Ngatitarisei mashoma mashoma, kusanganisira ayo ane hukama nezvishwe, kana zvirevo uye matekiniki ekutumira, pamwe nezvimwe zvinhu zvakajairika zvinobata Terraform kazhinji:
- iyo kuverenga uye ye_yega paramita ine painogumira;
- kuderedza zero downtime deployments;
- kunyange chirongwa chakanaka chinogona kukundikana;
- refactoring inogona kuva nemisungo yayo;
- kuwiriraniswa kwakamisikidzwa kunopindirana... nedeferral.
Iyo kuverenga uye ye_yega yega paramita ine painogumira
Mienzaniso iri muchitsauko chino inoshandisa zvakanyanya nhamba yekuverenga uye ye_yega yekutaura muzvishwe uye zvine chirevo. Vanoita zvakanaka, asi vane zvipimo zviviri zvakakosha zvaunofanira kuziva.
- Verenga uye ye_imwe neimwe haigone kureva chero zviwanikwa zvinobuda zvinosiyana.
- count uye ye_imwe neimwe haigone kushandiswa mukugadzirisa module.
count uye ye_imwe neimwe haigone kureva chero zviwanikwa zvinobuda zvakasiyana
Fungidzira iwe unofanirwa kuendesa akati wandei EC2 maseva uye nekuda kwechimwe chikonzero iwe haudi kushandisa ASG. Kodhi yako inogona kuita seizvi:
resource "aws_instance" "example_1" {
count = 3
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
}
Ngativatarisei mumwe nemumwe.
Sezvo iyo count parameter yakaiswa kune static value, iyi kodhi ichashanda pasina matambudziko: kana iwe uchimhanyisa application command, ichagadzira matatu EC2 maseva. Asi ko kana iwe waida kuendesa sevha imwe mune yega yega Inowanikwa Zone (AZ) mukati meyazvino AWS dunhu? Iwe unogona kuita kuti kodhi yako itakure runyoro rwenzvimbo kubva kune aws_availability_zones data sosi uye wobva wapfuura neimwe neimwe uye wogadzira EC2 sevha mairi uchishandisa kuverenga parameter uye array index yekuwana:
resource "aws_instance" "example_2" {
count = length(data.aws_availability_zones.all.names)
availability_zone = data.aws_availability_zones.all.names[count.index]
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
}
data "aws_availability_zones" "all" {}Iyi kodhi ichashandawo zvakanaka, sezvo iyo parameter yekuverenga inogona kureva masosi data pasina matambudziko. Asi chii chinoitika kana huwandu hwemaseva aunoda kugadzira hunoenderana nekubuda kweimwe sosi? Kuratidza izvi, nzira iri nyore ndeyekushandisa iyo random_integer sosi, iyo, sezita rinoratidza, inodzosera isina kurongeka nhamba:
resource "random_integer" "num_instances" {
min = 1
max = 3
}Kodhi iyi inoburitsa nhamba isina kurongeka pakati pa 1 na 3. Ngationei zvinoitika kana tikaedza kushandisa zvinobuda zvechipo ichi mukuverenga parameter yeaws_instance resource:
resource "aws_instance" "example_3" {
count = random_integer.num_instances.result
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
}Kana iwe uchimhanyisa chirongwa cheterraform pane iyi kodhi, iwe unowana inotevera kukanganisa:
Error: Invalid count argument
on main.tf line 30, in resource "aws_instance" "example_3":
30: count = random_integer.num_instances.result
The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only the resources that the count depends on.Terraform inoda kuti kuverenga uye kwe_imwe neimwe iverengerwe panguva yekuronga, chero zviwanikwa zvisati zvagadzirwa kana kugadziridzwa. Izvi zvinoreva kuti kuverenga uye kwe_imwe neimwe inogona kureva zvinyorwa, zvinosiyana, zvinyorwa zvedata, uye kunyange zvinyorwa zvezviwanikwa (chero kureba kwavo kuchigona kutsanangurwa panguva yekuronga), asi kwete kuverengera zviwanikwa zvinobuda.
count uye ye_imwe neimwe haigone kushandiswa mukugadzirisa module
Rimwe zuva unogona kuedzwa kuwedzera kuverenga parameter kune yako module kumisikidza:
module "count_example" {
source = "../../../../modules/services/webserver-cluster"
count = 3
cluster_name = "terraform-up-and-running-example"
server_port = 8080
instance_type = "t2.micro"
}Iyi kodhi inoedza kushandisa kuverenga mukati memodule kugadzira makopi matatu eiyo webserver-cluster resource. Kana kuti ungada kugadzira kubatanidza moduru ingasarudze zvichibva pane imwe mamiriro eBoolean nekuisa kuverenga kwayo parameter kusvika 0. Izvi zvingaite senge code inonzwisisika, asi uchawana kukanganisa uku paunenge uchimhanyisa terraform plan:
Error: Reserved argument name in module block
on main.tf line 13, in module "count_example":
13: count = 3
The name "count" is reserved for use in a future version of Terraform.Sezvineiwo, kubva paTerraform 0.12.6, kushandisa kuverenga kana ku_imwe neimwe mune module haitsigirwe. Zvinoenderana neTerraform 0.12 yekuburitsa manotsi (http://bit.ly/3257bv4), HashiCorp inoronga kuwedzera iyi kugona mune ramangwana, saka zvichienderana nekuti iwe paunoverenga bhuku rino, rinogona kunge riripo. Kuti uwane chokwadi, .
Kuganhurirwa kweZero Downtime Deployments
Kushandisa iyo create_before_destroy block yakabatana neASG ndiyo mhinduro huru yekugadzira zero-downtime deployments, kunze kwekavha imwe chete: autoscaling mitemo haitsigirwe. Kana kuti kunyatsojeka, izvi zvinogadzirisa saizi yeASG kudzokera ku min_size pane zvese zvinotumirwa, zvinogona kuve dambudziko kana wanga uchishandisa autoscaling mitemo yekuwedzera nhamba yemaseva ari kumhanya.
Semuenzaniso, iyo webserver-cluster module ine peya yeaws_autoscaling_schedule zviwanikwa, iyo pa9 am inowedzera nhamba yemaseva musumbu kubva maviri kusvika gumi. Kana iwe ukaenda, taura, 11 am, iyo ASG nyowani ichatanga nemaseva maviri chete pane gumi uye irambe yakadaro kusvika 9 am zuva rinotevera.
Kuganhurirwa uku kunogona kudziviswa nenzira dzinoverengeka.
- Shandura iyo recurrence parameter mu aws_autoscaling_schedule kubva pa0 9 * * * ("mhanya na9 am") kuenda kune chimwe chinhu senge 0-59 9-17 * * * ("mhanya maminetsi ese kubva 9 am kusvika 5 pm"). Kana ASG yatove nemaseva gumi, kumhanyisa iyi autoscaling mutemo zvakare hakuzoshandure chero chinhu, ndizvo zvatinoda. Asi kana iyo ASG ichangobva kuiswa, mutemo uyu uchaona kuti muhuwandu hweminiti huwandu hwemaseva ayo huchasvika gumi. Iyi haisi nzira yakanakisa, uye kusvetuka kukuru kubva gumi kusvika kumasevha maviri uye kumashure kunogona kukonzera matambudziko kune vashandisi.
- Gadzira chinyorwa chetsika chinoshandisa iyo AWS API kuona huwandu hwemaseva anoshanda muASG, idaidze uchishandisa yekunze data sosi (ona "External Data Source" papeji 249), uye isa iyo ASG's inodiwa_capacity parameter kune kukosha kwakadzoserwa ne. script. Nenzira iyi, imwe neimwe itsva ASG muenzaniso inogara ichimhanya pachiyero chakafanana neiyo iripo Terraform kodhi uye inoita kuti zvinyanye kuoma kuchengetedza.
Ehe, Terraform ingadai yakavaka-murutsigiro rwe zero-downtime deployments, asi kubva muna Chivabvu 2019, timu yeHashiCorp yanga isina hurongwa hwekuwedzera basa iri ().
Hurongwa chaihwo hunogona kusaitwa zvisina kubudirira
Dzimwe nguva chirongwa chekuraira chinoburitsa chirongwa chakanyatsorongeka chekuendesa, asi iyo application command inodzosa kukanganisa. Edza, semuenzaniso, kuwedzera iyo aws_iam_user resource ine zita rimwechete rawakashandisa kune IAM mushandisi wawakagadzira pakutanga muChitsauko 2:
resource "aws_iam_user" "existing_user" {
# ΠΠΎΠ΄ΡΡΠ°Π²ΡΡΠ΅ ΡΡΠ΄Π° ΠΈΠΌΡ ΡΠΆΠ΅ ΡΡΡΠ΅ΡΡΠ²ΡΡΡΠ΅Π³ΠΎ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ IAM,
# ΡΡΠΎΠ±Ρ ΠΏΠΎΠΏΡΠ°ΠΊΡΠΈΠΊΠΎΠ²Π°ΡΡΡΡ Π² ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠΈ ΠΊΠΎΠΌΠ°Π½Π΄Ρ terraform import
name = "yevgeniy.brikman"
}Zvino, kana iwe ukamhanyisa chirongwa chekuraira, Terraform inoburitsa inoita senge ine musoro kuendesa hurongwa:
Terraform will perform the following actions:
# aws_iam_user.existing_user will be created
+ resource "aws_iam_user" "existing_user" {
+ arn = (known after apply)
+ force_destroy = false
+ id = (known after apply)
+ name = "yevgeniy.brikman"
+ path = "/"
+ unique_id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.Kana iwe ukamhanyisa application command iwe unowana inotevera kukanganisa:
Error: Error creating IAM User yevgeniy.brikman: EntityAlreadyExists:
User with name yevgeniy.brikman already exists.
on main.tf line 10, in resource "aws_iam_user" "existing_user":
10: resource "aws_iam_user" "existing_user" {Dambudziko, hongu, nderekuti mushandisi weIAM ane zita iroro atovepo. Uye izvi zvinogona kuitika kwete kune vashandisi veIAM chete, asi kune chero zviwanikwa. Zvinogoneka kuti mumwe munhu akagadzira sosi iyi nemawoko kana kushandisa mutsara wekuraira, asi chero nzira, kufananidza maID kunotungamira kumakakatanwa. Kune misiyano yakawanda yekukanganisa uku iyo inowanzobata vatsva kuTerraform nekushamisika.
Chinhu chakakosha ndechekuti iyo terraform chirongwa chekuraira chinongofunga izvo zviwanikwa zvinotsanangurwa muTerraform state file. Kana zviwanikwa zvakaitwa neimwe nzira (semuenzaniso, nemaoko nekudzvanya muAWS koni), hazvizogumire mufaira rehurumende uye saka Terraform haizozvifungidzire pakuita chirongwa chekuraira. Nekuda kweizvozvo, hurongwa hunoratidzika kunge hwakarurama pakutanga huchave husina kubudirira.
Pane zvidzidzo zviviri zvinodzidzwa kubva pane izvi.
- Kana iwe watotanga kushanda neTerraform, usashandise chero chimwe chinhu. Kana chikamu chezvivakwa zvako chichidzorwa uchishandisa Terraform, hauchakwanise kuchigadzirisa nemaoko. Zvikasadaro, hausi kungoisa njodzi yekukanganisa Terraform zvikanganiso, asi zvakare unofuratira akawanda mabhenefiti eIaC sezvo iyo kodhi haichazove inomiririra chaiyo yezvivakwa zvako.
- Kana iwe uchitova nezvimwe zvivakwa, shandisa iyo import command. Kana uri kutanga kushandisa Terraform ine zvivakwa zviripo, unogona kuiwedzera kufaira rehurumende uchishandisa terraform import command. Nenzira iyi Terraform inoziva izvo zvivakwa zvinoda kutarisirwa. Murairo wekutumira unotora nharo mbiri. Yekutanga ndiyo kero yekushandisa mumafaira ako ekugadzirisa. Syntax iri pano yakafanana neyezvishandiso zvinongedzo: _. (senge aws_iam_user.exist_user). Nharo yechipiri iID yechishandiso chichapinzwa kunze kwenyika. Ngatitii resource ID aws_iam_user izita remushandisi (semuenzaniso, yevgeniy.brikman), uye resource ID aws_instance ndiyo EC2 server ID (senge i-190e22e5). Maitiro ekuunza kunze chiwanikwa anowanzo kuratidzwa mune zvinyorwa pazasi peji rayo.
Pazasi pane murairo wekutumira unowiriranisa aws_iam_user sosi yawakawedzera kune yako Terraform kumisikidzwa pamwe nemushandisi weIAM muChitsauko 2 (kutsiva zita rako yevgeniy.brikman, hongu):
$ terraform import aws_iam_user.existing_user yevgeniy.brikmanTerraform ichafonera iyo AWS API kuti iwane yako IAM mushandisi uye gadzira nyika faira kushamwaridzana pakati payo neaws_iam_user.existing_user sosi mukugadziriswa kwako kweTerraform. Kubva zvino zvichienda mberi, paunomhanyisa chirongwa chekuraira, Terraform inoziva kuti mushandisi weIAM atovepo uye haazoedzi kuigadzira zvakare.
Izvo zvakakosha kutarisa kuti kana iwe uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinyora kodhi Saka zvakafanira kutarisa muchishandiso chakaita seTerraforming (http://terraforming.dtan4.net/), iyo inogona kupinza kodhi uye mamiriro kubva kuaccount yako yeAWS.
Refactoring inogona kuva nemisungo yayo
Refactoring chiitiko chakajairika mukuronga kwaunoshandura chimiro chemukati chekodhi uchisiya maitiro ekunze asina kuchinjika. Izvi ndezvekuita kuti kodhi ive yakajeka, yakachena, uye nyore kuchengetedza. Refactoring inzira inokosha inofanira kushandiswa nguva dzose. Asi kana zvasvika kune Terraform kana chero imwe IaC chishandiso, iwe unofanirwa kungwarira zvakanyanya pamusoro pezvaunoreva ne "maitiro ekunze" echidimbu chekodhi, zvikasadaro matambudziko asingatarisirwe anomuka.
Semuyenzaniso, yakajairika mhando refactoring kutsiva mazita akasiyana kana mabasa nemamwe anonzwisisika. MaIDE mazhinji ane akavakirwa-mukati tsigiro yekudzokorodza uye anogona otomatiki kutumidza akasiyana uye mabasa mukati meprojekiti. Mumitauro-yechinangwa chekugadzirisa mitauro, iyi inzira diki yaungasafunga nezvayo, asi muTerraform unofanirwa kungwarira zvakanyanya neizvi, zvikasadaro unogona kusangana nekudzima.
Semuyenzaniso, iyo webserver-cluster module ine yekuisa inosiyana cluster_name:
variable "cluster_name" { description = "The name to use for all the cluster resources" type = string }Fungidzira kuti watanga kushandisa module iyi kuendesa microservice inonzi foo. Gare gare, iwe unoda kutumidza zita rako sevhisi kuti bar. Shanduko iyi ingaite sediki, asi muchokwadi inogona kukonzera kukanganisa kwesevhisi.
Icho chokwadi ndechekuti iyo webserver-cluster module inoshandisa iyo cluster_name kusiyanisa mune akati wandei zviwanikwa, kusanganisira zita parameter yemapoka maviri ekuchengetedza uye ALB:
resource "aws_lb" "example" { name = var.cluster_name load_balancer_type = "application" subnets = data.aws_subnet_ids.default.ids security_groups = [aws_security_group.alb.id] }Kana iwe ukachinja zita paramende pane sosi, Terraform inodzima iyo yekare vhezheni yeiyo sosi uye kugadzira imwe nyowani panzvimbo yayo. Asi kana iyo sosi iri ALB, pakati pekuidzima uye kudhawunirodha vhezheni itsva, hauzove nemuchina wekudzosera traffic kune yako webhu server. Saizvozvo, kana boka rekuchengetedza radzimwa, maseva ako anozotanga kuramba chero network traffic kudzamara boka idzva ragadzirwa.
Imwe mhando ye refactoring iwe yaungafarira ndeye kushandura iyo Terraform ID. Ngatitorei aws_security_group resource muwebserver-cluster module semuenzaniso:
resource "aws_security_group" "instance" { # (...) }Chiziviso chechinhu ichi chinonzi muenzaniso. Fungidzira kuti panguva yekudzokorodza iwe wafunga kuishandura kune inonzwisisika (mumaonero ako) zita cluster_instance:
resource "aws_security_group" "cluster_instance" { # (...) }Chii chichaitika pakupedzisira? Ndizvozvo: kukanganisa.
Terraform inosanganisa yega yega sosi ID neiyo Cloud provider ID. Semuenzaniso, iam_user inosanganiswa neAWS IAM mushandisi ID, uye aws_instance inodyidzana neAWS EC2 server ID. Kana iwe ukachinja iyo ID yekushandisa (taura kubva semuenzaniso kuenda ku cluster_instance, sezvazvinoita neaws_security_group), kuenda kuTerraform ichaita sekunge wadzima sosi yekare uye wowedzera imwe nyowani. Kana iwe ukashandisa shanduko idzi, Terraform inodzima boka rekare rekuchengetedza uye kugadzira imwe nyowani, nepo maseva ako achitanga kuramba chero network traffic.
Hezvino zvidzidzo zvina zvakakosha zvaunofanira kutora kubva munhaurirano iyi.
- Nguva dzose shandisa chirongwa chekuraira. Inogona kuburitsa zvese izvi snags. Ongorora zvayakabuda nekungwarira uye teerera kune mamiriro ezvinhu apo Terraform inoronga kudzima zviwanikwa izvo zvisingafanirwe kubviswa.
- Gadzira usati wadzima. Kana iwe uchida kutsiva sosi, nyatso funga nezve kana iwe uchida kugadzira yekutsiva usati wadzima yekutanga. Kana mhinduro iri hongu, create_before_destroy inogona kubatsira. Mhedzisiro imwechete inogona kuwanikwa nemaoko nekuita nhanho mbiri: tanga wawedzera sosi nyowani pakugadzirisa uye womhanya iyo application command, wozobvisa iyo yekare sosi kubva mukugadziriswa uye shandisa iyo application command zvakare.
- Kushandura zviziviso zvinoda kuchinja mamiriro. Kana iwe uchida kushandura ID yakabatana nechishandiso (semuenzaniso, renamezve aws_security_group kubva semuenzaniso kuenda ku-cluster_instance) usina kudzima sosi uye kugadzira imwe vhezheni yayo, unofanirwa kugadzirisa iyo Terraform state faira zvinoenderana. Usambofa waita izvi nemaoko - shandisa iyo terraform state command panzvimbo. Paunenge uchitumidza mazita ekuzivikanwa, iwe unofanirwa kumhanya iyo terraform state mv command, ine inotevera syntax:
terraform state mv <ORIGINAL_REFERENCE> <NEW_REFERENCE>ORIGINAL_REFERENCE chirevo chinoreva zviwanikwa zviri muchimiro chazvino, uye NEW_REFERENCE ndipo paunoda kuzvifambisa. Semuenzaniso, kana uchitumidza zita rekuti aws_security_group boka kubva pamuenzaniso kuenda ku-cluster_instance, unofanirwa kumhanyisa unotevera kuraira:
$ terraform state mv aws_security_group.instance aws_security_group.cluster_instanceIzvi zvinoudza Terraform kuti nyika yaimbove nechekuita neaws_security_group.instance inofanira kudyidzana neaws_security_group.cluster_instance. Kana mushure mekutumidza uye nekumhanyisa iyi yekuraira terraform chirongwa isingaratidze chero shanduko, saka wakaita zvese nemazvo.
- Mamwe magadzirirwo haagone kuchinjwa. Izvo zviyero zvezviwanikwa zvakawanda hazvichinji. Kana iwe ukaedza kuvashandura, Terraform inodzima iyo yekare sosi uye kugadzira imwe nyowani panzvimbo yayo. Peji rega rega rekushandisa rinowanzo ratidza zvinoitika kana iwe ukachinja imwe marongero, saka ita chokwadi chekutarisa zvinyorwa. Gara shandisa iyo chirongwa chekuraira uye funga kushandisa iyo create_before_destroy zano.
Deferred consistency inowirirana... nedeferral
Mamwe maAPI evanopa makore, akadai seAWS, ane asynchronous uye akanonoka kuenderana. Asynchrony zvinoreva kuti iyo interface inogona kudzorera mhinduro pasina kumirira kuti chiito chakakumbirwa chipere. Kunonoka kuenderana kunoreva kuti shanduko dzinogona kutora nguva kupararira muhurongwa hwese; apo izvi zviri kuitika, mhinduro dzako dzinogona kunge dzisingaenderane uye zvinoenderana nekuti ndeipi data sosi replica iri kudaira kune yako API mafoni.
Fungidzira, semuenzaniso, kuti iwe unofonera API kuAWS uchiikumbira kuti igadzire EC2 server. Iyo API ichadzorera "yakabudirira" mhinduro (201 Yakagadzirwa) kanenge ipapo, pasina kumirira kuti sevha pachayo igadzirwe. Kana iwe ukaedza kubatanidza kwairi ipapo, inotozokundikana nekuti panguva iyoyo AWS ichiri kutanga zviwanikwa kana, neimwe nzira, sevha haisati yatanga. Uyezve, kana iwe ukaita imwe kufona kuti uwane ruzivo nezve server iyi, unogona kugamuchira kukanganisa (404 Haina Kuwanikwa). Chinhu ndechekuti ruzivo nezve iyi EC2 sevha inogona kuramba ichiparadzirwa mukati meAWS isati yave kuwanikwa kwese kwese, uchafanirwa kumirira masekondi mashoma.
Pese paunoshandisa asynchronous API ine usimbe kuenderana, iwe unofanirwa kupota uchiyedza chikumbiro chako kudzamara chiito chapera uye kuparadzira kuburikidza nehurongwa. Nehurombo, iyo AWS SDK haipe chero maturusi akanaka eizvi, uye chirongwa cheTerraform chaishandiswa kutambura netsikidzi zhinji se6813 (https://github.com/hashicorp/terraform/issues/6813):
$ terraform apply aws_subnet.private-persistence.2: InvalidSubnetID.NotFound: The subnet ID 'subnet-xxxxxxx' does not existMune mamwe mazwi, iwe unogadzira sosi (senge subnet) uye woedza kuwana rumwe ruzivo nezvayo (seID yeiyo ichangobva kugadzirwa subnet), uye Terraform haigone kuiwana. Mazhinji emabhugi aya (kusanganisira 6813) akagadziriswa, asi achiri kurima nguva nenguva, kunyanya kana Terraform ichiwedzera rutsigiro rwemhando nyowani yekushandisa. Izvi zvinogumbura, asi kazhinji hazvikonzeri kukuvadza. Paunomhanya terraform shandisa zvakare, zvese zvinofanirwa kushanda, nekuti panguva ino ruzivo runenge rwatopararira muhurongwa.
Ichi chinyorwa chinoratidzwa kubva mubhuku raEvgeniy Brikman .
Source: www.habr.com