Tiyeni tiwunikire misampha ingapo, kuphatikiza yokhudzana ndi malupu, ngati mawu ndi njira zotumizira, komanso zina zambiri zomwe zimakhudza Terraform yonse:
- kuwerengera ndi kwa_gawo lililonse lili ndi malire;
- kuchepetsa kutumizidwa kwa zero nthawi yopuma;
- ngakhale ndondomeko yabwino ikhoza kulephera;
- refactoring akhoza kukhala ndi mbuna zake;
- kugwirizana kochedwetsedwa kumagwirizana... ndi kuchedwetsa.
Kuwerengera ndi kwa_gawo lililonse lili ndi malire
Zitsanzo za m'mutu uno zimagwiritsa ntchito kwambiri chiwerengero cha chiwerengero ndi mawu a_aliyense mu malupu ndi malingaliro okhazikika. Amachita bwino, koma ali ndi zofooka ziwiri zofunika zomwe muyenera kuzidziwa.
- Kuwerengera ndi kwa_chilichonse sikungatchule zosintha zilizonse zomwe zimachokera.
- count ndi kwa_aliyense sangathe kugwiritsidwa ntchito mu kasinthidwe gawo.
count ndi kwa_aliyense sangatchule zosintha zilizonse zomwe zimachokera
Ingoganizirani kuti mukufunika kutumiza ma seva angapo a EC2 ndipo pazifukwa zina simukufuna kugwiritsa ntchito ASG. Khodi yanu ikhoza kukhala motere:
resource "aws_instance" "example_1" {
count = 3
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
}
Tiyeni tiyang'ane pa iwo mmodzimmodzi.
Popeza chiwerengero chowerengera chimayikidwa pamtengo wokhazikika, code iyi idzagwira ntchito popanda mavuto: mukamayendetsa lamulo logwiritsira ntchito, idzapanga ma seva atatu a EC2. Koma bwanji ngati mukufuna kuyika seva imodzi mu Zone Yopezeka (AZ) mkati mwa dera lanu la AWS? Mutha kukhala ndi code yanu yodzaza mndandanda wamagawo kuchokera kugwero la data la aws_availability_zones kenako ndikudumphira pa chilichonse ndikupanga seva ya EC2 momwemo pogwiritsa ntchito magawo owerengera ndi mwayi wofikira:
resource "aws_instance" "example_2" {
count = length(data.aws_availability_zones.all.names)
availability_zone = data.aws_availability_zones.all.names[count.index]
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
}
data "aws_availability_zones" "all" {}Khodi iyi idzagwiranso ntchito bwino, chifukwa parameter yowerengera imatha kufotokozera magwero a data popanda vuto lililonse. Koma chimachitika ndi chiyani ngati kuchuluka kwa ma seva omwe muyenera kupanga kumadalira kutulutsa kwazinthu zina? Kuti muwonetse izi, njira yosavuta ndiyo kugwiritsa ntchito random_integer resource, yomwe, monga momwe dzinalo likusonyezera, imabweretsa chiwerengero chochepa:
resource "random_integer" "num_instances" {
min = 1
max = 3
}Khodi iyi imapanga nambala mwachisawawa pakati pa 1 ndi 3. Tiyeni tiwone zomwe zingachitike ngati tiyesa kugwiritsa ntchito zomwe zatulutsidwa mugawo lowerengera la aws_instance resource:
resource "aws_instance" "example_3" {
count = random_integer.num_instances.result
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
}Ngati mutayendetsa dongosolo la terraform pa code iyi, mudzapeza zolakwika zotsatirazi:
Error: Invalid count argument
on main.tf line 30, in resource "aws_instance" "example_3":
30: count = random_integer.num_instances.result
The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only the resources that the count depends on.Terraform imafuna kuti kuwerengera ndi_iliyonse kuwerengedwe panthawi yokonzekera, zida zilizonse zisanapangidwe kapena kusinthidwa. Izi zikutanthauza kuti kuwerengera ndi kwa_aliyense kungatanthauze zenizeni, zosinthika, magwero a deta, ngakhalenso mndandanda wazothandizira (malinga kutalika kwake kungadziwike pa nthawi yokonzekera), koma osati kuwerengera zosinthika zazinthu.
count ndi kwa_aliyense sangathe kugwiritsidwa ntchito mu kasinthidwe gawo
Tsiku lina mutha kuyesedwa kuti muwonjezere magawo owerengera ku kasinthidwe ka module yanu:
module "count_example" {
source = "../../../../modules/services/webserver-cluster"
count = 3
cluster_name = "terraform-up-and-running-example"
server_port = 8080
instance_type = "t2.micro"
}Khodi iyi imayesa kugwiritsa ntchito kuwerengera mkati mwa module kuti mupange makope atatu a webserver-cluster resource. Kapena mungafune kulumikiza gawo kukhala losasankha kutengera chikhalidwe cha Boolean pokhazikitsa magawo ake owerengera kukhala 0. Izi zitha kuwoneka ngati code yololera, koma mupeza cholakwika ichi mukamagwiritsa ntchito terraform plan:
Error: Reserved argument name in module block
on main.tf line 13, in module "count_example":
13: count = 3
The name "count" is reserved for use in a future version of Terraform.Tsoka ilo, kuyambira Terraform 0.12.6, kugwiritsa ntchito count kapena_chilichonse mu gawo lachidziwitso sikuthandizidwa. Malinga ndi zolemba zotulutsidwa za Terraform 0.12 (http://bit.ly/3257bv4), HashiCorp ikukonzekera kuwonjezera lusoli mtsogolo, kotero kutengera nthawi yomwe mukuwerenga bukuli, likhoza kupezeka kale. Kuti mudziwe zowona, .
Zochepa za Zero Downtime Deployments
Kugwiritsa ntchito block_before_destroy block kuphatikiza ndi ASG ndi yankho labwino kwambiri popanga kutumizidwa kwa zero-downtime, kupatula chenjezo limodzi: malamulo a autoscaling samathandizidwa. Kapena kuti mukhale olondola, izi zimabwezeretsanso kukula kwa ASG kubwerera ku min_size pa ntchito iliyonse, zomwe zingakhale zovuta ngati mukugwiritsa ntchito malamulo a autoscaling kuti muwonjezere kuchuluka kwa ma seva omwe akuthamanga.
Mwachitsanzo, gawo la webserver-cluster lili ndi zida ziwiri za aws_autoscaling_schedule, zomwe pa 9 am zimawonjezera kuchuluka kwa ma seva mumagulu kuchokera pawiri mpaka khumi. Ngati mutumiza, nenani, 11 koloko, ASG yatsopano idzayamba ndi ma seva awiri m'malo mwa khumi ndikukhala choncho mpaka 9 koloko tsiku lotsatira.
Kuletsa uku kungathe kupewedwa m'njira zingapo.
- Sinthani magawo obwereza mu aws_autoscaling_schedule kuchokera ku 0 9 * * * (“thamangani 9 am”) kukhala ngati 0-59 9-17 * * * (“thamangani mphindi iliyonse kuyambira 9 am mpaka 5 pm”). Ngati ASG ili kale ndi ma seva khumi, kuyendetsa lamuloli la autoscaling silingasinthe chilichonse, zomwe ndi zomwe tikufuna. Koma ngati ASG yangotumizidwa posachedwa, lamuloli lidzaonetsetsa kuti mumphindi imodzi yokha chiwerengero cha ma seva ake chidzafika khumi. Iyi si njira yokongola kwambiri, ndipo kulumpha kwakukulu kuchokera pa ma seva khumi mpaka awiri ndi kumbuyo kungayambitsenso mavuto kwa ogwiritsa ntchito.
- Pangani zolemba zomwe zimagwiritsa ntchito AWS API kuti mudziwe kuchuluka kwa maseva omwe akugwira ntchito mu ASG, imbani pogwiritsa ntchito gwero la data lakunja (onani "External Data Source" patsamba 249), ndikukhazikitsa parameter ya wishd_capacity ya ASG kumtengo womwe wabwezedwa ndi script. Mwanjira iyi, chochitika chilichonse chatsopano cha ASG nthawi zonse chimayenda molingana ndi nambala yomwe ilipo ya Terraform ndipo zimapangitsa kuti zikhale zovuta kusunga.
Zachidziwikire, Terraform ikadakhala kuti idakhazikitsanso chithandizo chanthawi yocheperako, koma kuyambira Meyi 2019, gulu la HashiCorp linalibe malingaliro owonjezera izi ().
Dongosolo lolondola litha kukhazikitsidwa mosachita bwino
Nthawi zina lamulo la pulani limapanga dongosolo loyenera bwino loperekera, koma lamulo la application limabweretsa cholakwika. Yesani, mwachitsanzo, kuwonjezera aws_iam_user resource yokhala ndi dzina lomwelo lomwe mudagwiritsa ntchito kwa IAM lomwe mudapanga kale mu Chaputala 2:
resource "aws_iam_user" "existing_user" {
# Подставьте сюда имя уже существующего пользователя IAM,
# чтобы попрактиковаться в использовании команды terraform import
name = "yevgeniy.brikman"
}Tsopano, ngati muyendetsa dongosolo la dongosolo, Terraform itulutsa dongosolo lowoneka bwino loperekera:
Terraform will perform the following actions:
# aws_iam_user.existing_user will be created
+ resource "aws_iam_user" "existing_user" {
+ arn = (known after apply)
+ force_destroy = false
+ id = (known after apply)
+ name = "yevgeniy.brikman"
+ path = "/"
+ unique_id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.Ngati mutayendetsa application command mupeza zolakwika izi:
Error: Error creating IAM User yevgeniy.brikman: EntityAlreadyExists:
User with name yevgeniy.brikman already exists.
on main.tf line 10, in resource "aws_iam_user" "existing_user":
10: resource "aws_iam_user" "existing_user" {Vuto, ndiye kuti wogwiritsa ntchito IAM yemwe ali ndi dzinali alipo kale. Ndipo izi sizingachitike kwa ogwiritsa ntchito a IAM okha, komanso pafupifupi chilichonse. Ndizotheka kuti wina adapanga izi pamanja kapena kugwiritsa ntchito mzere wolamula, koma mwanjira iliyonse, kufananiza ma ID kumabweretsa mikangano. Pali zosiyana zambiri za zolakwika izi zomwe nthawi zambiri zimadabwitsa obwera kumene ku Terraform.
Chofunikira ndichakuti lamulo la dongosolo la terraform limangoganizira zomwe zafotokozedwa mufayilo ya boma la Terraform. Ngati zothandizira zidapangidwa mwanjira ina (mwachitsanzo, pamanja podina pa AWS console), sizitha kukhala mufayilo ya boma ndipo chifukwa chake Terraform sizingawaganizire pochita dongosolo. Zotsatira zake, dongosolo lomwe limawoneka lolondola poyang'ana koyamba lidzakhala losapambana.
Pali maphunziro awiri oti tiphunzirepo pamenepa.
- Ngati mwayamba kale kugwira ntchito ndi Terraform, musagwiritse ntchito china chilichonse. Ngati gawo lazinthu zanu likuyendetsedwa ndi Terraform, simungathenso kusintha pamanja. Kupanda kutero, simungoyika zolakwika zolakwika za Terraform, komanso mumanyalanyaza zabwino zambiri za IaC popeza codeyo sidzakhalanso chiwonetsero cholondola cha zomangamanga zanu.
- Ngati muli ndi zida zina, gwiritsani ntchito lamulo la import. Ngati mukuyamba kugwiritsa ntchito Terraform ndi zomangamanga zomwe zilipo, mutha kuwonjezera pa fayilo ya boma pogwiritsa ntchito terraform import command. Mwanjira iyi Terraform idzadziwa zomwe zomangamanga ziyenera kuyang'aniridwa. Lamulo lolowetsa limatenga mfundo ziwiri. Yoyamba ndi adilesi yothandizira mumafayilo anu osinthira. Mawu apa ndi ofanana ndi maulalo othandizira: _. (monga aws_iam_user.exist_user). Mtsutso wachiwiri ndi ID yazinthu zomwe ziyenera kutumizidwa kunja. Tinene kuti ID ya gwero aws_iam_user ndi dzina la ogwiritsa ntchito (mwachitsanzo, yevgeniy.brikman), ndipo ID yazinthu aws_instance ndi ID ya seva ya EC2 (monga i-190e22e5). Momwe mungatulutsire gwero nthawi zambiri zimawonetsedwa muzolemba pansi pa tsamba lake.
Pansipa pali lamulo lolowetsamo lomwe limagwirizanitsa aws_iam_user gwero lomwe mudawonjeza ku Terraform yanu pamodzi ndi wogwiritsa ntchito IAM mu Chaputala 2 (kulowetsa dzina lanu yevgeniy.brikman, ndithudi):
$ terraform import aws_iam_user.existing_user yevgeniy.brikmanTerraform idzayitana AWS API kuti ipeze wogwiritsa ntchito wa IAM ndikupanga mgwirizano wamafayilo a boma pakati pake ndi aws_iam_user.existing_user resource mu Terraform kasinthidwe. Kuyambira pano, mukamayendetsa dongosolo la dongosolo, Terraform adzadziwa kuti wogwiritsa ntchito IAM alipo kale ndipo sadzayesanso kupanga.
Ndizofunikira kudziwa kuti ngati muli ndi zida zambiri zomwe mukufuna kuitanitsa ku Terraform, kulemba pamanja kachidindo ndikulowetsa chilichonse panthawi imodzi kungakhale kovuta. Chifukwa chake ndikofunikira kuyang'ana chida ngati Terraforming (http://terraforming.dtan4.net/), chomwe chingathe kulowetsamo ma code ndikuyika kuchokera ku akaunti yanu ya AWS.
Refactoring ikhoza kukhala ndi zovuta zake
Refactoring ndizomwe zimachitika pakupanga mapulogalamu pomwe mumasintha mawonekedwe amkati a code pomwe mukusiya machitidwe akunja osasintha. Izi ndikupangitsa kuti code ikhale yomveka bwino, yowoneka bwino, komanso yosavuta kuyisamalira. Refactoring ndi njira yofunikira yomwe iyenera kugwiritsidwa ntchito pafupipafupi. Koma zikafika ku Terraform kapena chida china chilichonse cha IaC, muyenera kusamala kwambiri zomwe mukutanthauza ndi "khalidwe lakunja" lachidutswa cha code, apo ayi mavuto osayembekezereka angabwere.
Mwachitsanzo, mtundu wamba wa refactoring ndikusintha mayina amitundu kapena ntchito ndi zina zomveka bwino. Ma IDE ambiri ali ndi chithandizo chothandizira kukonzanso ndipo amatha kutchulanso zosintha ndi ntchito mu polojekiti yonse. M'zilankhulo zopangira zolinga zambiri, iyi ndi njira yaying'ono yomwe simungaganizire, koma mu Terraform muyenera kusamala kwambiri ndi izi, apo ayi mutha kukumana ndi vuto.
Mwachitsanzo, gawo la webserver-cluster lili ndi chosinthira cluster_name:
variable "cluster_name" { description = "The name to use for all the cluster resources" type = string }Tangoganizani kuti mwayamba kugwiritsa ntchito gawoli kuti mutumize kachipangizo kakang'ono kotchedwa foo. Pambuyo pake, mukufuna kutchulanso ntchito yanu kuti ikhale bar. Kusinthaku kungawoneke ngati kochepa, koma kwenikweni kungayambitse kusokonezeka kwa ntchito.
Chowonadi ndi chakuti gawo la webserver-cluster limagwiritsa ntchito kusinthika kwa cluster_name muzinthu zingapo, kuphatikiza dzina lamagulu awiri achitetezo ndi ALB:
resource "aws_lb" "example" { name = var.cluster_name load_balancer_type = "application" subnets = data.aws_subnet_ids.default.ids security_groups = [aws_security_group.alb.id] }Mukasintha dzina pazida, Terraform ichotsa mtundu wakale wazinthuzo ndikupanga ina m'malo mwake. Koma ngati chidacho ndi ALB, pakati pa kuchichotsa ndi kutsitsa mtundu watsopano, simudzakhala ndi njira yolondolera magalimoto ku seva yanu. Momwemonso, ngati gulu lachitetezo lichotsedwa, ma seva anu ayamba kukana kuchuluka kwa maukonde mpaka gulu latsopano litapangidwa.
Mtundu wina wokonzanso womwe mungakonde ndikusintha ID ya Terraform. Tiyeni titenge aws_security_group zothandizira mu gawo la webserver-cluster monga chitsanzo:
resource "aws_security_group" "instance" { # (...) }Chizindikiritso cha chida ichi chimatchedwa chitsanzo. Ingoganizirani kuti pakukonzanso munaganiza zosintha kuti zikhale zomveka (m'malingaliro anu) cluster_instance:
resource "aws_security_group" "cluster_instance" { # (...) }N’chiyani chidzachitike pamapeto pake? Ndiko kulondola: kusokoneza.
Terraform imagwirizanitsa ID iliyonse yothandizira ndi ID yopereka mtambo. Mwachitsanzo, iam_user imalumikizidwa ndi ID ya wosuta ya AWS IAM, ndipo aws_instance imalumikizidwa ndi ID ya seva ya AWS EC2. Mukasintha ID yazinthu (mwachitsanzo, cluster_instance, monga momwe zilili ndi aws_security_group), kupita ku Terraform zidzawoneka ngati mwachotsa gwero lakale ndikuwonjezera lina. Ngati mugwiritsa ntchito zosinthazi, Terraform ichotsa gulu lakale lachitetezo ndikupanga lina, pomwe ma seva anu ayamba kukana kuchuluka kwa maukonde.
Nazi mfundo zinayi zazikulu zomwe muyenera kutenga muzokambiranazi.
- Nthawi zonse gwiritsani ntchito lamulo la pulani. Ikhoza kuwulula zosokoneza zonsezi. Yang'anani zotulutsa zake mosamala ndikuyang'anitsitsa nthawi zomwe Terraform ikukonzekera kuchotsa zinthu zomwe siziyenera kuchotsedwa.
- Pangani musanafufute. Ngati mukufuna kusintha gwero, ganizirani mosamala ngati mukufuna kupanga cholowa musanachotse choyambirira. Ngati yankho ndi inde, create_before_destroy angathandize. Chotsatira chomwecho chikhoza kupezedwa pamanja pochita masitepe awiri: choyamba yonjezerani chida chatsopano pakukonzekera ndikuyendetsa lamulo logwiritsira ntchito, ndiyeno chotsani gwero lakale pakukonzekera ndikugwiritsanso ntchito lamulo logwiritsira ntchito.
- Kusintha zizindikiritso kumafuna kusintha dziko. Ngati mukufuna kusintha ID yolumikizidwa ndi chinthu (mwachitsanzo, sinthani dzina la aws_security_group kuchokera mwachitsanzo kupita ku cluster_instance) osachotsa gwero ndikupanga mtundu watsopano, muyenera kusintha fayilo ya Terraform moyenerera. Osachita izi pamanja - gwiritsani ntchito terraform state command m'malo mwake. Mukasinthanso zizindikiritso, muyenera kuyendetsa lamulo la terraform state mv, lomwe lili ndi mawu awa:
terraform state mv <ORIGINAL_REFERENCE> <NEW_REFERENCE>ORIGINAL_REFERENCE ndi liwu lomwe limatanthawuza za gwero momwe zilili pano, ndipo NEW_REFERENCE ndipamene mukufuna kusunthira. Mwachitsanzo, mukamatchulanso gulu la aws_security_group kuchokera ku cluster_instance, muyenera kuyendetsa lamulo ili:
$ terraform state mv aws_security_group.instance aws_security_group.cluster_instanceIzi zikuuza Terraform kuti dera lomwe m'mbuyomu lidalumikizidwa ndi aws_security_group.instance tsopano liyenera kulumikizidwa ndi aws_security_group.cluster_instance. Ngati mutasinthanso ndikuyendetsa dongosolo ili la terraform silikuwonetsa kusintha kulikonse, ndiye kuti mwachita zonse molondola.
- Zokonda zina sizingasinthidwe. Zosintha zazinthu zambiri sizisintha. Mukayesa kusintha, Terraform ichotsa gwero lakale ndikupanga ina m'malo mwake. Tsamba lililonse lachidziwitso nthawi zambiri limawonetsa zomwe zimachitika mukasintha makonda ena, choncho onetsetsani kuti mwawona zolembazo. Nthawi zonse gwiritsani ntchito lamulo la dongosolo ndikuganizira kugwiritsa ntchito njira ya create_before_destroy.
Kusasinthika kochedwetsa kumagwirizana… ndi kuchedwetsa
Ma API ena opereka mitambo, monga AWS, ndi asynchronous ndipo akuchedwa kusasinthika. Asynchrony amatanthauza kuti mawonekedwewo amatha kubweza yankho nthawi yomweyo popanda kuyembekezera kuti zomwe mwapemphazo zithe. Kusasinthasintha kwachedwe kumatanthauza kuti zosintha zingatenge nthawi kuti zifalikire mudongosolo lonse; pamene izi zikuchitika, mayankho anu akhoza kukhala osagwirizana ndi kudalira komwe deta source replica ikuyankha mafoni anu a API.
Tangoganizani, mwachitsanzo, mukuyimba foni ya API ku AWS ndikuifunsa kuti ipange seva ya EC2. API idzabwezera yankho "lopambana" (201 Inalengedwa) pafupifupi nthawi yomweyo, popanda kuyembekezera kuti seva yokhayo ipangidwe. Ngati muyesa kulumikizana nayo nthawi yomweyo, idzalephera chifukwa panthawiyo AWS ikuyambitsabe zothandizira kapena, mwinamwake, seva sinayambe. Komanso, ngati muyimbanso foni kuti mudziwe zambiri za seva iyi, mutha kulandira cholakwika (404 Osapezeka). Chowonadi ndichakuti zambiri za seva iyi ya EC2 zitha kufalitsidwabe mu AWS yonse isanapezeke paliponse, muyenera kudikirira masekondi angapo.
Nthawi zonse mukamagwiritsa ntchito asynchronous API yokhala ndi ulesi, muyenera kuyesanso pempho lanu nthawi ndi nthawi mpaka ntchitoyo itamaliza ndikufalikira kudzera mudongosolo. Tsoka ilo, AWS SDK siyimapereka zida zabwino za izi, ndipo pulojekiti ya Terraform yomwe idakumana ndi zovuta zambiri ngati 6813 (https://github.com/hashicorp/terraform/issues/6813):
$ terraform apply aws_subnet.private-persistence.2: InvalidSubnetID.NotFound: The subnet ID 'subnet-xxxxxxx' does not existMwanjira ina, mumapanga chida (monga subnet) ndikuyesa kudziwa zambiri za izo (monga ID ya subnet yomwe yangopangidwa kumene), ndipo Terraform sangayipeze. Zambiri mwa nsikidzizi (kuphatikiza 6813) zakhazikitsidwa, koma zimamerabe nthawi ndi nthawi, makamaka Terraform ikawonjezera chithandizo chamtundu watsopano. Izi ndi zokhumudwitsa, koma nthawi zambiri sizimayambitsa vuto lililonse. Mukathamangitsanso terraform, zonse ziyenera kugwira ntchito, chifukwa panthawiyi chidziwitsocho chidzafalikira kale mu dongosolo lonse.
Nkhaniyi ikuchokera m'buku la Evgeniy Brikman .
Source: www.habr.com