Sehloohong sena re tla sheba hore na Terraform e na le eng, mme butle-butle re qale mekhoa ea rona ea motheo - re tla lokisa li-VM tse tharo bakeng sa merero e fapaneng: proxy, polokelo ea lifaele le CMS.
Mabapi le ntho e 'ngoe le e' ngoe ka botlalo le ka mekhahlelo e meraro:
1. Terraform - tlhaloso, melemo le likarolo
Terraform ke sesebelisoa sa IaC (Infrastructure-as-Code) bakeng sa ho haha le ho laola mekhoa ea motheo ea sebele ka ho sebelisa khoutu.
Re hlokometse melemo e 'maloa ea ho sebetsa le sesebelisoa:
-
Lebelo la thomello ea bahiri ba bacha (litikoloho tse tloahelehileng). Ka tloaelo, ha bareki ba bacha ba ntse ba e-na le bareki ba bangata, basebetsi ba ts'ehetso ea botekgeniki ba hloka ho etsa "click" ho phatlalatsa lisebelisoa tse ncha. Ka Terraform, basebelisi ba ka fetola litlhophiso tsa mochini o hlakileng (mohlala, ho koala OS ka bohona le ho eketsa karohano ea disk e hlakileng) ntle le ho hloka tšehetso ea tekheniki kapa ho koala mochini ka boeona.
-
Netefatso ea hang-hang ea moralo oa ts'ebetso Mohiri e mocha. Ka ho sebelisa tlhaloso ea khoutu ea litšebeletso, re ka hlahloba hang-hang hore na ho tla eketsoa eng le hore na ho tla etsoa ka tatellano efe, hammoho le hore na sena kapa mochine oo oa sebele kapa marang-rang a nang le likhokahano le mechine e sebetsang e tla ba boemong bofe ba ho qetela.
-
Bokhoni ba ho hlalosa liforomo tse tsebahalang haholo tsa maru. U ka sebelisa sesebelisoa ho tloha Amazon le Google Cloud, ho ea ho li-platform tsa poraefete tse thehiloeng ho VMware vCloud Director, tse fanang ka litšebeletso ka har'a tharollo ea IaaS, SaaS le PaaS.
-
Laola bafani ba bangata ba maru le ho aba lisebelisoa tsa motheo pakeng tsa bona ho ntlafatsa mamello ea liphoso, ho sebelisa tlhophiso e le 'ngoe ho theha, ho hlahloba le ho laola mehloli ea maru.
-
Tšebeliso e bonolo ho theha liteishene tsa demo bakeng sa tlhahlobo ea software le debugging. U ka theha le ho fetisetsa litomo bakeng sa lefapha la liteko, software ea liteko libakeng tse fapaneng ka ho ts'oana, 'me u fetole hang-hang le ho hlakola lisebelisoa ka ho theha moralo o le mong feela oa ho aha lisebelisoa.
"Terrarium" "Terraform".
Re buile ka bokhutšoanyane ka melemo ea sesebelisoa, joale a re e arole ka likarolo tsa eona
Bafani.
Ho Terraform, hoo e batlang e le mofuta ofe kapa ofe oa lisebelisoa o ka emeloa e le sesebelisoa. Khokahano pakeng tsa lisebelisoa le sethala sa API se fanoa ke li-module tsa bafani, tse u lumellang hore u thehe lisebelisoa ka har'a sethala se itseng, mohlala, Azure kapa VMware vCloud Director.
E le karolo ea morero, o ka sebelisana le bafani ba fapaneng ka li-platform tse fapaneng.
Lisebelisoa (tlhaloso ea lisebelisoa).
Tlhaloso ea lisebelisoa e u lumella ho laola likarolo tsa sethala, joalo ka mechini kapa marang-rang.
U ka iketsetsa tlhaloso ea lisebelisoa bakeng sa mofani oa VMware vCloud Director ka bouena 'me u sebelise tlhaloso ena ho theha lisebelisoa le mofani ofe kapa ofe ea amohelang ea sebelisang vCloud Director. U hloka feela ho fetola liparamente tsa netefatso le li-parameter tsa khokahano ea marang-rang ho mofani oa moamoheli ea hlokahalang
Bafani ba thepa.
Karolo ena e etsa hore ho khonehe ho etsa ts'ebetso bakeng sa ho kenya le ho boloka tsamaiso ea pele ea ts'ebetso ka mor'a ho theha mechine ea sebele. Hang ha u se u thehile mochine oa sebele oa mochine, u ka sebelisa bafani ho lokisa le ho hokahanya ka SSH, ho ntlafatsa mokhoa oa ho sebetsa, le ho khoasolla le ho tsamaisa script.
Lintho tse fapaneng tsa ho kenya le ho tsoa.
Liphapano tsa ho kenya - mefuta ea ho kenya bakeng sa mefuta efe kapa efe ea li-block.
Liphetoho tse hlahisoang li u lumella ho boloka boleng ka mor'a ho theha lisebelisoa 'me li ka sebelisoa e le mefuta e fapaneng ea ho kenya li-module tse ling, mohlala ho Provisioners block.
Linaha.
Lifaele tsa linaha li boloka tlhahisoleseling mabapi le tlhophiso ea lisebelisoa tsa sethala sa bafani. Ha sethala se qala ho bōptjoa, ha ho na tlhahisoleseding e mabapi le lisebelisoa le pele ho ts'ebetso leha e le efe, Terraform e ntlafatsa naha ka lisebelisoa tsa sebele tsa lisebelisoa tse seng li hlalositsoe.
Sepheo se seholo sa linaha ke ho boloka lintho tse ngata tsa lisebelisoa tse seng li bōpiloe ho bapisa tlhophiso ea lisebelisoa le lintho tse ekelitsoeng e le ho qoba ho bōptjoa khafetsa le liphetoho sethaleng.
Ka nako e sa lekanyetsoang, tlhahisoleseding ea mmuso e bolokiloe faeleng ea sebaka sa terraform.tfstate, empa haeba ho hlokahala, hoa khoneha ho sebelisa polokelo e hōle bakeng sa mosebetsi oa sehlopha.
U ka boela ua kenya lisebelisoa tsa sethala tsa hajoale mmusong ho tsoela pele ho sebelisana le lisebelisoa tse ling tse ileng tsa etsoa ntle le thuso ea Terraform.
2. Tlhahiso ea lisebelisoa tsa motheo
Likarolo li hlophisitsoe, joale re sebelisa Terraform butle-butle re tla theha meaho e nang le mechini e meraro ea sebele. Ea pele e nang le seva sa proxy ea nginx e kentsoeng, ea bobeli e na le polokelo ea lifaele e thehiloeng ho Nextcloud le ea boraro e nang le CMS Bitrix.
Re tla ngola khoutu ebe re e phetha re sebelisa mohlala oa rona . Basebelisi ba rona ba fumana ak'haonte e nang le litokelo tsa Tsamaiso ea Mokhatlo Haeba u sebelisa ak'haonte e nang le litokelo tse tšoanang lerung le leng la VMware, o ka hlahisa khoutu ho tsoa mehlaleng ea rona. Tsamaea!
Taba ea pele, ha re theheng lethathamo la morero oa rona o mocha moo lifaele tse hlalosang meralo ea motheo li tla beoang teng.
mkdir project01
Ka mor'a moo, re hlalosa likarolo tsa motheo. Terraform e theha likamano le ho sebetsana le lifaele ho latela tlhaloso ea lifaele. Lifaele ka botsona li ka bitsoa ho latela morero oa li-blocks tse hlalositsoeng, mohlala, network.tf - e hlalosa mekhoa ea marang-rang bakeng sa lisebelisoa tsa motheo.
Ho hlalosa likarolo tsa lisebelisoa tsa rona, re thehile lifaele tse latelang:
Lenane la lifaele.
main.tf - tlhaloso ea li-parameter bakeng sa tikoloho ea sebele - mechine ea sebele, lijana tsa sebele;
marang-rang.tf - tlhaloso ea li-parameter tsa marang-rang tse tloaelehileng le melao ea NAT le Firewall;
variables.tf - lenane la mefuta-futa eo re e sebelisang;
vcd.tfvars - litekanyetso tse fapaneng tsa morero bakeng sa module ea VMware vCloud Director.
Puo ea tlhophiso ho Terraform e phatlalatsa mme tatellano ea li-block ha e na taba, ntle le bakeng sa li-block tsa mofani, hobane ka thibela ena re hlalosa litaelo tse lokelang ho etsoa ha ho lokisoa lisebelisoa tsa motheo 'me li tla etsoa ka tatellano.
Sebopeho sa thibela.
<BLOCK TYPE> "<BLOCK LABEL>" "<BLOCK LABEL>" {
# Block body
<IDENTIFIER> = <EXPRESSION> # Argument
}
Ho hlalosa li-blocks, puo ea eona ea lenaneo HCL (HashiCorp Configuration Language) e sebelisoa; hoa khoneha ho hlalosa mekhoa ea motheo e sebelisang JSON. U ka ithuta ho eketsehileng ka syntax .
Tikoloho e feto-fetohang tlhophiso, variables.tf le vcd.tfvars
Taba ea pele, ha re theheng lifaele tse peli tse hlalosang lenane la mefuta eohle e sebelisitsoeng le boleng ba tsona bakeng sa mojule oa VMware vCloud Director. Pele, ha re theheng faele ea variables.tf.
Likahare tsa faele ea variables.tf.
variable "vcd_org_user" {
description = "vCD Tenant User"
}
variable "vcd_org_password" {
description = "vCD Tenant Password"
}
variable "vcd_org" {
description = "vCD Tenant Org"
}
variable "vcd_org_vdc" {
description = "vCD Tenant VDC"
}
variable "vcd_org_url" {
description = "vCD Tenant URL"
}
variable "vcd_org_max_retry_timeout" {
default = "60"
}
variable "vcd_org_allow_unverified_ssl" {
default = "true"
}
variable "vcd_org_edge_name" {
description = "vCD edge name"
}
variable "vcd_org_catalog" {
description = "vCD public catalog"
}
variable "vcd_template_os_centos7" {
description = "OS CentOS 7"
default = "CentOS7"
}
variable "vcd_org_ssd_sp" {
description = "Storage Policies"
default = "Gold Storage Policy"
}
variable "vcd_org_hdd_sp" {
description = "Storage Policies"
default = "Bronze Storage Policy"
}
variable "vcd_edge_local_subnet" {
description = "Organization Network Subnet"
}
variable "vcd_edge_external_ip" {
description = "External public IP"
}
variable "vcd_edge_local_ip_nginx" {}
variable "vcd_edge_local_ip_bitrix" {}
variable "vcd_edge_local_ip_nextcloud" {}
variable "vcd_edge_external_network" {}
Maemo a feto-fetohang ao re a fumanang ho tsoa ho mofani oa litšebeletso.
-
vcd_org_user - lebitso la mosebelisi le nang le litokelo tsa Motsamaisi oa Mokhatlo,
-
vcd_org_password - phasewete ea mosebelisi,
-
vcd_org - lebitso la mokhatlo,
-
vcd_org_vdc - lebitso la setsi sa data sa sebele,
-
vcd_org_url - API URL,
-
vcd_org_edge_name - lebitso la router ea sebele,
-
vcd_org_catalog - lebitso la bukana e nang le litempele tsa mochini,
-
vcd_edge_external_ip - aterese ea IP ea sechaba,
-
vcd_edge_external_network - lebitso la marang-rang a kantle,
-
vcd_org_hdd_sp - lebitso la leano la polokelo ea HDD,
-
vcd_org_ssd_sp - lebitso la leano la polokelo ea SSD.
Ebe u kenya likhetho tsa rona:
-
vcd_edge_local_ip_nginx - Aterese ea IP ea mochini o sebetsang o nang le NGINX,
-
vcd_edge_local_ip_bitrix - Aterese ea IP ea mochini o sebetsang o nang le 1C: Bitrix,
-
vcd_edge_local_ip_nextcloud - Aterese ea IP ea mochini o sebetsang o nang le Nextcloud.
Ka faele ea bobeli re theha le ho hlalosa mefuta e fapaneng bakeng sa mojule oa VMware vCloud Director faeleng ea vcd.tfvars: A re hopoleng hore mohlaleng oa rona oo re o sebelisang. , haeba u sebetsa le mofani e mong, hlahloba litekanyetso le bona.
Litaba tsa faele ea vcd.tfvars.
vcd_org_url = "https://vcloud.mclouds.ru/api"
vcd_org_user = "orgadmin"
vcd_org_password = "*"
vcd = "org"
vcd_org_vdc = "orgvdc"
vcd_org_maxretry_timeout = 60
vcd_org_allow_unverified_ssl = true
vcd_org_catalog = "Templates"
vcd_templateos_centos7 = "CentOS7"
vcd_org_ssd_sp = "Gold Storage Policy"
vcd_org_hdd_sp = "Bronze Storage Policy"
vcd_org_edge_name = "MCLOUDS-EDGE"
vcd_edge_external_ip = "185.17.66.1"
vcd_edge_local_subnet = "192.168.110.0/24"
vcd_edge_local_ip_nginx = "192.168.110.1"
vcd_edge_local_ip_bitrix = "192.168.110.10"
vcd_edge_local_ip_nextcloud = "192.168.110.11"
vcd_edge_external_network = "NET-185-17-66-0"
Tlhophiso ea marang-rang, network.tf.
Liphetoho tsa tikoloho li se li hlophisitsoe, joale re tla theha moralo oa khokahano oa mochini - re tla abela mochini o mong le o mong aterese ea poraefete mme re sebelise Sebaka sa NAT ho "fetisetsa" likou ho marang-rang a kantle. Ho fokotsa phihlello ea likoung tsa taolo, re tla beha phihlello bakeng sa aterese ea rona ea IP feela.
Setšoantšo sa marang-rang bakeng sa sethala sa Terraform se ntseng se etsoa
Re theha marang-rang a mokhatlo a nang le lebitso net_lan01, heke ea kamehla: 192.168.110.254, hape le sebaka sa aterese: 192.168.110.0/24.
Re hlalosa marang-rang a sebele.
resource "vcd_network_routed" "net" {
name = "net_lan01"
edge_gateway = var.vcd_org_edge_name
gateway = "192.168.110.254"
dns1 = "1.1.1.1"
dns2 = "8.8.8.8"
static_ip_pool {
start_address = "192.168.110.1"
end_address = "192.168.110.253"
}
}
Ha re theheng melao ea firewall e lumellang mechini e fumanehang marang-rang ho fihlella Marang-rang. Ka har'a block ena, lisebelisoa tsohle tse fumanehang marung li tla ba le phihlello ea Marang-rang:
Re hlalosa melao ea ho fihlella VM ho Marang-rang.
resource "vcd_nsxv_firewall_rule" "fw_internet_access" {
edge_gateway = var.vcdorgedgename
name = "Internet Access"
source {
gateway_interfaces = ["internal"]
}
destination {
gateway_interfaces = ["external"]
}
service {
protocol = "any"
}
depends_on = [vcdnetworkrouted.net]
}
Ha re se re thehile ts'epo ea hore kamora ho sebetsana le vcdnetworkrouted.net block, re tsoela pele ho lokisa block ea vcdnsxvfirewallrule., ka ho sebelisa dependon. Re sebelisa khetho ena hobane lintho tse ling li ka 'na tsa hlokomeloa ka mokhoa o hlakileng ha ho etsoa litlhophiso.
Ka mor'a moo, re tla theha melao e lumellang ho fihlella likoung ho tloha marang-rang a ka ntle le ho bontša aterese ea rona ea IP bakeng sa ho hokahanya ka SSH ho li-server. Mosebelisi ofe kapa ofe oa Marang-rang o na le phihlello ea li-port 80 le 443 ho seva sa marang-rang, mme mosebelisi ea nang le aterese ea IP ea 90.1.15.1 o na le phihlello ea likou tsa SSH tsa li-server tse fumanehang.
Lumella ho kena likoung ho tsoa marang-rang a kantle.
resource "vcd_nsxv_firewall_rule" "fwnatports" {
edge_gateway = var.vcd_org_edge_name
name = "HTTPs Access"
source {
gateway_interfaces = ["external"]
}
destination {
gateway_interfaces = ["internal"]
}
service {
protocol = "tcp"
port = "80"
}
service {
protocol = "tcp"
port = "443"
}
depends_on = [vcd_network_routed.net]
}
resource "vcd_nsxv_firewall_rule" "fw_nat_admin_ports" {
edge_gateway = var.vcd_org_edge_name
name = "Admin Access"
source {
ip_addresses = [ "90.1.15.1" ]
}
destination {
gateway_interfaces = ["internal"]
}
service {
protocol = "tcp"
port = "58301"
}
service {
protocol = "tcp"
port = "58302"
}
service {
protocol = "tcp"
port = "58303"
}
depends_on = [vcd_network_routed.net]
}
Re theha melao ea Mohloli oa NAT bakeng sa ho fihlella Marang-rang ho tsoa ho marang-rang a marang-rang a maru:
Re hlalosa melao ea Mohloli oa NAT.
resource "vcd_nsxv_snat" "snat_local" {
edge_gateway = var.vcd_org_edge_name
network_type = "ext"
network_name = var.vcdedgeexternalnetwork
original_address = var.vcd_edge_local_subnet
translated_address = var.vcd_edge_external_ip
depends_on = [vcd_network_routed.net]
}
'Me ho phethela tlhophiso ea block network, re eketsa melao ea Destination NAT bakeng sa ho fumana lits'ebeletso ho tsoa marang-rang a kantle:
E eketsa melao ea NAT ea moo e eang teng.
resource "vcd_nsxv_dnat" "dnat_tcp_nginx_https" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"
description = "NGINX HTTPs"
original_address = var.vcd_edge_external_ip
original_port = 443
translated_address = var.vcd_edge_local_ip_nginx
translated_port = 443
protocol = "tcp"
depends_on = [vcd_network_routed.net]
}
resource "vcd_nsxv_dnat" "dnat_tcp_nginx_http" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"
description = "NGINX HTTP"
original_address = var.vcd_edge_external_ip
original_port = 80
translated_address = var.vcd_edge_local_ip_nginx
translated_port = 80
protocol = "tcp"
depends_on = [vcd_network_routed.net]
}
Kenya molao oa NAT bakeng sa phetolelo ea port ho seva sa SSH tlasa Nginx.
resource "vcd_nsxv_dnat" "dnat_tcp-nginx_ssh" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"
description = "SSH NGINX"
original_address = var.vcd_edge_external_ip
original_port = 58301
translated_address = var.vcd_edge_local_ip_nginx
translated_port = 22
protocol = "tcp"
depends_on = [vcd_network_routed.net]
}
Kenya molao oa NAT bakeng sa phetolelo ea port ho seva sa SSH ka 1C-Bitrix.
resource "vcd_nsxv_dnat" "dnat_tcp_bitrix_ssh" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"
description = "SSH Bitrix"
original_address = var.vcd_edge_external_ip
original_port = 58302
translated_address = var.vcd_edge_local_ip_bitrix
translated_port = 22
protocol = "tcp"
depends_on = [vcd_network_routed.net]
}
Kenya molao oa NAT bakeng sa phetolelo ea port ho seva sa SSH ka Nextcloud.
resource "vcd_nsxv_dnat" "dnat_tcp_nextcloud_ssh" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"
description = "SSH Nextcloud"
original_address = var.vcd_edge_external_ip
original_port = 58303 translated_address = var.vcd_edge_local_ip_nextcloud
translated_port = 22
protocol = "tcp"
depends_on = [vcd_network_routed.net]
}
Tlhophiso ea tikoloho ea Main.tf
Joalokaha re rerile qalong ea sengoloa, re tla theha mechini e meraro ea sebele. Li tla lokisoa ho sebelisoa "Moeti Customization". Re tla beha liparamente tsa marang-rang ho latela litlhophiso tseo re li boletseng, mme password ea mosebelisi e tla hlahisoa ka bo eona.
Ha re hlalose vApp eo ho eona mechini e tla beng e le teng le tlhophiso ea eona.
Phetoho ea mochini oa Virtual
Ha re theheng setshelo sa vApp. E le hore re khone ho hokahanya vApp le VM hang-hang ho marang-rang a sebele, re kenyelletsa le parameter ea depend_on:
Etsa setshelo
resource "vcd_vapp" "vapp" {
name = "web"
power_on = "true" depends_on = [vcd_network_routed.net]
}
Ha re theheng mochini o hlakileng o nang le tlhaloso
resource "vcd_vapp_vm" "nginx" {
vapp_name = vcd_vapp.vapp.name
name = "nginx"
catalog_name = var.vcd_org_catalog
template_name = var.vcd_template_os_centos7
storage_profile = var.vcd_org_ssd_sp
memory = 8192
cpus = 1
cpu_cores = 1
network {
type = "org"
name = vcd_network_routed.net.name
is_primary = true
adapter_type = "VMXNET3"
ip_allocation_mode = "MANUAL"
ip = var.vcd_edge_local_ip_nginx
}
override_template_disk {
bus_type = "paravirtual"
size_in_mb = "32768"
bus_number = 0
unit_number = 0
storage_profile = var.vcd_org_ssd_sp
}
}
Lintlha tse ka sehloohong tlhalosong ea VM:
-
lebitso - lebitso la mochine oa sebele,
-
vappname - lebitso la vApp eo u ka kenyang VM e ncha ho eona,
-
catalogname / templatename - lebitso la lethathamo le lebitso la template ea mochini,
-
storageprofile - leano la ho boloka kamehla.
Li-parameter tsa block block:
-
mofuta - mofuta oa marang-rang a hokahaneng,
-
lebitso - ke marang-rang afe a ho hokahanya VM ho,
-
isprimary - adaptara ea mantlha ea netweke,
-
ipallocation_mode - MANUAL / DHCP / POOL mokhoa oa ho fana ka aterese,
-
ip - Aterese ea IP bakeng sa mochini oa sebele, re tla e hlalosa ka letsoho.
override_template_disk block:
-
sizeinmb - boholo ba disk ea boot bakeng sa mochini o sebetsang
-
storage_profile - leano la polokelo bakeng sa disk
Ha re theheng VM ea bobeli e nang le tlhaloso ea polokelo ea faele ea Nextcloud
resource "vcd_vapp_vm" "nextcloud" {
vapp_name = vcd_vapp.vapp.name
name = "nextcloud"
catalog_name = var.vcd_org_catalog
template_name = var.vcd_template_os_centos7
storage_profile = var.vcd_org_ssd_sp
memory = 8192
cpus = 1
cpu_cores = 1
network {
type = "org"
name = vcd_network_routed.net.name
is_primary = true
adapter_type = "VMXNET3"
ip_allocation_mode = "MANUAL"
ip = var.vcd_edge_local_ip_nextcloud
}
override_template_disk {
bus_type = "paravirtual"
size_in_mb = "32768"
bus_number = 0
unit_number = 0
storage_profile = var.vcd_org_ssd_sp
}
}
resource "vcd_vm_internal_disk" "disk1" {
vapp_name = vcd_vapp.vapp.name
vm_name = "nextcloud"
bus_type = "paravirtual"
size_in_mb = "102400"
bus_number = 0
unit_number = 1
storage_profile = var.vcd_org_hdd_sp
allow_vm_reboot = true
depends_on = [ vcd_vapp_vm.nextcloud ]
}
Karolong ea vcdvminternal_disk re tla hlalosa disk e ncha e hokahaneng le mochini o sebetsang.
Litlhaloso tsa block ea vcdvminternaldisk:
-
bustype - mofuta oa taolo ea disk
-
sizeinmb - boholo ba disk
-
busnumber / unitnumber - sebaka sa khokahano ho adaptara
-
storage_profile - leano la polokelo bakeng sa disk
Ha re hlalose VM ea morao-rao ho Bitrix
resource "vcd_vapp_vm" "bitrix" {
vapp_name = vcd_vapp.vapp.name
name = "bitrix"
catalog_name = var.vcd_org_catalog
template_name = var.vcd_template_os_centos7
storage_profile = var.vcd_org_ssd_sp
memory = 8192
cpus = 1
cpu_cores = 1
network {
type = "org"
name = vcd_network_routed.net.name
is_primary = true
adapter_type = "VMXNET3"
ip_allocation_mode = "MANUAL"
ip = var.vcd_edge_local_ip_bitrix
}
override_template_disk {
bus_type = "paravirtual"
size_in_mb = "81920"
bus_number = 0
unit_number = 0
storage_profile = var.vcd_org_ssd_sp
}
}
Ho nchafatsa OS le ho kenya lingoloa tse ling
Marang-rang a lokiselitsoe, ho hlalosoa mechini ea sebele. Pele re kenya lisebelisoa tsa rona tsa kantle ho naha, re ka etsa tokisetso esale pele re sebelisa li-blocker le ntle le ho sebelisa Ansible.
Ha re shebeng mokhoa oa ho nchafatsa OS le ho tsamaisa sengoloa sa ho kenya CMS Bitrix u sebelisa blocker ea mofani.
Taba ea pele, ha re kenyeng liphutheloana tsa ntlafatso tsa CentOS.
resource "null_resource" "nginx_update_install" {
provisioner "remote-exec" {
connection {
type = "ssh"
user = "root"
password = vcd_vapp_vm.nginx.customization[0].admin_password
host = var.vcd_edge_external_ip
port = "58301"
timeout = "30s"
}
inline = [
"yum -y update && yum -y upgrade",
"yum -y install wget nano epel-release net-tools unzip zip" ]
}
}
}
Khetho ea likarolo:
-
provider "remote-exec" - hokela sebaka sa ho fana ka hole
-
Ka block block re hlalosa mofuta le liparamente tsa khokahano:
-
mofuta - protocol, molemong oa rona SSH;
-
user - lebitso la mosebedisi;
-
password - password ea mosebelisi. Tabeng ea rona, re supa parameter vcdvappvm.nginx.customization[0].admin_password, e bolokang password e hlahisitsoeng bakeng sa mosebedisi oa tsamaiso.
-
moamoheli - aterese ea IP ea kantle bakeng sa khokahano;
-
port - boema-kepe bakeng sa khokahano, eo pele e neng e boletsoe ho litlhophiso tsa DNAT;
-
inline - thathamisa lethathamo la litaelo tse tla kenngoa. Litaelo li tla kenngoa ka tatellano joalokaha ho bontšitsoe karolong ena.
E le mohlala, ha re etseng hape sengoloa sa ho kenya 1C-Bitrix. Sephetho sa sephetho sa script se tla ba teng ha moralo o ntse o sebetsa. Ho kenya script, pele re hlalosa block:
Ha re hlalose ho kenngoa ha 1C-Bitrix.
provisioner "file" {
source = "prepare.sh"
destination = "/tmp/prepare.sh"
connection {
type = "ssh"
user = "root"
password = vcd_vapp_vm.nginx.customization[0].admin_password
host = var.vcd_edge_external_ip
port = "58301"
timeout = "30s"
}
}
provisioner "remote-exec" {
inline = [
"chmod +x /tmp/prepare.sh", "./tmp/prepare.sh"
]
}
'Me hang-hang re tla hlalosa ntlafatso ea Bitrix.
Mohlala oa ho fana ka 1C-Bitrix.
resource "null_resource" "install_update_bitrix" {
provisioner "remote-exec" {
connection {
type = "ssh"
user = "root"
password = vcd_vapp_vm.bitrix.customization[0].admin_password
host = var.vcd_edge_external_ip
port = "58302"
timeout = "60s"
}
inline = [
"yum -y update && yum -y upgrade",
"yum -y install wget nano epel-release net-tools unzip zip",
"wget http://repos.1c-bitrix.ru/yum/bitrix-env.sh -O /tmp/bitrix-env.sh",
"chmod +x /tmp/bitrix-env.sh",
"/tmp/bitrix-env.sh"
]
}
}
Bohlokoa! Sengoloa se kanna sa se sebetse haeba o sa tima SELinux esale pele! Haeba o hloka sengoloa se qaqileng mabapi le ho kenya le ho hlophisa CMS 1C-Bitrix o sebelisa bitrix-env.sh, oo o ka khona .
3. Infrastructure initialization
Ho qala li-module le li-plugins
Bakeng sa mosebetsi, re sebelisa "setulo sa "gentleman's kit" e bonolo: laptop e nang le Windows 10 OS le lisebelisoa tsa kabo ho tsoa webosaeteng ea semmuso. . Ha re phutholle le ho qala ka ho sebelisa taelo: terraform.exe init
Ka mor'a ho hlalosa lisebelisoa tsa lik'homphieutha le tsa marang-rang, re qala moralo oa ho hlahloba tlhophiso ea rona, moo re ka bonang se tla bōptjoa le hore na se tla hokahanngoa joang.
-
Phetha taelo
- terraform plan -var-file=vcd.tfvars. -
Re fumana sephetho
- Plan: 16 to add, 0 to change, 0 to destroy.Ke hore, ho ea ka morero ona, lisebelisoa tse 16 li tla etsoa. -
Re qala moralo ka taelo
- terraform.exe apply -var-file=vcd.tfvars.
Mechini e sebetsang e tla etsoa, 'me liphutheloana tseo re li thathamisitseng li tla etsoa ka har'a karolo ea mofani - OS e tla ntlafatsoa 'me CMS Bitrix e tla kenngoa.
Ho fumana lintlha tsa khokahano
Kamora ho etsa moralo, re batla ho fumana data ka mokhoa oa mongolo bakeng sa ho hokela li-server, bakeng sa sena re tla hlophisa karolo ea tlhahiso ka tsela e latelang:
output "nginxpassword" {
value = vcdvappvm.nginx.customization[0].adminpassword
}
'Me tlhahiso e latelang e re bolella phasewete ea mochine o entsoeng ka sebele:
Outputs: nginx_password = F#4u8!!N
Ka lebaka leo, re fumana monyetla oa ho fumana mechini ea sebele e nang le sistimi e nchafalitsoeng ea ts'ebetso le liphutheloana tse kentsoeng esale pele bakeng sa mosebetsi oa rona o tsoelang pele. Tsohle di lokile!
Empa ho thoe'ng haeba u se u ntse u e-na le lisebelisoa tsa motheo?
3.1. Terraform e sebetsang e nang le lisebelisoa tse teng
Ho bonolo, o ka kenya mechini ea hajoale le lijana tsa bona tsa vApp o sebelisa taelo ea ho reka kantle ho naha.
Ha re hlalose sesebelisoa sa vAPP le mochini o sebetsang.
resource "vcd_vapp" "Monitoring" {
name = "Monitoring"
org = "mClouds"
vdc = "mClouds"
}
resource "vcd_vapp_vm" "Zabbix" {
name = "Zabbix"
org = "mClouds"
vdc = "mClouds"
vapp = "Monitoring"
}
Mohato o latelang ke ho kenya thepa ea lisebelisoa tsa vApp ka mokhoa vcdvapp.<vApp> <org>.<orgvdc>.<vApp>, moo:
-
vApp - vApp lebitso;
-
org - lebitso la mokhatlo;
-
org_vdc - lebitso la setsi sa data sa sebele.
Ho kenya thepa ea lisebelisoa tsa vAPP
Ha re ke re kenya thepa ea lisebelisoa tsa VM ka sebopeho: vcdvappvm.<VM> <org>.<orgvdc>.<vApp>.<VM>, moo:
-
VM - lebitso la VM;
-
vApp - vApp lebitso;
-
org - lebitso la mokhatlo;
-
orgvdc ke lebitso la setsi sa data se fumanehang.
Ho reka thepa ho atlehile
C:UsersMikhailDesktopterraform>terraform import vcd_vapp_vm.Zabbix mClouds.mClouds.Monitoring.Zabbix
vcd_vapp_vm.Zabbix: Importing from ID "mClouds.mClouds.Monitoring.Zabbix"...
vcd_vapp_vm.Zabbix: Import prepared!
Prepared vcd_vapp_vm for import
vcd_vapp_vm.Zabbix: Refreshing state... [id=urn:vcloud:vm:778f4a89-1c8d-45b9-9d94-0472a71c4d1f]
Import successful!
The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.
Joale re ka sheba sesebelisoa se secha se tsoang kantle ho naha:
Mohloli o tsoang kantle ho naha
> terraform show
...
# vcd_vapp.Monitoring:
resource "vcd_vapp" "Monitoring" {
guest_properties = {}
href = "https://vcloud.mclouds.ru/api/vApp/vapp-fe5db285-a4af-47c4-93e8-55df92f006ec"
id = "urn:vcloud:vapp:fe5db285-a4af-47c4-93e8-55df92f006ec"
ip = "allocated"
metadata = {}
name = "Monitoring"
org = "mClouds"
status = 4
status_text = "POWERED_ON"
vdc = "mClouds"
}
…
# vcd_vapp_vm.Zabbix:
resource "vcd_vapp_vm" "Zabbix" {
computer_name = "Zabbix"
cpu_cores = 1
cpus = 2
expose_hardware_virtualization = false
guest_properties = {}
hardware_version = "vmx-14"
href = "https://vcloud.mclouds.ru/api/vApp/vm-778f4a89-1c8d-45b9-9d94-0472a71c4d1f"
id = "urn:vcloud:vm:778f4a89-1c8d-45b9-9d94-0472a71c4d1f"
internal_disk = [
{
bus_number = 0
bus_type = "paravirtual"
disk_id = "2000"
iops = 0
size_in_mb = 122880
storage_profile = "Gold Storage Policy"
thin_provisioned = true
unit_number = 0
},
]
memory = 8192
metadata = {}
name = "Zabbix"
org = "mClouds"
os_type = "centos8_64Guest"
storage_profile = "Gold Storage Policy"
vapp_name = "Monitoring"
vdc = "mClouds"
customization {
allow_local_admin_password = true
auto_generate_password = true
change_sid = false
enabled = false
force = false
join_domain = false
join_org_domain = false
must_change_password_on_first_login = false
number_of_auto_logons = 0
}
network {
adapter_type = "VMXNET3"
ip_allocation_mode = "DHCP"
is_primary = true
mac = "00:50:56:07:01:b1"
name = "MCLOUDS-LAN01"
type = "org"
}
}
Joale re se re itokisitse - re se re qetile ka ntlha ea ho qetela (ho kenya ka har'a lisebelisoa tse teng) 'me re nahane ka lintlha tsohle tsa sehlooho tsa ho sebetsa le Terraform.
Sesebelisoa se ile sa bonahala se le bonolo haholo 'me se u lumella ho hlalosa mekhoa ea hau ea motheo e le khoutu, ho qala ho tloha mechine ea sebele ea mofani oa leru a le mong ho hlalosa lisebelisoa tsa likarolo tsa marang-rang.
Ka nako e ts'oanang, ho ikemela ho tloha tikolohong ho etsa hore ho khonehe ho sebetsa le mehloli ea libaka, maru, esita le ho laola sethala. 'Me haeba ho se na sethala se tšehetsoeng' me u batla ho eketsa se secha, u ka ngolla mofani oa hao 'me ua se sebelisa.
Source: www.habr.com