Indlela Yokuphatha Ingqalasizinda Yefu nge-Terraform

Kulesi sihloko sizobheka ukuthi i-Terraform iqukethe ini, futhi kancane kancane sethule ingqalasizinda yethu efwini nge-VMware - sizolungiselela ama-VM amathathu ngezinjongo ezihlukene: ummeleli, ukugcinwa kwefayela kanye ne-CMS.

Mayelana nakho konke ngokuningiliziwe nangezigaba ezintathu:

• Terraform - incazelo, izinzuzo kanye izingxenye

• Ukwakhiwa kwengqalasizinda

• Ukuqaliswa kwengqalasizinda

  • I-Terraform esebenzayo nengqalasizinda ekhona

1. I-Terraform - incazelo, izinzuzo kanye nezingxenye

I-Terraform iyithuluzi le-IaC (Infrastructure-as-Code) yokwakha nokuphatha ingqalasizinda ebonakalayo kusetshenziswa ikhodi.

Siphawule izinzuzo ezimbalwa ekusebenzeni nethuluzi:

• Isivinini sokuphakelwa kwabaqashi abasha (izindawo ezibonakalayo zangokwezifiso). Ngokujwayelekile, uma kukhona amaklayenti amasha, kulapho “ukuchofoza” okwengeziwe okudingeka kwenziwe abasebenzi bosekelo lobuchwepheshe ukuze bashicilele izinsiza ezintsha. Nge-Terraform, abasebenzisi bangashintsha izilungiselelo zomshini we-virtual (isibonelo, ukuvala ngokuzenzakalelayo i-OS nokwandisa ukwahlukanisa kwediski ebonakalayo) ngaphandle kokudinga ukusekelwa kwezobuchwepheshe noma ukuvala umshini ngokwawo.

• Ukuqinisekiswa okusheshayo kohlelo lokuvula Umqashi omusha. Ngokusebenzisa incazelo yekhodi yengqalasizinda, singabheka ngokushesha ukuthi yini ezokwengezwa futhi ngakuphi ukuhleleka, kanye nokuthi kuzoba kusiphi isimo sokugcina lokhu noma lowo mshini we-virtual noma inethiwekhi ebonakalayo exhumene nemishini ebonakalayo.

• Ikhono lokuchaza izinkundla zamafu ezaziwa kakhulu. Ungasebenzisa ithuluzi kusukela ku-Amazon ne-Google Cloud, kuya ezisekelweni ezizimele ezisekelwe kuMqondisi we-VMware vCloud, ohlinzeka ngezinsizakalo ngaphakathi kwezixazululo ze-IaaS, SaaS kanye ne-PaaS.

• Phatha abahlinzeki befu abaningi futhi usabalalise ingqalasizinda phakathi kwabo ukuze kuthuthukiswe ukubekezelelana kwamaphutha, usebenzisa ukucushwa okukodwa ukudala, ukuxilonga nokuphatha izinsiza zamafu.

• Ukusetshenziswa okulula ukudala izitendi zedemo ukuhlola isofthiwe nokulungisa iphutha. Ungadala futhi udlulisele izitendi zomnyango wokuhlola, isofthiwe yokuhlola ezindaweni ezihlukahlukene ngokuhambisana, futhi ushintshe ngokushesha futhi ususe izinsiza ngokudala uhlelo olulodwa nje lokwakha insiza.

"Terrarium" Terraform

Sikhulume kafushane ngezinzuzo zethuluzi, manje ake sihlukanise zibe izingxenye zalo

Abahlinzeki. 

Ku-Terraform, cishe noma yiluphi uhlobo lwengqalasizinda lungamelwa njengensiza. Ukuxhumana phakathi kwezinsiza kanye nesiteji se-API kunikezwa amamojula abahlinzeki, akuvumela ukuthi udale izinsiza ngaphakathi kwendawo ethile, isibonelo, i-Azure noma i-VMware vCloud Director.

Njengengxenye yephrojekthi, ungaxhumana nabahlinzeki abahlukene ezinkundleni ezahlukene.

Izinsiza (incazelo yensiza).

Incazelo yezinsiza ikuvumela ukuthi uphathe izingxenye zeplathifomu, njengemishini ebonakalayo noma amanethiwekhi. 

Ungakha incazelo yensiza yomhlinzeki we-VMware vCloud Director ngokwakho futhi usebenzise le ncazelo ukuze udale izinsiza nganoma yimuphi umhlinzeki wokusingatha osebenzisa i-vCloud Director. Udinga kuphela ukushintsha amapharamitha wokuqinisekisa kanye nemingcele yokuxhumana kwenethiwekhi kumhlinzeki wokusingatha odingekayo

Abahlinzeki.

Le ngxenye yenza kube nokwenzeka ukwenza imisebenzi yokufakwa kokuqala nokugcinwa kwesistimu yokusebenza ngemva kokudala imishini ebonakalayo. Uma usudale insiza yomshini ebonakalayo, ungasebenzisa abahlinzeki ukuze ulungiselele futhi uxhume nge-SSH, ubuyekeze isistimu yokusebenza, futhi udawunilode futhi usebenzise iskripthi. 

Okuguquguqukayo kokokufaka nokuphumayo.

Okuguquguqukayo kokokufaka - okuguquguqukayo okokufaka kwanoma yiziphi izinhlobo zamabhulokhi. 

Okuguquguqukayo kokuphumayo kukuvumela ukuthi ulondoloze amanani ngemuva kokudala izinsiza futhi kungasetshenziswa njengokuguquguqukayo okokufaka kwamanye amamojula, ngokwesibonelo kubhulokhi yabahlinzeki.

Amazwe.

Amafayela ezifunda agcina ulwazi mayelana nokucushwa kwezinsiza zenkundla yabahlinzeki. Lapho iplatifomu iqala ukudalwa, alukho ulwazi mayelana nezinsiza futhi ngaphambi kwanoma yikuphi ukusebenza, i-Terraform ibuyekeza izwe nengqalasizinda yangempela yezinsiza ezichazwe kakade.

Inhloso eyinhloko yezifunda ukusindisa inqwaba yezinto zezinsiza ezidaliwe kakade ukuze uqhathanise ukucushwa kwezinsiza ezengeziwe nezinto ukuze kugwenywe ukudalwa okuphindaphindiwe kanye nezinguquko endaweni yesikhulumi.

Ngokuzenzakalelayo, ulwazi lwesifunda lugcinwa kufayela lendawo le-terraform.tfstate, kodwa uma kunesidingo, kungenzeka ukusebenzisa isitoreji esikude emsebenzini weqembu.

Ungakwazi futhi ukungenisa izinsiza zenkundla zamanje kuhulumeni ukuze uqhubeke usebenzisana nezinye izinsiza ezadalwa ngaphandle kosizo lwe-Terraform.  

2. Ukwakhiwa kwengqalasizinda

Izingxenye sezihlungiwe, manje sisebenzisa i-Terraform kancane kancane sizokwakha ingqalasizinda enemishini emithathu ebonakalayo. Eyokuqala eneseva elibamba ye-nginx efakiwe, eyesibili enokugcinwa kwefayela okusekelwe ku-Nextcloud neyesithathu nge-CMS Bitrix.

Sizobhala ikhodi bese siyenza sisebenzisa isibonelo sethu amafu ku-VMware vCloud Director. Abasebenzisi bethu bathola i-akhawunti enamalungelo Omlawuli Wenhlangano. Uma usebenzisa i-akhawunti enamalungelo afanayo kwelinye ifu le-VMware, ungakwazi ukukhiqiza kabusha ikhodi kusukela kuzibonelo zethu. Hamba!

Okokuqala, masidale uhla lwemibhalo lwephrojekthi yethu entsha lapho amafayela achaza ingqalasizinda azobekwa khona.

mkdir project01

Okulandelayo, sichaza izingxenye zengqalasizinda. I-Terraform idala ubudlelwano futhi icubungule amafayela ngokusekelwe encazelweni ekumafayela. Amafayela ngokwawo angaqanjwa ngokusekelwe enjongweni yamabhulokhi achazwayo, isibonelo, i-network.tf - ichaza imingcele yenethiwekhi yengqalasizinda.

Ukuze sichaze izingxenye zengqalasizinda yethu, sidale amafayela alandelayo:

Uhlu lwamafayela.

main.tf - incazelo yemingcele yendawo ebonakalayo - imishini ebonakalayo, iziqukathi ezibonakalayo;

network.tf - incazelo yemingcele yenethiwekhi ebonakalayo kanye nemithetho ye-NAT ne-Firewall;

variables.tf - uhlu lwezinto eziguquguqukayo esizisebenzisayo;

vcd.tfvars - amanani aguquguqukayo wephrojekthi wemojuli ye-VMware vCloud Director.

Ulimi lokumisa ku-Terraform luyamemezela futhi ukuhleleka kwamabhulokhi akunandaba, ngaphandle kwamabhulokhi omhlinzeki, ngoba kuleli bhulokhi sichaza imiyalo okufanele yenziwe lapho kulungiswa ingqalasizinda futhi izokwenziwa ngokulandelana.

Isakhiwo sokuvimba.

<BLOCK TYPE> "<BLOCK LABEL>" "<BLOCK LABEL>" {

# Block body

<IDENTIFIER> = <EXPRESSION> # Argument

}

Ukuchaza amabhulokhi, ulimi lwayo lokuhlela i-HCL (HashiCorp Configuration Language) luyasetshenziswa; kungenzeka ukuchaza ingqalasizinda kusetshenziswa i-JSON. Ungafunda kabanzi mayelana ne-syntax funda kuwebhusayithi yonjiniyela.

Ukucushwa okuguquguqukayo kwemvelo, i-variables.tf kanye ne-vcd.tfvars

Okokuqala, ake sakhe amafayela amabili achaza uhlu lwazo zonke izinto eziguquguqukayo ezisetshenzisiwe kanye namanani azo emojuli ye-VMware vCloud Director. Okokuqala, ake sakhe ifayela le-variables.tf.

Okuqukethwe kwefayela le-variables.tf.

variable "vcd_org_user" {

  description = "vCD Tenant User"

}

variable "vcd_org_password" {

  description = "vCD Tenant Password"

}

variable "vcd_org" {

  description = "vCD Tenant Org"

}

variable "vcd_org_vdc" {

  description = "vCD Tenant VDC"

}

variable "vcd_org_url" {

  description = "vCD Tenant URL"

}

variable "vcd_org_max_retry_timeout" {

  default = "60"

}

variable "vcd_org_allow_unverified_ssl" {

  default = "true"

}

variable "vcd_org_edge_name" {

  description = "vCD edge name"

}

variable "vcd_org_catalog" {

  description = "vCD public catalog"

}

variable "vcd_template_os_centos7" {

  description = "OS CentOS 7"

  default = "CentOS7"

}

variable "vcd_org_ssd_sp" {

  description = "Storage Policies"

  default = "Gold Storage Policy"

}

variable "vcd_org_hdd_sp" {

  description = "Storage Policies"

  default = "Bronze Storage Policy"

}

variable "vcd_edge_local_subnet" {

  description = "Organization Network Subnet"

}

variable "vcd_edge_external_ip" {

  description = "External public IP"

}

variable "vcd_edge_local_ip_nginx" {}

variable "vcd_edge_local_ip_bitrix" {}

variable "vcd_edge_local_ip_nextcloud" {}

variable "vcd_edge_external_network" {}

Amanani aguquguqukayo esiwathola kumhlinzeki.

• vcd_org_user - igama lomsebenzisi elinamalungelo omlawuli wenhlangano,

• vcd_org_password - iphasiwedi yomsebenzisi,

• vcd_org - igama lenhlangano,

• vcd_org_vdc - igama lesikhungo sedatha ebonakalayo,

• vcd_org_url - API URL,

• vcd_org_edge_name - igama lerutha ebonakalayo,

• vcd_org_catalog - igama lenkomba enezifanekiso zemishini ebonakalayo,

• vcd_edge_external_ip — ikheli le-IP lomphakathi,

• vcd_edge_external_network — igama lenethiwekhi yangaphandle,

• vcd_org_hdd_sp — igama lenqubomgomo yokugcina i-HDD,

• vcd_org_ssd_sp — igama lenqubomgomo yesitoreji se-SSD.

Bese ufaka okuguquguqukayo kwethu:

• vcd_edge_local_ip_nginx - Ikheli le-IP lomshini obonakalayo one-NGINX,

• vcd_edge_local_ip_bitrix - Ikheli le-IP lomshini we-virtual one-1C: Bitrix,

• vcd_edge_local_ip_nextcloud — Ikheli le-IP lomshini obonakalayo one-Nextcloud.

Ngefayela lesibili sakha futhi sicacise okuguquguqukayo kwemojuli ye-VMware vCloud Director kufayela le-vcd.tfvars: Masikhumbule ukuthi esibonelweni sethu sisebenzisa eyakho ifu mClouds, uma usebenza nomunye umhlinzeki, hlola amanani naye. 

Okuqukethwe kwefayela le-vcd.tfvars.

vcd_org_url = "https://vcloud.mclouds.ru/api"

vcd_org_user = "orgadmin"

vcd_org_password = "*"

vcd = "org"

vcd_org_vdc = "orgvdc"

vcd_org_maxretry_timeout = 60

vcd_org_allow_unverified_ssl = true

vcd_org_catalog = "Templates"

vcd_templateos_centos7 = "CentOS7"

vcd_org_ssd_sp = "Gold Storage Policy"

vcd_org_hdd_sp = "Bronze Storage Policy"

vcd_org_edge_name = "MCLOUDS-EDGE"

vcd_edge_external_ip = "185.17.66.1"

vcd_edge_local_subnet = "192.168.110.0/24"

vcd_edge_local_ip_nginx = "192.168.110.1"

vcd_edge_local_ip_bitrix = "192.168.110.10"

vcd_edge_local_ip_nextcloud = "192.168.110.11"

vcd_edge_external_network = "NET-185-17-66-0"

Ukucushwa kwenethiwekhi, network.tf.

Okuguquguqukayo kwemvelo kusethiwe, manje sizosetha uhlelo lokuxhuma umshini obonakalayo - sizonikeza ikheli le-IP eliyimfihlo emshinini ngamunye obonakalayo futhi sisebenzise Indawo okuyiwa kuyo i-NAT ukuze "idlulisele" izimbobo kunethiwekhi yangaphandle. Ukukhawulela ukufinyelela ezimbobeni zokuphatha, sizosetha ukufinyelela ekhelini lethu le-IP kuphela.

Umdwebo wenethiwekhi wenkundla ye-Terraform eyakhiwayo

Sakha inethiwekhi yenhlangano ebonakalayo enegama elithi net_lan01, isango elizenzakalelayo: 192.168.110.254, kanye nesikhala sekheli: 192.168.110.0/24.

Sichaza inethiwekhi ebonakalayo.

resource "vcd_network_routed" "net" {

  name = "net_lan01"

  edge_gateway = var.vcd_org_edge_name

  gateway = "192.168.110.254"

  dns1 = "1.1.1.1"

  dns2 = "8.8.8.8"

 static_ip_pool {

start_address = "192.168.110.1"

end_address = "192.168.110.253"

  }

}

Masidale imithetho yohlelo lokuvikela evumela imishini ebonakalayo ukuthi ifinyelele ku-inthanethi. Ngaphakathi kwalokhu kuvimbela, zonke izinsiza ezibonakalayo efwini zizokwazi ukufinyelela ku-inthanethi:

Sichaza imithetho yokufinyelela kwe-VM ku-inthanethi.

resource "vcd_nsxv_firewall_rule" "fw_internet_access" {

  edge_gateway   = var.vcdorgedgename

  name = "Internet Access"

  source {

gateway_interfaces = ["internal"]

  }

  destination {

gateway_interfaces = ["external"]

  }

  service {

protocol = "any"

  }

  depends_on = [vcdnetworkrouted.net]

}

Ngemva kokuthola ukuncika kokuthi ngemva kokucubungula ibhulokhi ye-vcdnetworkrouted.net, siqhubeka nokumisa ibhulokhi ye-vcdnsxvfirewallrule, ngokusebenzisa Incike kakhulu kwi. Sisebenzisa le nketho ngoba okunye ukuncika kungase kubonakale ngokusobala ekucushweni.

Okulandelayo, sizodala imithetho evumela ukufinyelela kumachweba kusuka kunethiwekhi yangaphandle futhi sibonise ikheli lethu le-IP lokuxhuma nge-SSH kumaseva. Noma yimuphi umsebenzisi we-inthanethi unokufinyelela kuzimbobo 80 kanye ne-443 kuseva yewebhu, futhi umsebenzisi onekheli lasesizindeni se-inthanethi elingu-90.1.15.1 unokufinyelela ezimbobeni ze-SSH zamaseva abonakalayo.

Vumela ukufinyelela kuzimbobo kusuka kunethiwekhi yangaphandle.

resource "vcd_nsxv_firewall_rule" "fwnatports" {

  edge_gateway   = var.vcd_org_edge_name

  name = "HTTPs Access"

  source {

gateway_interfaces = ["external"]

  }

  destination {

  gateway_interfaces = ["internal"]

  }

  service {

protocol = "tcp"

port = "80"

  }

  service {

protocol = "tcp"

port = "443"

  }

  depends_on = [vcd_network_routed.net]

}

resource "vcd_nsxv_firewall_rule" "fw_nat_admin_ports" {

  edge_gateway   = var.vcd_org_edge_name

  name = "Admin Access"

  source {

  ip_addresses = [ "90.1.15.1" ]

  }

  destination {

  gateway_interfaces = ["internal"]

  }

  service {

protocol = "tcp"

port = "58301"

  }

  service {

protocol = "tcp"

port = "58302"

  }

  service {

protocol = "tcp"

port = "58303"

  }

  depends_on = [vcd_network_routed.net]

}

Sakha imithetho yomthombo we-NAT yokufinyelela i-inthanethi kusuka kunethiwekhi yendawo yamafu:

Sichaza imithetho yomthombo we-NAT.

resource "vcd_nsxv_snat" "snat_local" {

edge_gateway = var.vcd_org_edge_name

  network_type = "ext"

  network_name = var.vcdedgeexternalnetwork

  original_address   = var.vcd_edge_local_subnet

translated_address = var.vcd_edge_external_ip

  depends_on = [vcd_network_routed.net]

}

Futhi ukuze uqedele ukucushwa kwebhulokhi yenethiwekhi, sengeza imithetho Yendawo ye-NAT yokufinyelela izinsiza kunethiwekhi yangaphandle:

Yengeza imithetho yendawo ye-NAT.

resource "vcd_nsxv_dnat" "dnat_tcp_nginx_https" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"


  description = "NGINX HTTPs"

original_address = var.vcd_edge_external_ip
original_port = 443

translated_address = var.vcd_edge_local_ip_nginx
translated_port = 443
protocol = "tcp"

depends_on = [vcd_network_routed.net]
}
resource "vcd_nsxv_dnat" "dnat_tcp_nginx_http" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"

description = "NGINX HTTP"

original_address = var.vcd_edge_external_ip
original_port = 80

translated_address = var.vcd_edge_local_ip_nginx
translated_port = 80
protocol = "tcp"

depends_on = [vcd_network_routed.net]

}

Engeza isimiso se-NAT sokuhumusha ngembobo kuseva ye-SSH ngaphansi kwe-Nginx.

resource "vcd_nsxv_dnat" "dnat_tcp-nginx_ssh" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"

description = "SSH NGINX"

original_address = var.vcd_edge_external_ip
original_port = 58301

translated_address = var.vcd_edge_local_ip_nginx
translated_port = 22
protocol = "tcp"

depends_on = [vcd_network_routed.net]

}

Engeza isimiso se-NAT sokuhumusha ngembobo kuseva ye-SSH nge-1C-Bitrix.

resource "vcd_nsxv_dnat" "dnat_tcp_bitrix_ssh" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"

description = "SSH Bitrix"

original_address = var.vcd_edge_external_ip
original_port = 58302

translated_address = var.vcd_edge_local_ip_bitrix
translated_port = 22
protocol = "tcp"

depends_on = [vcd_network_routed.net]

}

Engeza isimiso se-NAT sokuhumusha ngembobo kuseva ye-SSH nge-Nextcloud.

resource "vcd_nsxv_dnat" "dnat_tcp_nextcloud_ssh" {
edge_gateway = var.vcd_org_edge_name
network_name = var.vcd_edge_external_network
network_type = "ext"

description = "SSH Nextcloud"

original_address = var.vcd_edge_external_ip
original_port = 58303 translated_address = var.vcd_edge_local_ip_nextcloud
translated_port = 22
protocol = "tcp"

depends_on = [vcd_network_routed.net]

}

Ukucushwa kwendawo ebonakalayo ye-Main.tf

Njengoba sihlele ekuqaleni kwesihloko, sizokwakha imishini emithathu ebonakalayo. Azolungiselelwa kusetshenziswa "Ukwenza Ngokwezifiso Isivakashi". Sizosetha imingcele yenethiwekhi ngokuya ngezilungiselelo esizibalulile, futhi iphasiwedi yomsebenzisi izokhiqizwa ngokuzenzakalelayo.

Ake sichaze i-vApp lapho kuzotholakala khona imishini ebonakalayo kanye nokucushwa kwayo.

Ukucushwa komshini obonakalayo

Masidale isiqukathi se-vApp. Ukuze sikwazi ukuxhuma ngokushesha i-vApp ne-VM kunethiwekhi ebonakalayo, singeza futhi ipharamitha ethi depend_on:

Dala isitsha

resource "vcd_vapp" "vapp" {
name = "web"
power_on = "true" depends_on = [vcd_network_routed.net]

}

Masidale umshini obonakalayo onencazelo

resource "vcd_vapp_vm" "nginx" {

vapp_name = vcd_vapp.vapp.name

name = "nginx"

catalog_name = var.vcd_org_catalog

template_name = var.vcd_template_os_centos7

storage_profile = var.vcd_org_ssd_sp

memory = 8192

cpus = 1

cpu_cores = 1

network {

type = "org"

name = vcd_network_routed.net.name

is_primary = true

adapter_type = "VMXNET3"

ip_allocation_mode = "MANUAL"

ip = var.vcd_edge_local_ip_nginx

}

override_template_disk {

bus_type = "paravirtual"

size_in_mb = "32768"

bus_number = 0

unit_number = 0

storage_profile = var.vcd_org_ssd_sp

}

}

Imingcele eyinhloko encazelweni ye-VM:

• igama - igama lomshini we-virtual,

• vappname - igama le-vApp ongangeza kuyo i-VM entsha,

• Igama lekhathalogi / igama lesifanekiso - igama lekhathalogi kanye negama lesifanekiso somshini obonakalayo,

• storageprofile - inqubomgomo yokugcina okuzenzakalelayo.

Amapharamitha wokuvimba kwenethiwekhi:

• uhlobo - uhlobo lwenethiwekhi exhunyiwe,

• Igama - iyiphi inethiwekhi ebonakalayo yokuxhuma i-VM kuyo,

• isprimary - i-adaptha yenethiwekhi eyinhloko,

• ipallocation_mode - Imodi yokwabiwa kwekheli le-MANUAL / DHCP / POOL,

• ip - Ikheli le-IP lomshini obonakalayo, sizoyicacisa ngesandla.

override_template_disk block:

• sizeinmb - usayizi wediski yokuqalisa yomshini obonakalayo

• storage_profile - inqubomgomo yokugcina idiski

Ake sakhe i-VM yesibili enencazelo yesitoreji sefayela le-Nextcloud

resource "vcd_vapp_vm" "nextcloud" {

vapp_name = vcd_vapp.vapp.name

name = "nextcloud"

catalog_name = var.vcd_org_catalog

template_name = var.vcd_template_os_centos7

storage_profile = var.vcd_org_ssd_sp

memory = 8192

cpus = 1

cpu_cores = 1

network {

type = "org"

name = vcd_network_routed.net.name

is_primary = true

adapter_type = "VMXNET3"

ip_allocation_mode = "MANUAL"

ip = var.vcd_edge_local_ip_nextcloud

}

override_template_disk {

bus_type = "paravirtual"

size_in_mb = "32768"

bus_number = 0

unit_number = 0

storage_profile = var.vcd_org_ssd_sp

}

}

resource "vcd_vm_internal_disk" "disk1" {

vapp_name = vcd_vapp.vapp.name

vm_name = "nextcloud"

bus_type = "paravirtual"

size_in_mb = "102400"

bus_number = 0

unit_number = 1

storage_profile = var.vcd_org_hdd_sp

allow_vm_reboot = true

depends_on = [ vcd_vapp_vm.nextcloud ]

}

Esigabeni se-vcdvminternal_disk sizochaza idiski ebonakalayo entsha exhunywe emshinini we-virtual.

Izincazelo ze-vcdvminternaldisk block:

• i-bustype - uhlobo lwesilawuli sediski

• sizeinmb - usayizi wediski

• inombolo ye-busnumber / unitnumber - indawo yokuxhuma ku-adaptha

• storage_profile - inqubomgomo yokugcina idiski

Ake sichaze i-VM yakamuva ku-Bitrix

resource "vcd_vapp_vm" "bitrix" {

vapp_name = vcd_vapp.vapp.name

name = "bitrix"

catalog_name = var.vcd_org_catalog

template_name = var.vcd_template_os_centos7

storage_profile = var.vcd_org_ssd_sp

memory = 8192

cpus = 1

cpu_cores = 1

network {

type = "org"

name = vcd_network_routed.net.name

is_primary = true

adapter_type = "VMXNET3"

ip_allocation_mode = "MANUAL"

ip = var.vcd_edge_local_ip_bitrix

}

override_template_disk {

bus_type = "paravirtual"

size_in_mb = "81920"

bus_number = 0

unit_number = 0

storage_profile = var.vcd_org_ssd_sp

}

}

Ukubuyekeza i-OS nokufaka imibhalo eyengeziwe

Inethiwekhi ilungisiwe, imishini ebonakalayo iyachazwa. Ngaphambi kokungenisa ingqalasizinda yethu, singakwazi ukwenza amalungiselelo okuqala kusenesikhathi sisebenzisa amabhulokhi abahlinzeki futhi ngaphandle kokusebenzisa i-Ansible.

Ake sibheke ukuthi siyibuyekeza kanjani i-OS futhi sisebenzise iskripthi sokufaka se-CMS Bitrix sisebenzisa ibhulokhi yabahlinzeki.

Okokuqala, ake sifake amaphakheji wokubuyekeza we-CentOS.

resource "null_resource" "nginx_update_install" {

provisioner "remote-exec" {

connection {

type = "ssh"

user = "root"

password = vcd_vapp_vm.nginx.customization[0].admin_password

host = var.vcd_edge_external_ip

port = "58301"

timeout = "30s"

}

inline = [

"yum -y update && yum -y upgrade",

"yum -y install wget nano epel-release net-tools unzip zip" ]

}

}

}

Ukuqokwa kwezingxenye:

• umhlinzeki "remote-exec" - xhuma ibhulokhi yokuhlinzeka ekude

• Kubhulokhi yokuxhuma sichaza uhlobo namapharamitha wokuxhuma:

• uhlobo - umthetho olandelwayo, esimweni sethu SSH;

• umsebenzisi - igama lomsebenzisi;

• iphasiwedi - iphasiwedi yomsebenzisi. Esimeni sethu, sikhomba kupharamitha vcdvappvm.nginx.customization[0].admin_password, egcina iphasiwedi ekhiqiziwe yomsebenzisi wesistimu.

• umphathi - ikheli le-IP langaphandle lokuxhumana;

• port - ichweba lokuxhuma, elalishiwo ngaphambilini kuzilungiselelo ze-DNAT;

• emgqeni - bhala uhlu lwemiyalo ezofakwa. Imiyalo izofakwa ngokulandelana njengoba kukhonjisiwe kulesi sigaba.

Njengesibonelo, masiphinde sisebenzise iskripthi sokufaka se-1C-Bitrix. Okukhiphayo komphumela wokwenza iskripthi kuzotholakala ngenkathi uhlelo lusebenza. Ukuze ufake umbhalo, siqale sichaze ibhulokhi:

Ake sichaze ukufakwa kwe-1C-Bitrix.

provisioner "file" {

source = "prepare.sh"

destination = "/tmp/prepare.sh"

connection {

type = "ssh"

user = "root"

password = vcd_vapp_vm.nginx.customization[0].admin_password

host = var.vcd_edge_external_ip

port = "58301"

timeout = "30s"

}

}

provisioner "remote-exec" {

inline = [

"chmod +x /tmp/prepare.sh", "./tmp/prepare.sh"

]

}

Futhi sizochaza ngokushesha isibuyekezo se-Bitrix.

Isibonelo sokuhlinzekwa kwe-1C-Bitrix.

resource "null_resource" "install_update_bitrix" {

provisioner "remote-exec" {

connection {

type = "ssh"

user = "root"

password = vcd_vapp_vm.bitrix.customization[0].admin_password

host = var.vcd_edge_external_ip

port = "58302"

timeout = "60s"

}

inline = [

"yum -y update && yum -y upgrade",

"yum -y install wget nano epel-release net-tools unzip zip",

"wget http://repos.1c-bitrix.ru/yum/bitrix-env.sh -O /tmp/bitrix-env.sh",

"chmod +x /tmp/bitrix-env.sh",

"/tmp/bitrix-env.sh"

]

}

}

Okubalulekile! Iskripthi singase singasebenzi uma ungayikhubazi i-SELinux kusenesikhathi! Uma udinga i-athikili enemininingwane yokufaka nokulungisa i-CMS 1C-Bitrix usebenzisa i-bitrix-env.sh, oo ungakwazi sebenzisa isihloko sethu sebhulogi kuwebhusayithi.

3. Ukuqaliswa kwengqalasizinda

Iqalisa amamojula nama-plugin

Emsebenzini, sisebenzisa "ikhithi ye-gentleman" elula: ikhompuyutha ephathekayo eneWindows 10 I-OS kanye nekhithi yokusabalalisa evela kuwebhusayithi esemthethweni. i-terraform.io. Ake sikhiphe futhi siqalise sisebenzisa umyalo: terraform.exe init

Ngemva kokuchaza ingqalasizinda yekhompyutha nenethiwekhi, siqala ukuhlela ukuhlola ukucushwa kwethu, lapho singabona khona ukuthi yini ezodalwa nokuthi izoxhunywa kanjani komunye nomunye.

1. Yenza umyalo - terraform plan -var-file=vcd.tfvars.

2. Sithola umphumela - Plan: 16 to add, 0 to change, 0 to destroy. Okusho ukuthi, ngokwalolu hlelo, izinsiza ezingu-16 zizokwakhiwa.

3. Sethula uhlelo ngomyalo - terraform.exe apply -var-file=vcd.tfvars.

Imishini ebonakalayo izokwakhiwa, bese amaphakheji esiwabalile azosetshenziswa ngaphakathi kwesigaba somhlinzeki - i-OS izobuyekezwa futhi i-CMS Bitrix izofakwa.

Ithola ulwazi lokuxhumana

Ngemva kokwenza uhlelo, sifuna ukuthola idatha ngefomu lombhalo ukuze sixhume kumaseva, ngenxa yalokhu sizofometha isigaba sokuphumayo ngendlela elandelayo:

output "nginxpassword" {

 value = vcdvappvm.nginx.customization[0].adminpassword

}

Futhi okuphumayo okulandelayo kusitshela iphasiwedi yomshini obonakalayo odaliwe:

Outputs: nginx_password = F#4u8!!N

Ngenxa yalokho, sithola ukufinyelela emishinini ebonakalayo enesistimu yokusebenza ebuyekeziwe namaphakheji afakwe ngaphambili omsebenzi wethu oqhubekayo. Konke sekumi ngomumo!

Kodwa kuthiwani uma usunayo ingqalasizinda ekhona?

3.1. I-Terraform esebenzayo nengqalasizinda ekhona

Kulula, ungangenisa imishini yamanje kanye neziqukathi zayo ze-vApp usebenzisa umyalo wokungenisa.

Ake sichaze insiza ye-vAPP nomshini obonakalayo.

resource "vcd_vapp" "Monitoring" {

name = "Monitoring"

org = "mClouds"

vdc = "mClouds"

}

resource "vcd_vapp_vm" "Zabbix" {

name = "Zabbix"

org = "mClouds"

vdc = "mClouds"

vapp = "Monitoring"

}

Isinyathelo esilandelayo ukungenisa izakhiwo zezinsiza ze-vApp ngefomethi vcdvapp.<vApp> <org>.<orgvdc>.<vApp>, lapho:

• vApp - vApp igama;

• org - igama lenhlangano;

• org_vdc — igama lesikhungo sedatha ebonakalayo.

Ingenisa izakhiwo zensiza ye-vAPP

Masingenise izakhiwo zezinsiza ze-VM ngefomethi: vcdvappvm.<VM> <org>.<orgvdc>.<vApp>.<VM>, lapho:

• Igama le-VM - VM;

• vApp - vApp igama;

• org - igama lenhlangano;

• I-orgvdc igama lesikhungo sedatha ebonakalayo.

Ukungenisa kuphumelele

C:UsersMikhailDesktopterraform>terraform import vcd_vapp_vm.Zabbix mClouds.mClouds.Monitoring.Zabbix

vcd_vapp_vm.Zabbix: Importing from ID "mClouds.mClouds.Monitoring.Zabbix"...

vcd_vapp_vm.Zabbix: Import prepared!

Prepared vcd_vapp_vm for import

vcd_vapp_vm.Zabbix: Refreshing state... [id=urn:vcloud:vm:778f4a89-1c8d-45b9-9d94-0472a71c4d1f]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Manje singabheka insiza entsha engenisiwe:

Insiza engenisiwe

> terraform show

...

# vcd_vapp.Monitoring:

resource "vcd_vapp" "Monitoring" {

guest_properties = {}

href = "https://vcloud.mclouds.ru/api/vApp/vapp-fe5db285-a4af-47c4-93e8-55df92f006ec"

id = "urn:vcloud:vapp:fe5db285-a4af-47c4-93e8-55df92f006ec"

ip = "allocated"

metadata = {}

name = "Monitoring"

org = "mClouds"

status = 4

status_text = "POWERED_ON"

vdc = "mClouds"

}

…

# vcd_vapp_vm.Zabbix:

resource "vcd_vapp_vm" "Zabbix" {

computer_name = "Zabbix"

cpu_cores = 1

cpus = 2

expose_hardware_virtualization = false

guest_properties = {}

hardware_version = "vmx-14"

href = "https://vcloud.mclouds.ru/api/vApp/vm-778f4a89-1c8d-45b9-9d94-0472a71c4d1f"

id = "urn:vcloud:vm:778f4a89-1c8d-45b9-9d94-0472a71c4d1f"

internal_disk = [

{

bus_number = 0

bus_type = "paravirtual"

disk_id = "2000"

iops = 0

size_in_mb = 122880

storage_profile = "Gold Storage Policy"

thin_provisioned = true

unit_number = 0

},

]

memory = 8192

metadata = {}

name = "Zabbix"

org = "mClouds"

os_type = "centos8_64Guest"

storage_profile = "Gold Storage Policy"

vapp_name = "Monitoring"

vdc = "mClouds"


customization {

allow_local_admin_password = true

auto_generate_password = true

change_sid = false

enabled = false

force = false

join_domain = false

join_org_domain = false

must_change_password_on_first_login = false

number_of_auto_logons = 0

}

network {

adapter_type = "VMXNET3"

ip_allocation_mode = "DHCP"

is_primary = true

mac = "00:50:56:07:01:b1"

name = "MCLOUDS-LAN01"

type = "org"

}

}


Manje sesimi ngomumo ngempela - sesiqedile ngephuzu lokugcina (ukungenisa kwingqalasizinda ekhona) futhi sesicabangele wonke amaphuzu abalulekile okusebenza neTerraform. 

Ithuluzi livele lisebenza kahle kakhulu futhi likuvumela ukuthi uchaze ingqalasizinda yakho njengekhodi, kusukela kumishini ebonakalayo yomhlinzeki wefu oyedwa kuya ekuchazeni izinsiza zezingxenye zenethiwekhi.

Ngesikhathi esifanayo, ukuzimela ngaphandle kwemvelo kwenza kube lula ukusebenza nezinsiza zendawo, zefu, ngisho nokuphatha isiteji. Futhi uma ingekho inkundla esekelwe futhi ufuna ukwengeza entsha, ungabhala umhlinzeki wakho futhi uyisebenzise.

Source: www.habr.com