Terraform管理OpenStack
官方安装指南
https://developer.hashicorp.com/terraform/install
https://developer.hashicorp.com/terraform/intro/getting-started/install.html
安装
sudo yum install -y yum-utils sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo sudo yum -y install terraform
yum安装之后,就是多了个二进制文件
(flask) [root@mcw15 ~]# rpm -qa|grep terraform terraform-1.8.4-1.x86_64 (flask) [root@mcw15 ~]# rpm -ql terraform /usr/bin/terraform (flask) [root@mcw15 ~]#
(flask) [root@mcw15 ~]# terraform --version Terraform v1.8.4 on linux_amd64 (flask) [root@mcw15 ~]#
查看OpenStack信息
查看OpenStack基本内容用于初始化TF的基本信息
认证URL,用于terraform调用OpenStack认证
[root@controller ~]# openstack endpoint list --service keystone +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+ | 2f7eead3577b48a7ae0974f7590504b6 | RegionOne | keystone | identity | True | internal | http://controller:5000/v3/ | | 379292a6f86b470ab5e1e77e76498df0 | RegionOne | keystone | identity | True | public | http://controller:5000/v3/ | | a9a8e5aab7074e49bb5c7aba3ea5f242 | RegionOne | keystone | identity | True | admin | http://controller:35357/v3/ | +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+ [root@controller ~]#
[root@controller ~]# tail -7 .bashrc export OS_USERNAME=admin export OS_PASSWORD=123456 export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 [root@controller ~]#
查看网络列表
[root@controller ~]# openstack network list +--------------------------------------+-------------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+-------------+--------------------------------------+ | 2fe697b2-ca93-453f-b0dd-726c7708fc99 | WAN | 730d0674-13c0-4af1-b3fb-e2741bd7a414 | | 65ea0127-5470-46fe-a6c7-87f0de21843d | selfservice | 83f536df-f29a-4632-9c17-6164c0f5f596 | | a92ccad9-5319-4564-a164-b364f2b56c3c | internal | 0b550ad4-b852-4de5-8b1a-80c764c46f3c | +--------------------------------------+-------------+--------------------------------------+ [root@controller ~]#
查看安全组
[root@controller ~]# openstack security group list +--------------------------------------+---------+------------------------+----------------------------------+ | ID | Name | Description | Project | +--------------------------------------+---------+------------------------+----------------------------------+ | 6cedc004-01c4-4130-981c-1a2f74fc9b9b | default | Default security group | 88515d0e693c453e9b10d422e602e3d8 | | 6fe46f0a-7f0b-40d1-bd10-74c012b9481a | default | Default security group | | | ec3a2425-7604-4379-ba19-13b40b3aff5e | default | Default security group | b29c52befb8448378d99086df5053737 | +--------------------------------------+---------+------------------------+----------------------------------+ [root@controller ~]#
查看可用区
[root@controller ~]# openstack availability zone list +-----------+-------------+ | Zone Name | Zone Status | +-----------+-------------+ | internal | available | | nova | available | | nova | available | | nova | available | | nova | available | +-----------+-------------+ [root@controller ~]#
查看机器类型
[root@controller ~]# openstack flavor list +--------------------------------------+-----------+------+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +--------------------------------------+-----------+------+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | | 66d59cb0-2541-419b-895a-693e041940e4 | mcw-web | 512 | 10 | 0 | 1 | False | | c45156a6-e8c9-4664-bbde-0be0c60f6cbf | mcw-type2 | 1000 | 10 | 0 | 1 | False | +--------------------------------------+-----------+------+------+-----------+-------+-----------+ [root@controller ~]#
查看镜像列表
[root@controller ~]# openstack image list +--------------------------------------+-------------------+--------+ | ID | Name | Status | +--------------------------------------+-------------------+--------+ | 8fec0b5d-4953-4323-adbc-ba6815c9c476 | CentOS-7-x86_64 | active | | a2a1f5d2-e8e1-4395-8d22-2558abbfc5ff | CentOS-7-x86_64_2 | saving | | 15d77481-b3f5-4269-91c5-0fd56fb7a79d | CentOS-7-x86_64_3 | queued | | b51fd818-2c0c-47e0-9807-2b784c0a1620 | CentOS-7-x86_64_3 | saving | | 18718973-7eeb-4d75-b18e-abb147c9f567 | CentOS-7-x86_64_4 | active | | 985aed7e-8447-4b35-8303-628330ac1eee | CentOS-7-x86_64_5 | active | | 6cfe6502-36f0-4155-ae4e-a84cb910049a | cirros | active | +--------------------------------------+-------------------+--------+ [root@controller ~]#
查看管理域
[root@controller ~]# openstack domain list +---------+---------+---------+--------------------+ | ID | Name | Enabled | Description | +---------+---------+---------+--------------------+ | default | Default | True | The default domain | +---------+---------+---------+--------------------+ [root@controller ~]#
Terraform语法介绍
resource "aws_vpc" "main" {
cidr_block = var.base_cidr_block
}
<BLOCK TYPE> "<BLOCK LABEL>" "<BLOCK LABEL>" {
# Block body
<IDENTIFIER> = <EXPRESSION> # Argument
}
variable "image_id" {
type = string
default = "centos7"
}
variable "availability_zone_names" {
type = list(string)
default = ["us-west-1a"]}
variable "docker_ports" {
type = list(object({
internal = number
external = number
protocol = string
}))
default = [
{
internal = 8300
external = 8300
protocol = "tcp"
}
]}
使用变量
resource "aws_instance" "example" {
instance_type = "t2.micro"
ami = var.image_id
}
自定义判断生效规则
variable "image_id" {
type = string
description = "The id of the machine image (AMI) to use for the server."
validation {
condition = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami-"
error_message = "The image_id value must be a valid AMI id, starting with \"ami-\"."
}}操作之前查看
初始化成功
[root@mcw15 mcwtf2]# ls main.tf [root@mcw15 mcwtf2]# cat main.tf terraform { required_version = ">= 0.14.0" required_providers { openstack = { source = "terraform-provider-openstack/openstack" version = "1.49.0" } } } provider "openstack" { user_name = "admin" tenant_name = "admin" password = "123456" auth_url = "http://controller:35357/v3" region = "Default" } [root@mcw15 mcwtf2]# [root@mcw15 mcwtf2]# ping controller ping: controller: Name or service not known [root@mcw15 mcwtf2]#
[root@mcw15 mcwtf2]# terraform init Initializing the backend... Initializing provider plugins... - Finding terraform-provider-openstack/openstack versions matching "1.49.0"... - Installing terraform-provider-openstack/openstack v1.49.0... - Installed terraform-provider-openstack/openstack v1.49.0 (self-signed, key ID 4F80527A391BEFD2) Partner and community providers are signed by their developers. If you'd like to know more about provider signing, you can read about it here: https://www.terraform.io/docs/cli/plugins/signing.html Terraform has created a lock file .terraform.lock.hcl to record the provider selections it made above. Include this file in your version control repository so that Terraform can guarantee to make the same selections by default when you run "terraform init" in the future. Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. [root@mcw15 mcwtf2]#
执行之前只有main.tf是创建的,后面两个文件不清楚啥时候创建的
[root@mcw15 mcwtf2]# ls main.tf terraform.tfstate terraform.tfstate.backup [root@mcw15 mcwtf2]# cat main.tf terraform { required_version = ">= 0.14.0" required_providers { openstack = { source = "terraform-provider-openstack/openstack" version = "1.49.0" } } } provider "openstack" { user_name = "admin" tenant_name = "admin" password = "123456" auth_url = "http://controller:35357/v3" region = "RegionOne" } resource "openstack_compute_servergroup_v2" "servergroup_vm-mcwtest" { name = "vm-mcwtest" policies = ["anti-affinity"] } resource "openstack_compute_instance_v2" "vm-mcwtest001" { name = "vm-mcwtest001" flavor_name = "m1.nano" image_name = "cirros" network { name = "WAN" } scheduler_hints { group = openstack_compute_servergroup_v2.servergroup_vm-mcwtest.id } security_groups = ["default"] } [root@mcw15 mcwtf2]#
执行创建
[root@mcw15 mcwtf2]# terraform apply openstack_compute_servergroup_v2.servergroup_vm-mcwtest: Refreshing state... [id=ccb803eb-8c3a-4eb5-9882-be3ec460d889] openstack_compute_instance_v2.vm-mcwtest001: Refreshing state... [id=df9b17c5-2b5d-4af1-ade3-ede98b235387] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # openstack_compute_instance_v2.vm-mcwtest001 will be created + resource "openstack_compute_instance_v2" "vm-mcwtest001" { + access_ip_v4 = (known after apply) + access_ip_v6 = (known after apply) + all_metadata = (known after apply) + all_tags = (known after apply) + availability_zone = (known after apply) + created = (known after apply) + flavor_id = (known after apply) + flavor_name = "m1.nano" + force_delete = false + id = (known after apply) + image_id = (known after apply) + image_name = "cirros" + name = "vm-mcwtest001" + power_state = "active" + region = (known after apply) + security_groups = [ + "default", ] + stop_before_destroy = false + updated = (known after apply) + network { + access_network = false + fixed_ip_v4 = (known after apply) + fixed_ip_v6 = (known after apply) + floating_ip = (known after apply) + mac = (known after apply) + name = "WAN" + port = (known after apply) + uuid = (known after apply) } + scheduler_hints { + different_cell = [] + different_host = [] + group = "ccb803eb-8c3a-4eb5-9882-be3ec460d889" + query = [] + same_host = [] # (2 unchanged attributes hidden) } } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes openstack_compute_instance_v2.vm-mcwtest001: Creating... openstack_compute_instance_v2.vm-mcwtest001: Still creating... [10s elapsed] openstack_compute_instance_v2.vm-mcwtest001: Creation complete after 14s [id=c89fde09-2717-4455-88b9-2f0c8c672efd] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. [root@mcw15 mcwtf2]#
刚刚创建的
tf创建出来的服务器组
main.tf
[root@mcw15 mcwtf2]# cat main.tf terraform { required_version = ">= 0.14.0" required_providers { openstack = { source = "terraform-provider-openstack/openstack" version = "1.49.0" } } } provider "openstack" { user_name = "admin" tenant_name = "admin" password = "123456" auth_url = "http://controller:35357/v3" region = "RegionOne" } resource "openstack_compute_servergroup_v2" "servergroup_vm-mcwtest" { name = "vm-mcwtest" policies = ["anti-affinity"] } resource "openstack_compute_instance_v2" "vm-mcwtest001" { name = "vm-mcwtest001" flavor_name = "m1.nano" image_name = "cirros" network { name = "WAN" } scheduler_hints { group = openstack_compute_servergroup_v2.servergroup_vm-mcwtest.id } security_groups = ["default"] } [root@mcw15 mcwtf2]#
下面不用改
云平台连接信息,这里Regino从nova配置获取的,之前写的有问题,然后报错了
vm-mcwtest服务器组名称,vm-mcwtest001虚拟机实例名称。还有规格名称,镜像名称网络名称,安全组名称。有些可以是多个值
浙公网安备 33010602011771号