利用Terraform创建华为云ELB规则
jenkins触发配置
pipeline {
agent any
environment {
srs_ip = "${params.SRS_IP}"
srs_domain = "${params.SRS_DOMAIN}"
protocol_port_udp = "${params.PROTOCOL_PORT_UDP}"
protocol_port_tcp = "${params.PROTOCOL_PORT_TCP}"
}
stages {
stage('Check Terraform') {
steps {
script {
sh """
cd /home/jenkins-x/terraform/elb-new
bash check_terraform.sh $srs_ip $srs_domain $protocol_port_udp $protocol_port_tcp
"""
}
}
}
stage('Approval') {
steps {
input(id: 'UserApproval', message: '请审批是否继续进行', ok: '批准')
}
}
stage('Apply Terraform') {
steps {
script {
sh """
cd /home/jenkins-x/terraform/elb-new
bash auto_config_srs_lb.sh $srs_ip $srs_domain $protocol_port_udp $protocol_port_tcp
"""
}
}
}
}
}
terraform脚本
# Configure the HuaweiCloud Provider
provider "huaweicloud" {
region = "cn-north-4"
access_key = ""
secret_key = ""
}
variable "server_ce_id" {
type = string
default = null
}
variable "srs_ip"{
type = string
default = "192.168.0.32"
}
variable "srs_domain"{
type = string
default = "test.com"
}
variable "loadbalancer_id" {
type = string
default = "9db74fef-b1fd-474f-98a4-"
}
###UDP###
variable "protocol_udp" {
type = string
default = "UDP"
}
variable "protocol_port_udp" {
type = number
default = "8007"
}
###HTTP###
variable "protocol_http" {
type = string
default = "HTTP"
}
variable "protocol_port_http" {
type = number
default = "1985"
}
variable "addressList_http" {
default = [{ "address" : "192.168.0.32", "port" : 1985 }]
}
variable "pool_https_address" {
type = number
default = "32"
}
###TCP###
variable "protocol_tcp" {
type = string
default = "TCP"
}
variable "protocol_port_tcp" {
type = number
default = "1947"
}
variable "addressList_tcp" {
default = [{ "address" : "192.168.0.32", "port" : 6028 }]
}
variable "ipv4_subnet_id" {
type = string
default = ""
}
variable "whitelist" {
type = string
default = null
}
variable "access_policy" {
type = string
default = null
}
variable "ca_certificate" {
type = string
default = null
}
variable "pool_protocol_udp" {
type = string
default = "UDP"
}
variable "pool_protocol_tcp" {
type = string
default = "TCP"
}
variable "pool_protocol_http" {
type = string
default = "HTTP"
}
# 创建监听器
resource "huaweicloud_elb_listener" "listener_udp" {
name = "listener_${var.protocol_port_udp}"
protocol = var.protocol_udp
protocol_port = var.protocol_port_udp
loadbalancer_id = var.loadbalancer_id
server_certificate = var.server_ce_id == "" ? null : var.server_ce_id
ca_certificate = var.ca_certificate == "" ? null : var.ca_certificate
access_policy = var.access_policy == "" ? null : var.access_policy
ip_group = var.whitelist == "" ? null : var.whitelist
}
resource "huaweicloud_elb_listener" "listener_tcp" {
name = "listener_${var.protocol_port_tcp}"
protocol = var.protocol_tcp
protocol_port = var.protocol_port_tcp
loadbalancer_id = var.loadbalancer_id
server_certificate = var.server_ce_id == "" ? null : var.server_ce_id
ca_certificate = var.ca_certificate == "" ? null : var.ca_certificate
access_policy = var.access_policy == "" ? null : var.access_policy
ip_group = var.whitelist == "" ? null : var.whitelist
}
# 创建UDP后端服务组
resource "huaweicloud_elb_pool" "pool_udp" {
protocol = var.pool_protocol_udp
lb_method = "ROUND_ROBIN"
listener_id = huaweicloud_elb_listener.listener_udp.id
name = "server-group_${var.protocol_port_udp}"
}
# 创建TCP后端服务组
resource "huaweicloud_elb_pool" "pool_tcp" {
protocol = var.pool_protocol_tcp
lb_method = "ROUND_ROBIN"
listener_id = huaweicloud_elb_listener.listener_tcp.id
name = "server-group_${var.protocol_port_tcp}"
}
# 创建HTTP后端服务组
resource "huaweicloud_elb_pool" "pool_https" {
protocol = "HTTP"
lb_method = "ROUND_ROBIN"
loadbalancer_id = var.loadbalancer_id
name = "server-group_${var.srs_ip}-1985"
}
# TCP健康检查
resource "huaweicloud_elb_monitor" "monitor_tcp" {
count = var.pool_protocol_tcp == "TCP" ? 1 : 0
pool_id = huaweicloud_elb_pool.pool_tcp.id
protocol = var.pool_protocol_tcp
interval = 5
timeout = 3
max_retries = 3
port = 6028
}
# UDP健康检查
resource "huaweicloud_elb_monitor" "monitor_udp" {
count = var.pool_protocol_udp == "UDP" ? 1 : 0
protocol = "UDP_CONNECT"
pool_id = huaweicloud_elb_pool.pool_udp.id
interval = 5
timeout = 3
max_retries = 3
port = var.protocol_port_udp
}
# HTTP健康检查
resource "huaweicloud_elb_monitor" "monitor_http" {
count = var.pool_protocol_http == "HTTP" ? 1 : 0
protocol = "HTTP"
pool_id = huaweicloud_elb_pool.pool_https.id
interval = 5
timeout = 3
max_retries = 3
url_path = "/"
port = var.protocol_port_http
}
# 将主机IP加入服务组
resource "huaweicloud_elb_member" "member_udp" {
address = var.srs_ip
protocol_port = var.protocol_port_udp
weight = 1
pool_id = huaweicloud_elb_pool.pool_udp.id
subnet_id = var.ipv4_subnet_id
}
resource "huaweicloud_elb_member" "member_tcp" {
address = var.srs_ip
protocol_port = "6028"
weight = 1
pool_id = huaweicloud_elb_pool.pool_tcp.id
subnet_id = var.ipv4_subnet_id
}
resource "huaweicloud_elb_member" "member_http" {
address = var.srs_ip
protocol_port = var.protocol_port_http
weight = 1
pool_id = huaweicloud_elb_pool.pool_https.id
subnet_id = var.ipv4_subnet_id
}
resource "huaweicloud_elb_l7policy" "l7policy_1" {
name = "${var.srs_ip}_http"
action = "REDIRECT_TO_POOL"
description = "l7 policy"
listener_id = ""
redirect_pool_id = huaweicloud_elb_pool.pool_https.id
# priority = 7
}
resource "huaweicloud_elb_l7rule" "l7rule_1" {
l7policy_id = huaweicloud_elb_l7policy.l7policy_1.id
type = "HOST_NAME"
compare_type = "EQUAL_TO"
conditions {
value = var.srs_domain
}
}
resource "huaweicloud_elb_l7rule" "l7rule_2" {
l7policy_id = huaweicloud_elb_l7policy.l7policy_1.id
type = "PATH"
compare_type = "STARTS_WITH"
value = "/rtc/"
}
结合shell脚本
#!/bin/bash
SRS_IP=$1
SRS_DOMAIN=$2
PROTOCOL_PORT_UDP=$3
PROTOCOL_PORT_TCP=$4
sudo terraform apply -var="protocol_port_udp=${PROTOCOL_PORT_UDP}" -var="protocol_port_tcp=${PROTOCOL_PORT_TCP}" -var="srs_ip=${SRS_IP}" -var="srs_domain=${SRS_DOMAIN}" -auto-approve
jenkins-x@hw-bj-xp-jenkins-01:~/terraform/elb-new$ cat check_terraform.sh
#!/bin/bash
SRS_IP=$1
SRS_DOMAIN=$2
PROTOCOL_PORT_UDP=$3
PROTOCOL_PORT_TCP=$4
sudo rm -fr terraform.tfstate .terraform.lock.hcl .terraform/
# 判断terraform.tfstate文件和.terraform目录是否存在,如果存在则退出脚本
if [ -e "terraform.tfstate" ] || [ -d ".terraform" ] || [ -e ".terraform.lock.hcl" ]; then
echo "terraform目录存在,即将退出脚本。请先删除相关目录再继续!!"
exit 1
fi
echo "开始创建资源!!"
sudo terraform init
sudo terraform plan -var="protocol_port_udp=${PROTOCOL_PORT_UDP}" -var="protocol_port_tcp=${PROTOCOL_PORT_TCP}" -var="srs_ip=${SRS_IP}" -var="srs_domain=${SRS_DOMAIN}"
如对您有帮助,支持下呗!
微信
支付宝
浙公网安备 33010602011771号