv cov teeb tsa.

Virtual tshuab configuration

Wb tsim lub thawv vApp. Yog li ntawd peb tuaj yeem txuas lub vApp thiab VM tam sim ntawd rau lub network virtual, peb kuj ntxiv qhov nyob ntawm qhov ntsuas:

Tsim ib lub thawv

resource "vcd_vapp" "vapp" {
name = "web"
power_on = "true" depends_on = [vcd_network_routed.net]

}

Cia peb tsim lub tshuab virtual nrog cov lus piav qhia

resource "vcd_vapp_vm" "nginx" {

vapp_name = vcd_vapp.vapp.name

name = "nginx"

catalog_name = var.vcd_org_catalog

template_name = var.vcd_template_os_centos7

storage_profile = var.vcd_org_ssd_sp

memory = 8192

cpus = 1

cpu_cores = 1

network {

type = "org"

name = vcd_network_routed.net.name

is_primary = true

adapter_type = "VMXNET3"

ip_allocation_mode = "MANUAL"

ip = var.vcd_edge_local_ip_nginx

}

override_template_disk {

bus_type = "paravirtual"

size_in_mb = "32768"

bus_number = 0

unit_number = 0

storage_profile = var.vcd_org_ssd_sp

}

}

Cov ntsiab lus tseem ceeb hauv VM piav qhia:

• lub npe - lub npe ntawm lub tshuab virtual,

• vappname - lub npe ntawm vApp uas yuav ntxiv VM tshiab,

• catalogname / templatename - catalog lub npe thiab virtual tshuab template lub npe,

• storageprofile - default storage policy.

Network Block Parameters:

• hom - hom kev sib txuas network,

• lub npe - uas virtual network txuas VM rau,

• isprimary - thawj lub network adapter,

• ipallocation_mode — MANUAL / DHCP / POOL chaw nyob faib hom,

• ip - IP chaw nyob rau lub tshuab virtual, peb yuav qhia nws manually.

override_template_disk thaiv:

• sizeinmb - khau raj disk loj rau lub tshuab virtual

• storage_profile — cia txoj cai rau lub disk

Cia peb tsim VM thib ob nrog cov lus piav qhia ntawm Nextcloud cov ntaub ntawv cia

resource "vcd_vapp_vm" "nextcloud" {

vapp_name = vcd_vapp.vapp.name

name = "nextcloud"

catalog_name = var.vcd_org_catalog

template_name = var.vcd_template_os_centos7

storage_profile = var.vcd_org_ssd_sp

memory = 8192

cpus = 1

cpu_cores = 1

network {

type = "org"

name = vcd_network_routed.net.name

is_primary = true

adapter_type = "VMXNET3"

ip_allocation_mode = "MANUAL"

ip = var.vcd_edge_local_ip_nextcloud

}

override_template_disk {

bus_type = "paravirtual"

size_in_mb = "32768"

bus_number = 0

unit_number = 0

storage_profile = var.vcd_org_ssd_sp

}

}

resource "vcd_vm_internal_disk" "disk1" {

vapp_name = vcd_vapp.vapp.name

vm_name = "nextcloud"

bus_type = "paravirtual"

size_in_mb = "102400"

bus_number = 0

unit_number = 1

storage_profile = var.vcd_org_hdd_sp

allow_vm_reboot = true

depends_on = [ vcd_vapp_vm.nextcloud ]

}

Hauv ntu vcdvminternal_disk peb yuav piav qhia txog lub disk tshiab uas txuas nrog lub tshuab virtual.

Kev piav qhia rau vcdvminternaldisk thaiv:

• bustype - disk tswj hom

• sizeinmb — disk loj

• busnumber / unitnumber - qhov chaw txuas hauv lub adapter

• storage_profile — cia txoj cai rau lub disk

Cia peb piav qhia qhov tseeb VM ntawm Bitrix

resource "vcd_vapp_vm" "bitrix" {

vapp_name = vcd_vapp.vapp.name

name = "bitrix"

catalog_name = var.vcd_org_catalog

template_name = var.vcd_template_os_centos7

storage_profile = var.vcd_org_ssd_sp

memory = 8192

cpus = 1

cpu_cores = 1

network {

type = "org"

name = vcd_network_routed.net.name

is_primary = true

adapter_type = "VMXNET3"

ip_allocation_mode = "MANUAL"

ip = var.vcd_edge_local_ip_bitrix

}

override_template_disk {

bus_type = "paravirtual"

size_in_mb = "81920"

bus_number = 0

unit_number = 0

storage_profile = var.vcd_org_ssd_sp

}

}

Hloov kho OS thiab txhim kho cov ntawv sau ntxiv

Lub network tau npaj, cov tshuab virtual tau piav qhia. Ua ntej xa peb cov kev tsim kho vaj tse, peb tuaj yeem ua tiav qhov kev npaj ua ntej ua ntej siv cov khoom thaiv thiab tsis siv Ansible.

Cia peb saib yuav ua li cas hloov kho OS thiab khiav CMS Bitrix kev teeb tsa tsab ntawv siv tus txheej txheem thaiv.

Ua ntej, cia peb nruab CentOS hloov tshiab pob.

resource "null_resource" "nginx_update_install" {

provisioner "remote-exec" {

connection {

type = "ssh"

user = "root"

password = vcd_vapp_vm.nginx.customization[0].admin_password

host = var.vcd_edge_external_ip

port = "58301"

timeout = "30s"

}

inline = [

"yum -y update && yum -y upgrade",

"yum -y install wget nano epel-release net-tools unzip zip" ]

}

}

}

Lub npe ntawm cov khoom siv:

• provisioner "remote-exec" - txuas cov chaw taws teeb tswj thaiv

• Hauv kev sib txuas thaiv peb piav qhia txog hom thiab qhov tsis sib xws rau kev sib txuas:

• hom - raws tu qauv, hauv peb rooj plaub SSH;

• neeg siv - username;

• password - tus neeg siv tus password. Nyob rau hauv peb cov ntaub ntawv, peb taw tes rau qhov parameter vcdvappvm.nginx.customization[0].admin_password, uas khaws cov password generated rau cov neeg siv system.

• tus tswv tsev - chaw nyob IP sab nraud rau kev sib txuas;

• chaw nres nkoj - chaw nres nkoj rau kev sib txuas, uas yav dhau los tau teev tseg hauv DNAT teeb tsa;

• inline - sau cov npe ntawm cov lus txib uas yuav nkag mus. Cov lus txib yuav raug nkag mus rau hauv kev txiav txim raws li qhia hauv ntu no.

Ua ib qho piv txwv, cia peb ntxiv cov ntawv sau 1C-Bitrix. Cov txiaj ntsig ntawm kev ua tiav tsab ntawv yuav muaj thaum lub phiaj xwm tab tom ua haujlwm. Txhawm rau nruab cov ntawv, ua ntej peb piav qhia txog qhov thaiv:

Cia peb piav qhia txog kev teeb tsa ntawm 1C-Bitrix.

provisioner "file" {

source = "prepare.sh"

destination = "/tmp/prepare.sh"

connection {

type = "ssh"

user = "root"

password = vcd_vapp_vm.nginx.customization[0].admin_password

host = var.vcd_edge_external_ip

port = "58301"

timeout = "30s"

}

}

provisioner "remote-exec" {

inline = [

"chmod +x /tmp/prepare.sh", "./tmp/prepare.sh"

]

}

Thiab peb yuav piav qhia txog qhov hloov tshiab Bitrix tam sim ntawd.

Ib qho piv txwv ntawm kev muab 1C-Bitrix.

resource "null_resource" "install_update_bitrix" {

provisioner "remote-exec" {

connection {

type = "ssh"

user = "root"

password = vcd_vapp_vm.bitrix.customization[0].admin_password

host = var.vcd_edge_external_ip

port = "58302"

timeout = "60s"

}

inline = [

"yum -y update && yum -y upgrade",

"yum -y install wget nano epel-release net-tools unzip zip",

"wget http://repos.1c-bitrix.ru/yum/bitrix-env.sh -O /tmp/bitrix-env.sh",

"chmod +x /tmp/bitrix-env.sh",

"/tmp/bitrix-env.sh"

]

}

}

Tseem ceeb! Tsab ntawv yuav tsis ua haujlwm yog tias koj tsis lov tes taw SELinux ua ntej! Yog tias koj xav tau cov ncauj lus kom ntxaws txog kev txhim kho thiab teeb tsa CMS 1C-Bitrix siv bitrix-env.sh, oo koj tuaj yeem siv peb cov lus blog ntawm lub vev xaib.

3. Infrastructure pib

Pib pib modules thiab plugins

Rau kev ua haujlwm, peb siv qhov yooj yim "tus txiv neej cov khoom siv": lub laptop nrog Windows 10 OS thiab cov khoom siv xa tawm los ntawm lub vev xaib raug cai terraform.io. Cia peb unpack thiab pib siv cov lus txib: terraform.exe init

Tom qab piav qhia txog kev suav thiab network infrastructure, peb pib npaj los sim peb cov kev teeb tsa, qhov twg peb tuaj yeem pom tias yuav tsim dab tsi thiab nws yuav txuas rau ib leeg li cas.

1. Execute cov lus txib - terraform plan -var-file=vcd.tfvars.

2. Peb tau txais qhov tshwm sim - Plan: 16 to add, 0 to change, 0 to destroy. Ntawd yog, raws li txoj kev npaj no, 16 cov peev txheej yuav raug tsim.

3. Peb tso lub phiaj xwm ntawm kev hais kom ua - terraform.exe apply -var-file=vcd.tfvars.

Cov tshuab virtual yuav raug tsim, thiab tom qab ntawd cov pob peb tau teev tseg yuav raug tua nyob rau hauv ntu kev muab - OS yuav raug hloov kho thiab CMS Bitrix yuav raug teeb tsa.

Tau txais cov ntaub ntawv txuas

Tom qab ua tiav txoj kev npaj, peb xav kom tau txais cov ntaub ntawv hauv daim ntawv rau kev txuas mus rau cov servers, rau qhov no peb yuav format cov khoom seem raws li hauv qab no:

output "nginxpassword" {

 value = vcdvappvm.nginx.customization[0].adminpassword

}

Thiab cov zis hauv qab no qhia peb tus password rau lub tshuab virtual tsim:

Outputs: nginx_password = F#4u8!!N

Raws li qhov tshwm sim, peb tau txais kev nkag mus rau cov tshuab virtual nrog kev hloov kho tshiab thiab cov pob khoom ua ntej rau peb txoj haujlwm ntxiv. Txhua yam yog npaj txhij!

Tab sis yuav ua li cas yog tias koj twb muaj cov infrastructure uas twb muaj lawm?

3.1. Ua hauj lwm Terraform nrog cov infrastructure uas twb muaj lawm

Nws yog qhov yooj yim, koj tuaj yeem import cov tshuab virtual tam sim no thiab lawv cov ntim vApp siv cov lus txib ntshuam.

Cia peb piav qhia txog cov peev txheej vAPP thiab lub tshuab virtual.

resource "vcd_vapp" "Monitoring" {

name = "Monitoring"

org = "mClouds"

vdc = "mClouds"

}

resource "vcd_vapp_vm" "Zabbix" {

name = "Zabbix"

org = "mClouds"

vdc = "mClouds"

vapp = "Monitoring"

}

Cov kauj ruam tom ntej yog import cov khoom ntawm vApp cov ntaub ntawv hauv hom vcdvapp.<vApp> <org>.<orgvdc>.<vApp>, nyob qhov twg:

• vApp - vApp npe;

• org - lub npe ntawm lub koom haum;

• org_vdc — lub npe ntawm virtual data center.

Importing vAPP cov cuab yeej cuab tam

Cia peb import cov khoom ntawm VM cov peev txheej hauv hom: vcdvappvm.<VM> <org>.<orgvdc>.<vApp>.<VM>, uas:

• VM - VM npe;

• vApp - vApp npe;

• org - lub npe ntawm lub koom haum;

• orgvdc yog lub npe ntawm virtual data center.

Ntshuam tau ua tiav

C:UsersMikhailDesktopterraform>terraform import vcd_vapp_vm.Zabbix mClouds.mClouds.Monitoring.Zabbix

vcd_vapp_vm.Zabbix: Importing from ID "mClouds.mClouds.Monitoring.Zabbix"...

vcd_vapp_vm.Zabbix: Import prepared!

Prepared vcd_vapp_vm for import

vcd_vapp_vm.Zabbix: Refreshing state... [id=urn:vcloud:vm:778f4a89-1c8d-45b9-9d94-0472a71c4d1f]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Tam sim no peb tuaj yeem saib cov peev txheej tshiab tuaj txawv teb chaws:

Imported peev txheej

> terraform show

...

# vcd_vapp.Monitoring:

resource "vcd_vapp" "Monitoring" {

guest_properties = {}

href = "https://vcloud.mclouds.ru/api/vApp/vapp-fe5db285-a4af-47c4-93e8-55df92f006ec"

id = "urn:vcloud:vapp:fe5db285-a4af-47c4-93e8-55df92f006ec"

ip = "allocated"

metadata = {}

name = "Monitoring"

org = "mClouds"

status = 4

status_text = "POWERED_ON"

vdc = "mClouds"

}

…

# vcd_vapp_vm.Zabbix:

resource "vcd_vapp_vm" "Zabbix" {

computer_name = "Zabbix"

cpu_cores = 1

cpus = 2

expose_hardware_virtualization = false

guest_properties = {}

hardware_version = "vmx-14"

href = "https://vcloud.mclouds.ru/api/vApp/vm-778f4a89-1c8d-45b9-9d94-0472a71c4d1f"

id = "urn:vcloud:vm:778f4a89-1c8d-45b9-9d94-0472a71c4d1f"

internal_disk = [

{

bus_number = 0

bus_type = "paravirtual"

disk_id = "2000"

iops = 0

size_in_mb = 122880

storage_profile = "Gold Storage Policy"

thin_provisioned = true

unit_number = 0

},

]

memory = 8192

metadata = {}

name = "Zabbix"

org = "mClouds"

os_type = "centos8_64Guest"

storage_profile = "Gold Storage Policy"

vapp_name = "Monitoring"

vdc = "mClouds"


customization {

allow_local_admin_password = true

auto_generate_password = true

change_sid = false

enabled = false

force = false

join_domain = false

join_org_domain = false

must_change_password_on_first_login = false

number_of_auto_logons = 0

}

network {

adapter_type = "VMXNET3"

ip_allocation_mode = "DHCP"

is_primary = true

mac = "00:50:56:07:01:b1"

name = "MCLOUDS-LAN01"

type = "org"

}

}


Tam sim no peb tau npaj txhij - peb tau ua tiav nrog lub ntsiab lus kawg (ntsuas rau hauv cov txheej txheem uas twb muaj lawm) thiab tau txiav txim siab tag nrho cov ntsiab lus tseem ceeb ntawm kev ua haujlwm nrog Terraform. 

Cov cuab yeej muab tau yooj yim heev thiab tso cai rau koj los piav txog koj cov kev tsim kho vaj tse raws li cov cai, pib los ntawm cov tshuab virtual ntawm ib tus neeg muab kev pabcuam huab los piav txog cov peev txheej ntawm cov khoom siv hauv network.

Nyob rau tib lub sijhawm, kev ywj pheej los ntawm ib puag ncig ua rau nws muaj peev xwm ua haujlwm nrog hauv zos, huab kev pab cuam, thiab txawm tswj lub platform. Thiab yog tias tsis muaj kev txhawb nqa platform thiab koj xav ntxiv ib qho tshiab, koj tuaj yeem sau koj tus kws kho mob thiab siv nws.

Tau qhov twg los: www.hab.com