IaC基础设施即代码：Terraform 使用 dynamic动态内联块 创建docker资源

目录

 一、实验

1.环境

2.Terraform查看版本

3.Linux主机安装Docker

4.Terraform使用本地编译（In-house）的Providers

5.Docker-CE 开启远程API

6. Linux主机拉取镜像

7.Terraform 使用 dynamic动态内联块 创建资源

二、问题

 1.Terraform 计划资源失败 (无效provider)

2.Terraform 申请资源失败 (端口占用)

---

 一、实验

1.环境

（1）主机

表1-1 主机

主机	系统	软件	备注
pipepoint	Linux	Terraform 1.6.6

2.Terraform查看版本

（1）查看Terraform版本

terraform -v

3.Linux主机安装Docker

(1)安装Docker

① 阿里云镜像加速将XXXXXXXX改为自己的即可（ "https://XXXXXXXX.mirror.aliyuncs.com",）

1）安装
yum -y install wget && wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
 
2）配置cgroup驱动及镜像下载加速器：
cat > /etc/docker/daemon.json << EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
   "registry-mirrors": [
        "https://XXXXXXXX.mirror.aliyuncs.com",
        "https://registry.docker-cn.com",
        "https://docker.mirrors.ustc.edu.cn",
        "https://dockerhub.azk8s.cn",
        "http://hub-mirror.c.163.com"
	]
}
EOF
 
3）自启动
systemctl enable docker && systemctl start docker && systemctl status docker && docker info|grep systemd

② 安装docker

③ 配置镜像加速

④ 开机自启动服务

（2）查看版本

docker -v

4.Terraform使用本地编译（In-house）的Providers

（1）编写配置文件

vim .terraformrc
 
provider_installation {
  filesystem_mirror {
    path    = "/usr/share/terraform/providers"
    include = ["registry.terraform.io/*/*"]
  }
}

（2）Terraform模板(docker)

Terraform Registry

USE PROVIDER

terraform {
  required_providers {
    docker = {
      source = "kreuzwerker/docker"
      version = "3.0.2"
    }
  }
}

provider "docker" {
  # Configuration options
}

Example Usage

terraform {
  required_providers {
    docker = {
      source  = "kreuzwerker/docker"
      version = "3.0.2"
    }
  }
}

provider "docker" {
  host = "unix:///var/run/docker.sock"
}

# Pulls the image
resource "docker_image" "ubuntu" {
  name = "ubuntu:latest"
}

# Create a container
resource "docker_container" "foo" {
  image = docker_image.ubuntu.image_id
  name  = "foo"
}

(3) 下载软件包

https://github.com/kreuzwerker/terraform-provider-docker/releases

(4) 创建目录

mkdir -p  /usr/share/terraform/providers/registry.terraform.io/kreuzwerker/docker/3.0.2/linux_amd64

（5）解压软件包

unzip terraform-provider-docker_3.0.2_linux_amd64.zip

（6）tree递归查看目录 (将软件包按递归目录放置)

tree -s /usr/share/terraform/

5.Docker-CE 开启远程API

（1）修改配置文件

vim /usr/lib/systemd/system/docker.service
……
ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock  -H fd://
……

（2）重新加载配置及重启服务

systemctl daemon-reload  && systemctl restart docker

（3）测试API

curl http://127.0.0.1:2375/version

6. Linux主机拉取镜像

（1）dockerhub 查看镜像

https://hub.docker.com/r/jenkins/jenkins

docker pull jenkins/jenkins

（2）拉取镜像

docker pull jenkins/jenkins

（3）查看镜像

docker images

7.Terraform 使用 dynamic动态内联块 创建资源

（1）查看目录

tree -s ~/tf-meta/dynamic/

（2）主配置文件

main.tf，  Docker Provider用于与 Docker 容器和镜像进行交互，它使用 Docker API 来管理 Docker 容器的生命周期。

vim main.tf

provider "docker" {
  host = "tcp://127.0.0.1:2375"
}

resource "docker_image" "jenkins" {
  name         = "jenkins/jenkins:latest"
  keep_locally = true //销毁时不删除本地镜像
}

locals {
  jenkins_ports = [ 
    {   
      internal = 8085
      external = 8085
    },  
    {   
      internal = 50000
      external = 50000
    }   
  ]
}

resource "docker_container" "jenkins" {
  image = docker_image.jenkins.name
  name  = "jenkins123"
  user  = "root"

  dynamic "ports" {
    for_each = local.jenkins_ports
    content {
      internal = ports.value.internal
      external = ports.value.external
      ip       = "0.0.0.0"
      protocol = "tcp"
    }   
  }
  volumes {
    container_path = "/var/jenkins_home"
    host_path      = "/tmp/jenkinshome"
  }
  depends_on = [ 
    docker_image.jenkins
  ]
}

（3）版本配置文件

versions.tf

vim versions.tf

terraform {
  required_providers {
    docker = { 
      source  = "kreuzwerker/docker"
      version = "3.0.2"
    }   
  }
}

(4) 格式化代码

terraform fmt

(5) 初始化

terraform init

(6) 验证

terraform validate

(7)计划与预览

 terraform plan

(8) 申请资源

terraform apply

yes

(9)展示资源

terraform show

(11)查看docker进程

docker ps

(12) 检查容器

 docker inspect 924c951bff60

（13）查看容器日志

docker logs -f jenkins123

(14) 查看监听端口

http://192.168.204.233:50000/

(15) 销毁资源

terraform destroy

yes

(16) 查看docker进程

docker ps

资源已删除

二、问题

 1.Terraform 计划资源失败 (无效provider)

（1）报错

Planning failed. Terraform encountered an error while generating this plan.

?
│ Error: Error pinging Docker server: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
│ 
│   with provider["registry.terraform.io/kreuzwerker/docker"],
│   on main.tf line 1, in provider "docker":
│    1: provider "docker" {

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: Invalid provider configuration
│ 
│ Provider "registry.terraform.io/kreuzwerker/docker" requires explicit configuration. Add a provider block to the root module and configure the provider's
│ required arguments as described in the provider documentation.
│ 
╵
╷
│ Error: Error pinging Docker server: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
│ 
│   with provider["registry.terraform.io/kreuzwerker/docker"],
│   on  line 0:
│   (source code not available)

（2）原因分析

未配置docker的provider

（3）解决方法

配置docker的provider

成功

2.Terraform 申请资源失败 (端口占用)

（1）报错

申请容器为8080端口

│ Error: Unable to start container: Error response from daemon: driver failed programming external connectivity on endpoint jenkins123 (7b6aea49d069b5eb7693528fd8754026960ea22381ec2ccc2927a0029709d552): Error starting userland proxy: listen tcp4 0.0.0.0:8080: bind: address already in use
│ 
│   with docker_container.jenkins,
│   on main.tf line 23, in resource "docker_container" "jenkins":
│   23: resource "docker_container" "jenkins" {

申请容器为8081端口

Error: Unable to start container: Error response from daemon: driver failed programming external connectivity on endpoint jenkins123 (31e491b5ce1eeaf0e4a87864d694073f67c470f4f1b7fd41f6ec5e5a48353934): Error starting userland proxy: listen tcp4 0.0.0.0:8081: bind: address already in use
│ 
│   with docker_container.jenkins,
│   on main.tf line 23, in resource "docker_container" "jenkins":
│   23: resource "docker_container" "jenkins" {

（2）原因分析

端口被占用。

（3）解决方法

查看当前占用端口命令。

netstat -tanlp

方法一：杀死进程(注意不是杀死端口，而是pid的端口)

8080 端口的进程为64353

8081端口的进程为63265

kill 64353进程 (自己的pid端口)

kill 63265进程 (自己的pid端口)

方法二：(这里采用此方法)

更改Terraform配置文件端口为8085。

成功