ProHoster > Π‘Π»ΠΎΠ³ > Maamulka > Sida Loo Maamulo Kaabayaasha Cloud Terraform

Sida Loo Maamulo Kaabayaasha Cloud Terraform

Sida Loo Maamulo Kaabayaasha Cloud Terraform

Maqaalkan waxaan eegi doonaa waxa Terraform ka kooban yahay, sidoo kale waxaan si tartiib tartiib ah u bilaabi doonaa kaabayaashayaga daruuraha oo leh VMware - waxaanu u diyaarin doonaa saddex VMs ujeedooyin kala duwan: wakiil, kaydinta faylka iyo CMS.

Ku saabsan wax walba oo faahfaahsan iyo saddex marxaladood:

1. Terraform - sharaxaad, faa'iidooyinka iyo qaybaha

Terraform waa qalab IaC (Kaabayaasha-sida-Code) ee lagu dhisayo laguna maareeyo kaabayaasha farsamada iyadoo la adeegsanayo koodka.

Waxaan xusnay dhowr faa'iidooyin oo ku shaqeynaya qalabka:

  • Xawaaraha keenista kiraystayaasha cusub (deegaannada casriga ah ee caadiga ah). Caadi ahaan, macaamiisha cusub ee badan ee jira, "gujiyo" badan oo shaqaalaha taageerada farsamo waxay u baahan yihiin inay sameeyaan si ay u daabacaan ilo cusub. Iyadoo Terraform, isticmaalayaashu waxay bedeli karaan goobaha mashiinka farsamada (tusaale, si toos ah u xiraya OS-ka iyo kordhinta qaybta diskka farsamada) iyada oo aan u baahnayn taageero farsamo ama la xiro mishiinka laftiisa.

  • Xaqiijinta degdega ah ee qorshaha hawlgelinta Kiraystaha cusub. Isticmaalka sharaxaadda koodhka kaabayaasha, waxaan isla markiiba hubin karnaa waxa lagu dari doono iyo sida ay u kala horreeyaan, iyo sidoo kale waxa ugu dambeeya ee tani ama mashiinka farsamada ama shabakada farsamada ee leh isku xirka mashiinnada farsamada.

  • Awoodda lagu qeexi karo meelaha ugu caansan ee daruuraha. Waxaad isticmaali kartaa qalabka laga soo bilaabo Amazon iyo Google Cloud, ilaa goobo gaar ah oo ku salaysan VMware vCloud Director, oo bixiya adeegyo gudaha IaaS, SaaS iyo PaaS xalalka.

  • Maamul bixiyayaasha daruuraha badan oo ay u qaybiyaan kaabayaasha dhexdooda si ay u wanaajiyaan dulqaadka qaladka, iyaga oo isticmaalaya hal qaab si loo abuuro, loo ogaado loona maareeyo ilaha daruuraha.

  • Isticmaalka ku habboon abuurista bandhigyada loogu talagalay tijaabinta software-ka iyo cilladaha. Waxaad samayn kartaa oo aad wareejin kartaa u taagan waaxda tijaabada, tijaabiso software ee bey'ad kala duwan si barbar socda, oo isla markiiba beddel oo tirtir agabka adiga oo abuuraya hal qorshe oo dhismo

Terrarium "Terraform".

Waxaan si kooban uga hadalnay faa'iidooyinka qalabka, hadda aynu u kala qaadno qaybihiisa

Bixiyeyaasha. 

Gudaha Terraform, ku dhawaad ​​nooc kasta oo kaabayaal ah ayaa loo matali karaa kheyraad ahaan. Xidhiidhka u dhexeeya ilaha iyo madal API waxaa bixiya qaybo bixiyayaasha, kuwaas oo kuu oggolaanaya inaad ku abuurto agab gudaha goob gaar ah, tusaale ahaan, Azure ama VMware vCloud Director.

Iyada oo qayb ka ah mashruuca, waxaad la macaamili kartaa bixiyeyaasha kala duwan ee goobaha kala duwan.

Khayraadka (sharraxaadda kheyraadka).

Sharaxaadda agabku waxay kuu oggolaanaysaa inaad maamusho qaybaha madal, sida mashiinnada farsamada ama shabakadaha. 

Waxaad u abuuri kartaa sharraxaadda kheyraadka bixiyaha VMware vCloud Agaasimaha VMware oo isticmaal sharaxaaddan si aad kheyraadka ugu abuurto bixiye kasta oo martigelinaya ee isticmaala Agaasimaha vCloud. Kaliya waxaad u baahan tahay inaad beddesho xuduudaha xaqiijinta iyo xuduudaha isku xirka shabakada bixiyaha martigelinta loo baahan yahay

Bixiyeyaasha.

Qaybtani waxay suurtogal ka dhigaysaa in la sameeyo hawlgallada loogu talagalay rakibaadda bilowga ah iyo dayactirka nidaamka qalliinka ka dib marka la abuuro mashiinnada farsamada. Markaad abuurto kheyraadka mashiinka farsamada, waxaad isticmaali kartaa adeeg-bixiyeyaal si aad u habayso oo aad ugu xidho SSH, aad u cusboonaysiiso nidaamka qalliinka, oo aad u soo dejiso oo u socodsiiso qoraal. 

Doorsoomayaasha wax-gelinta iyo soo-saarka.

Doorsoomayaasha galitaanka - doorsoomayaasha wax gelinta ee nooc kasta oo block ah. 

Doorsoomayaasha wax soo saarku waxay kuu oggolaanayaan inaad kaydiso qiyamka ka dib abuurista ilo waxaana loo isticmaali karaa doorsoomayaal wax gelin ah qaybaha kale, tusaale ahaan xannibaadaha Bixiyaasha.

Gobolada.

Faylasha dawladu waxay kaydiyaan macluumaadka ku saabsan habaynta ilaha madal bixiyaha. Marka ugu horeysa ee la sameeyo madal, ma jiraan wax macluumaad ah oo ku saabsan kheyraadka iyo ka hor hawlgal kasta, Terraform waxay cusbooneysiisaa gobolka iyada oo la adeegsanayo kaabayaasha dhabta ah ee ilaha horay loo sharaxay.

Ujeedada ugu weyn ee dawlad-goboleedyadu waa in la badbaadiyo farabadan walxood oo hore loo abuuray si loo isbarbardhigo qaabeynta kheyraadka iyo walxaha lagu daray si looga fogaado abuurista soo noqnoqda iyo isbeddellada ku yimaada goobta.

Sida caadiga ah, macluumaadka gobolka waxaa lagu kaydiyaa faylka terraform.tfstate maxalliga ah, laakiin haddii loo baahdo, waxaa suurtagal ah in loo isticmaalo kaydinta fog shaqada kooxda.

Waxa kale oo aad u soo dhoofsan kartaa ilaha hadda jira ee gobolka si aad ula falgasho agabka kale ee iyagana la abuuray iyada oo aan la helin caawinta Terraform.  

2. Abuuridda kaabayaasha dhaqaalaha

Qaybaha waa la kala saaray, hadda la isticmaalayo Terraform waxaan si tartiib tartiib ah u abuuri doonaa kaabayaal leh saddex mashiinnada farsamada. Midka ugu horreeya ee leh nginx proxy server ayaa lagu rakibay, kan labaad oo leh kaydinta faylka ku saleysan Nextcloud iyo kan saddexaad oo leh CMS Bitrix.

Waxaan qori doonaa koodka waxaanan ku fulin doonaa tusaalaheena daruuraha VMware vCloud Agaasimaha. Isticmaalayaashayadu waxay helayaan akoon leh xuquuqaha Maamulka Ururka.Haddii aad isticmaasho akoon leh xuquuq isku mid ah daruuraha VMware kale, waxaad ka soo saari kartaa koodka tusaalayaashayada. Tag!

Marka hore, aynu u abuurno hagaha mashruucayaga cusub kaas oo faylasha sharaxaya kaabayaasha la dhigi doono.

mkdir project01

Marka xigta, waxaanu qeexaynaa qaybaha kaabayaasha. Terraform waxa ay abuurtaa xidhiidhada iyo habaynta faylalka ku salaysan sharraxaadda faylalka. Faylasha laftooda waxaa lagu magacaabi karaa iyadoo lagu salaynayo ujeedada blocks-ka lagu sifeeyay, tusaale ahaan network.tf - wuxuu qeexayaa xuduudaha shabakada ee kaabayaasha.

Si loo qeexo qaybaha kaabayaashayaga, waxaanu abuurnay faylasha soo socda:

Liiska faylasha.

main.tf - sharaxaad ka mid ah cabbirrada jawiga farsamada - mashiinnada farsamada, weelasha farsamada;

network.tf - sharaxaad ka mid ah xuduudaha shabakada farsamada iyo NAT iyo xeerarka Firewall;

variables.tf - liiska doorsoomayaasha aan isticmaalno;

vcd.tfvars - qiyamka doorsooma mashruuca ee moduleka Agaasimaha VMware vCloud.

Luqadda qaabeynta ee Terraform waa caddayn iyo sida ay u kala horreeyaan blocks dhib ma laha, marka laga reebo blocks bixiyaha, sababtoo ah Qeybtaan waxaan ku qeexaynaa amarrada la fulinayo marka la diyaarinayo kaabayaasha waxaana loo fulin doonaa si isku xigta.

Dhismaha xannibaadda.

<BLOCK TYPE> "<BLOCK LABEL>" "<BLOCK LABEL>" {

# Block body

<IDENTIFIER> = <EXPRESSION> # Argument

}

Si loo qeexo blocks, luuqadeeda barnaamijeed ee HCL (HashiCorp Configuration Language) ayaa la isticmaalaa; waa suurtogal in lagu qeexo kaabayaasha iyadoo la isticmaalayo JSON. Waxaad wax badan ka baran kartaa syntax ka akhri bogga horumariyaha.

Qaabaynta doorsooma deegaanka, variables.tf iyo vcd.tfvars

Marka hore, aynu abuurno laba fayl oo qeexaya liiska dhammaan doorsoomayaasha la isticmaalay iyo qiimahooda qaybta VMware vCloud Director. Marka hore, aynu abuurno variables.tf faylka.

Nuxurka faylka variables.tf.

variable "vcd_org_user" {

  description = "vCD Tenant User"

}

variable "vcd_org_password" {

  description = "vCD Tenant Password"

}

variable "vcd_org" {

  description = "vCD Tenant Org"

}

variable "vcd_org_vdc" {

  description = "vCD Tenant VDC"

}

variable "vcd_org_url" {

  description = "vCD Tenant URL"

}

variable "vcd_org_max_retry_timeout" {

  default = "60"

}

variable "vcd_org_allow_unverified_ssl" {

  default = "true"

}

variable "vcd_org_edge_name" {

  description = "vCD edge name"

}

variable "vcd_org_catalog" {

  description = "vCD public catalog"

}

variable "vcd_template_os_centos7" {

  description = "OS CentOS 7"

  default = "CentOS7"

}

variable "vcd_org_ssd_sp" {

  description = "Storage Policies"

  default = "Gold Storage Policy"

}

variable "vcd_org_hdd_sp" {

  description = "Storage Policies"

  default = "Bronze Storage Policy"

}

variable "vcd_edge_local_subnet" {

  description = "Organization Network Subnet"

}

variable "vcd_edge_external_ip" {

  description = "External public IP"

}

variable "vcd_edge_local_ip_nginx" {}

variable "vcd_edge_local_ip_bitrix" {}

variable "vcd_edge_local_ip_nextcloud" {}

variable "vcd_edge_external_network" {}

Qiimaha kala duwan ee aan ka helno bixiyaha.

  • vcd_org_user - magaca isticmaale ee leh xuquuqda Maamulaha Ururka,

  • vcd_org_password - erayga sirta ah ee isticmaalaha,

  • vcd_org - magaca ururka,

  • vcd_org_vdc - magaca xarunta xogta farsamada,

  • vcd_org_url - URL API,

  • vcd_org_edge_name - magaca router dalwaddii,

  • vcd_org_catalog - magaca tusaha oo wata hambalyada mashiinka farsamada,

  • vcd_edge_external_ip - ciwaanka IP-ga guud,

  • vcd_edge_external_network - magaca shabakadda dibadda,

  • vcd_org_hdd_sp - magaca nidaamka kaydinta HDD,

  • vcd_org_ssd_sp β€” magaca nidaamka kaydinta SSD.

Oo geli doorsoomayaashayada:

  • vcd_edge_local_ip_nginx - Cinwaanka IP ee mashiinka farsamada leh ee NGINX,

  • vcd_edge_local_ip_bitrix - Ciwaanka IP ee mashiinka farsamada leh 1C: Bitrix,

  • vcd_edge_local_ip_nextcloud - Ciwaanka IP ee mashiinka farsamada leh ee Nextcloud.

Faylka labaad waxaan ku abuureynaa oo ku qeexeynaa doorsoomayaasha moduleka VMware vCloud ee faylka vcd.tfvars: Aan dib u xasuusanno in tusaalaheena aan isticmaalno daruur u gaar ah mClouds, haddii aad la shaqeyso bixiye kale, hubi qiyamka iyaga. 

Nuxurka faylka vcd.tfvars

vcd_org_url = "https://vcloud.mclouds.ru/api"

vcd_org_user = "orgadmin"

vcd_org_password = "*"

vcd = "org"

vcd_org_vdc = "orgvdc"

vcd_org_maxretry_timeout = 60

vcd_org_allow_unverified_ssl = true

vcd_org_catalog = "Templates"

vcd_templateos_centos7 = "CentOS7"

vcd_org_ssd_sp = "Gold Storage Policy"

vcd_org_hdd_sp = "Bronze Storage Policy"

vcd_org_edge_name = "MCLOUDS-EDGE"

vcd_edge_external_ip = "185.17.66.1"

vcd_edge_local_subnet = "192.168.110.0/24"

vcd_edge_local_ip_nginx = "192.168.110.1"

vcd_edge_local_ip_bitrix = "192.168.110.10"

vcd_edge_local_ip_nextcloud = "192.168.110.11"

vcd_edge_external_network = "NET-185-17-66-0"

Qaabeynta shabakada, network.tf.

Doorsoomayaasha deegaanka ayaa la dejiyay, hadda waxaan dejin doonaa nidaamka isku xirka mashiinka farsamada - waxaan ku meeleyn doonaa ciwaanka IP gaarka ah mashiin kasta oo aan isticmaalno Destination NAT si aan u "gudbino" dekedaha shabakada dibadda. Si loo xaddido gelitaanka dekedaha maamulka, waxaan u dejin doonaa gelitaanka cinwaanka IP-ga oo keliya.

Sida Loo Maamulo Kaabayaasha Cloud TerraformShabakadda jaantuska madal Terraform ee la abuurayo

Waxaan abuurnaa shabakad urureed macmal ah oo leh magaca net_lan01, albaabka caadiga ah: 192.168.110.254, iyo sidoo kale booska cinwaanka: 192.168.110.0/24.

Waxaan ku sifeynaa shabakad dalwad ah.

resource "vcd_network_routed" "net" {

  name = "net_lan01"

  edge_gateway = var.vcd_org_edge_name

  gateway = "192.168.110.254"

  dns1 = "1.1.1.1"

  dns2 = "8.8.8.8"

 static_ip_pool {

start_address = "192.168.110.1"

end_address = "192.168.110.253"

  }

}

Aan abuurno shuruuc dab-damis ah oo u oggolaanaya mishiinnada farsamada gacanta inay galaan internetka. Gudaha block-gan, dhammaan agabyada casriga ah ee daruurtu waxay heli doonaan internetka:

Waxaan qeexaynaa sharciyada gelitaanka VM ee internetka.

resource "vcd_nsxv_firewall_rule" "fw_internet_access" {

  edge_gateway   = var.vcdorgedgename

  name = "Internet Access"

  source {

gateway_interfaces = ["internal"]

  }

  destination {

gateway_interfaces = ["external"]

  }

  service {

protocol = "any"

  }

  depends_on = [vcdnetworkrouted.net]

}

Markaan xaqiijinay ku-tiirsanaanta ka dib markii la farsameeyo barta vcdnetworkrouted.net, waxaan sii wadeynaa habeynta vcdnsxvfirewallrule block, iyadoo la isticmaalayo ku xiran. Waxaan u isticmaalnaa doorashadan sababtoo ah ku-tiirsanaanta qaar ayaa laga yaabaa in si toos ah loogu aqoonsado qaabeynta.

Marka xigta, waxaan abuuri doonaa sharciyo u oggolaanaya marin u helka dekedaha shabakada dibadda oo aan tilmaami doono ciwaanka IP-ga ee ku xidhidhiyaha SSH ee adeegayaasha. Isticmaale kasta oo internetka ah ayaa marin u heli kara dekedaha 80 iyo 443 ee server-ka webka, iyo isticmaale leh ciwaanka IP 90.1.15.1 wuxuu marin u heli karaa dekedaha SSH ee server-yada casriga ah.

Oggolow marin u hel dekedaha shabakada dibadda

resource "vcd_nsxv_firewall_rule" "fwnatports" {

  edge_gateway   = var.vcd_org_edge_name

  name = "HTTPs Access"

  source {

gateway_interfaces = ["external"]

  }

  destination {

  gateway_interfaces = ["internal"]

  }

  service {

protocol = "tcp"

port = "80"

  }

  service {

protocol = "tcp"

port = "443"

  }

  depends_on = [vcd_network_routed.net]

}

resource "vcd_nsxv_firewall_rule" "fw_nat_admin_ports" {

  edge_gateway   = var.vcd_org_edge_name

  name = "Admin Access"

  source {

  ip_addresses = [ "90.1.15.1" ]

  }

  destination {

  gateway_interfaces = ["internal"]

  }

  service {

protocol = "tcp"

port = "58301"

  }

  service {

protocol = "tcp"

port = "58302"

  }

  service {

protocol = "tcp"

port = "58303"

  }

  depends_on = [vcd_network_routed.net]

}

Waxaan abuurnaa shuruuc Isha NAT si aad uga gasho internetka shabakada deegaanka ee daruuraha:

Waxaan qeexaynaa xeerarka Source NAT.

resource "vcd_nsxv_snat" "snat_local" {

edge_gateway = var.vcd_org_edge_name

  network_type = "ext"

  network_name = var.vcdedgeexternalnetwork

  original_address   = var.vcd_edge_local_subnet

translated_address = var.vcd_edge_external_ip

  depends_on = [vcd_network_routed.net]

}

Iyo si loo dhammaystiro qaabeynta xannibaadda shabakadda, waxaan ku darnaa xeerarka Destination NAT ee adeegyada shabakadda dibadda:

Ku darida Destination NAT xeerarka.

resource "vcd_nsxv_dnat" "dnat_tcp_nginx_https" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"

  description = "NGINX HTTPs"

original_address = var.vcd_edge_external_ip
original_port = 443

translated_address = var.vcd_edge_local_ip_nginx
translated_port = 443
protocol = "tcp"

depends_on = [vcd_network_routed.net]
}
resource "vcd_nsxv_dnat" "dnat_tcp_nginx_http" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"

description = "NGINX HTTP"

original_address = var.vcd_edge_external_ip
original_port = 80

translated_address = var.vcd_edge_local_ip_nginx
translated_port = 80
protocol = "tcp"

depends_on = [vcd_network_routed.net]

}

Ku dar xeerka NAT ee tarjumaada dekeda serfarka SSH ee hoos yimaada Nginx.

resource "vcd_nsxv_dnat" "dnat_tcp-nginx_ssh" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"

description = "SSH NGINX"

original_address = var.vcd_edge_external_ip
original_port = 58301

translated_address = var.vcd_edge_local_ip_nginx
translated_port = 22
protocol = "tcp"

depends_on = [vcd_network_routed.net]

}

Ku dar xeerka NAT ee tarjumaada dekeda serfarka SSH ee wata 1C-Bitrix.

resource "vcd_nsxv_dnat" "dnat_tcp_bitrix_ssh" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"

description = "SSH Bitrix"

original_address = var.vcd_edge_external_ip
original_port = 58302

translated_address = var.vcd_edge_local_ip_bitrix
translated_port = 22
protocol = "tcp"

depends_on = [vcd_network_routed.net]

}

Ku dar xeerka NAT ee tarjumaada dekeda serfarka SSH ee Nextcloud.

resource "vcd_nsxv_dnat" "dnat_tcp_nextcloud_ssh" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"

description = "SSH Nextcloud"

original_address = var.vcd_edge_external_ip
original_port = 58303 translated_address = var.vcd_edge_local_ip_nextcloud
translated_port = 22
protocol = "tcp"

depends_on = [vcd_network_routed.net]

}

Main.tf qaabeynta deegaanka dalwaddii

Sida aan qorsheynay bilawga maqaalka, waxaan abuuri doonaa saddex mashiinnada farsamada. Waxaa lagu diyaarin doonaa iyadoo la isticmaalayo "Guest Customization". Waxaan u dejin doonaa xuduudaha shabakada si waafaqsan jaangooyooyinka aan cayimay, erayga sirta ah ee isticmaalaha si toos ah ayaa loo soo saari doonaa.

Aynu sharaxno vApp-ka ay ku jiraan mishiinnada farsamada gacanta iyo qaabayntooda.

Sida Loo Maamulo Kaabayaasha Cloud TerraformQaabeynta mashiinka Virtual

Aan abuurno weel vApp ah. Si aan isla markiiba ugu xidhno vApp-ka iyo VM-ka shabakadda farsamada, waxa aanu sidoo kale ku darnaa cabbirka-dependent_on:

Abuur weel

resource "vcd_vapp" "vapp" {
name = "web"
power_on = "true" depends_on = [vcd_network_routed.net]

}

Aynu abuurno mishiin dalwad ah oo leh sharraxaad

resource "vcd_vapp_vm" "nginx" {

vapp_name = vcd_vapp.vapp.name

name = "nginx"

catalog_name = var.vcd_org_catalog

template_name = var.vcd_template_os_centos7

storage_profile = var.vcd_org_ssd_sp

memory = 8192

cpus = 1

cpu_cores = 1

network {

type = "org"

name = vcd_network_routed.net.name

is_primary = true

adapter_type = "VMXNET3"

ip_allocation_mode = "MANUAL"

ip = var.vcd_edge_local_ip_nginx

}

override_template_disk {

bus_type = "paravirtual"

size_in_mb = "32768"

bus_number = 0

unit_number = 0

storage_profile = var.vcd_org_ssd_sp

}

}

Halbeegyada ugu muhiimsan ee sharaxaadda VM:

  • Magaca - magaca mashiinka farsamada,

  • vappname - magaca vApp-ka kaas oo lagu daro VM cusub,

  • Catalogname / templatename - magaca buug-gacmeedka iyo magaca template mashiinka farsamada,

  • kaydinta profile - siyaasadda kaydinta default.

Xakamaynta shabakada

  • nooca - nooca shabakada ku xiran,

  • Magaca - Shabakadda farsamada gacanta ee lagu xiro VM-ga,

  • isprimary - adabtarada shabakadda aasaasiga ah,

  • ipallocation_mode - MANUUAL / DHCP / POOL qaabka qoondaynta cinwaanka,

  • ip - Ciwaanka IP ee mashiinka farsamada, waxaanu ku qeexi doonaa gacanta.

override_template_disk block:

  • sizeinmb - cabbirka diskka boot ee mashiinka farsamada

  • storage_profile - siyaasadda kaydinta saxanka

Aynu abuurno VM labaad oo leh sharraxaadda kaydinta faylka Nextcloud

resource "vcd_vapp_vm" "nextcloud" {

vapp_name = vcd_vapp.vapp.name

name = "nextcloud"

catalog_name = var.vcd_org_catalog

template_name = var.vcd_template_os_centos7

storage_profile = var.vcd_org_ssd_sp

memory = 8192

cpus = 1

cpu_cores = 1

network {

type = "org"

name = vcd_network_routed.net.name

is_primary = true

adapter_type = "VMXNET3"

ip_allocation_mode = "MANUAL"

ip = var.vcd_edge_local_ip_nextcloud

}

override_template_disk {

bus_type = "paravirtual"

size_in_mb = "32768"

bus_number = 0

unit_number = 0

storage_profile = var.vcd_org_ssd_sp

}

}

resource "vcd_vm_internal_disk" "disk1" {

vapp_name = vcd_vapp.vapp.name

vm_name = "nextcloud"

bus_type = "paravirtual"

size_in_mb = "102400"

bus_number = 0

unit_number = 1

storage_profile = var.vcd_org_hdd_sp

allow_vm_reboot = true

depends_on = [ vcd_vapp_vm.nextcloud ]

}

Qaybta vcdvminternal_disk waxaan ku tilmaami doonaa disk cusub oo ku xiran mashiinka farsamada.

Sharaxaadaha vcdvminternaldisk block:

  • bustype - nooca kontoroolka diskka

  • sizeinmb - cabbirka diskka

  • lambarka baska / unugga - meesha isku xirka ee adabtarada

  • storage_profile - siyaasadda kaydinta saxanka

Aynu sharaxno VM-kii ugu dambeeyay ee Bitrix

resource "vcd_vapp_vm" "bitrix" {

vapp_name = vcd_vapp.vapp.name

name = "bitrix"

catalog_name = var.vcd_org_catalog

template_name = var.vcd_template_os_centos7

storage_profile = var.vcd_org_ssd_sp

memory = 8192

cpus = 1

cpu_cores = 1

network {

type = "org"

name = vcd_network_routed.net.name

is_primary = true

adapter_type = "VMXNET3"

ip_allocation_mode = "MANUAL"

ip = var.vcd_edge_local_ip_bitrix

}

override_template_disk {

bus_type = "paravirtual"

size_in_mb = "81920"

bus_number = 0

unit_number = 0

storage_profile = var.vcd_org_ssd_sp

}

}

Cusbooneysiinta OS-ka iyo ku rakibida qoraallo dheeraad ah

Shabakadda waa la diyaariyey, mashiinnada farsamada ayaa lagu sharraxay. Kahor intaanan soo dejin kaabayaasheena, waxaan horay u sii samayn karnaa bixinta bilowga ah anagoo adeegsanayna waxyaabaha macquulka ah.

Aynu eegno sida loo cusboonaysiiyo OS-ka oo aan u maamulno qoraalka rakibaadda CMS Bitrix anagoo adeegsanayna blocker-ka.

Marka hore, aan rakibno xirmooyinka cusboonaysiinta ee CentOS.

resource "null_resource" "nginx_update_install" {

provisioner "remote-exec" {

connection {

type = "ssh"

user = "root"

password = vcd_vapp_vm.nginx.customization[0].admin_password

host = var.vcd_edge_external_ip

port = "58301"

timeout = "30s"

}

inline = [

"yum -y update && yum -y upgrade",

"yum -y install wget nano epel-release net-tools unzip zip" ]

}

}

}

Magacaabidda qaybaha:

  • Bixiyaha "remote-exec" - ku xidh qaybta bixinta fog

  • Xidhiidhka block-ka waxaanu ku sifaynaa nooca iyo cabirka xidhiidhka:

  • nooca - borotokoolka, kiiskeena SSH;

  • isticmaalaha - magaca isticmaalaha;

  • password - user password. Xaaladeena, waxaanu tilmaamaynaa cabbirka vcdvappvm.nginx.customization[0].admin_password, kaas oo kaydiya erayga sirta ah ee la soo saaray ee isticmaalaha nidaamka.

  • martigeliyaha - cinwaanka IP-ga dibadda ee isku xirka;

  • deked - deked loogu talagalay isku xirka, taas oo hore loogu cayimay goobaha DNAT;

  • inline-ku qor liiska amarrada la geli doono. Awaamiirta waxaa loo gali doonaa siday u kala horreeyaan sida lagu tilmaamay qaybtan.

Tusaale ahaan, aynu sidoo kale fulino qoraalka rakibaadda 1C-Bitrix. Soo saarista natiijada fulinta qoraalka ayaa la heli doonaa inta qorshuhu socdo. Si loo rakibo qoraalka, marka hore waxaan qeexaynaa block:

Aynu sharaxno rakibaadda 1C-Bitrix.

provisioner "file" {

source = "prepare.sh"

destination = "/tmp/prepare.sh"

connection {

type = "ssh"

user = "root"

password = vcd_vapp_vm.nginx.customization[0].admin_password

host = var.vcd_edge_external_ip

port = "58301"

timeout = "30s"

}

}

provisioner "remote-exec" {

inline = [

"chmod +x /tmp/prepare.sh", "./tmp/prepare.sh"

]

}

Oo waxaan isla markiiba ku tilmaami doonaa cusbooneysiinta Bitrix.

Tusaale bixinta 1C-Bitrix.

resource "null_resource" "install_update_bitrix" {

provisioner "remote-exec" {

connection {

type = "ssh"

user = "root"

password = vcd_vapp_vm.bitrix.customization[0].admin_password

host = var.vcd_edge_external_ip

port = "58302"

timeout = "60s"

}

inline = [

"yum -y update && yum -y upgrade",

"yum -y install wget nano epel-release net-tools unzip zip",

"wget http://repos.1c-bitrix.ru/yum/bitrix-env.sh -O /tmp/bitrix-env.sh",

"chmod +x /tmp/bitrix-env.sh",

"/tmp/bitrix-env.sh"

]

}

}

Muhiim! Qoraalku ma shaqayn karo haddii aadan horay u joojin SELinux! Haddii aad u baahan tahay maqaal faahfaahsan oo ku saabsan rakibidda iyo habaynta CMS 1C-Bitrix adoo isticmaalaya bitrix-env.sh, oo waad awoodi kartaa isticmaal maqaalkayaga blog ee mareegaha.

3. Bilawga kaabayaasha dhaqaalaha

Sida Loo Maamulo Kaabayaasha Cloud TerraformBilowga modules iyo plugins

Shaqada, waxaan u isticmaalnaa "xirmo jilicsan" fudud: Laptop leh Windows 10 OS iyo qalab qaybinta bogga rasmiga ah terraform.io. Aan ka furno baakadaha oo aan bilowno anagoo adeegsanayna amarka: terraform.exe init

Ka dib markii aan sharraxay kombuyuutarada iyo kaabayaasha shabakadda, waxaan bilaabeynaa qorsheynta si aan u tijaabino qaabeyntayada, halkaas oo aan ku arki karno waxa la abuuri doono iyo sida loogu xiri doono midba midka kale.

  1. Fulinta amarka - terraform plan -var-file=vcd.tfvars.

  2. Waxaan helnaa natiijada - Plan: 16 to add, 0 to change, 0 to destroy. Taas oo ah, sida uu qorshuhu yahay, 16 kheyraad ayaa la abuuri doonaa.

  3. Waxaanu qorshaha ku bilaabaynaa amar - terraform.exe apply -var-file=vcd.tfvars.

Mashiinnada casriga ah ayaa la abuuri doonaa, ka dibna xirmooyinka aan taxnay waxaa lagu fulin doonaa qaybta bixinta - OS waa la cusboonaysiin doonaa waxaana la rakibi doonaa CMS Bitrix.

Helitaanka xogta xidhiidhka

Kadib fulinta qorshaha, waxaan rabnaa inaan helno xogta qaab qoraal ah oo loogu talagalay isku xirka server-yada, tan waxaan u qaabayn doonaa qaybta wax soo saarka sida soo socota:

output "nginxpassword" {

 value = vcdvappvm.nginx.customization[0].adminpassword

}

Wax soo saarka soo socdaa wuxuu inoo sheegayaa erayga sirta ah ee mashiinka farsamada ee la abuuray:

Outputs: nginx_password = F#4u8!!N

Natiijo ahaan, waxaan helnaa mashiinnada farsamada gacanta ee leh nidaamka hawlgalka oo la cusboonaysiiyay iyo baakado horay loo sii rakibay si aan u sii wadno shaqadeena. Dhammaan waa diyaar!

Laakiin ka waran haddii aad hore u lahayd kaabayaasha jira?

3.1. Shaqada Terraform oo leh kaabayaasha jira

Waa sahlan tahay, waxaad soo dejisan kartaa mashiinnada farsamada gacanta ee hadda jira iyo weelkooda vApp adoo isticmaalaya amarka soo dejinta.

Aynu sharaxno kheyraadka vAPP-ka iyo mashiinka farsamada.

resource "vcd_vapp" "Monitoring" {

name = "Monitoring"

org = "mClouds"

vdc = "mClouds"

}

resource "vcd_vapp_vm" "Zabbix" {

name = "Zabbix"

org = "mClouds"

vdc = "mClouds"

vapp = "Monitoring"

}

Tallaabada xigta waa in la soo dejiyo sifooyinka ilaha vApp qaab ahaan vcdvapp.<vApp> <org>.<orgvdc>.<vApp>, meesha:

  • vApp - magaca vApp;

  • org - magaca ururka;

  • org_vdc - magaca xarunta xogta farsamada.

Sida Loo Maamulo Kaabayaasha Cloud TerraformSoo dejinta guryaha vAPP

Aan u soo dajino sifooyinka agabka VM qaabka: vcdvappvm.<VM> <org>.<orgvdc>.<vApp>.<VM>, kaas oo:

  • VM - magaca VM;

  • vApp - magaca vApp;

  • org - magaca ururka;

  • orgvdc waa magaca xarunta xogta farsamada.

Soo dejintu waa lagu guulaystay

C:UsersMikhailDesktopterraform>terraform import vcd_vapp_vm.Zabbix mClouds.mClouds.Monitoring.Zabbix

vcd_vapp_vm.Zabbix: Importing from ID "mClouds.mClouds.Monitoring.Zabbix"...

vcd_vapp_vm.Zabbix: Import prepared!

Prepared vcd_vapp_vm for import

vcd_vapp_vm.Zabbix: Refreshing state... [id=urn:vcloud:vm:778f4a89-1c8d-45b9-9d94-0472a71c4d1f]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Hadda waxaan eegi karnaa kheyraadka cusub ee la soo dejiyay:

Kheyraadka la soo dejiyay

> terraform show

...

# vcd_vapp.Monitoring:

resource "vcd_vapp" "Monitoring" {

guest_properties = {}

href = "https://vcloud.mclouds.ru/api/vApp/vapp-fe5db285-a4af-47c4-93e8-55df92f006ec"

id = "urn:vcloud:vapp:fe5db285-a4af-47c4-93e8-55df92f006ec"

ip = "allocated"

metadata = {}

name = "Monitoring"

org = "mClouds"

status = 4

status_text = "POWERED_ON"

vdc = "mClouds"

}

…

# vcd_vapp_vm.Zabbix:

resource "vcd_vapp_vm" "Zabbix" {

computer_name = "Zabbix"

cpu_cores = 1

cpus = 2

expose_hardware_virtualization = false

guest_properties = {}

hardware_version = "vmx-14"

href = "https://vcloud.mclouds.ru/api/vApp/vm-778f4a89-1c8d-45b9-9d94-0472a71c4d1f"

id = "urn:vcloud:vm:778f4a89-1c8d-45b9-9d94-0472a71c4d1f"

internal_disk = [

{

bus_number = 0

bus_type = "paravirtual"

disk_id = "2000"

iops = 0

size_in_mb = 122880

storage_profile = "Gold Storage Policy"

thin_provisioned = true

unit_number = 0

},

]

memory = 8192

metadata = {}

name = "Zabbix"

org = "mClouds"

os_type = "centos8_64Guest"

storage_profile = "Gold Storage Policy"

vapp_name = "Monitoring"

vdc = "mClouds"

customization {

allow_local_admin_password = true

auto_generate_password = true

change_sid = false

enabled = false

force = false

join_domain = false

join_org_domain = false

must_change_password_on_first_login = false

number_of_auto_logons = 0

}

network {

adapter_type = "VMXNET3"

ip_allocation_mode = "DHCP"

is_primary = true

mac = "00:50:56:07:01:b1"

name = "MCLOUDS-LAN01"

type = "org"

}

}

Hadda waxaan xaqiiqdii diyaar u nahay - waxaan dhammeynay qodobkii ugu dambeeyay (soo dejinta kaabayaasha jira) waxaanan tixgelinnay dhammaan qodobbada ugu muhiimsan ee la shaqeynta Terraform. 

Qalabku wuxuu noqday mid aad u habboon oo kuu ogolaanaya inaad ku qeexdo kaabayaashaaga sida koodka, laga bilaabo mashiinnada farsamada ee hal bixiyaha daruuraha si loo qeexo ilaha qaybaha shabakada.

Isla mar ahaantaana, madax-bannaanida deegaanka waxay suurtogal ka dhigaysaa in lala shaqeeyo deegaanka, ilaha daruuriga ah, iyo xitaa maamulida goobta. Oo haddii aysan jirin madal la taageeray oo aad rabto in aad mid cusub ku darto, waxaad qori kartaa bixiyehaaga oo aad isticmaasho.

Source: www.habr.com

Add a comment