🥇Terraform wopereka Selectel | Pulogalamu ya ProHoster

Takhazikitsa wothandizira Terraform wovomerezeka kuti azigwira ntchito ndi Selectel. Izi zimalola ogwiritsa ntchito kugwiritsa ntchito bwino kasamalidwe kazinthu pogwiritsa ntchito njira ya Infrastructure-as-code.

Wopereka pakali pano amathandizira kasamalidwe kazinthu zothandizira "Virtual Private Cloud" (pambuyo pake amatchedwa VPC). M'tsogolomu, tikukonzekera kuwonjezera kasamalidwe kazinthu pazinthu zina zoperekedwa ndi Selectel.

Monga mukudziwira kale, ntchito ya VPC imamangidwa pa OpenStack. Komabe, chifukwa chakuti OpenStack sichimapereka zida zamtundu wamtundu wamtambo, tidagwiritsa ntchito zomwe zikusowa mu ma API owonjezera omwe amathandizira kasamalidwe ka zinthu zovuta kupanga ndikupangitsa kuti ntchitoyo ikhale yosavuta. Zina mwazinthu zomwe zimapezeka mu OpenStack sizogwiritsidwa ntchito mwachindunji, koma zimapezeka kudzera API yathu.

Wopereka Selectel Terraform tsopano akuphatikiza kuthekera kosamalira zinthu zotsatirazi za VPC:

mapulojekiti ndi magawo awo;
ogwiritsa ntchito, maudindo awo ndi zizindikiro;
ma subnets apagulu, kuphatikiza madera ndi VRRP;
zilolezo zamapulogalamu.

Wothandizira amagwiritsa ntchito laibulale yathu ya Go pagulu kuti agwire ntchito ndi VPC API. Onse laibulale ndi woperekayo ali wotseguka, chitukuko chawo chikuchitika pa Github:

nkhokwe ya library Go-selvpcclient,
malo operekera Terraform-wopereka Selectel.

Kuwongolera zinthu zina zamtambo, monga makina enieni, ma disks, magulu a Kubernetes, mutha kugwiritsa ntchito OpenStack Terraform provider. Zolemba zovomerezeka za onse opereka chithandizo zilipo pa maulalo awa:

Zolemba za Selectel resource: Terraform-wopereka Selectel,
Zolemba za OpenStack: Terraform-wopereka OpenStack.

Kuyamba

Kuti muyambe, muyenera kukhazikitsa Terraform (malangizo ndi maulalo oyika phukusi angapezeke pa webusaitiyi).

Kuti agwire ntchito, woperekayo amafunikira kiyi ya Selectel API, yomwe imapangidwa mkati magulu oyang'anira akaunti.

Mawonetseredwe ogwirira ntchito ndi Selectel amapangidwa pogwiritsa ntchito Terraform kapena kugwiritsa ntchito zitsanzo zokonzeka zomwe zikupezeka munkhokwe yathu ya Github: terraform - zitsanzo.

Malo okhala ndi zitsanzo amagawidwa m'mabuku awiri:

zigawo, yokhala ndi ma modules ang'onoang'ono omwe angagwiritsidwenso ntchito omwe amatenga seti ya magawo monga kulowetsa ndikuwongolera kagawo kakang'ono kazinthu;
zitsanzo, okhala ndi zitsanzo za seti yathunthu ya ma module olumikizana.

Mutayika Terraform, kupanga kiyi ya Selectel API ndikuzidziwa bwino ndi zitsanzo, tiyeni tipitirire ku zitsanzo zothandiza.

Chitsanzo chopanga seva yokhala ndi disk yakomweko

Tiyeni tiwone chitsanzo chopanga pulojekiti, wogwiritsa ntchito ndi makina enieni okhala ndi disk yakomweko: terraform-zitsanzo/zitsanzo/vpc/server_local_root_disk.

Mu fayilo anthu.tf magawo onse omwe adzagwiritsidwe ntchito poyimba ma module akufotokozedwa. Ena mwa iwo ali ndi zikhalidwe zosasinthika, mwachitsanzo, seva idzapangidwa m'derali ndi 3a ndi masinthidwe awa:

variable "server_vcpus" {
default = 4
}

variable "server_ram_mb" {
default = 8192
}

variable "server_root_disk_gb" {
default = 8
}

variable "server_image_name" {
default = "Ubuntu 18.04 LTS 64-bit"
}

Mu fayilo chachikulu.tf Wopereka Selectel adayambitsidwa:

provider "selectel" {
token    = "${var.sel_token}"
}

Fayiloyi ilinso ndi mtengo wokhazikika wa kiyi ya SSH yomwe idzayikidwe pa seva:

module "server_local_root_disk" {
...
server_ssh_key      = "${file("~/.ssh/id_rsa.pub")}"
}

Ngati ndi kotheka, mutha kufotokoza kiyi yosiyana ya anthu onse. Chinsinsi sichiyenera kufotokozedwa ngati njira yamafayilo; mutha kuwonjezeranso mtengo ngati chingwe.

Kuphatikiza apo, ma module amatsegulidwa mu fayiloyi project_with_user и seva_local_root_disk, omwe amayendetsa zinthu zofunika.

Tiyeni tiwone ma module awa mwatsatanetsatane.

Kupanga polojekiti komanso wogwiritsa ntchito

Gawo loyamba limapanga pulojekiti ndi wogwiritsa ntchito pulojekitiyi: terraform-examples/modules/vpc/project_with_user.

Wogwiritsa ntchito wopangidwa azitha kulowa mu OpenStack ndikuwongolera zinthu zake. Gawoli ndi losavuta ndipo limayang'anira zinthu zitatu zokha:

selectel_vpc_project_v2,
selectel_vpc_user_v2,
selectel_vpc_role_v2.

Kupanga seva yeniyeni yokhala ndi disk yakomweko

Gawo lachiwiri likuchita ndi kuyang'anira zinthu za OpenStack, zomwe ndizofunikira kupanga seva ndi disk yakomweko.

Muyenera kulabadira mfundo zina zomwe zafotokozedwa mugawoli pazachidziwitso Openstack_compute_instance_v2:

resource "openstack_compute_instance_v2" "instance_1" {
  ...

  lifecycle {
    ignore_changes = ["image_id"]
  }

  vendor_options {
    ignore_resize_confirmation = true
  }
}

Kukangana kunyalanyaza_kusintha amakulolani kunyalanyaza kusintha kwa mawonekedwe id kwa chithunzi chomwe chimagwiritsidwa ntchito popanga makina enieni. Muutumiki wa VPC, zithunzi zambiri zapagulu zimasinthidwa kamodzi pa sabata ndipo nthawi yomweyo awo id komanso kusintha. Izi ndichifukwa cha zomwe zili mu gawo la OpenStack - Glance, momwe zithunzi zimatengedwa ngati zinthu zosasinthika.

Ngati mukupanga kapena kusintha seva yomwe ilipo kapena disk yomwe ili ndi mkangano chithunzi_id imagwiritsidwa ntchito id chithunzi cha anthu onse, ndiye chithunzicho chikasinthidwa, kuyendetsa chiwonetsero cha Terraform kudzapanganso seva kapena disk. Kugwiritsa ntchito mkangano kunyalanyaza_kusintha amakulolani kupeŵa mkhalidwe wotero.

Zindikirani: kukangana kunyalanyaza_kusintha adawonekera ku Terraform kalekale: kukokera #2525.

Kukangana ignore_resize_confirmation zofunikira kuti musinthe kukula kwa disk, ma cores, kapena kukumbukira kwa seva. Zosintha zoterezi zimapangidwa kudzera mu gawo la OpenStack Nova pogwiritsa ntchito pempho sintha. Mosasinthika Nova pambuyo pempho sintha imayika seva pamalo ake verify_resize ndikudikirira chitsimikiziro chowonjezera kuchokera kwa wogwiritsa ntchito. Komabe, khalidweli likhoza kusinthidwa kuti Nova asadikire zochita zina kuchokera kwa wogwiritsa ntchito.

Mtsutso womwe waperekedwa umalola Terraform kuti asadikire zomwe zikuchitika verify_resize kwa seva ndikukonzekera kuti seva ikhale yogwira ntchito pambuyo posintha magawo ake. Mtsutso ukupezeka kuchokera ku mtundu 1.10.0 wa OpenStack Terraform wopereka: kukokera #422.

Kupanga Zothandizira

Musanayambe mawonetseredwe, chonde dziwani kuti mu chitsanzo chathu, opereka awiri osiyana amayambitsidwa, ndipo opereka OpenStack amadalira zothandizira za Selectel, popeza popanda kupanga wogwiritsa ntchito polojekitiyi, sizingatheke kuyang'anira zinthu zomwe zili zake. . Tsoka ilo, chifukwa chomwechi sitingathe kungoyendetsa lamulo terraform ntchito mkati mwa chitsanzo chathu. Choyamba tiyenera kuchita ntchito za module project_with_user ndipo pambuyo pake kwa china chirichonse.

Zindikirani: Nkhaniyi sinatherebe ku Terraform, mutha kutsatira zomwe takambirana pa Github pa Chithunzi cha 2430 и Chithunzi cha 4149.

Kuti mupange zothandizira, pitani ku chikwatu terraform-zitsanzo/zitsanzo/vpc/server_local_root_disk, zomwe zili mkati mwake ziyenera kukhala motere:

$ ls
README.md	   main.tf		vars.tf

Timayamba ma modules pogwiritsa ntchito lamulo:

$ terraform init

Zomwe zimatuluka zikuwonetsa kuti Terraform imatsitsa mitundu yaposachedwa ya omwe amawagwiritsa ntchito ndikuyang'ana ma module onse omwe akufotokozedwa pachitsanzocho.

Choyamba tiyeni tigwiritse ntchito module project_with_user. Izi zimafuna zodutsa pamanja pazosintha zomwe sizinakhazikitsidwe:

akaunti_ya ndi nambala yanu ya akaunti ya Selectel;
sel_token ndi kiyi yanu ya Selectel API;
user_password ndi mawu achinsinsi kwa wosuta OpenStack.

Miyezo yamitundu iwiri yoyambirira iyenera kuchotsedwa mapanelo owongolera.

Pakusintha komaliza, mutha kubwera ndi mawu achinsinsi aliwonse.

Kuti mugwiritse ntchito module muyenera kusintha ma values SEL_ACCOUNT, SEL_TOKEN и USER_PASSWORD kuyendetsa lamulo:

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform apply -target=module.project_with_user

Pambuyo poyendetsa lamuloli, Terraform iwonetsa zomwe ikufuna kupanga ndikupempha chitsimikiziro:

Plan: 3 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.

Enter a value: yes

Pulojekitiyo, wogwiritsa ntchito ndi udindo zitapangidwa, mutha kuyamba kupanga zotsalazo:

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform apply

Mukamapanga zothandizira, tcherani khutu ku zomwe Terraform imatulutsa ndi adilesi yakunja ya IP komwe seva yopangidwa ipezeka:

module.server_local_root_disk.openstack_networking_floatingip_associate_v2.association_1: Creating...
  floating_ip: "" => "x.x.x.x"

Mutha kugwira ntchito ndi makina omwe adapangidwa kudzera pa SSH pogwiritsa ntchito IP yodziwika.

Kusintha Zothandizira

Kuphatikiza pakupanga zinthu kudzera mu Terraform, zitha kusinthidwanso.

Mwachitsanzo, tiyeni tiwonjeze kuchuluka kwa ma cores ndi kukumbukira kwa seva yathu posintha zikhalidwe zamagawo. seva_vcpus и seva_ram_mb mu file zitsanzo/vpc/server_local_root_disk/main.tf:

-  server_vcpus        = "${var.server_vcpus}"
-  server_ram_mb       = "${var.server_ram_mb}"
+  server_vcpus        = 8
+  server_ram_mb       = 10240

Pambuyo pake, timayang'ana kusintha kotani komwe kungayambitse kugwiritsa ntchito lamulo ili:

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform plan

Zotsatira zake, Terraform adasintha zinthu Openstack_compute_instance_v2 и openstack_compute_flavor_v2.

Chonde dziwani kuti izi ziphatikiza kuyambiranso makina omwe adapangidwa.

Kuti mugwiritse ntchito makina atsopano, gwiritsani ntchito lamulo terraform ntchito, zomwe taziyambitsa kale.

Zinthu zonse zomwe zidapangidwa zidzawonetsedwa Zithunzi za VPC:

mu wathu mwachitsanzo nkhokwe Mutha kuwonanso ziwonetsero zopanga makina enieni okhala ndi ma drive a network.

Chitsanzo chopanga gulu la Kubernetes

Tisanapitirire ku chitsanzo chotsatira, tidzayeretsa zinthu zomwe tinapanga poyamba. Kuchita izi muzu wa polojekiti terraform-zitsanzo/zitsanzo/vpc/server_local_root_disk Tiyeni tiyendetse lamulo lochotsa zinthu za OpenStack:

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform destroy -target=module.server_local_root_disk

Kenako yendetsani lamulo kuti muchotse zinthu za Selectel VPC API:

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform destroy -target=module.project_with_user

Muzochitika zonsezi, muyenera kutsimikizira kufufutidwa kwa zinthu zonse:

Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.

Enter a value: yes

Chitsanzo chotsatira chili m'ndandanda terraform-examples/examples/vpc/kubernetes_cluster.

Chitsanzochi chimapanga pulojekiti, wogwiritsa ntchito ntchitoyo, ndikukweza gulu limodzi la Kubernetes. Mu fayilo anthu.tf mutha kuwona zikhalidwe zosasinthika, monga kuchuluka kwa ma node, mawonekedwe awo, mtundu wa Kubernetes, ndi zina.

Kuti tipange zothandizira zofanana ndi chitsanzo choyamba, choyamba tiyamba kuyambitsa ma modules ndikupanga ma modules project_with_userkenako kupanga china chilichonse:

$ terraform init

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform apply -target=module.project_with_user

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform apply

Tisamutsa kupanga ndi kuyang'anira magulu a Kubernetes kudzera mu gawo la OpenStack Magnum. Mutha kudziwa zambiri za momwe mungagwirire ntchito ndi cluster mu imodzi mwazathu nkhani zam'mbuyo, komanso maziko a chidziwitso.

Pokonzekera masango, ma disks ndi makina enieni adzapangidwa ndipo zigawo zonse zofunika zidzayikidwa. Kukonzekera kumatenga pafupifupi mphindi 4, panthawi yomwe Terraform idzawonetsa mauthenga monga:

module.kubernetes_cluster.openstack_containerinfra_cluster_v1.cluster_1: Still creating... (3m0s elapsed)

Kukhazikitsa kukamaliza, Terraform iwonetsa kuti gululi lakonzeka ndikuwonetsa ID yake:

module.kubernetes_cluster.openstack_containerinfra_cluster_v1.cluster_1: Creation complete after 4m20s (ID: 3c8...)

Apply complete! Resources: 6 added, 0 changed, 0 destroyed.

Kuwongolera gulu la Kubernetes lopangidwa kudzera muzothandizira kubctl muyenera kupeza cluster access file. Kuti muchite izi, pitani ku polojekiti yomwe idapangidwa kudzera mu Terraform pamndandanda wama projekiti mu akaunti yanu:

Kenako, kutsatira ulalo ngati xxxxx.selvpc.ruzomwe zikuwoneka pansipa dzina la polojekiti:

Kuti mudziwe zambiri zolowera, gwiritsani ntchito dzina lolowera ndi mawu achinsinsi omwe mudapanga kudzera pa Terraform. Ngati simunabere anthu.tf kapena chachikulu.tf chitsanzo chathu, wosuta adzakhala ndi dzina tf_user. Muyenera kugwiritsa ntchito mtengo wakusintha ngati mawu achinsinsi TF_VAR_user_password, zomwe zidafotokozedwa poyambira terraform ntchito kale.

M'kati mwa polojekiti muyenera kupita ku tabu Kubernetes:

Apa ndipamene gulu lopangidwa kudzera pa Terraform lili. Tsitsani fayilo ya kubctl mukhoza pa "Access" tabu:

Malangizo oyika ali pa tabu yomweyi. kubctl ndi kugwiritsa ntchito zomwe zidatsitsidwa config.yaml.

Pambuyo poyambitsa kubctl ndi kukhazikitsa kusintha kwa chilengedwe KUBECONFIG mungagwiritse ntchito Kubernetes:

$ kubectl get pods --all-namespaces

NAMESPACE        NAME                                    READY  STATUS  RESTARTS AGE
kube-system   coredns-9578f5c87-g6bjf                      1/1   Running   0 8m
kube-system   coredns-9578f5c87-rvkgd                     1/1   Running   0 6m
kube-system   heapster-866fcbc879-b6998                 1/1   Running   0 8m
kube-system   kube-dns-autoscaler-689688988f-8cxhf             1/1   Running   0 8m
kube-system   kubernetes-dashboard-7bdb5d4cd7-jcjq9          1/1   Running   0 8m
kube-system   monitoring-grafana-84c97bb64d-tc64b               1/1   Running   0 8m
kube-system   monitoring-influxdb-7c8ccc75c6-dzk5f                1/1   Running   0 8m
kube-system   node-exporter-tf-cluster-rz6nggvs4va7-minion-0 1/1   Running   0 8m
kube-system   node-exporter-tf-cluster-rz6nggvs4va7-minion-1 1/1   Running   0 8m
kube-system   openstack-cloud-controller-manager-8vrmp        1/1   Running   3 8m
prometeus-monitoring   grafana-76bcb7ffb8-4tm7t       1/1   Running   0 8m
prometeus-monitoring   prometheus-75cdd77c5c-w29gb           1/1   Running   0 8m

Chiwerengero cha ma cluster node chingasinthidwe mosavuta kudzera pa Terraform.
Mu fayilo chachikulu.tf mtengo wotsatira watchulidwa:

cluster_node_count = "${var.cluster_node_count}"

Mtengo uwu wasinthidwa kuchokera anthu.tf:

variable "cluster_node_count" {
default = 2
}

Mutha kusintha mtengo wokhazikika mu anthu.tf, kapena tchulani mtengo wofunikira mwachindunji chachikulu.tf:

-  cluster_node_count = "${var.cluster_node_count}"
+  cluster_node_count = 3

Kuti mugwiritse ntchito zosintha, monga momwe zilili ndi chitsanzo choyamba, gwiritsani ntchito lamulo terraform ntchito:

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform apply

Chiwerengero cha node chikasintha, gululo likhala likupezeka. Mukawonjezera node kudzera pa Terraform, mutha kuyigwiritsa ntchito popanda kusintha kwina:

$ kubectl get nodes
NAME                               STATUS                     ROLES     AGE   VERSION
tf-cluster-rz6nggvs4va7-master-0   Ready,SchedulingDisabled   master    8m    v1.12.4
tf-cluster-rz6nggvs4va7-minion-0   Ready                      <none>    8m    v1.12.4
tf-cluster-rz6nggvs4va7-minion-1   Ready                      <none>    8m    v1.12.4
tf-cluster-rz6nggvs4va7-minion-2   Ready                      <none>    3m    v1.12.4

Pomaliza

M'nkhaniyi tadziwa njira zazikulu zogwirira ntchito "Virtual Private Cloud" kudzera pa Terraform. Tidzakhala okondwa ngati mutagwiritsa ntchito ovomerezeka a Selectel Terraform ndikupereka ndemanga.

Nsikidzi zilizonse zopezeka mu Selectel Terraform zoperekera zitha kunenedwa kudzera Mavuto a Github.

Source: www.habr.com

Wopereka Terraform Selectel