IaC基础设施即代码:Terraform 连接 azure Blob 实现多资源管理
目录
一、实验
1.环境
2.Terraform 连接 azure Blob
3.申请虚拟网络资源
4.申请子网资源
5.申请安全组资源
6.申请公网IP与网络接口资源
7.申请虚拟机资源
8.申请负载均衡器
9.销毁资源
二、问题
1.存储无法删除
一、实验
1.环境
(1)主机
表1-1 主机
| 主机 | 系统 | 软件 | 工具 | 备注 |
| jia | Windows |
Terraform 1.6.6 | Azure CLI、VS Code、 PowerShell、 Chocolatey |
2.Terraform 连接 azure Blob
(1)验证版本
terraform version
terraform -v 
(2)连接
参考本人上一篇博客:
IaC基础设施即代码:使用Terraform 连接 azure 并创建后端Blob-CSDN博客
3.申请虚拟网络资源
(1)查看目录
(2)创建版本配置文件
versions.tf
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.89.0"
}
}
}
provider "azurerm" {
features {}
}
(3)创建变量配置文件
variables.tf
variable "location" {
default = "East US"
}
variable "resource_group_name" {
default = "terraform-demo"
}
(4)创建后端配置文件
backend.tf
terraform {
backend "azurerm" {
resource_group_name = "terraform-demo"
storage_account_name = "tfstateadmin777"
container_name = "tfstate"
key = "env/dev/network/terraform-network.tfstate"
}
}
(5) 初始化
terraform init
(6)格式化代码
terraform fmt
(7)验证代码
terraform validate 
(8)登录azure系统查看
已新增网络配置文件
(9) 创建虚拟网络配置文件
vnets.tf
resource "azurerm_virtual_network" "mynetwork" {
name = "my-network"
location = var.location
resource_group_name = var.resource_group_name
address_space = ["10.0.0.0/16"]
tags = {
environment = "dev"
}
}
(10)格式化代码
terraform fmt
(15)验证代码
terraform validate 
(16)计划与预览
terraform plan
(17)申请资源
terraform apply
yes
(18)登录azure系统查看
虚拟网络已添加
4.申请子网资源
(1)查看目录
(2)创建主配置文件
main.tf
locals {
subnet_names = ["mysubnet-1", "mysubnet-2"]
subnet_config = {
mysubnet-1 = {
address_prefixes = "10.0.1.0/24"
},
mysubnet-2 = {
address_prefixes = "10.0.2.0/24"
}
}
}
(3)修改虚拟网络配置文件
vnets.tf ,添加如下代码
resource "azurerm_subnet" "mysubnet" {
for_each = toset(local.subnet_names)
name = each.value
resource_group_name = var.resource_group_name
virtual_network_name = azurerm_virtual_network.mynetwork.name
address_prefixes = [local.subnet_config[each.value]["address_prefixes"]]
}
(4)格式化代码
terraform fmt
(5)验证代码
terraform validate 
(6)计划与预览
terraform plan
(7)申请资源
terraform apply
yes
(18)登录azure系统查看
子网已添加
5.申请安全组资源
(1) 修改主配置文件
main.tf ,添加如下代码
ports = [
{
port = "80"
priority = 100
},
{
port = "22"
priority = 101
},
{
port = "443"
priority = 102
}
]
(2)创建安全组配置文件
secgroup.tf
resource "azurerm_network_security_group" "mygroup" {
name = "MySecurityGroup1"
location = var.location
resource_group_name = var.resource_group_name
// 动态生成资源 打上标签
dynamic "security_rule" {
for_each = local.ports
content {
name = "port-${security_rule.value.port}"
priority = security_rule.value.priority
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = security_rule.value.port
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
tags = {
environment = "dev"
}
}
(3) 创建输出配置文件
outputs.tf
output "subnet_ids" {
value = [for k, v in azurerm_subnet.mysubnet : v.id]
}
(4)查看网络目录
(5) 格式化代码
terraform fmt
(6)验证代码
terraform validate 
(7)计划与预览
terraform plan
(8)申请资源
terraform apply
yes ,成功拿到子网id
(9)登录azure系统查看
新增安全组
入站及出站规则
(10)查看关联情况
目前未关联子网
(11)安全组关联子网
修改安全组配置文件 secgroup.tf ,添加如下代码
// 安全组关联子网
resource "azurerm_subnet_network_security_group_association" "mygroup" {
count = length([for k, v in azurerm_subnet.mysubnet : v.id])
subnet_id = [for k, v in azurerm_subnet.mysubnet : v.id][count.index]
network_security_group_id = azurerm_network_security_group.mygroup.id
}
(12)格式化代码
terraform fmt
(13)验证代码
terraform validate 
(14)计划与预览
terraform plan
(7)申请资源
terraform apply
yes ,2个资源将要被创建
(15)登录azure系统查看
安全组已关联2个子网
6.申请公网IP与网络接口资源
(1)查看目录
(2)修改主配置文件
main.tf ,添加如下代码
vms = ["server01", "server02"]
vms_config = {
server01 = {
public_ip_name = "publicip-server1"
},
server02 = {
public_ip_name = "publicip-server2"
}
}
(3)创建公网IP配置文件
public_ip.tf ,创建2个公网IP与1个负载均衡IP
resource "azurerm_public_ip" "mypublicip" {
for_each = toset(local.vms)
name = local.vms_config[each.value]["public_ip_name"]
resource_group_name = var.resource_group_name
location = var.location
allocation_method = "Static"
zones = ["1", "2", "3"]
sku = "Standard"
tags = {
environment = "dev"
}
}
resource "azurerm_public_ip" "mylbpublicip" {
name = "MyLBPublicIP"
resource_group_name = var.resource_group_name
location = var.location
allocation_method = "Static"
sku = "Standard"
tags = {
environment = "dev"
}
}
(4) 修改输出配置文件
outputs.tf ,添加如下代码
output "vm_public_ips" {
value = [for k, v in azurerm_public_ip.mypublicip : v.id]
}
(5)格式化代码
terraform fmt
(6)验证代码
terraform validate
(7)计划与预览
terraform plan
(8)申请资源
terraform apply
yes , 成功拿到公网IP
(9) 登录azure系统查看
已新增2个公网IP与1个负载均衡IP
(10)创建网络接口配置文件
nics.tf
resource "azurerm_network_interface" "mynic" {
count = length(local.vms)
name = "nic-${local.vms[count.index]}"
location = var.location
resource_group_name = var.resource_group_name
ip_configuration {
name = "internal"
subnet_id = [for k, v in azurerm_subnet.mysubnet : v.id][count.index]
private_ip_address_allocation = "Dynamic"
public_ip_address_id = [for k, v in azurerm_public_ip.mypublicip : v.id][count.index]
}
}
(11)格式化代码
terraform fmt
(12)验证代码
terraform validate
(13)计划与预览
terraform plan
(14)申请资源
terraform apply
yes
(15) 登录azure系统查看
已新增2个接口
每个接口都有公网IP
(16)修改输出配置文件
outputs.tf ,添加如下代码
output "mylb_public_ip" {
value = azurerm_public_ip.mylbpublicip.id
}
output "vnet_id" {
value = azurerm_virtual_network.mynetwork.id
}
output "nic_ids" {
value = azurerm_network_interface.mynic.*.id
}
(17)计划与预览
terraform plan
(14)申请资源
terraform apply
yes ,成功拿到网络资源的输出
7.申请虚拟机资源
(1)查看服务目录
(2)创建变量配置文件
variables.tf
variable "location" {
default = "East US"
}
variable "resource_group_name" {
default = "terraform-demo"
}
(3)创建版本配置文件
versions.tf
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.89.0"
}
}
}
provider "azurerm" {
features {}
}
(4)创建后端配置文件
backend.tf
terraform {
backend "azurerm" {
resource_group_name = "terraform-demo"
storage_account_name = "tfstateadmin777"
container_name = "tfstate"
key = "env/dev/service/terraform-service.tfstate"
}
}
(5) 初始化
terraform init
(6)登录azure查看
服务配置文件已上传
(7)查看软件市场
查询Ubuntu
(8)创建主配置文件
main.tf
data "terraform_remote_state" "network" {
backend = "azurerm"
config = {
resource_group_name = "terraform-demo"
storage_account_name = "tfstateadmin777"
container_name = "tfstate"
key = "env/dev/network/terraform-network.tfstate"
}
}
locals {
vms = ["server01", "server02"]
vms_config = {
server01 = {
zone = "1",
subnet_id = data.terraform_remote_state.network.outputs["subnet_ids"][0]
publicip = data.terraform_remote_state.network.outputs["vm_public_ips"][0]
nic_id = data.terraform_remote_state.network.outputs["nic_ids"][0]
},
server02 = {
zone = "2"
subnet_id = data.terraform_remote_state.network.outputs["subnet_ids"][1]
publicip = data.terraform_remote_state.network.outputs["vm_public_ips"][1]
nic_id = data.terraform_remote_state.network.outputs["nic_ids"][1]
}
}
mylb_public_ip = data.terraform_remote_state.network.outputs["mylb_public_ip"]
vnet_id = data.terraform_remote_state.network.outputs["vnet_id"]
}
(9)创建虚拟机配置文件
vms.tf
resource "azurerm_linux_virtual_machine" "myserver" {
for_each = toset(local.vms)
name = each.value
resource_group_name = var.resource_group_name
location = var.location
size = "Standard_B1s"
admin_username = "adminuser"
admin_password = "Passwd123!"
disable_password_authentication = false
zone = local.vms_config[each.value]["zone"]
network_interface_ids = [
local.vms_config[each.value]["nic_id"]
]
user_data = base64encode(file("${path.module}/config/install-nginx.sh"))
os_disk {
name = "disk-${each.value}"
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
}
调用脚本
(10)格式化代码
terraform fmt
(11)验证代码
terraform validate
(12)计划与预览
terraform plan
(13)申请资源
terraform apply
yes
(14)登录azure系统查看
已新增2个虚拟机
server01
server02
(15)访问
8.申请负载均衡器
(1)查看服务目录
(2)创建输出配置文件
outputs.tf
output "vm_ips" {
value = [for k, v in azurerm_linux_virtual_machine.myserver : v.private_ip_address]
}
(3)格式化代码
terraform fmt
(4)验证代码
terraform validate
(5)计划与预览
terraform plan
(6)申请资源
terraform apply
yes ,成功拿到私网IP
(7)创建负载均衡配置文件
lb.tf
// 负载均衡器
resource "azurerm_lb" "mylb" {
name = "MyLoadBalancer"
location = var.location
resource_group_name = var.resource_group_name
sku = "Standard"
frontend_ip_configuration {
name = "PublicIPAddress"
public_ip_address_id = local.mylb_public_ip
}
}
// 后端地址池
resource "azurerm_lb_backend_address_pool" "mylb" {
loadbalancer_id = azurerm_lb.mylb.id
name = "BackEndAddressPool"
}
//后端地址池添加IP
resource "azurerm_lb_backend_address_pool_address" "mylb" {
count = length([for k, v in azurerm_linux_virtual_machine.myserver : v.private_ip_address])
name = "server-${count.index}"
backend_address_pool_id = azurerm_lb_backend_address_pool.mylb.id
virtual_network_id = local.vnet_id
ip_address = [for k, v in azurerm_linux_virtual_machine.myserver : v.private_ip_address][count.index]
}
//转发规则
resource "azurerm_lb_rule" "mylb" {
loadbalancer_id = azurerm_lb.mylb.id
name = "LBRule"
protocol = "Tcp"
frontend_port = 80
backend_port = 80
frontend_ip_configuration_name = "PublicIPAddress"
backend_address_pool_ids = [azurerm_lb_backend_address_pool.mylb.id]
}
(8)格式化代码
terraform fmt
(9)验证代码
terraform validate
(10)计划与预览
terraform plan
(11)申请资源
terraform apply
yes ,5个资源将要被创建
(12)登录azure系统查看
已新增负载均衡器
前端IP
后端池
负载均衡规则
(13)访问
(14)测试负载均衡
for i in `seq 100`;do curl -s http://20.231.44.61 ;done | sort | uniq -c
9.销毁资源
(1)查看完整资源
(2)查看项目目录
(3)销毁服务资源
terraform destroy
yes
(4)azure系统查看资源
目前剩余网络及存储资源
(5) 销毁网络资源
terraform destroy
yes
(5)azure系统查看
所有资源已删除
二、问题
1.存储无法删除
(1)azure系统查看资源
目前剩余容器资源
(2)删除容器资源
确认
完成
(3)删除资源组
确认
