IaC基础设施即代码:Terraform 创建 docker 网络与容器资源
目录
一、实验
1.环境
2.Terraform查看版本
3.Linux主机安装Docker
4.Terraform使用本地编译(In-house)的Providers
5.Docker-CE 开启远程API
6. Linux主机拉取镜像
7.Terraform 创建docker 网络资源
8.Terraform 创建docker 容器资源
一、实验
1.环境
(1)主机
表1-1 主机
| 主机 | 系统 | 软件 | 备注 |
| pipepoint | Linux | Terraform 1.6.6 |
2.Terraform查看版本
(1)查看Terraform版本
terraform -v
3.Linux主机安装Docker
(1)安装Docker
① 阿里云镜像加速将XXXXXXXX改为自己的即可( "https://XXXXXXXX.mirror.aliyuncs.com",)
1)安装
yum -y install wget && wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
2)配置cgroup驱动及镜像下载加速器:
cat > /etc/docker/daemon.json << EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://XXXXXXXX.mirror.aliyuncs.com",
"https://registry.docker-cn.com",
"https://docker.mirrors.ustc.edu.cn",
"https://dockerhub.azk8s.cn",
"http://hub-mirror.c.163.com"
]
}
EOF
3)自启动
systemctl enable docker && systemctl start docker && systemctl status docker && docker info|grep systemd
② 安装docker
③ 配置镜像加速
④ 开机自启动服务
(2)查看版本
docker -v
4.Terraform使用本地编译(In-house)的Providers
(1)编写配置文件
vim .terraformrc
provider_installation {
filesystem_mirror {
path = "/usr/share/terraform/providers"
include = ["registry.terraform.io/*/*"]
}
}
(2)Terraform模板(docker)
Terraform Registry
USE PROVIDER
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "3.0.2"
}
}
}
provider "docker" {
# Configuration options
}
Example Usage
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "3.0.2"
}
}
}
provider "docker" {
host = "unix:///var/run/docker.sock"
}
# Pulls the image
resource "docker_image" "ubuntu" {
name = "ubuntu:latest"
}
# Create a container
resource "docker_container" "foo" {
image = docker_image.ubuntu.image_id
name = "foo"
}
(3) 下载软件包
https://github.com/kreuzwerker/terraform-provider-docker/releases
(4) 创建目录
mkdir -p /usr/share/terraform/providers/registry.terraform.io/kreuzwerker/docker/3.0.2/linux_amd64
(5)解压软件包
unzip terraform-provider-docker_3.0.2_linux_amd64.zip
(6)tree递归查看目录 (将软件包按递归目录放置)
tree -s /usr/share/terraform/
5.Docker-CE 开启远程API
(1)修改配置文件
vim /usr/lib/systemd/system/docker.service
……
ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock -H fd://
……
(2)重新加载配置及重启服务
systemctl daemon-reload && systemctl restart docker
(3)测试API
curl http://127.0.0.1:2375/version
6. Linux主机拉取镜像
(1)dockerhub 查看镜像
https://hub.docker.com/r/jenkins/jenkins
docker pull jenkins/jenkins
(2)拉取镜像
docker pull jenkins/jenkins
(3)查看镜像
docker images
7.Terraform 创建docker 网络资源
(1)查看目录
tree -s ~/terraform-docker-master
(2)主配置文件与版本配置文件
main.tf, Docker Provider用于与 Docker 容器和镜像进行交互,它使用 Docker API 来管理 Docker 容器的生命周期。
vim main.tf
provider "docker" {
host = "tcp://127.0.0.1:2375"
}
locals {
network_settings = [
{
name = "devops"
driver = "bridge"
subnet = "10.1.0.0/24"
}
]
}
resource "docker_network" "network" {
count = length(local.network_settings)
name = local.network_settings[count.index]["name"]
driver = local.network_settings[count.index]["driver"]
ipam_config {
subnet = local.network_settings[count.index]["subnet"]
}
}
versions.tf
vim versions.tf
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "3.0.2"
}
}
}
(3) 初始化
terraform init
(4) 格式化代码
terraform fmt
(6) 验证
terraform validate
(7)计划与预览
terraform plan
(8)查看docker网络
docker network list
(9)申请资源
terraform apply
(10)展示资源
terraform show
(11)查看docker网络
docker network list已新增devops网络
(12)检查网络
docker inspect devops
8.Terraform 创建docker 容器资源
(1)查看目录
tree -s ~/terraform-docker-master
(2)主配置文件
main.tf, Docker Provider用于与 Docker 容器和镜像进行交互,它使用 Docker API 来管理 Docker 容器的生命周期。
vim main.tf
provider "docker" {
host = "tcp://127.0.0.1:2375"
}
data "terraform_remote_state" "network" {
backend = "local"
config = {
path = "../network/terraform.tfstate"
}
}
# output "name" {
# value = data.terraform_remote_state.network.outputs
# }
(3)版本配置文件
versions.tf
vim versions.tf
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "3.0.2"
}
}
}
(4)容器配置文件
jenkins.tf
vim jenkins.tf
resource "docker_image" "jenkins" {
name = "jenkins/jenkins:latest"
keep_locally = true
}
locals {
container_name = "jenkins"
container_network = data.terraform_remote_state.network.outputs.network[0]["name"]
container_ip = "10.1.0.10"
container_user = "root"
container_ports = [
{
internal = 8087
external = 8087
},
{
internal = 50000
external = 50000
}
]
container_volumes = [
{
container_path = "/var/jenkins_home"
host_path = "/tmp/jenkinshome"
}
]
}
resource "docker_container" "jenkins" {
name = local.container_name
image = docker_image.jenkins.name
networks_advanced {
name = local.container_network
ipv4_address = local.container_ip
}
user = local.container_user
dynamic "ports" {
for_each = local.container_ports
content {
internal = ports.value.internal
external = ports.value.external
ip = "0.0.0.0"
protocol = "tcp"
}
}
dynamic "volumes" {
for_each = local.container_volumes
content {
container_path = volumes.value.container_path
host_path = volumes.value.host_path
}
}
depends_on = [
docker_image.jenkins
]
}
(5) 初始化
terraform init
(6)格式化代码
terraform fmt
(7) 验证
terraform validate
(8)计划与预览
terraform plan
(9) 申请资源
terraform apply
yes
(10)展示资源
terraform show
(11)查看docker进程
docker ps
(12) 检查容器
docker inspect 3496fcb321ca
(13)查看容器日志
docker logs -f jenkins
(14) 查看监听端口
http://192.168.204.233:50000/
(15) 销毁容器资源
terraform destroy
yes
(16) 查看docker进程
docker ps容器资源已删除
(17) 销毁网络资源
terraform destroy
(8)查看docker网络
docker network list已删除devops网络
