🥇Terraform mupi Selectel

Tatangisa mupi weTerraform wepamutemo wekushanda naSelectel. Ichi chigadzirwa chinobvumira vashandisi kuita zvizere manejimendi ezviwanikwa kuburikidza neiyo Infrastructure-se-code methodology.

Iye zvino mupi anotsigira sevhisi resource management "Virtual private cloud" (inozonzi VPC). Mune ramangwana, isu tinoronga kuwedzera zviwanikwa manejimendi kune mamwe masevhisi anopihwa naSelectel.

Sezvaunotoziva iwe, iyo VPC sevhisi yakavakirwa paOpenStack. Nekudaro, nekuda kwekuti OpenStack haipe maturusi ekuzvarwa ekushandira gore reruzhinji, isu takashandisa iyo isipo museti yemamwe maAPI ayo anorerutsa manejimendi ezvakaomesesa zvinhu zvinoumbwa uye kuita kuti basa rive nyore. Kumwe kwekushanda kunowanikwa muOpenStack kwakavharwa kubva kushandiswa kwakananga, asi kunowanikwa kuburikidza yedu API.

Iyo Selectel Terraform inopa ikozvino inosanganisira kugona kubata zvinotevera VPC zviwanikwa:

mapurojekiti uye quotas dzawo;
vashandisi, mabasa avo uye zviratidzo;
ruzhinji subnets, kusanganisira mhiri-regional uye VRRP;
software marezinesi.

Iye anopa anoshandisa yedu yeruzhinji Go raibhurari kushanda neVPC API. Ose ari maviri raibhurari uye mupi wacho pachawo akavhurika-sosi, kusimudzira kwavo kunoitwa paGithub:

raibhurari repository Go-selvpcclient,
provider repository Terraform-mupi Selectel.

Kugadzirisa zvimwe zviwanikwa zvegore, senge mashini chaiwo, madhisiki, Kubernetes masumbu, unogona kushandisa OpenStack Terraform mupi. Zvinyorwa zvepamutemo zvevapi vese vari vaviri zvinowanika pane zvinotevera zvinongedzo:

Selectel resource zvinyorwa: Terraform-mupi Selectel,
OpenStack zvinyorwa zvinyorwa: Terraform-mupi OpenStack.

kutanga

Kuti utange, unofanirwa kuisa Terraform (mirayiridzo uye zvinongedzo zvekuisa mapakeji zvinogona kuwanikwa pa website yepamutemo).

Kuti ushande, mupi anoda kiyi yeSelectel API, inogadzirwa mukati account control panels.

Manifest ekushanda neSelectel anogadzirwa uchishandisa Terraform kana kushandisa seti yeakagadzirira-yakagadzirwa mienzaniso inowanikwa mune yedu Github repository: terraform-mienzaniso.

Iyo repository ine mienzaniso yakakamurwa kuita madhairekitori maviri:

modules, ine madiki ekugadzirisa mamodules anotora seti yeparameter seyekupinza uye kugadzirisa diki seti yezviwanikwa;
mienzaniso, ine mienzaniso yeseti yakakwana yemamodule akabatana.

Mushure mekuisa Terraform, kugadzira kiyi yeSelectel API uye kujairana nemienzaniso, ngatiendererei kune inoshanda mienzaniso.

Muenzaniso wekugadzira sevha ine disk yemunharaunda

Ngatitarisei muenzaniso wekugadzira purojekiti, mushandisi ane basa uye muchina chaiwo ane dhisiki renzvimbo: terraform-examples/examples/vpc/server_local_root_disk.

Mufaira vars.tf ese ma paramita anozo shandiswa pakufona ma module anotsanangurwa. Vamwe vavo vane default tsika, semuenzaniso, sevha ichagadzirwa munharaunda ru-3a ne configuration inotevera:

variable "server_vcpus" {
default = 4
}

variable "server_ram_mb" {
default = 8192
}

variable "server_root_disk_gb" {
default = 8
}

variable "server_image_name" {
default = "Ubuntu 18.04 LTS 64-bit"
}

Mufaira main.tf Iyo Selectel mupi inotangwa:

provider "selectel" {
token    = "${var.sel_token}"
}

Iri faira rinewo kukosha kweiyo SSH kiyi inozoiswa pane server:

module "server_local_root_disk" {
...
server_ssh_key      = "${file("~/.ssh/id_rsa.pub")}"
}

Kana zvichidikanwa, unogona kutsanangura kiyi yeruzhinji yakasiyana. Kiyi haifanire kutsanangurwa senzira yefaira; iwe unogona zvakare kuwedzera kukosha setambo.

Kuwedzera mune iyi faira ma modules anotangwa project_ne_mushandisi и server_local_root_disk, iyo inotarisira zviwanikwa zvinodiwa.

Ngatitarisei mamodule aya mune zvakadzama.

Kugadzira chirongwa uye mushandisi ane basa

Yekutanga module inogadzira purojekiti uye mushandisi ane basa mupurojekiti iyoyo: terraform-examples/modules/vpc/project_with_user.

Mushandisi akagadzirwa achakwanisa kupinda muOpenStack uye kugadzirisa zviwanikwa zvayo. Iyo module iri nyore uye inongobata matatu chete masangano:

selectel_vpc_project_v2,
selectel_vpc_user_v2,
selectel_vpc_role_v2.

Kugadzira sevha chaiyo ine disk yemunharaunda

Yechipiri module inobata nekugadzirisa OpenStack zvinhu, izvo zvinodiwa kugadzira sevha ine dhisiki yemunharaunda.

Iwe unofanirwa kuterera kune dzimwe nharo dzakatsanangurwa mune ino module kune sosi openstack_compute_instance_v2:

resource "openstack_compute_instance_v2" "instance_1" {
  ...

  lifecycle {
    ignore_changes = ["image_id"]
  }

  vendor_options {
    ignore_resize_confirmation = true
  }
}

Kupokana ignore_changes inobvumidza iwe kusafuratira shanduko yehunhu id yemufananidzo wakashandiswa kugadzira iyo virtual muchina. Mubasa reVPC, mifananidzo yakawanda yeruzhinji inovandudzwa otomatiki kamwe pasvondo uye panguva imwe chete yavo id zvakare shanduko. Izvi zvinokonzerwa nehunhu hweOpenStack chikamu - Glance, umo mapikicha anoonekwa seasingashanduke masangano.

Kana iwe uri kugadzira kana kugadzirisa iripo sevha kana dhisiki ine nharo image_id inoshandiswa ne id mufananidzo weruzhinji, zvino mushure mekunge mufananidzo iwoyo wagadziridzwa, kumhanya iyo Terraform manifest zvakare ichagadzirazve sevha kana dhisiki. Kushandisa nharo ignore_changes inokubvumira kuti udzivise mamiriro ezvinhu akadaro.

Cherechedza: nharo ignore_changes yakaonekwa muTerraform nguva refu yapfuura: dhonza#2525.

Kupokana ignore_resize_confirmation inodiwa kubudirira kugadzirisa dhisiki remunharaunda, cores, kana server memory. Shanduko dzakadai dzinoitwa kuburikidza neiyo OpenStack Nova chikamu uchishandisa chikumbiro resize. Default Nova mushure mekukumbira resize inoisa sevha muchimiro verify_resize uye inomirira imwe simbiso kubva kumushandisi. Zvisinei, maitiro aya anogona kuchinjwa kuitira kuti Nova arege kumirira mamwe zviito kubva kumushandisi.

Iyo nharo yakatsanangurwa inobvumira Terraform kuti isamirire chimiro verify_resize kune sevha uye gadzirira kuti sevha ive munzvimbo inoshanda mushure mekuchinja ma paramita ayo. Iyo nharo inowanikwa kubva muvhezheni 1.10.0 yeOpenStack Terraform mupi: dhonza#422.

Kugadzira Zvishandiso

Usati wamhanyisa mamanifesiti, ndapota cherechedza kuti mumuenzaniso wedu, vaviri vakasiyana vanotangwa, uye OpenStack mupi zvinoenderana nezviwanikwa zvemupi weSelectel, sezvo pasina kugadzira mushandisi mupurojekiti, hazvigoneke kutonga zvinhu zvayo. . Nehurombo, nekuda kwechikonzero chimwe chete isu hatigone kungomhanyisa kuraira terraform inoshandiswa mumuenzaniso wedu. Tinofanira kutanga kuita apply zve module project_ne_mushandisi uye shure kwaizvozvo kune zvimwe zvese.

Cherechedza: Nyaya iyi haisati yagadziriswa muTerraform, unogona kutevera nhaurirano paGithub pa nyaya#2430 и nyaya#4149.

Kuti ugadzire zviwanikwa, enda kune dhairekitori terraform-examples/examples/vpc/server_local_root_disk, zviri mukati maro zvinofanira kuva seizvi:

$ ls
README.md	   main.tf		vars.tf

Isu tinotanga ma modules tichishandisa murairo:

$ terraform init

Izvo zvinobuda zvinoratidza kuti Terraform inodhawunirodha yazvino vhezheni yevanopa iyo yainoshandisa uye inotarisa ese mamodule anotsanangurwa mumuenzaniso.

Kutanga ngatishandise module project_ne_mushandisi. Izvi zvinoda nemaoko kupfuudza kukosha kune akasiyana-siyana asina kusetwa:

sel_account nenhamba yako yeSelectel account;
sel_token nekiyi yako yeSelectel API;
mushandisi_password ine password yemushandisi weOpenStack.

Iko kukosha kwemaviri ekutanga akasiyana anofanira kutorwa kubva control panels.

Kune yekupedzisira kusiyanisa, unogona kuuya nechero password.

Kuti ushandise module, iwe unofanirwa kutsiva kukosha SEL_ACCOUNT, SEL_TOKEN и USER_PASSWORD kumhanya murairo:

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform apply -target=module.project_with_user

Mushure mekuita murairo, Terraform icharatidza kuti ndezvipi zviwanikwa zvainoda kugadzira uye kukumbira kusimbiswa:

Plan: 3 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.

Enter a value: yes

Kana purojekiti, mushandisi uye basa zvagadzirwa, unogona kutanga kugadzira zviwanikwa zvasara:

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform apply

Paunenge uchigadzira zviwanikwa, teerera kune Terraform inobuda neiyo yekunze IP kero uko iyo yakagadzirwa sevha ichave inowanikwa:

module.server_local_root_disk.openstack_networking_floatingip_associate_v2.association_1: Creating...
  floating_ip: "" => "x.x.x.x"

Iwe unogona kushanda nemuchina wakagadzirwa chaiwo kuburikidza neSSH uchishandisa iyo yakataurwa IP.

Kugadzirisa Zviwanikwa

Pamusoro pekugadzira zviwanikwa kuburikidza neTerraform, zvinogona zvakare kugadziridzwa.

Semuenzaniso, ngatiwedzere huwandu hwemacores uye ndangariro kune server yedu nekushandura kukosha kweiyo parameter. server_vcpus и server_ram_mb mufaira mienzaniso/vpc/server_local_root_disk/main.tf:

-  server_vcpus        = "${var.server_vcpus}"
-  server_ram_mb       = "${var.server_ram_mb}"
+  server_vcpus        = 8
+  server_ram_mb       = 10240

Mushure meizvi, tinotarisa kuti ndedzipi shanduko inozotungamira pakushandisa murairo unotevera:

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform plan

Nekuda kweizvozvo, Terraform yakaita shanduko yekushandisa openstack_compute_instance_v2 и openstack_compute_flavor_v2.

Ndokumbira utarise kuti izvi zvinoda kudzoreredza iyo yakagadzirwa virtual muchina.

Kuti uise iyo itsva virtual muchina kumisikidzwa, shandisa iwo murairo terraform inoshandiswa, yatakatoparura kare.

Zvese zvakagadzirwa zvinhu zvicharatidzwa mukati VPC control panels:

Mune yedu muenzaniso repositories Iwe unogona zvakare kuona maratidziro ekugadzira chaiwo machina ane network madhiraivha.

Muenzaniso wekugadzira Kubernetes cluster

Tisati taenda kumuenzaniso unotevera, tichachenesa zviwanikwa zvatakagadzira kare. Kuita izvi mumudzi weprojekti terraform-examples/examples/vpc/server_local_root_disk Ngatimhanyei murairo wekudzima OpenStack zvinhu:

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform destroy -target=module.server_local_root_disk

Wobva wamhanya kuraira kujekesa Selectel VPC API zvinhu:

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform destroy -target=module.project_with_user

Muzviitiko zvese izvi, iwe uchafanirwa kusimbisa kudzima kwezvinhu zvese:

Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.

Enter a value: yes

Muenzaniso unotevera uri mudhairekitori terraform-examples/examples/vpc/kubernetes_cluster.

Uyu muenzaniso unogadzira purojekiti, mushandisi ane basa muprojekiti, uye inosimudza imwe Kubernetes cluster. Mufaira vars.tf iwe unogona kuona default tsika, senge nhamba yemanodhi, maitiro avo, Kubernetes vhezheni, nezvimwe.

Kugadzira zviwanikwa zvakafanana nemuenzaniso wekutanga, kutanga pane zvese tichatanga kutanga mamodule uye kugadzira zviwanikwa zvemodule project_ne_mushandisiuyezve kugadzira zvimwe zvese:

$ terraform init

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform apply -target=module.project_with_user

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform apply

Isu tichaendesa kusikwa uye manejimendi eKubernetes masumbu kuburikidza neiyo OpenStack Magnum chikamu. Iwe unogona kuwana zvimwe nezve maitiro ekushanda neboka mune imwe yedu nyaya dzakapfuurapamwe ne zivo base.

Paunenge uchigadzira sumbu, madhisiki uye chaiwo michina ichagadzirwa uye zvese zvinodiwa zvinoiswa zvichaiswa. Kugadzirira kunotora anenge maminetsi mana, panguva iyo Terraform icharatidza mameseji akadai:

module.kubernetes_cluster.openstack_containerinfra_cluster_v1.cluster_1: Still creating... (3m0s elapsed)

Kana kuiswa kwapera, Terraform icharatidza kuti cluster yakagadzirira uye inoratidza ID yayo:

module.kubernetes_cluster.openstack_containerinfra_cluster_v1.cluster_1: Creation complete after 4m20s (ID: 3c8...)

Apply complete! Resources: 6 added, 0 changed, 0 destroyed.

Kugadzirisa iyo yakagadzirwa Kubernetes cluster kuburikidza nekushandisa kubectl iwe unofanirwa kuwana iyo cluster yekuwana faira. Kuti uite izvi, enda kupurojekiti yakagadzirwa kuburikidza neTerraform mune runyorwa rwemapurojekiti muakaundi yako:

Tevere, tevera chinongedzo senge xxxxx.selvpc.ruiyo inooneka pazasi pezita reprojekiti:

Kuti uwane ruzivo rwekupinda, shandisa zita rekushandisa uye password yawakagadzira kuburikidza neTerraform. Kana usina kunyenga vars.tf kana main.tf semuenzaniso wedu, mushandisi achava nezita tf_mushandisi. Iwe unofanirwa kushandisa kukosha kwekusiyana se password TF_VAR_user_password, iyo yakatsanangurwa pakutanga terraform inoshandiswa pakutanga.

Mukati meprojekiti iwe unofanirwa kuenda kune iyo tab Kubernetes:

Apa ndipo panowanikwa cluster yakagadzirwa kuburikidza neTerraform. Dhaunirodha faira re kubectl unogona pane "Access" tab:

Mirayiridzo yekuisa inowanikwa pane imwechete tab. kubectl uye kushandiswa kwezvakadhawunirodhwa config.yaml.

Mushure mekutanga kubectl uye kuseta shanduko yezvakatipoteredza KUBECONFIG unogona kushandisa Kubernetes:

$ kubectl get pods --all-namespaces

NAMESPACE        NAME                                    READY  STATUS  RESTARTS AGE
kube-system   coredns-9578f5c87-g6bjf                      1/1   Running   0 8m
kube-system   coredns-9578f5c87-rvkgd                     1/1   Running   0 6m
kube-system   heapster-866fcbc879-b6998                 1/1   Running   0 8m
kube-system   kube-dns-autoscaler-689688988f-8cxhf             1/1   Running   0 8m
kube-system   kubernetes-dashboard-7bdb5d4cd7-jcjq9          1/1   Running   0 8m
kube-system   monitoring-grafana-84c97bb64d-tc64b               1/1   Running   0 8m
kube-system   monitoring-influxdb-7c8ccc75c6-dzk5f                1/1   Running   0 8m
kube-system   node-exporter-tf-cluster-rz6nggvs4va7-minion-0 1/1   Running   0 8m
kube-system   node-exporter-tf-cluster-rz6nggvs4va7-minion-1 1/1   Running   0 8m
kube-system   openstack-cloud-controller-manager-8vrmp        1/1   Running   3 8m
prometeus-monitoring   grafana-76bcb7ffb8-4tm7t       1/1   Running   0 8m
prometeus-monitoring   prometheus-75cdd77c5c-w29gb           1/1   Running   0 8m

Huwandu hwemasumbu node hunogona kuchinjika nyore kuburikidza neTerraform.
Mufaira main.tf kukosha kunotevera kunotsanangurwa:

cluster_node_count = "${var.cluster_node_count}"

Kukosha uku kunotsiviwa kubva vars.tf:

variable "cluster_node_count" {
default = 2
}

Iwe unogona kushandura chero iyo default kukosha mukati vars.tf, kana kutsanangura kukosha kunodiwa zvakananga mukati main.tf:

-  cluster_node_count = "${var.cluster_node_count}"
+  cluster_node_count = 3

Kuti ushandise shanduko, sepachiitiko chemuenzaniso wekutanga, shandisa murairo terraform inoshandiswa:

$ env 
TF_VAR_sel_account=SEL_ACCOUNT 
TF_VAR_sel_token=SEL_TOKEN 
TF_VAR_user_password=USER_PASSWORD 
terraform apply

Kana huwandu hwemanodhi hwachinja, cluster icharamba iripo. Mushure mekuwedzera node kuburikidza neTerraform, unogona kuishandisa pasina imwe gadziriso:

$ kubectl get nodes
NAME                               STATUS                     ROLES     AGE   VERSION
tf-cluster-rz6nggvs4va7-master-0   Ready,SchedulingDisabled   master    8m    v1.12.4
tf-cluster-rz6nggvs4va7-minion-0   Ready                      <none>    8m    v1.12.4
tf-cluster-rz6nggvs4va7-minion-1   Ready                      <none>    8m    v1.12.4
tf-cluster-rz6nggvs4va7-minion-2   Ready                      <none>    3m    v1.12.4

mhedziso

Muchikamu chino takaziva nzira huru dzekushanda nadzo "Virtual private cloud" kuburikidza neTerraform. Isu tichafara kana iwe ukashandisa iyo yepamutemo Terraform mupi Selectel uye nekupa mhinduro.

Chero mabhugi anowanikwa muSelectel Terraform mupi anogona kutaurwa kuburikidza Github Matambudziko.

Source: www.habr.com

Terraform mupi Selectel