Abantu abaningi bayazi futhi basebenzise i-Terraform emsebenzini wabo wansuku zonke, kodwa izindlela ezingcono kakhulu zayo azikakasungulwa. Iqembu ngalinye kufanele lizenzele ezalo izindlela nezindlela.
Ingqalasizinda yakho cishe iqala kalula: izinsiza ezimbalwa + onjiniyela abambalwa. Ngokuhamba kwesikhathi, ikhula kuzo zonke izinhlobo zezindlela. Ingabe uyazithola izindlela zokuqoqa izinsiza zibe amamojula e-Terraform, uhlele ikhodi ibe amafolda, futhi yini enye engase ingahambi kahle? (amagama okugcina adumile)
Isikhathi siyahamba futhi uzizwa sengathi ingqalasizinda yakho iyisilwane sakho esisha, kodwa ngani? Ukhathazekile ngezinguquko ezingachazeki kwingqalasizinda, uyesaba ukuthinta ingqalasizinda kanye nekhodi - ngenxa yalokho, ubambezela ukusebenza okusha noma unciphisa ikhwalithi...
Ngemva kweminyaka emithathu yokuphatha iqoqo lamamojula omphakathi we-Terraform we-AWS ku-Github nokugcinwa kwesikhathi eside kwe-Terraform ekukhiqizeni, u-Anton Babenko ulungele ukwabelana ngolwazi lwakhe: indlela yokubhala amamojula e-TF ukuze angalimazi esikhathini esizayo.
Ekupheleni kwenkulumo, ababambiqhaza bazobe sebejwayelene kakhulu nezimiso zokuphatha izisetshenziswa ku-Terraform, imikhuba engcono kakhulu ehlotshaniswa namamojula e-Terraform, kanye neminye izimiso eziqhubekayo zokuhlanganisa ezihlobene nokuphathwa kwengqalasizinda.
Disclaimer: Ngiyaqaphela ukuthi lo mbiko ungomhla kaNovemba 2018—iminyaka engu-2 isidlulile. Inguqulo ye-Terraform 0.11 okukhulunywe ngayo embikweni ayisasekelwa. Eminyakeni engu-2 edlule, kukhishwe okusha okungu-2, okuqukethe izinto eziningi eziqanjiwe, ukuthuthukiswa kanye nezinguquko. Sicela ukunake lokhu futhi uhlole imibhalo.
Izinkomba:
- +
- - Ikhodi yokufometha okuzenzakalelayo kanye nemibhalo
- - generator of Terraform modules (WIP)
- - Ijeneretha yekhodi yeTerraform evela emidwebeni ebonakalayo (WIP)
- www.terraform-best-practices.com
- (Okusha okuthunyelwe kukuwebhusayithi yami ethi www.antonbabenko.com/)
- @antonbabenko - Twitter, kanye nenqwaba yamaSlacks ahlukene
Igama lami ngingu-Anton Babenko. Abanye benu mhlawumbe basebenzise ikhodi engiyibhalile. Manje ngizokhuluma ngalokhu ngokuzethemba okukhulu kunangaphambili, ngoba ngiyakwazi ukufinyelela izibalo.
Ngisebenza ku-Terraform futhi ngibe ngumhlanganyeli okhuthele futhi nginikela ngenani elikhulu lamaphrojekthi omthombo ovulekile ahlobene ne-Terraform ne-Amazon kusukela ngo-2015.
Kusukela lapho ngibhale ikhodi eyanele ukuyibeka ngendlela ethokozisayo. Futhi ngizozama ukukutshela ngalokhu manje.
Ngizokhuluma ngobunkimbinkimbi kanye nemininingwane yokusebenza neTerraform. Kodwa lokho akusona ngempela isihloko se-HighLoad. Futhi manje uzoqonda ukuthi kungani.
Ngokuhamba kwesikhathi, ngaqala ukubhala amamojula eTerraform. Abasebenzisi babhale imibuzo, ngayibhala kabusha. Ngabe sengibhala izinsiza ezahlukahlukene ukufometha ikhodi ngisebenzisa ihuku lokuzibophezela ngaphambili, njll.
Kwakukhona amaphrojekthi amaningi athakazelisayo. Ngithanda ukukhiqizwa kwekhodi ngoba ngithanda ikhompuyutha ukuthi yenzele mina kanye nomdidiyeli umsebenzi owengeziwe, ngakho-ke okwamanje ngisebenza kujeneretha wekhodi ye-Terraform evela emidwebo ebonakalayo. Mhlawumbe abanye benu bake bababona. Lawa amabhokisi amahle anemicibisholo. Futhi ngicabanga ukuthi kuhle uma ungachofoza inkinobho ethi "Khipha" futhi ukuthole konke njengekhodi.
Ngivela e-Ukraine. Sengihlale eNorway iminyaka eminingi.
Futhi, ulwazi lwalo mbiko luqoqwe kubantu abazi igama lami futhi bangithole ezinkundleni zokuxhumana. Ngicishe nginesiteketiso esifanayo.
Njengoba ngishilo, ngingumnakekeli oyinhloko wamamojula we-Terraform AWS, okungenye yezindawo zokugcina ezinkulu ku-GitHub lapho sibamba khona amamojula emisebenzi evame kakhulu: VPC, Autoscaling, RDS.
Futhi okuzwile manje kuyisisekelo kakhulu. Uma ungabaza ukuthi uyaqonda ukuthi iyini iTerraform, kungcono ukuchitha isikhathi sakho kwenye indawo. Kuzoba namagama amaningi obuchwepheshe lapha. Futhi angizange nginanaze ukumemezela izinga lombiko ukuthi liphezulu kakhulu. Lokhu kusho ukuthi ngingakhuluma ngisebenzisa wonke amagama angenzeka ngaphandle kwencazelo enkulu.
I-Terraform yavela ngo-2014 njengohlelo olukuvumela ukuthi ubhale, uhlele futhi uphathe ingqalasizinda njengekhodi. Umqondo obalulekile lapha "ingqalasizinda njengekhodi."
Wonke amadokhumenti, njengoba ngishilo, abhalwe kuwo . Ngethemba ukuthi abantu abaningi bayazi ngale sayithi futhi bawafundile amadokhumenti. Uma kunjalo, khona-ke usendaweni efanele.
Yilokhu ifayela lokumisa le-Terraform elivamile elibukeka, lapho siqala ukuchaza okuguquguqukayo.
Kulokhu sichaza "aws_region".
Bese sichaza ukuthi yiziphi izinsiza esifuna ukuzidala.
Senza eminye imiyalo, ikakhulukazi “i-terraform init” ukuze silayishe okuncikile nabahlinzeki.
Futhi sisebenzisa umyalo othi “terraform apply” ukuze sihlole ukuthi ukulungiselelwa okucacisiwe kufana yini nezinsiza esizidalile. Njengoba besingakadali lutho ngaphambilini, i-Terraform iyasikhuthaza ukuthi sakhe lezi zinsiza.
Siyakuqinisekisa lokhu. Ngakho sakha ibhakede elibizwa ngokuthi uzipho lwasolwandle.
Kukhona futhi izinsiza eziningana ezifanayo. Abaningi benu abasebenzisa i-Amazon bayazi i-AWS CloudFormation noma i-Google Cloud Deployment Manager noma i-Azure Resource Manager. Ngayinye yazo inokusebenzisa kwayo uhlobo oluthile lokuphatha izinsiza ngaphakathi kwalaba bahlinzeki bamafu omphakathi ngamunye. I-Terraform iwusizo ikakhulukazi ngoba ikuvumela ukuthi uphathe abahlinzeki abangaphezu kwe-100. (Imininingwane eyengeziwe )
Imigomo iTerraform ayilandele kusukela ekuqaleni:
- I-Terraform inikeza ukubuka okukodwa kwezinsiza.
- Ikuvumela ukuthi usekele zonke izinkundla zesimanje.
- Futhi i-Terraform yaklanywa kusukela ekuqaleni njengendawo evumela ukuthi uguqule ingqalasizinda ngokuphepha nangokubikezela.
Ngo-2014, igama elithi "ukubikezelwa" lalizwakala lingavamile kakhulu kulo mongo.
I-Terraform iyinsizakalo yendawo yonke. Uma une-API, ungakwazi ukulawula yonke into:
- Ungasebenzisa abahlinzeki abangaphezu kuka-120 ukuphatha yonke into oyifunayo.
- Isibonelo, ungasebenzisa i-Terraform ukuchaza ukufinyelela kumakhosombe e-GitHub.
- Ungakwazi ngisho nokudala futhi uvale iziphazamisi ku-Jira.
- Ungaphatha ama-metrics amasha we-Relic.
- Ungakwazi ngisho nokudala amafayela ku-dropbox uma ufuna ngempela.
Konke lokhu kufinyelelwa kusetshenziswa abahlinzeki be-Terraform, abane-API evulekile engachazwa kokuthi Go.
Ake sithi siqale ukusebenzisa i-Terraform, safunda imibhalo kusayithi, sabuka ividiyo ethile, futhi saqala ukubhala i-main.tf, njengoba ngibonise kumaslayidi adlule.
Futhi konke kuhle, unefayela elidala i-VPC.
Uma ufuna ukwakha i-VPC, bese ucacisa cishe le migqa engu-12. Chaza ukuthi isiphi isifunda ofuna ukusidala, ukuthi iyiphi i-cidr_block yamakheli e-IP ozosetshenziswa. Yilokho kuphela.
Ngokwemvelo, iphrojekthi izokhula kancane kancane.
Futhi uzobe wengeza inqwaba yezinto ezintsha lapho: izinsiza, imithombo yedatha, uzohlanganisa nabahlinzeki abasha, ngokuzumayo uzofuna ukusebenzisa i-Terraform ukuphatha abasebenzisi ku-akhawunti yakho ye-GitHub, njll. Ungase ufune ukusebenzisa okuhlukile Abahlinzeki be-DNS, nqamula yonke into. I-Terraform yenza lokhu kube lula.
Ake sibheke isibonelo esilandelayo.
Ungeza kancane kancane i-internet_gateway ngoba ufuna izinsiza ezisuka ku-VPC yakho zibe nokufinyelela ku-inthanethi. Umqondo omuhle lona.
Umphumela yilokhu main.tf:
Lena ingxenye ephezulu ye-main.tf.
Lena ingxenye engezansi ye-main.tf.
Bese wengeza i-subnet. Ngesikhathi ufuna ukwengeza amasango e-NAT, imizila, amatafula omzila kanye nenqwaba yamanye amanethi angaphansi, ngeke ube nemigqa engama-38, kodwa cishe imigqa engama-200-300.
Okusho ukuthi, ifayela lakho le-main.tf liyakhula kancane kancane. Futhi ngokuvamile abantu bafaka yonke into efayeleni elilodwa. 10-20 KB ivela ku-main.tf. Cabanga ukuthi i-10-20 KB iwukuqukethwe kombhalo. Futhi yonke into ixhunywe kukho konke. Lokhu kancane kancane kuba nzima ukusebenza ngakho. I-10-20 KB isesimweni esihle somsebenzisi, kwesinye isikhathi ngaphezulu. Futhi abantu abacabangi ngaso sonke isikhathi ukuthi lokhu kubi.
Njengasekuhlelweni okuvamile, i.e. hhayi ingqalasizinda njengekhodi, sijwayele ukusebenzisa inqwaba yamakilasi ahlukene, amaphakheji, amamojula, amaqoqo. I-Terraform ikuvumela ukuthi wenze into efanayo.
- Ikhodi iyakhula.
- Ukuncika phakathi kwezinsiza nakho kuyakhula.
Futhi sinesidingo esikhulu, esikhulu. Siyaqonda ukuthi ngeke sisakwazi ukuphila kanje. Ikhodi yethu iba nkulu. I-10-20 KB, vele, ayinkulu kakhulu, kodwa sikhuluma kuphela ngesitaki senethiwekhi, okungukuthi ungeze izinsiza zenethiwekhi kuphela. Asikhulumi nge-Application Load Balancer, iqoqo le-ES lokuphakelwa, i-Kubernetes, njll., lapho i-100 Kb ingalukwa khona kalula. Uma ubhala phansi konke lokhu, maduze nje uzofunda ukuthi iTerraform inikeza amamojula eTerraform.
Amamojula e-Terraform awukucushwa kwe-Terraform okuzimele okulawulwa njengeqembu. Yilokho kuphela okudingeka ukwazi mayelana namamojula e-Terraform. Azihlakaniphile nhlobo, azikuvumeli ukuthi wenze noma yikuphi ukuxhumana okuyinkimbinkimbi kuye ngokuthile. Konke lokhu kuwela emahlombe abathuthukisi. Okusho ukuthi, lolu uhlobo oluthile lokucushwa kwe-Terraform osuvele ulubhalile. Futhi ungamane uyibize njengeqembu.
Ngakho-ke sizama ukuqonda ukuthi sizoyithuthukisa kanjani i-10-20-30 KB yethu yekhodi. Kancane kancane siyaqaphela ukuthi sidinga ukusebenzisa amamojula athile.
Uhlobo lokuqala lwamamojula ohlangana nawo amamojula wensiza. Abaqondi ukuthi ingqalasizinda yakho imayelana nani, ibhizinisi lakho limayelana nani, ikuphi futhi yiziphi izimo. Lawa yiwona kanye amamojula engiwalawulayo, kanye nomphakathi womthombo ovulekile, futhi esiwabeka phambili njengezithiyo zokuqala zokwakha zengqalasizinda yakho.
Isibonelo semojula yensiza.
Uma sibiza imojula yensiza, sicacisa ukuthi iyiphi indlela okufanele silayishe okuqukethwe kwayo.
Sikhombisa ukuthi iyiphi inguqulo esifuna ukuyilanda.
Sidlulisa inqwaba yezingxabano lapho. Yilokho kuphela. Yilokho kuphela okudingeka sikwazi uma sisebenzisa le mojuli.
Abantu abaningi bacabanga ukuthi uma besebenzisa inguqulo yakamuva, yonke into izozinza. Kodwa cha. Ingqalasizinda kumele yenziwe inguqulo; kufanele siphendule ngokucacile ukuthi iyiphi inguqulo lena noma leyo ngxenye ethunyelwe kuyo.
Nansi ikhodi engaphakathi kule mojuli. Imojuli yeqembu lokuphepha. Lapha umqulu uya emgqeni wama-640. Ukudala insiza yokuphepha e-Amazon kukho konke ukucushwa okungenzeka kuwumsebenzi ongewona omncane kakhulu. Akwanele ukumane udale iqembu lezokuphepha futhi ulitshele ukuthi yimiphi imithetho okufanele lidlule kulo. Kungaba lula kakhulu. Kunemikhawulo ehlukene eyisigidi ngaphakathi kwe-Amazon. Isibonelo, uma usebenzisa Iphoyinti lokuphela le-VPC, uhlu lwesiqalo, ama-API ahlukahlukene futhi uzama ukuhlanganisa konke lokhu nakho konke okunye, khona-ke iTerraform ayikuvumeli ukuba wenze lokhu. Futhi i-Amazon API ayikuvumeli nalokhu. Ngakho-ke, sidinga ukufihla wonke lo mqondo omubi kumojuli futhi sinikeze ikhodi yomsebenzisi ebukeka kanjena.
Umsebenzisi akadingi ukwazi ukuthi yenziwa kanjani ngaphakathi.
Uhlobo lwesibili lwamamojula, aqukethe amamojula wensiza, asezixazulula izinkinga ezisebenza kakhulu ebhizinisini lakho. Ngokuvamile lena indawo eyisandiso se-Terraform futhi isetha amanani aqinile amathegi, kumazinga enkampani. Ungakwazi futhi ukwengeza ukusebenza lapho iTerraform engakuvumeli okwamanje ukuthi ukusebenzise. Lokhu kumanje. Manje inguqulo 0.11, osekuzoba yinto yesikhathi esidlule. Kodwa noma kunjalo, ama-preprocessors, i-jsonnet, i-cookiecutter kanye nenqwaba yezinye izinto kuyindlela eyisizayo okufanele isetshenziselwe umsebenzi ogcwele.
Okulandelayo ngizokhombisa ezinye izibonelo zalokhu.
Imojula yengqalasizinda ibizwa ngendlela efanayo ncamashi.
Umthombo lapho ungalanda khona okuqukethwe ukhonjisiwe.
Inqwaba yamanani idluliswa futhi idluliselwe kule mojuli.
Okulandelayo, ngaphakathi kwale mojula, inqwaba yamamojula wensiza abizelwa ukwakha i-VPC noma i-Application Load Balancer, noma ukwakha iqembu lokuvikela noma iqoqo Lesevisi Yesiqukathi Se-Elastic.
Kunezinhlobo ezimbili zamamojula. Lokhu kubalulekile ukukuqonda ngoba imininingwane eminingi engiyiqoqe kulo mbiko ayibhaliwe emibhalweni.
Futhi imibhalo eku-Terraform njengamanje iyinkinga impela ngoba ivele ithi kukhona lezi zici, ungazisebenzisa. Kodwa akasho ukuthi zisetshenziswa kanjani lezi zici, kungani kungcono ukuzisebenzisa. Ngakho-ke, inani elikhulu kakhulu labantu libhala into abangakwazi ukuhlala nayo.
Ake sibheke indlela yokubhala la mamojula ngokulandelayo. Khona-ke sizobona ukuthi singababiza kanjani nokuthi singasebenza kanjani ngekhodi.
I-Terraform Registry -
Ithiphu #0 ukuthi ungabhali amamojula wensiza. Iningi lala mamojula selibhalelwe wena kakade. Njengoba ngishilo, angumthombo ovulekile, awaqukethe noma iyiphi i-logic yebhizinisi lakho, awanawo amanani anekhodi eqinile yamakheli e-IP, amaphasiwedi, njll. Imojula ivumelana nezimo kakhulu. Futhi cishe isibhaliwe kakade. Kunamamojula amaningi wezinsiza ezivela e-Amazon. Cishe 650. Futhi eziningi zazo zisezingeni elihle.
Kulesi sibonelo, othile weza kuwe wathi, “Ngifuna ukukwazi ukuphatha isizindalwazi. Dala imojuli ukuze ngikwazi ukudala isizindalwazi." Umuntu akayazi imininingwane yokusetshenziswa kwe-Amazon noma i-Terraform. Uvele athi: "Ngifuna ukuphatha i-MSSQL." Okusho ukuthi, sisho ukuthi izobiza imojula yethu, idlulise uhlobo lwenjini lapho, futhi ikhombise indawo yesikhathi.
Futhi umuntu akufanele azi ukuthi sizodala izinsiza ezimbili ezihlukene ngaphakathi kwale moduli: eyodwa ye-MSSQL, eyesibili yakho konke okunye, kuphela ngoba ku-Terraform 0.11 awukwazi ukucacisa amanani wendawo yesikhathi njengokuzikhethela.
Futhi ekuphumeni kule mojula, umuntu uzokwazi ukuthola ikheli nje. Ngeke azi ukuthi usuka kuyiphi i-database, konke lokhu sikwenza kusuka kuyiphi insiza ngaphakathi. Lokhu kuyisici esibaluleke kakhulu sokufihla. Futhi lokhu akusebenzi kuphela kulawo mamojula asesidlangalaleni kumthombo ovulekile, kodwa nakulawo mamojula ozowabhala ngaphakathi kwamaphrojekthi namathimba akho.
Lena ingxabano yesibili, ebaluleke kakhulu uma usebenzisa i-Terraform isikhashana. Unenqolobane obeka kuyo wonke amamojula e-Terraform enkampani yakho. Futhi kuyinto evamile ukuthi ngokuhamba kwesikhathi le phrojekthi izokhula ibe usayizi wemegabhayithi eyodwa noma amabili. Lokhu kuhle.
Kodwa inkinga ukuthi iTerraform iwabiza kanjani la mamojula. Isibonelo, uma ubiza imojuli ukuze udale umsebenzisi ngamunye, i-Terraform izoqala ilayishe yonke inqolobane bese izulazulela kufolda lapho leyo mojula ethile itholakala khona. Ngale ndlela uzolanda i-megabyte eyodwa isikhathi ngasinye. Uma uphatha abasebenzisi abangu-100 noma abangu-200, uzolanda amamegabhayithi angu-100 noma angu-200, bese uya kuleyo folda. Ngakho-ke ngokwemvelo awufuni ukulanda inqwaba yezinto njalo uma ushaya u-"Terraform init".
Zimbili izixazululo kule nkinga. Okokuqala ukusebenzisa izindlela ezihambisanayo. Ngale ndlela ubonisa kukhodi ukuthi ifolda ingeyasendaweni (./). Futhi ngaphambi kokuthi wethule noma yini, wenza i-Git clone yalesi sikhombi endaweni yangakini. Ngale ndlela wenza kanye.
Kukhona, yiqiniso, okuningi okuphansi. Isibonelo, awukwazi ukusebenzisa inguqulo. Futhi lokhu ngezinye izikhathi kunzima ukuphila nakho.
Isixazululo sesibili. Uma unamamojula amaningi angaphansi futhi usuvele unohlobo oluthile lwepayipi esunguliwe, khona-ke kukhona iphrojekthi ye-MBT, ekuvumela ukuthi uqoqe amaphakheji amaningi ahlukene ku-monorepository futhi uwalayishe ku-S3. Lena indlela enhle kakhulu. Ngakho, ifayela le-iam-user-1.0.0.zip lizoba nesisindo esingu-1 KB kuphela, ngoba ikhodi yokudala le nsiza incane kakhulu. Futhi izosebenza ngokushesha okukhulu.
Ake sikhulume ngalokho okungeke kusetshenziswe kumamojula.
Kungani lobu bubi kumamojula? Okubi kakhulu ukucabanga umsebenzisi. Cabanga ukuthi umsebenzisi uyinketho yokuqinisekisa yomhlinzeki engasetshenziswa abantu abahlukene. Isibonelo, sonke sizolingisa indima. Lokhu kusho ukuthi iTerraform izothatha le ndima. Bese-ke ngale ndima izokwenza ezinye izenzo.
Futhi okubi ukuthi uma u-Vasya ethanda ukuxhuma ku-Amazon ngendlela eyodwa, isibonelo, esebenzisa ukuguquguquka kwemvelo okuzenzakalelayo, futhi uPetya uthanda ukusebenzisa ukhiye wakhe okwabelwana ngawo, anakho endaweni eyimfihlo, khona-ke awukwazi ukucacisa kokubili I-Terraform. Futhi ukuze bangakutholi ukuhlupheka, asikho isidingo sokukhombisa leli bhulokhi kumojula. Lokhu kumele kukhonjiswe ezingeni eliphezulu. Okusho ukuthi, sinemojula yensiza, imojula yengqalasizinda kanye nokwakheka phezulu. Futhi lokhu kufanele kukhonjiswe endaweni ethile ephakeme.
Ububi besibili ngumphakeli. Lapha ububi abuyona into encane, ngoba uma ubhala ikhodi futhi ikusebenzela, ungase ucabange ukuthi uma isebenza, kungani uyishintsha.
Ububi ukuthi awuhlali ulawula ukuthi lo mhlinzeki uzokwethulwa nini, okokuqala. Futhi okwesibili, awulawuli ukuthi i-aws ec2 isho ukuthini, okungukuthi sikhuluma ngeLinux noma ngeWindows manje. Ngakho-ke awukwazi ukubhala okuthile okuzosebenza ngendlela efanayo kumasistimu wokusebenza ahlukene noma ezimweni ezihlukile zabasebenzisi.
Isibonelo esivame kakhulu, esiphinde sikhonjiswe embhalweni osemthethweni, ukuthi uma ubhala okuthi aws_instance futhi ucacise inqwaba yezimpikiswano, akukho lutho olungalungile ngalokho uma ucacisa umhlinzeki "local-exec" lapho bese usebenzisa i-ansible yakho- incwadi yokudlala .
Eqinisweni, yebo, akukho lutho olungalungile ngalokho. Kepha ngokoqobo maduze uzobona ukuthi le nto ye-local-exec ayikho, ngokwesibonelo, ku- launch_configuration.
Futhi uma usebenzisa i-launch_configuration, futhi ufuna ukudala iqembu le-autoscaling kusuka esibonelweni esisodwa, lapho-ke ku-launch_configuration awukho umqondo wokuthi "umnikezeli". Kukhona umqondo othi "idatha yomsebenzisi".
Ngakho-ke, ikhambi elibanzi kakhulu ukusebenzisa idatha yomsebenzisi. Futhi izokwethulwa kusenzakalo ngokwaso, lapho isibonelo sivuliwe, noma kudatha efanayo yomsebenzisi, lapho iqembu le-autoscaling lisebenzisa le launch_configuration.
Uma usafuna ukuqhuba umnikezeli, ngoba kuyingxenye ye-gluing, lapho isisetshenziswa esisodwa sidalwa, ngaleso sikhathi udinga ukuqhuba umhlinzeki wakho, umyalo wakho. Ziningi izimo ezinjalo.
Futhi insiza elungile kakhulu yalokhu ibizwa ngokuthi i-null_resource. I-Null_resource iyinsiza eyidummy engakaze idalwe ngempela. Ayithinti lutho, ayikho i-API, ayikho i-autoscaling. Kodwa ikuvumela ukuthi ulawule ukuthi uzowusebenzisa nini umyalo. Kulokhu, umyalo uqhutshwa ngesikhathi sokudala.
Izikhombo
Kunezimpawu eziningana. Ngeke ngingene kuzo zonke izimpawu ngokuningiliziwe. Kunesihloko mayelana nalokhu. Kodwa uma usebenze neTerraform noma usebenzise amamojula abanye abantu, khona-ke uvame ukuqaphela ukuthi amamojula amaningi, njengeningi lekhodi emthonjeni ovulekile, abhalwa abantu ngezidingo zabo. Indoda ethile yalibhala futhi yaxazulula inkinga yayo. Ngiyinamathisele ku-GitHub, ngiyivumele iphile. Izophila, kodwa uma kungekho mibhalo nezibonelo lapho, akekho ozoyisebenzisa. Futhi uma kungekho ukusebenza okukuvumela ukuthi uxazulule kancane kunomsebenzi wawo othize, akekho ozowusebenzisa futhi. Ziningi izindlela zokulahlekelwa abasebenzisi.
Uma ufuna ukubhala okuthile ukuze abantu bayisebenzise, ngakho-ke ngincoma ukulandela lezi zimpawu.
Lokhu:
- Imibhalo nezibonelo.
- Ukusebenza okugcwele.
- Okuzenzakalelayo okunengqondo.
- Ikhodi ehlanzekile.
- Ukuhlolwa.
Izivivinyo ziyisimo esihlukile ngoba kunzima kakhulu ukuzibhala. Ngikholelwa kakhulu emibhalweni nasezibonelweni.
Ngakho-ke, sibheke indlela yokubhala amamojula. Kunezimpikiswano ezimbili. Okokuqala, okubaluleke kakhulu, akukona ukubhala uma ukwazi, ngoba isixuku sabantu sesenze le misebenzi ngaphambi kwakho. Okwesibili, uma usanquma, zama ukungasebenzisi abahlinzeki kumamojula nabahlinzeki.
Lena ingxenye empunga yamadokhumenti. Manje kungenzeka ukuthi uyacabanga: “Kukhona okungacacile. Angiqinisekile." Kodwa sizobona ezinyangeni eziyisithupha.
Manje ake sikhulume ngokuthi singawabiza kanjani la mamojula.
Siyaqonda ukuthi ikhodi yethu iyakhula ngokuhamba kwesikhathi. Asisenalo ifayela elilodwa, sesinamafayela angu-20. Wonke akufolda eyodwa. Noma mhlawumbe kumafolda amahlanu. Mhlawumbe sesiqala ukuwehlukanisa ngandlela thize ngokwesifunda, ngezinye izingxenye. Khona-ke siyaqonda ukuthi manje sineziqalo ezithile zokuvumelanisa kanye ne-orchestration. Okusho ukuthi, kufanele siqonde ukuthi yini okufanele siyenze uma sishintsha izinsiza zenethiwekhi, yini okufanele siyenze ngazo zonke ezinye izinsiza zethu, ukuthi kubangelwa kanjani lokhu kuncika, njll.
Kunezinhlobo ezimbili ezeqisayo. Eyokuqala eyeqisayo konke kukodwa. Sinefayela elilodwa eliyinhloko. Okwamanje, lokhu bekuwumkhuba osemthethweni ongcono kakhulu kuwebhusayithi yeTerraform.
Kodwa manje sekubhalwe ukuthi kwehlisiwe futhi kwasuswa. Ngokuhamba kwesikhathi, umphakathi waseTerraform waqaphela ukuthi lokhu kwakungeyona indlela engcono kakhulu, ngoba abantu baqala ukusebenzisa le phrojekthi ngezindlela ezahlukene. Futhi kunezinkinga. Isibonelo, uma sibala konke okuncikile endaweni eyodwa. Kunezimo lapho sichofoza "uhlelo lwe-Terraform" futhi kuze kube yilapho i-Terraform ibuyekeza izifunda zazo zonke izinsiza, kungadlula isikhathi esiningi.
Isikhathi esiningi, isibonelo, imizuzu emi-5. Kwabanye lesi isikhathi esiningi. Ngizibonile izimo lapho kuthathe khona imizuzu eyi-15. I-AWS API ichithe imizuzu engu-15 izama ukuthola ukuthi kwenzekani ngesimo sensiza ngayinye. Lena indawo enkulu kakhulu.
Futhi, ngokwemvelo, inkinga ehlobene izovela uma ufuna ukushintsha okuthile endaweni eyodwa, bese ulinda imizuzu engu-15, futhi ikunikeza ikhanvasi yezinye izinguquko. Ukhafule, wabhala ukuthi “Yebo”, futhi kukhona okungahambanga kahle. Lesi isibonelo sangempela. I-Terraform ayizami ukukuvikela ezinkingeni. Okungukuthi, bhala okufunayo. Kuzoba nezinkinga - izinkinga zakho. Nakuba i-Terraform 0.11 ingazami ukukusiza nganoma iyiphi indlela. Kunezindawo ezithile ezithakazelisayo ku-0.12 ezikuvumela ukuthi uthi: "Vasya, ufuna ngempela lokhu, ungabuyela ezingqondweni zakho?"
Indlela yesibili ukunciphisa le ndawo, okungukuthi, izingcingo ezivela endaweni eyodwa zingaxhunywa kancane zisuka kwenye indawo.
Inkinga kuphela ukuthi udinga ukubhala ikhodi eyengeziwe, okungukuthi udinga ukuchaza okuguquguqukayo enanini elikhulu lamafayela futhi ubuyekeze lokhu. Abanye abantu abakuthandi. Lokhu kujwayelekile kimi. Futhi abanye abantu bacabanga: "Kungani ukubhala lokhu ezindaweni ezahlukene, ngizokubeka konke endaweni eyodwa." Lokhu kungenzeka, kodwa lokhu okweqisayo kwesibili.
Ubani onakho konke lokhu okuhlala endaweni eyodwa? Umuntu oyedwa, ababili, abathathu, okungukuthi, kukhona oyisebenzisayo.
Futhi ubani obiza ingxenye ethile, ibhulokhi eyodwa noma imojuli yengqalasizinda eyodwa? Abantu abahlanu kuya kwabayisikhombisa. Lokhu kuhle.
Impendulo evame kakhulu isendaweni ethile phakathi. Uma iphrojekthi inkulu, khona-ke uzovame ukuba nesimo lapho kungekho sixazululo esifanele futhi akuzona zonke izinto ezisebenza lapho, ngakho-ke ugcina ingxube. Akukho lutho olungalungile ngalokhu, inqobo nje uma uqonda ukuthi zombili zinezinzuzo.
Uma okuthile kushintshile kusitaki se-VPC futhi ubufuna ukusebenzisa lezi zinguquko ku-EC2, okungukuthi ubufuna ukubuyekeza iqembu le-autoscaling ngoba ubune-subnet entsha, ngizobe ngibiza lolu hlobo lwe-orchestration yokuncika. Kukhona izixazululo: ubani osebenzisa ini?
Ngingaphakamisa ukuthi yiziphi izixazululo ezikhona. Ungasebenzisa i-Terraform ukwenza umlingo, noma ungasebenzisa ama-makefiles ukuze usebenzise i-Terraform. Futhi ubone uma kukhona okushintshile lapho, ungayethula lapha.
Usithanda kanjani lesi sinqumo? Ingabe ukhona okholelwa ukuthi lesi yisixazululo esihle? Ngibona ukumamatheka, ngokusobala ukungabaza sekungene.
Yebo, ungazami lokhu ekhaya. I-Terraform ayizange yakhelwe ukuthi isetshenziswe isuka ku-Terraform.
Komunye umbiko bathi kimi: “Cha, lokhu ngeke kusebenze.” Iphuzu ukuthi akufanele isebenze. Yize kubukeka kuhlaba umxhwele kakhulu uma uvula i-Terraform usuka ku-Terraform, bese kuba yi-Terraform, akufanele ukwenze lokho. I-Terraform kufanele ihlale iqala kalula.
Uma udinga i-orchestration yocingo lapho okuthile kushintshile endaweni eyodwa, khona-ke kukhona i-Terragrunt.
I-Terragrunt iyinsizakalo, isengezo ku-Terraform, esikuvumela ukuthi uhlanganise futhi uhlele izingcingo kumamojula wengqalasizinda.
Ifayela elijwayelekile lokucushwa le-Terraform libukeka kanje.
Uyacacisa ukuthi iyiphi imojuli ethile ofuna ukuyishayela.
Yikuphi ukuncika imojuli enakho?
Futhi yiziphi izimpikiswano ezamukelwa yile mojuli. Yilokho kuphela okumele ukwazi ngeTerragrunt.
Imibhalo ikhona, futhi kunezinkanyezi eziyi-1 ku-GitHub. Kodwa ezimweni eziningi yilokhu okudingeka ukwazi. Futhi lokhu kulula kakhulu ukukusebenzisa ezinkampanini ezisanda kuqala ukusebenza neTerraform.
Ngakho i-orchestration iyi-Terragrunt. Kukhona ezinye izinketho.
Manje ake sikhulume ngokuthi singasebenza kanjani ngekhodi.
Uma udinga ukungeza izici ezintsha kukhodi yakho, ezimweni eziningi lokhu kulula. Ubhala insiza entsha, yonke into ilula.
Uma unomthombo othile owudale kusengaphambili, isibonelo, ufunde nge-Terraform ngemuva kokuvula i-akhawunti ye-AWS futhi ufuna ukusebenzisa izinsiza osuvele unazo, kungaba kuhle ukwelula imojula yakho ngale ndlela, ukuze isekela ukusetshenziswa kwezinsiza ezikhona.
Futhi isekela ukudalwa kwezinsiza ezintsha kusetshenziswa insiza yokuvimba.
Kokukhiphayo sihlala sibuyisela i-id yokuphumayo kuye ngokuthi yini esetshenzisiwe.
Inkinga yesibili ebaluleke kakhulu ku-Terraform 0.11 isebenza ngezinhlu.
Ubunzima ukuthi uma sinohlu olunjalo lwabasebenzisi.
Futhi uma sidala laba basebenzisi sisebenzisa insiza yokuvimba, khona-ke konke kuhamba kahle. Sidlula kulo lonke uhlu, sidale ifayela ngalinye. Konke kuhamba kahle. Futhi-ke, isibonelo, umsebenzisi3, ophakathi, kufanele asuswe lapha, khona-ke zonke izinsiza ezidalwe ngemva kwakhe zizophinda zenziwe kabusha ngoba inkomba izoshintsha.
Ukusebenza nezinhlu endaweni ekahle. Iyini indawo ekahle? Lesi yisimo lapho inani elisha lidalwa lapho le nsiza idalwa. Isibonelo, i-AWS Access Key noma i-AWS Secret Key, okungukuthi uma sidala umsebenzisi, sithola Ukufinyelela okusha noma Ukhiye Oyimfihlo. Futhi njalo uma sisusa umsebenzisi, lo msebenzisi uzoba nokhiye omusha. Kodwa lokhu akuyona i-feng shui, ngoba umsebenzisi ngeke afune ukuba umngane nathi uma simakhela umsebenzisi omusha njalo lapho othile eshiya iqembu.
Lesi yisixazululo. Lena ikhodi ebhalwe ku-Jsonnet. I-Jsonnet iwulimi lwesifanekiso oluvela kwa-Google.
Lo myalo ikuvumela ukuthi wamukele lesi sifanekiso futhi njengokuphumayo sibuyisela ifayela le-json elenziwe ngokuya ngesifanekiso sakho.
Isifanekiso sibukeka kanje.
I-Terraform ikuvumela ukuthi usebenzise kokubili i-HCL ne-Json ngendlela efanayo, ngakho-ke uma unekhono lokukhiqiza i-Json, ungakwazi ukuyishutheka ku-Terraform. Ifayela elinesandiso esithi .tf.json lizolandwa ngempumelelo.
Bese sisebenza nayo njengenjwayelo: i-terraform init, i-terramorm iyasebenza. Futhi sakha abasebenzisi ababili.
Manje asisabi uma kukhona oshiya iqembu. Sizovele sihlele ifayela le-json. U-Vasya Pupkin washiya, uPetya Pyatochkin wasala. U-Petya Pyatochkin ngeke athole ukhiye omusha.
Ukuhlanganisa i-Terraform namanye amathuluzi akuwona umsebenzi weTerraform ngempela. I-Terraform yadalwa njengenkundla yokudala izinsiza futhi yikho. Futhi konke okuza kamuva akukona ukukhathazeka kukaTerraform. Futhi asikho isidingo sokulukwa lapho. Kukhona i-Ansible, eyenza konke okudingayo.
Kodwa izimo ziphakama lapho sifuna ukunweba i-Terraform futhi sishayele umyalo othile ngemva kokuthi okuthile sekuphelile.
Indlela yokuqala. Sakha okukhiphayo lapho sibhala khona lo myalo.
Bese sibiza lo myalo kusuka ekuphumeni kwegobolondo le-terraform futhi sicacise inani esilifunayo. Ngakho-ke, umyalo usetshenziswa nawo wonke amanani afakwe esikhundleni. Ikhululekile kakhulu.
Indlela yesibili. Lokhu ukusetshenziswa kwe-null_resource kuye ngezinguquko kwingqalasizinda yethu. Singabiza i-exe efanayo yendawo ngokushesha nje lapho i-ID yezinye izisetshenziswa zishintsha.
Ngokwemvelo, konke lokhu kushelela ephepheni, ngoba i-Amazon, njengabo bonke abanye abahlinzeki bomphakathi, inenqwaba yamacala ayo asemaphethelweni.
Icala elivame kakhulu elisemaphethelweni ukuthi uma uvula i-akhawunti ye-AWS, kuyabaluleka ukuthi usebenzisa ziphi izifunda; ingabe lesi sici sinikwe amandla lapho; mhlawumbe uyivule ngemuva kukaZibandlela wezi-2013; mhlawumbe usebenzisa okuzenzakalelayo ku-VPC njll. Kunemikhawulo eminingi. Futhi i-Amazon yabasakaza kuwo wonke amadokhumenti.
Kunezinto ezimbalwa engitusa ukuzigwema.
Ukuze uqale, gwema zonke izimpikiswano ezingezona eziyimfihlo ngaphakathi kohlelo lwe-Terraform noma i-Terraform CLI. Konke lokhu kungafakwa kufayela le-tfvars noma endaweni eguquguqukayo.
Kodwa awudingi ukubamba ngekhanda wonke lo myalo womlingo. Uhlelo lwe-Terraform - var futhi siyahamba. Inguquko yokuqala i- var, eyesibili i- var, eyesithathu, yesine. Umgomo obaluleke kakhulu wengqalasizinda njengekhodi engiyisebenzisa kakhulu ukuthi ngokubheka ikhodi nje, kufanele ngibe nokuqonda okucacile kokuthi yini esetshenziswe lapho, ikusiphi isimo futhi ngawaphi amanani. Futhi ngakho-ke akudingeki ngifunde amadokhumenti noma ngibuze u-Vasya ukuthi yiziphi imingcele azisebenzisayo ukuze enze iqoqo lethu. Ngidinga nje ukuvula ifayela ngesandiso se-tfvars, esivame ukufanisa imvelo, futhi ngibheke yonke into lapho.
Futhi, ungasebenzisi izimpikiswano eziqondiwe ukuze unciphise ububanzi. Ngalokhu kulula kakhulu ukusebenzisa amamojula amancane wengqalasizinda.
Futhi, asikho isidingo sokukhawulela nokwandisa ukuhambisana. Uma nginezinsiza ezingu-150 futhi ngifuna ukwandisa ukufana kwe-Amazon kusuka kokuzenzakalelayo kwe-10 kuya ku-100, khona-ke kungenzeka ukuthi kukhona okungahambi kahle. Noma kungase kuhambe kahle manje, kodwa uma i-Amazon ithi wenza izingcingo eziningi kakhulu, uzoba senkingeni.
I-Terraform izozama ukuqala kabusha iningi lalezi zinkinga, kodwa ngeke uzuze cishe lutho. Ukufana=1 kuyinto ebalulekile ongayisebenzisa uma ufica isiphazamisi esithile ngaphakathi kwe-AWS API noma ngaphakathi komhlinzeki we-Terraform. Bese udinga ukucacisa: parallelism=1 bese ulinda kuze kube yilapho iTerraform iqeda ucingo olulodwa, bese kuba okwesibili, bese kuba okwesithathu. Uzokwethula ngamunye ngamunye.
Abantu bavame ukungibuza, “Kungani ngicabanga ukuthi izindawo zokusebenza zeTerraform zimbi?” Ngikholelwa ukuthi umgomo wengqalasizinda njengekhodi ukubona ukuthi iyiphi ingqalasizinda edaliwe nokuthi yiziphi izindinganiso.
Izindawo zokusebenza azidalwanga abasebenzisi. Lokhu akusho ukuthi abasebenzisi babhale ezindabeni ze-GitHub ukuthi ngeke sikwazi ukuphila ngaphandle kwezindawo zokusebenza ze-Terraform. Cha akunjalo. I-Terraform Enterprise iyisixazululo sokuhweba. I-Terraform evela ku-HashiCorp inqume ukuthi sidinga izindawo zokusebenza, ngakho-ke sayigcwalisa. Ngikuthola kulula kakhulu ukuyibeka kufolda ehlukile. Khona-ke kuzoba namanye amafayela, kodwa azocaca.
Indlela yokusebenza ngekhodi? Eqinisweni, ukusebenza ngezinhlu kuwukuphela kobuhlungu. Futhi thatha Terraform lula. Lokhu akuyona into ezokwenza konke okuhle kuwe. Asikho isidingo sokushova konke okubhalwe emibhalweni lapho.
Isihloko sombiko sasibhalelwe “ikusasa.” Ngizokhuluma ngalokhu kafushane kakhulu. Ngokuzayo, lokhu kusho ukuthi i-0.12 izokhishwa maduze.
0.12 iyithani lezinto ezintsha. Uma uvela ezinhlelweni ezijwayelekile, khona-ke uphuthelwa zonke izinhlobo zamabhulokhi ashukumisayo, izihibe, imisebenzi yokuqhathanisa elungile nenemibandela, lapho izinhlangothi ezingakwesokunxele nezingakwesokudla zingabalwa ngesikhathi esisodwa, kodwa kuye ngokuthi isimo. Uyikhumbula kakhulu, ngakho-ke u-0.12 uzokuxazululela yona.
Kodwa! Uma ubhala kancane futhi kalula, usebenzisa amamojula enziwe ngomumo kanye nezixazululo zezinkampani zangaphandle, khona-ke ngeke kudingeke ulinde futhi uthemba ukuthi u-0.12 uzofika futhi akulungisele konke.
Siyabonga ngombiko! Ukhulume ngengqalasizinda njengekhodi futhi usho igama elilodwa mayelana nezivivinyo. Ingabe ukuhlolwa kuyadingeka kumamojula? Umthwalo kabani lo? Ingabe ngidinga ukuzibhalela mina noma umthwalo wamamojula?
Ngonyaka olandelayo kuzobe kugcwele imibiko yokuthi sinqume ukuhlola yonke into. Yini okufanele uyihlole umbuzo omkhulu. Kukhona ukuncika okuningi, imikhawulo eminingi evela kubahlinzeki abahlukene. Lapho mina nawe sikhuluma bese uthi: “Ngidinga ukuhlolwa,” bese ngiyabuza: “Nizohlolani?” Uthi uzohlola esifundeni sakho. Bese ngithi lokhu akusebenzi esifundeni sami. Okusho ukuthi, ngeke size sikwazi ukuvumelana ngalokhu. Ingasaphathwa ukuthi ziningi izinkinga zobuchwepheshe. Okungukuthi, ukubhala lezi zivivinyo ukuze zanele.
Ngicwaninga ngenkuthalo lesi sihloko, okungukuthi ungenza kanjani ukuhlola ngokuzenzakalelayo ngokusekelwe kungqalasizinda oyibhalile. Okusho ukuthi, uma ubhale le khodi, khona-ke ngidinga ukuyiqhuba, ngokusekelwe kulokhu ngingakwazi ukudala izivivinyo.
ingenye yemitapo yolwazi eshiwo kakhulu ekuvumela ukuthi ubhale izivivinyo zokuhlanganisa ze-Terraform. Lokhu kungenye yezinsiza. Ngikhetha uhlobo lwe-DSL, isibonelo, i-rspec.
Anton, siyabonga ngombiko! Igama lami nginguValery. Ake ngibuze umbuzo wefilosofi. Kukhona, ngokwemibandela, ukuhlinzekwa, kukhona ukuthunyelwa. Ukuhlinzeka kudala ingqalasizinda yami, ekusetshenzisweni siyigcwalisa ngokuthile okuwusizo, isibonelo, amaseva, izinhlelo zokusebenza, njll. Futhi kusekhanda lami ukuthi i-Terraform izohlinzekwa kakhulu, futhi i-Ansible ingeyokuthunyelwa, ngoba i-Ansible iphinde ibe ngeyomzimba Ingqalasizinda. ikuvumela ukuthi ufake i-nginx, i-Postgres. Kodwa ngesikhathi esifanayo, i-Ansible ibonakala ivumela ukuhlinzekwa, isibonelo, izinsiza ze-Amazon noma ze-Google. Kodwa i-Terraform futhi ikuvumela ukuthi usebenzise isofthiwe ethile usebenzisa amamojula ayo. Ngokombono wakho, ingabe kukhona uhlobo oluthile lomngcele oluhamba phakathi kwe-Terraform ne-Ansible, kuphi futhi yini engcono ukuyisebenzisa? Noma, isibonelo, ucabanga ukuthi i-Ansible isivele ingudoti, kufanele uzame ukusebenzisa i-Terraform kuyo yonke into?
Umbuzo omuhle, Valery. Ngikholwa ukuthi i-Terraform ayikashintshi ngokwemigomo kusukela ngo-2014. Yadalelwa ingqalasizinda futhi yafela ingqalasizinda. Besisadingeka futhi sisazoba nesidingo sokuphathwa kokucushwa Okufanelekile. Inselele ukuthi kunedatha yomsebenzisi ngaphakathi kwe-launch_configuration. Futhi lapho udonsa i-Ansible, njll. Lona umehluko ojwayelekile engiwuthanda kakhulu.
Uma sikhuluma ngengqalasizinda enhle, khona-ke kukhona izinsiza ezifana ne-Packer eziqoqa lesi sithombe. Bese i-Terraform isebenzisa umthombo wedatha ukuze ithole lesi sithombe futhi ibuyekeze ukulungiselelwa_kwaso. Okusho ukuthi, ngale ndlela ipayipi ukuthi siqale sidonse i-Tracker, bese sidonsa i-Terraform. Futhi uma ukwakhiwa kwenzeka, khona-ke ushintsho olusha lwenzeka.
Sawubona! Siyabonga ngombiko! Igama lami nginguMisha, inkampani ye-RBS. Ungashayela i-Ansible usebenzisa isinikezeli lapho udala insiza. I-Ansible futhi inesihloko esibizwa nge-dynamic inventory. Futhi ungaqale ushayele i-Terraform, bese ushayela i-Ansible, ezothatha izinsiza kuhulumeni iyenze. Yini engcono?
Abantu basebenzisa kokubili ngempumelelo efanayo. Kimina kubonakala sengathi i-inventory eguquguqukayo ku-Ansible iyinto elula, uma singakhulumi ngeqembu le-autoscaling. Ngoba eqenjini le-autoscaling sesivele sinayo ikhithi yethu yamathuluzi, ebizwa ngokuthi launch_configuration. Ku- launch_configuration siqopha yonke into edinga ukwethulwa lapho sidala insiza entsha. Ngakho-ke, nge-Amazon, isebenzisa i-inventory eguquguqukayo nokufunda ifayela le-Terraform ts, ngombono wami, i-overkill. Futhi uma usebenzisa amanye amathuluzi lapho kungekho mqondo "weqembu le-autoscaling", isibonelo, usebenzisa i-DigitalOcean noma omunye umhlinzeki lapho lingekho iqembu le-autoscaling, lapho-ke kuzodingeka ukuthi udonse i-API ngesandla, uthole amakheli e-IP, udale. ifayela lokusungula eliguqukayo , futhi i-Ansible izovele izule kulo. Okusho ukuthi, i-Amazon kukhona i-launch_configuration, futhi kukho konke okunye kukhona i-inventory enamandla.
Source: www.habr.com