IaC基础设施即代码:Terraform 连接 huaweicloud OBS 实现多资源管理
目录
一、实验
1.环境
2.Terraform 连接 huaweicloud OBS
3.申请VPC专有网络资源
4.申请安全组资源
5.申请ECS资源
6.申请EIP资源
7.申请ELB资源
8.申请DNS资源
8.销毁资源
二、问题
1. Terraform申请云主机失败
2.存储桶无法删除
一、实验
1.环境
(1)主机
表1-1 主机
| 主机 | 系统 | 软件 | 工具 | 备注 |
| jia | Windows |
Terraform 1.6.6 | VS Code、 PowerShell、 Chocolatey |
2.Terraform 连接 huaweicloud OBS
(1)验证版本
terraform version
terraform -v 
(2)连接
参考本人上一篇博客:
IaC基础设施即代码:使用Terraform 连接huaweicloud华为云 并创建后端OBS-CSDN博客
3.申请VPC专有网络资源
(1)查看目录
(2)创建主配置文件
main.tf
# Configuration options
provider "huaweicloud" {
access_key = var.access_key
secret_key = var.secret_key
region = var.region
}
(3) 创建密钥配置文件
terraform.tfvars
access_key = "XXXXX"
secret_key = "XXXXX"
(4)创建版本配置文件
versions.tf
terraform {
required_providers {
huaweicloud = {
source = "local-registry/huaweicloud/huaweicloud"
version = "1.60.1"
}
}
}
(5)创建变量配置文件
variables.tf
variable "access_key" {
type = string
}
variable "secret_key" {
type = string
}
variable "region" {
type = string
default = "cn-east-3"
sensitive = true
}
(6)创建后端配置文件
backend.tf
(8) 初始化
terraform init
(7)格式化代码
terraform fmt
(8)验证代码
terraform validate 
(9) 创建网络模块
主配置文件 main.tf
resource "huaweicloud_vpc" "vpc" {
name = var.vpc_name
cidr = var.vpc_cidr
}
resource "huaweicloud_vpc_subnet" "subnet" {
name = var.subnet_name
cidr = var.subnet_cidr
gateway_ip = var.subnet_gateway_ip
vpc_id = huaweicloud_vpc.vpc.id
availability_zone = var.availability_zone
}
变量配置文件 variables.tf
variable "vpc_name" {
}
variable "vpc_cidr" {
}
variable "subnet_name" {
}
variable "subnet_cidr" {
}
variable "availability_zone" {
}
variable "subnet_gateway_ip" {
}
版本配置文件 versions.tf
terraform {
required_providers {
huaweicloud = {
source = "local-registry/huaweicloud/huaweicloud"
version = "1.60.1"
}
}
}
(10)查看网络模块目录
(11)创建专有网络资源配置文件
vpc.tf
locals {
vpc_cidr = "192.168.0.0/16"
vpc_name = "dev-vpc"
subnet_name = "dev-subnet"
subnet_cidr = "192.168.0.0/21"
subnet_gateway_ip = "192.168.0.1"
availability_zone = "cn-east-3a"
}
module "dev-vpc" {
source = "../../../modules/vpc"
vpc_cidr = local.vpc_cidr
vpc_name = local.vpc_name
subnet_cidr = local.subnet_cidr
subnet_gateway_ip = local.subnet_gateway_ip
subnet_name = local.subnet_name
availability_zone = local.availability_zone
}
(12)查看网路服务目录
(13) 初始化
terraform init
(14)格式化代码
terraform fmt
(15)验证代码
terraform validate 
(16)计划与预览
terraform plan2个资源将要被添加
(17)申请资源
terraform apply
yes
(18)登录华为云系统查看
存储桶已添加网络服务配置文件
私有网络
子网
路由表
4.申请安全组资源
(1) 创建安全组模块
主配置文件 main.tf
resource "huaweicloud_networking_secgroup" "secgroup" {
name = var.secgroup_name
description = var.secgroup_desc
}
resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_80" {
security_group_id = huaweicloud_networking_secgroup.secgroup.id
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 80
port_range_max = 80
remote_ip_prefix = "0.0.0.0/0"
}
resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_22" {
security_group_id = huaweicloud_networking_secgroup.secgroup.id
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 22
port_range_max = 22
remote_ip_prefix = "0.0.0.0/0"
}
resource "huaweicloud_networking_secgroup_rule" "allsecgroup_rule" {
security_group_id = huaweicloud_networking_secgroup.secgroup.id
direction = "egress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 1
port_range_max = 65535
remote_ip_prefix = "0.0.0.0/0"
}
变量配置文件 variables.tf
variable "secgroup_name" {
}
variable "secgroup_desc" {
}
版本配置文件 versions.tf
terraform {
required_providers {
huaweicloud = {
source = "local-registry/huaweicloud/huaweicloud"
version = "1.60.1"
}
}
}
(2)查看安全组模块目录
(3)创建安全配置文件
secgroup.tf
locals {
secgroup_name = "dev-secgroup"
secgroup_desc = "dev group"
}
module "dev-secgroup" {
source = "../../../modules/secgroup"
secgroup_name = local.secgroup_name
secgroup_desc = local.secgroup_desc
}
(4)创建输出配置文件
output "vpc_id" {
value = module.dev-vpc.vpc_id
}
output "subnet_id" {
value = module.dev-vpc.subnet_id
}
output "subnet_subnet_id" {
value = module.dev-vpc.subnet_subnet_id
}
output "secgroup_id" {
value = module.dev-secgroup.secgroup_id
}
(5)查看网络服务目录
(6) 初始化
terraform init
(7)格式化代码
terraform fmt
(8)验证代码
terraform validate 
(8)计划与预览
terraform plan
(9)申请资源
terraform apply
yes
(10)登录华为云系统查看
安全组
入方向规则
出方向规则
5.申请ECS资源
(1)查看目录
(2)创建配置文件
主配置文件main.tf 、密钥配置文件terraform.tfvars、版本配置文件versions.tf 与之前的网络服务相同。
(3)创建后端配置文件
backend.tf
(4) 修改主配置文件
main.tf
(5) 初始化
terraform init
(6)创建云主机模块
主配置文件main.tf
resource "huaweicloud_compute_instance" "basic" {
name = var.instance_name
image_id = var.image_id
flavor_id = var.flavor_id
security_group_ids = [var.secgroup_id]
availability_zone = var.availability_zone
user_data = <<-EOF
#!/bin/bash
yum -y install nginx
echo `hostname` >/usr/share/nginx/html/index.html
systemctl restart nginx
EOF
admin_pass = "devops@123"
network {
uuid = var.subnet_id
}
lifecycle {
create_before_destroy = true
}
}
输出配置文件outputs.tf
output "instance_id" {
value = huaweicloud_compute_instance.basic.id
}
output "instance_ip" {
value = huaweicloud_compute_instance.basic.access_ip_v4
}
变量配置文件cariables.tf
variable "instance_name" {
}
variable "flavor_id" {
}
variable "image_id" {
}
variable "secgroup_id" {
}
variable "availability_zone" {
}
variable "subnet_id" {
}
variable "vpc_id" {
}
版本配置文件versions.tf
terraform {
required_providers {
huaweicloud = {
source = "local-registry/huaweicloud/huaweicloud"
version = "1.60.1"
}
}
}
(7)查看云主机模块
(8) 创建云主机配置文件
ecs.tf
locals {
availability_zone = "cn-east-3a"
}
data "huaweicloud_compute_flavors" "flavor_1C1G" {
availability_zone = local.availability_zone
performance_type = "normal"
cpu_core_count = 1
memory_size = 1
}
output "ecs_flavor" {
value = data.huaweicloud_compute_flavors.flavor_1C1G.ids[0]
}
data "huaweicloud_images_image" "image" {
architecture = "x86"
os_version = "CentOS 7.9 64bit"
visibility = "public"
most_recent = true
}
output "image_id" {
value = data.huaweicloud_images_image.image.id
}
(9) 计划与预览
terraform plan拿到镜像id和实例类型
(10)修改云主机配置文件
ecs.tf ,添加如下代码
locals {
availability_zone = "cn-east-3a"
flavor_id = data.huaweicloud_compute_flavors.flavor_1C1G.ids[0]
instance_name = "dev-ecs"
counts = 2
subnet_id = data.terraform_remote_state.network.outputs.subnet_id
vpc_id = data.terraform_remote_state.network.outputs.vpc_id
image_id = data.huaweicloud_images_image.image.id
secgroup_id = data.terraform_remote_state.network.outputs.secgroup_id
}
module "dev-ecs" {
source = "../../../modules/ecs"
count = local.counts
availability_zone = local.availability_zone
flavor_id = local.flavor_id
instance_name = "${local.instance_name}-${count.index}"
subnet_id = local.subnet_id
vpc_id = local.vpc_id
image_id = local.image_id
secgroup_id = local.secgroup_id
}
(11)初始化
terraform init
(12)格式化代码
terraform fmt
(13)验证代码
terraform validate
(14)修改云主机配置文件
ecs.tf
os_version = "CentOS 8.0 64bit"
(15)计划与预览
terraform plan
(16)申请资源
terraform apply
yes
(17) 登录华为云系统查看
已新增2台云主机
(18)远程登录
(18)登录成功
(29) 查看存储桶
已新增service配置文件
(21)查看服务目录
6.申请EIP资源
(1)创建EIP模块
主配置文件main.tf
// 共享带宽
resource "huaweicloud_vpc_bandwidth" "bandwidth_1" {
name = var.bandwidth_name
size = 5
}
// EIP
resource "huaweicloud_vpc_eip" "eip" {
count = length(var.instances)
publicip {
type = "5_bgp"
}
bandwidth {
share_type = "WHOLE"
id = huaweicloud_vpc_bandwidth.bandwidth_1.id
}
}
// 关联
resource "huaweicloud_compute_eip_associate" "associated" {
count = length(var.instances)
public_ip = huaweicloud_vpc_eip.eip.*.address[count.index]
instance_id = var.instances[count.index]
}
输出配置文件outputs.tf
output "bandwidth_id" {
value = huaweicloud_vpc_bandwidth.bandwidth_1.id
}
变量配置文件variables.tf
variable "bandwidth_name" {
}
variable "instances" {
}
版本配置文件versions.tf
terraform {
required_providers {
huaweicloud = {
source = "local-registry/huaweicloud/huaweicloud"
version = "1.60.1"
}
}
}
(7)查看EIP模块
(8) 创建EIP配置文件
eip.tf
locals {
bandwidth_name = "dev-bandwidth"
instances = module.dev-ecs.*.instance_id
}
module "dev-eip" {
source = "../../../modules/eip"
bandwidth_name = local.bandwidth_name
instances = local.instances
}
(9) 初始化
terraform init
(10)格式化代码
terraform fmt
(11)验证代码
terraform validate
(12)计划与预览
terraform plan5个资源将要被添加 (1个共享带宽组、2个ECS实例、2个关联)
(13)申请资源
terraform apply
yes
(14)登录华为云查看
弹性公网IP
共享带宽
弹性云服务器已新增公网IP
(15)修改云主机配置文件
ecs.tf
os_version = "CentOS 8.1 64bit"
(16) 计划与预览
terraform plan先销毁旧的2个实例,再新建2个新的实例
(17) 申请资源
terraform apply
yes
(18)观察云主机变化
新增2个新实例
运行中
弹性公网已绑定
正在删除旧实例
已删除旧实例
(19)访问
7.申请ELB资源
1)创建ELB模块
主配置文件main.tf
resource "huaweicloud_lb_loadbalancer" "lb" {
vip_subnet_id = var.subnet_id
}
resource "huaweicloud_lb_listener" "listener" {
protocol = "HTTP"
protocol_port = 80
loadbalancer_id = huaweicloud_lb_loadbalancer.lb.id
}
resource "huaweicloud_lb_pool" "pool" {
protocol = "HTTP"
lb_method = "ROUND_ROBIN"
listener_id = huaweicloud_lb_listener.listener.id
persistence {
type = "APP_COOKIE"
cookie_name = "testCookie"
}
}
resource "huaweicloud_lb_member" "member" {
count = length(var.instance_ips)
address = var.instance_ips[count.index]
protocol_port = 80
pool_id = huaweicloud_lb_pool.pool.id
subnet_id = var.subnet_id
}
输出配置文件outputs.tf
output "elb_vip_port_id" {
value = huaweicloud_lb_loadbalancer.lb.vip_port_id
}
变量配置文件variables.tf
variable "subnet_id" {
}
variable "instance_ips" {
}
版本配置文件versions.tf
terraform {
required_providers {
huaweicloud = {
source = "local-registry/huaweicloud/huaweicloud"
version = "1.60.1"
}
}
}
(7)查看ELB模块
(8) 创建ELB配置文件
elb.tf
module "dev-elb" {
source = "../../../modules/elb"
subnet_id = data.terraform_remote_state.network.outputs.subnet_subnet_id
instance_ips = module.dev-ecs.*.instance_ip
}
(9) 初始化
terraform init
(10)格式化代码
terraform fmt
(11)验证代码
terraform validate
(12)计划与预览
terraform plan
5个资源将要被添加
(13)申请资源
terraform apply
yes
(14)登录华为云查看
已新增负载均衡
后端服务器组
监听方式(RR轮询)
(15)修改EIP配置文件
eip.tf,添加如下代码,实现绑定负载均衡
//ELB-EIP
resource "huaweicloud_vpc_eip" "elb-eip" {
publicip {
type = "5_bgp"
}
bandwidth {
share_type = "WHOLE"
id = module.dev-eip.bandwidth_id
}
}
resource "huaweicloud_networking_eip_associate" "eip_elb" {
public_ip = huaweicloud_vpc_eip.elb-eip.address
port_id = module.dev-elb.elb_vip_port_id
}
(16)创建输出配置文件
outputs.tf
output "slb_eip_address" {
value = huaweicloud_vpc_eip.elb-eip.address
}
(17) 初始化
terraform init
(18)格式化代码
terraform fmt
(19)验证代码
terraform validate
(20)计划与预览
terraform plan2个资源将要被添加
(21)申请资源
terraform apply
yes
(16)华为云系统查看
负载均衡已添加EIP
(17)访问(刷新)
实现轮询
8.申请DNS资源
(1)创建域名
(2) 查看
(3)创建DNS配置文件
dns.tf
(3) 计划与预览
terraform plan
(4) 申请资源
terraform apply
yes
(5)登录华为云系统查看
云解析DNS
(6)访问
轮询显示
(7)测试
dig devops.hexian.site
8.销毁资源
(1) 销毁服务资源
terraform destroy
yes ,15个资源将要被删除
(2)销毁网络资源
terraform destroy
yes,6个资源将要被删除
(3)登录华为云系统查看
云主机 已删除
DNS云解析已移除
ELB负载均衡已删除
存储桶
(4)查看完整目录
网络network与服务service
模块modules
二、问题
1. Terraform申请云主机失败
(1)报错
│ Error: error creating server: Bad request with: [POST https://ecs.cn-east-3.myhuaweicloud.com/v1.1/890711b0c9894f1db268f9a82f3affb9/cloudservers], request_id: d6d2706a57ef3b514e1d9a684a4e3f65, error message: {"error":{"message":"The flavor does not match the image.","code":"Ecs.0005"}}
│
│ with module.dev-ecs[1].huaweicloud_compute_instance.basic,
│ on ..\..\..\modules\ecs\main.tf line 1, in resource "huaweicloud_compute_instance" "basic":
│ 1: resource "huaweicloud_compute_instance" "basic" {
│
╵
╷
│ Error: error creating server: Bad request with: [POST https://ecs.cn-east-3.myhuaweicloud.com/v1.1/890711b0c9894f1db268f9a82f3affb9/cloudservers], request_id: b18522c96ac4c1985012dc15a1574eea, error message: {"error":{"message":"The flavor does not match the image.","code":"Ecs.0005"}}
│
│ with module.dev-ecs[0].huaweicloud_compute_instance.basic,
│ on ..\..\..\modules\ecs\main.tf line 1, in resource "huaweicloud_compute_instance" "basic":
│ 1: resource "huaweicloud_compute_instance" "basic" {
(2)原因分析
通用计算型 | s3.small.1 | 1vCPUs | 1GiB 不支持CentOS 7.9服务器64位,
(3)解决方法
修改为CentOS 8.0服务器64位。
修改前:
修改后:
成功:
2.存储桶无法删除
(1)查看
(2)删除
(3) 对象
(4)确定
(5)再次删除
(6)验证
(7)成功