Waxaan bilownay bixiye Terraform-ka rasmiga ah si uu ula shaqeeyo Selectel. Alaabtani waxay u ogolaataa dadka isticmaala inay si buuxda u hirgeliyaan maareynta kheyraadka iyada oo loo marayo habka Kaabayaasha-sida-koodka.
Bixiyuhu hadda waxa uu taageeraa maamulka ilaha adeegga (kadibna loo yaqaan VPC). Mustaqbalka, waxaan qorsheyneynaa inaan ku darno maareynta kheyraadka adeegyada kale ee ay bixiso Selectel.
Sidaad horeba u ogeyd, adeega VPC waxa lagu dhisay OpenStack. Si kastaba ha noqotee, iyadoo ay ugu wacan tahay xaqiiqda ah in OpenStack uusan bixineynin qalab asal ah oo loogu adeego daruuraha dadweynaha, waxaan ku hirgelinay shaqeynta maqan ee API-yo dheeraad ah oo fududeynaya maareynta walxaha isku dhafan oo ka dhigaya shaqada mid ku habboon. Qaar ka mid ah hawlaha laga heli karo OpenStack waa laga xiray isticmaalka tooska ah, laakiin waa la heli karaa iyada oo loo marayo .
Bixiyaha Selectel Terraform hadda waxa ku jira awoodda lagu maareeyo ilaha VPC ee soo socda:
- mashaariicda iyo qoondadooda;
- isticmaalayaasha, doorarkooda iyo calaamadahooda;
- shabakadaha dadweynaha, oo ay ku jiraan gobollada iyo VRRP;
- shatiyada software.
Bixiyuhu wuxuu isticmaalaa maktabada Go dadweynaha si uu ula shaqeeyo VPC API. Laybareeriga iyo bixiyaha laftiisaba waa il furan, horumarkooda waxaa lagu fuliyaa Github:
- kaydka maktabadda ,
- kayd bixiyaha .
Si aad u maamusho ilaha kale ee daruuriga ah, sida mashiinada farsamada gacanta, saxanadaha, Kubernetes kutlada, waxaad isticmaali kartaa bixiyaha OpenStack Terraform. Dukumeentiga rasmiga ah ee labada bixiye ayaa laga heli karaa xiriirinta soo socota:
- Dukumentiyada kheyraadka xulashada: ,
- Dukumentiyada ilaha OpenStack: .
Bilaabidda
Si aad u bilowdo, waxaad u baahan tahay inaad ku rakibto Terraform (tilmaamaha iyo isku xirka xirmooyinka rakibidda ayaa laga heli karaa ).
Si uu u shaqeeyo, bixiyaha waxa uu u baahan yahay furaha API Selectel, kaas oo lagu dhex abuuray .
Muujinta la shaqaynta Selectel waxaa la sameeyay iyadoo la adeegsanayo Terraform ama iyadoo la adeegsanayo tusaaleyaal diyaarsan oo laga heli karo kaydka Github: .
Kaydka oo leh tusaalayaal waxa loo qaybiyaa laba hage:
- modules, oo ka kooban qaybo yar yar oo dib loo isticmaali karo kuwaas oo qaata go'an cabbiro ahaan sida wax gelinta oo maamula qayb yar oo agab ah;
- tusaalayaal, oo ka kooban tusaaleyaal dhamaystiran oo ah cutubyo isku xidhan.
Ka dib marka la rakibo Terraform, abuurista furaha API Selectel oo aad barato tusaalooyinka, aynu u gudubno tusaalooyin wax ku ool ah.
Tusaale ahaan abuurista server leh saxan maxalli ah
Aan eegno tusaale abuurista mashruuc, isticmaale leh door iyo mashiinka farsamada leh ee disk-ga maxalliga ah: .
Faylka ku jira vars.tf dhammaan xuduudaha la isticmaali doono marka la waco modules-ka la sifeynayo. Qaar ka mid ah waxay leeyihiin qiyamka caadiga ah, tusaale ahaan, server-ka waxaa lagu abuuri doonaa aagga ru-3a qaabeynta soo socota:
variable "server_vcpus" {
default = 4
}
variable "server_ram_mb" {
default = 8192
}
variable "server_root_disk_gb" {
default = 8
}
variable "server_image_name" {
default = "Ubuntu 18.04 LTS 64-bit"
}
Faylka ku jira ugu weyn.tf Bixiyaha Selectel waa la bilaabay:
provider "selectel" {
token = "${var.sel_token}"
}
Faylkan waxa kale oo uu ka kooban yahay qiimaha caadiga ah ee furaha SSH ee lagu rakibi doono serfarka:
module "server_local_root_disk" {
...
server_ssh_key = "${file("~/.ssh/id_rsa.pub")}"
}
Haddii loo baahdo, waxaad cayimi kartaa fure dadweyne oo kale. Furaha looma baahna in lagu qeexo dariiqa faylalka; waxaad kaloo ku dari kartaa qiimaha xadhig ahaan.
Faylkan dheeraadka ah ee cutubyada ayaa la bilaabay mashruuc_la_isticmaal ΠΈ server_local_root_disk, kuwaas oo maamula agabka lagama maarmaanka ah.
Aynu si faahfaahsan u eegno cutubyadan.
Abuuritaanka mashruuc iyo isticmaale leh door
Qaybta kowaad waxay abuurtaa mashruuc iyo isticmaale door ku leh mashruucaas: .
Isticmaalaha la abuuray wuxuu awood u yeelan doonaa inuu galo OpenStack oo uu maareeyo kheyraadkiisa. Module-ku waa sahlan yahay wuxuuna maamulaa saddex qaybood oo keliya:
- selectel_vpc_project_v2,
- Selectel_vpc_user_v2,
- Selectel_vpc_role_v2.
Abuuritaanka server dalwad ah oo leh disk gudaha ah
Qaybta labaad waxay ka hadlaysaa maaraynta walxaha OpenStack, kuwaas oo lagama maarmaan u ah in la abuuro server leh saxan maxalli ah.
Waa inaad fiiro gaar ah u yeelataa qaar ka mid ah doodaha lagu qeexay cutubkan kheyraadka openstack_compute_intance_v2:
resource "openstack_compute_instance_v2" "instance_1" {
...
lifecycle {
ignore_changes = ["image_id"]
}
vendor_options {
ignore_resize_confirmation = true
}
}
dood iska indha_isbeddelka waxay kuu ogolaanaysaa inaad iska indho tirto isbeddelada sifada id ee sawirka loo isticmaalo in lagu abuuro mishiinka farsamada. Adeegga VPC, inta badan sawirada dadwaynaha si toos ah ayaa loo cusboonaysiiyaa todobaadkiiba hal mar isla mar ahaantaana iyaga id sidoo kale isbedel. Tan waxa u sabab ah waxyaabaha gaarka ah ee qaybta OpenStack - Glance, kaas oo sawiradu loo tixgaliyo wax aan la bedeli karin.
Haddii aad abuurayso ama wax ka beddelayso server ama disk jira oo leh dood ahaan sawirka_id waxaa loo isticmaalaa id sawirka guud, ka dib markii sawirkaas la cusboonaysiiyo, socodsiinta Terraform manifest mar kale waxay dib u abuuri doontaa server-ka ama diskka. Isticmaalka dood iska indha_isbeddelka kuu ogolaanayaa inaad ka fogaato xaaladdan oo kale.
Fiiro gaar ah: dood iska indha_isbeddelka wuxuu kasoo muuqday Terraform waqti dheer kahor: .
dood iska illow_resize_confirmation loo baahan yahay in si guul leh loo cabbiro saxanka maxalliga ah, koorayaasha, ama xusuusta server-ka. Isbedelada noocan oo kale ah waxaa lagu sameeyaa qaybta OpenStack Nova iyadoo la adeegsanayo codsi ucabirto. Default Nova ka dib codsiga ucabirto wuxuu dhigayaa server-ka xaalad xaqiijin_cabbir wuxuuna sugayaa xaqiijin dheeraad ah isticmaalaha. Si kastaba ha ahaatee, dhaqankan waa la bedeli karaa si Nova aysan u sugin ficillo dheeraad ah isticmaalaha.
Doodda la cayimay waxay u oggolaanaysaa Terraform inaysan sugin heerka xaqiijin_cabbir loogu talagalay server-ka oo u diyaargarow in server-ku uu ku jiro xaalad firfircoon ka dib markaad beddesho cabbirkiisa. Doodda waxaa laga heli karaa nooca 1.10.0 ee bixiyaha OpenStack Terraform: .
Abuurista Khayraadka
Ka hor inta aanad bilaabin bandhigyada, fadlan ogow in tusaale ahaan, laba bixiye oo kala duwan ayaa la bilaabay, iyo bixiyaha OpenStack waxay ku xiran tahay kheyraadka bixiyaha Selectel, maadaama aan la abuurin isticmaale mashruuca, waa wax aan suurtagal ahayn in la maareeyo walxaha uu leeyahay. . Nasiib darro, isla sabab la mid ah ma socodsiin karno amarka terraform codsan gudaha tusaalahayaga. Marka hore waxaan u baahanahay inaan sameyno codso loogu talagalay moduleka mashruuc_la_isticmaal iyo ka dib wax kasta oo kale.
Fiiro gaar ah: Arintan wali laguma xalin gudaha Terraform, waxaad kala socon kartaa dooda Github at ΠΈ .
Si aad u abuurto ilo, aad buugga hagaha , nuxurkiisu waa inuu ahaadaa sidan:
$ ls
README.md main.tf vars.tf
Waxaan ku bilownay cutubyada anagoo adeegsanayna amarka:
$ terraform init
Soosaarku wuxuu muujinayaa in Terraform ay soo dejiso noocyadii ugu dambeeyay ee bixiyeyaasha ay isticmaasho oo ay hubiso dhammaan cutubyada lagu sifeeyay tusaalaha.
Marka hore aan dabaqno moduleka mashruuc_la_isticmaal. Tani waxay u baahan tahay in gacanta lagu dhaafo qiyamka doorsoomayaasha aan la dejin:
- sel_account lambarkaaga koontada Selectel;
- sel_token oo wata furahaaga Selectel API;
- user_password oo wata furaha sirta ah ee isticmaalaha OpenStack.
Qiimaha labada doorsoome ee hore waa in laga soo qaadaa .
Doorsoomaha ugu dambeeya, waxaad la imaan kartaa erayga sirta ah ee kasta.
Si aad u isticmaasho moduleka waxaad u baahan tahay inaad bedesho qiyamka SEL_ACCOUNT, SEL_TOKEN ΠΈ USER_PASSWORD socodsiinaya amarka:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform apply -target=module.project_with_user
Kadib socodsiinta amarka, Terraform waxay tusi doontaa agabka ay rabto inay abuurto oo waydiiso xaqiijin:
Plan: 3 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
Marka mashruuca, isticmaalaha iyo doorka la abuuro, waxaad bilaabi kartaa abuurista kheyraadka hadhay:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform apply
Markaad abuureyso kheyraadka, fiiro gaar ah u yeelo soosaarka Terraform oo leh ciwaanka IP-ga ee dibadda halkaas oo server-ka la abuuray la heli karo:
module.server_local_root_disk.openstack_networking_floatingip_associate_v2.association_1: Creating...
floating_ip: "" => "x.x.x.x"
Waxaad kula shaqayn kartaa mashiinka farsamada gacanta ee la abuuray adoo isticmaalaya SSH adoo isticmaalaya IP-ga la cayimay.
Kheyraadka Tafatirka
Marka lagu daro abuurista kheyraadka iyada oo loo marayo Terraform, sidoo kale waa la beddeli karaa.
Tusaale ahaan, aynu kordhinno tirada xudunta iyo xusuusta ee server-keena annagoo beddelayna qiyamka xuduudaha server_vcpus ΠΈ server_ram_mb faylka ku jira tusaale/vpc/server_local_root_disk/main.tf:
- server_vcpus = "${var.server_vcpus}"
- server_ram_mb = "${var.server_ram_mb}"
+ server_vcpus = 8
+ server_ram_mb = 10240
Taas ka dib, waxaan hubineynaa isbeddelada ay tani u horseedi doonto isticmaalka amarka soo socda:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform plan
Natiijo ahaan, Terraform wuxuu sameeyay isbeddel kheyraad openstack_compute_intance_v2 ΠΈ openstack_compute_flavor_v2.
Fadlan ogow in tani ay keenayso dib u kicinta mishiinka farsamada ee la abuuray.
Si aad u codsato qaabaynta mishiin cusub, isticmaal amarka terraform codsan, kaas oo aan horay u bilownay.
Dhammaan walxaha la abuuray ayaa lagu soo bandhigi doonaa :
Inaga Waxa kale oo aad arki kartaa muujinta abuurista mashiinnada farsamada gacanta oo wata shabakado.
Tusaale ahaan abuurista koox Kubernetes ah
Inta aynaan u gudbin tusaalaha xiga, waxaan nadiifin doonaa agabkii aan hore u abuurnay. Si tan loo sameeyo xididka mashruuca Aan socodsiino amarka si aan u tirtirno walxaha OpenStack:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform destroy -target=module.server_local_root_disk
Ka dib u socodsii amarka si aad u nadiifiso Selectel VPC API shayga:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform destroy -target=module.project_with_user
Labada xaaladood, waxaad u baahan doontaa inaad xaqiijiso tirtirka dhammaan walxaha:
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
Tusaalaha soo socdaa waxa uu ku yaala hagaha .
Tusaalahani wuxuu abuuraa mashruuc, isticmaale door ku leh mashruuca, wuxuuna kor u qaadaa hal koox oo Kubernetes ah. Faylka ku jira vars.tf Waxaad arki kartaa qiimaha caadiga ah, sida tirada noodhka, sifooyinkooda, nooca Kubernetes, iwm.
Si loo abuuro ilo la mid ah tusaalaha koowaad, marka hore waxaan bilaabi doonaa bilaabista modules iyo abuurista ilaha moduleka mashruuc_la_isticmaalka dibna abuur wax kasta oo kale:
$ terraform init
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform apply -target=module.project_with_user
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform apply
Waxaan ku wareejin doonaa abuurista iyo maamulka Kubernetes kutlooyinka iyada oo loo marayo qaybta OpenStack Magnum. Waxaad ka heli kartaa wax badan oo ku saabsan sida loola shaqeeyo kooxdeena mid ka mid ah sidoo kale .
Marka la diyaarinayo kutlada, saxanadaha iyo mashiinada farsamada ayaa la abuuri doonaa waxaana lagu rakibayaa dhammaan qaybaha lagama maarmaanka ah. Diyaargarawgu wuxuu qaadanayaa ilaa 4 daqiiqo, wakhtigaas oo Terraform uu soo bandhigi doono fariimaha sida:
module.kubernetes_cluster.openstack_containerinfra_cluster_v1.cluster_1: Still creating... (3m0s elapsed)
Marka rakibiddu dhammaato, Terraform waxay tilmaamaysaa in kooxdu diyaar tahay oo ay muujiso aqoonsigeeda:
module.kubernetes_cluster.openstack_containerinfra_cluster_v1.cluster_1: Creation complete after 4m20s (ID: 3c8...)
Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
Si aad u maamusho kutlada Kubernetes ee la abuuray iyada oo loo marayo utility kubectl waxaad u baahan tahay inaad hesho faylka gelitaanka kooxda Si tan loo sameeyo, u tag mashruuca lagu abuuray Terraform ee liiska mashaariicda ee akoonkaaga:
Marka xigta, raac xiriirka sida Kaaso hoos ka muuqda magaca mashruuca:
Macluumaadka gelitaanka, isticmaal magaca isticmaalaha iyo erayga sirta ah ee aad ku dhex abuurtay Terraform. Haddaadan khiyaanayn vars.tf ama ugu weyn.tf tusaale ahaan, isticmaaluhu wuxuu yeelan doonaa magaca tf_user. Waa inaad u isticmaashaa qiimaha doorsoomuhu sirta ahaan TF_VAR_user_password, kaas oo lagu cayimay bilowga terraform codsan hore.
Gudaha mashruuca waxaad u baahan tahay inaad tagto tab Kubureteska:
Halkani waa halka ay ku yaalaan kooxda lagu sameeyay Terraform. Soo deji faylka kubectl Waxaad ka heli kartaa tab "helitaanka":
Tilmaamaha rakibidda waxay ku yaalliin isla tab. kubectl iyo isticmaalka la soo dejiyey config.yaml.
Ka dib markii la bilaabay kubectl iyo dejinta doorsoomayaasha deegaanka KUBECONFIG Waxaad isticmaali kartaa Kubernetes:
$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-9578f5c87-g6bjf 1/1 Running 0 8m
kube-system coredns-9578f5c87-rvkgd 1/1 Running 0 6m
kube-system heapster-866fcbc879-b6998 1/1 Running 0 8m
kube-system kube-dns-autoscaler-689688988f-8cxhf 1/1 Running 0 8m
kube-system kubernetes-dashboard-7bdb5d4cd7-jcjq9 1/1 Running 0 8m
kube-system monitoring-grafana-84c97bb64d-tc64b 1/1 Running 0 8m
kube-system monitoring-influxdb-7c8ccc75c6-dzk5f 1/1 Running 0 8m
kube-system node-exporter-tf-cluster-rz6nggvs4va7-minion-0 1/1 Running 0 8m
kube-system node-exporter-tf-cluster-rz6nggvs4va7-minion-1 1/1 Running 0 8m
kube-system openstack-cloud-controller-manager-8vrmp 1/1 Running 3 8m
prometeus-monitoring grafana-76bcb7ffb8-4tm7t 1/1 Running 0 8m
prometeus-monitoring prometheus-75cdd77c5c-w29gb 1/1 Running 0 8m
Tirada qanjidhada kooxdu si fudud ayaa loogu beddeli karaa iyada oo loo marayo Terraform.
Faylka ku jira ugu weyn.tf qiimaha soo socda ayaa la cayimay:
cluster_node_count = "${var.cluster_node_count}"
Qiimahan ayaa laga beddelay vars.tf:
variable "cluster_node_count" {
default = 2
}
Waxaad ku bedeli kartaa qiimaha caadiga ah midkood vars.tf, ama si toos ah u qeex qiimaha loo baahan yahay ugu weyn.tf:
- cluster_node_count = "${var.cluster_node_count}"
+ cluster_node_count = 3
Si loo dabaqo isbeddelada, sida kiiska tusaalaha koowaad, isticmaal amarka terraform codsan:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform apply
Marka tirada qanjidhada isbeddesho, kooxdu waxay ahaanaysaa diyaar. Ka dib markaad ku darto noode iyada oo loo marayo Terraform, waxaad isticmaali kartaa iyada oo aan lahayn qaabeyn dheeri ah:
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
tf-cluster-rz6nggvs4va7-master-0 Ready,SchedulingDisabled master 8m v1.12.4
tf-cluster-rz6nggvs4va7-minion-0 Ready <none> 8m v1.12.4
tf-cluster-rz6nggvs4va7-minion-1 Ready <none> 8m v1.12.4
tf-cluster-rz6nggvs4va7-minion-2 Ready <none> 3m v1.12.4
gunaanad
Maqaalkan waxaan ku barannay siyaabaha ugu muhiimsan ee loo shaqeeyo iyada oo loo marayo Terraform. Waan ku farxi doonaa haddii aad isticmaasho bixiyaha rasmiga ah ee Selectel Terraform oo aad bixiso jawaab celin.
Cilad kasta oo laga helo bixiyaha Selectel Terraform waa la soo wargelin karaa iyada oo loo marayo .
Source: www.habr.com