Bruce Blog Bruce Blog
首页
  • CentOS
  • Ubuntu-Debian
  • 系统网络
  • 系统辅助工具
  • MySQL
  • Redis
  • Mongodb
  • Docker基础
  • Container基础
  • Kubernetes

    • Kubernetes基础
    • Kubernetes辅助
  • Container-Network
  • Jenkins
  • Gitlab
  • ArgoCD
  • Ansible
  • Terraform
  • AWS
  • MQ
  • NGINX
  • JumpServer
  • 基础
  • 函数模块
  • 框架
  • 基础

    • Golang环境
    • 语法
    • 数据类型与运算符
    • 分支语句
    • 循环语句
    • 数组
    • 切片
    • Map
    • String
    • 函数
    • 包的管理
    • 指针
    • 结构体
    • Go语言中的OOP
    • 方法和接口
    • 错误处理
  • Go进阶

    • Go进阶
  • Go框架

    • Go框架
  • Golang辅助

    • Golang辅助
  • CSS
  • HTML
  • JavaScript
  • 前端辅助
  • 常用命令
  • 性能监控工具
  • Windows下Docker使用
  • 日常学习
  • 其他导航

Bruce Tao

运维界的该溜子
首页
  • CentOS
  • Ubuntu-Debian
  • 系统网络
  • 系统辅助工具
  • MySQL
  • Redis
  • Mongodb
  • Docker基础
  • Container基础
  • Kubernetes

    • Kubernetes基础
    • Kubernetes辅助
  • Container-Network
  • Jenkins
  • Gitlab
  • ArgoCD
  • Ansible
  • Terraform
  • AWS
  • MQ
  • NGINX
  • JumpServer
  • 基础
  • 函数模块
  • 框架
  • 基础

    • Golang环境
    • 语法
    • 数据类型与运算符
    • 分支语句
    • 循环语句
    • 数组
    • 切片
    • Map
    • String
    • 函数
    • 包的管理
    • 指针
    • 结构体
    • Go语言中的OOP
    • 方法和接口
    • 错误处理
  • Go进阶

    • Go进阶
  • Go框架

    • Go框架
  • Golang辅助

    • Golang辅助
  • CSS
  • HTML
  • JavaScript
  • 前端辅助
  • 常用命令
  • 性能监控工具
  • Windows下Docker使用
  • 日常学习
  • 其他导航
  • Ansible

  • Terraform

    • terraform命令使用
    • terraform概述
    • terraform基础
    • terraform语法
    • Backend配置
    • 阿里云实践
    • 腾讯云实践
    • 华为云实践
    • Docker实践
    • AWS实践
    • Terraform扩展
    • Azure实践
      • K8S实践
    • AWS

    • Cloud
    • Terraform
    Bruce
    2022-10-27
    目录

    Azure实践

    # 一、实践介绍

    # 云产品资源
    • 网络(VirtualNet)
      • ZONE
      • Subnet
    • 负载均衡 Load Balancer
    • 云服务器 VM
    • 对象存储

    image-20220922164959289

    image-20220922165049744

    # 二、初始化配置

    # 地域和可用区

    https://docs.microsoft.com/en-us/azure/availability-zones/az-overview

    image-20220922185515984

    # 安装Azure-CLI

    https://learn.microsoft.com/zh-cn/cli/azure/install-azure-cli

    https://docs.azure.cn/zh-cn/cli/install-azure-cli-yum?view=azure-cli-latest

    az账户登录: https://learn.microsoft.com/zh-cn/cli/azure/authenticate-azure-cli

    # CentOS安装"Azure-cli"

    CentOS系统登录Azure账户需要使用az login --use-device-code方式登录,正常方式不适用

    # CentOS7 配置`azure-cli`yum源
    sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
    
    echo -e "[azure-cli]
    name=Azure CLI
    baseurl=https://packages.microsoft.com/yumrepos/azure-cli
    enabled=1
    gpgcheck=1
    gpgkey=https://packages.microsoft.com/keys/microsoft.asc" | sudo tee /etc/yum.repos.d/azure-cli.repo
    
    $ yum makecahe
    
    # 使用dnf install命令安装`azure-cli`
    $ yum install dnf -y
    $ dnf install azure-cli -y
    
    # 登陆和退出Azure账户
    ## 将登录`https://microsoft.com/devicelogin`地址拷贝到浏览器上进行操作,然后将验证的`HJ7FST4R7`KEY拷贝到时候使用
    $ az login --use-device-code
    To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HE4HDF9P8 to authenticate.
    
    # 登录后的返回结果
    az login --use-device-code
    To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HJ7FST4R7 to authenticate.
    [
      {
        "cloudName": "AzureCloud",
        "homeTenantId": "39e875d4-60ed-4dea-b35b-5efbccf67d48",
        "id": "d3a12c16-4024-403e-826f-fdd73da900e8",
        "isDefault": true,
        "managedByTenants": [],
        "name": "免费试用",
        "state": "Enabled",
        "tenantId": "39e875d4-60ed-4dea-b35b-5efbccf67d48",
        "user": {
          "name": "xxxxxxx1@gmail.com",
          "type": "user"
        }
      }
    ]
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40

    image-20220922210938915

    image-20220922194249649

    image-20220922210955842

    image-20220922210030942

    # 其他环境安装Azure CLI
    • 参考Azure CLI安装.md文档
    # 配置Terraform本地缓存
    # 项目目录结构
    $ cd terraform-azure-operator
    $ tree .
    .
    ├── env
    │   └── dev
    │       ├── network
    │       └── service
    ├── global
    │   └── backend
    └── modules
    
    7 directories
    
    # 在根目录创建`.terraformrc`文件
    ## 本地缓存目录: "$HOME/.terraform.d/terraform-plugin-cache" 或 "/root/.terraform.d/terraform-plugin-cache"
    $ vim .terraformrc
    plugin_cache_dir  = "$HOME/.terraform.d/terraform-plugin-cache"
    disable_checkpoint = true
    
    provider_installation {
      filesystem_mirror {
        path    = "/root/.terraform.d/terraform-plugin-cache"
        include = ["registry.terraform.io/*/*"]
      }
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    # Backend初始化配置

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs

    # 进入目录
    $ cd terraform-azure-operator/global/backend
    $ vim versions.tf  # 编辑`versions.tf `文件
    terraform {
      required_providers {
        azurerm = {
          source  = "hashicorp/azurerm"
          version = "=3.23.0"
        }
      }
    }
    
    # 初始化项目并下载terraform provider plugin组件
    ## 这里报错需要先去除`.terraformrc`文件中的如下部分,等`terraform init`完成之后再添加回去即可
    provider_installation {
      filesystem_mirror {
        path    = "/root/.terraform.d/terraform-plugin-cache"
        include = ["registry.terraform.io/*/*"]
      }
    }
    
    ## 报错信息
    $ terraform init
    
    Initializing the backend...
    
    Initializing provider plugins...
    - Finding hashicorp/azurerm versions matching "3.23.0"...
    ╷
    │ Error: Failed to query available provider packages
    │
    │ Could not retrieve the list of available versions for provider hashicorp/azurerm: provider registry.terraform.io/hashicorp/azurerm was not found
    │ in any of the search locations
    │
    │   - /mnt/e/Github-Project/Terraform-Home/.terraform.d/terraform-plugin-cache
    ╵
    
    # 初始化正常
    $ terraform init
    
    Initializing the backend...
    
    Initializing provider plugins...
    - Reusing previous version of hashicorp/azurerm from the dependency lock file
    - Using previously-installed hashicorp/azurerm v3.23.0
    
    Terraform has been successfully initialized!
    
    You may now begin working with Terraform. Try running "terraform plan" to see
    any changes that are required for your infrastructure. All Terraform commands
    should now work.
    
    If you ever set or change modules or backend configuration for Terraform,
    rerun this command to reinitialize your working directory. If you forget, other
    commands will detect it and remind you to do so if necessary.
    
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    # Azure Storage Account

    存储帐户包含所有 Azure 存储数据对象:blobs, file shares, queues, tables, and disks. 存储帐户为你的 Azure 存储数据提供了一个唯一的命名空间;存储帐户名称在 Azure 中必须是唯一的

    https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container

    # 进入项目目录
    $ cd terraform-azure-operator/global/backend
    $ ree ./
    ./
    ├── main.tf
    └── versions.tf
    
    0 directories, 2 files
    
    # 登录Azure
    $ az login --use-device-code
    To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HJ7FST4R7 to authenticate.
    [
      {
        "cloudName": "AzureCloud",
        "homeTenantId": "39e875d4-60ed-4dea-b35b-5efbccf67d48",
        "id": "d3a12c16-4024-403e-826f-fdd73da900e8",
        "isDefault": true,
        "managedByTenants": [],
        "name": "免费试用",
        "state": "Enabled",
        "tenantId": "39e875d4-60ed-4dea-b35b-5efbccf67d48",
        "user": {
          "name": "xxxxxx@gmail.com",
          "type": "user"
        }
      }
    ]
    
    # 声明环境变量
    export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
    
    # 执行terraform命令
    $ terraform init 
    $ terraform fmt 或 terraform init -recursive
    $ terraform validate
    $ terraform plan
    $ terraform apply 或 terraform apply -auto-approve
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38

    备注

    • 控制台查看Azure Storage Account的创建结果

    image-20220922213542277

    image-20220922213616057

    image-20220922214205776

    image-20220922214744253

    image-20220922214824628

    # Backend同步状态到远程

    https://www.terraform.io/language/settings/backends/azurerm

    # 进入项目目录
    $ cd terraform-azure-operator/global/backend
    $ vim backend.tf
    terraform {
      backend "azurerm" {
        resource_group_name  = "terraform-demo"
        storage_account_name = "tfstateadmin111"
        container_name       = "tfstate"
        key                  = "global/backend/terraform-backend.tfstate"
      }
    }
    
    
    # 登录Azure
    $ az login --use-device-code
    To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HJ7FST4R7 to authenticate.
    [
      {
        "cloudName": "AzureCloud",
        "homeTenantId": "39e875d4-60ed-4dea-b35b-5efbccf67d48",
        "id": "d3a12c16-4024-403e-826f-fdd73da900e8",
        "isDefault": true,
        "managedByTenants": [],
        "name": "免费试用",
        "state": "Enabled",
        "tenantId": "39e875d4-60ed-4dea-b35b-5efbccf67d48",
        "user": {
          "name": "xxxxxx@gmail.com",
          "type": "user"
        }
      }
    ]
    
    # 声明环境变量
    export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
    
    # 执行terraform命令
    $ terraform init 
    $ terraform fmt 或 terraform init -recursive
    $ terraform validate
    $ terraform plan
    $ terraform apply 或 terraform apply -auto-approve
    
    # terraform init初始化并同步状态到远程
    $ terraform  init
    
    Initializing the backend...
    Acquiring state lock. This may take a few moments...
    Do you want to copy existing state to the new backend?
      Pre-existing state was found while migrating the previous "local" backend to the
      newly configured "azurerm" backend. No existing state was found in the newly
      configured "azurerm" backend. Do you want to copy this state to the new "azurerm"
      backend? Enter "yes" to copy and "no" to start with an empty state.
    
      Enter a value: yes
    
    Releasing state lock. This may take a few moments...
    
    Successfully configured the backend "azurerm"! Terraform will automatically
    use this backend unless the backend configuration changes.
    
    Initializing provider plugins...
    - Reusing previous version of hashicorp/azurerm from the dependency lock file
    - Using previously-installed hashicorp/azurerm v3.23.0
    
    Terraform has been successfully initialized!
    
    You may now begin working with Terraform. Try running "terraform plan" to see
    any changes that are required for your infrastructure. All Terraform commands
    should now work.
    
    If you ever set or change modules or backend configuration for Terraform,
    rerun this command to reinitialize your working directory. If you forget, other
    commands will detect it and remind you to do so if necessary.
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74

    备注

    • 控制台查看state的同步结果

    image-20220922215753987

    # 二、开通虚拟网络和子网资源

    # 创建资源
    • VirtualNetwork 虚拟网络
    • Subnet 子网

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet

    这里依赖的是modules下面的模块创建的资源: "terraform-azure-operator/modules/virtul-net"

    # 进入项目目录
    $ cd terraform-azure-operator/env/dev/network
    $  tree  ./
    ./
    ├── backend.tf
    ├── outputs.tf
    ├── variables.tf
    ├── versions.tf
    └── virtual-net.tf
    
    0 directories, 5 files
    
    # 登录Azure
    $ az login --use-device-code
    
    # 声明环境变量
    export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
    
    # 执行terraform命令
    $ terraform init 
    $ terraform fmt 或 terraform init -recursive
    $ terraform validate
    $ terraform plan
    $ terraform apply 或 terraform apply -auto-approve
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24

    备注:

    • 项目这里创建的虚拟网络和子网是调用modules下的virtual-net模块进行创建的
    • 控制台验证虚拟网络和子网的创建结果

    image-20220922224127628

    image-20220922224608802

    image-20220922224644594

    image-20220923001259053

    # 三、开通安全组资源

    • security_group 安全组和规则

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association

    这里依赖的是modules下面的模块创建的资源: "terraform-azure-operator/modules/security-group"

    # 进入项目目录
    $ cd terraform-azure-operator/env/dev/network
    $  vim network-security_group.tf
    locals {
      security_group_name          = "dev-network-secgroup"
      secgroup_location_name       = "East US"
      secgroup_resource_group_name = "terraform-demo"
      secgroup_env_name            = "dev-network-security-group"
      subnet_ids                   = module.network.network_subnet_ids
    }
    
    module "security-groups" {
      source                       = "../../../modules/security-group"
      security_group_name          = local.security_group_name
      secgroup_location_name       = local.secgroup_location_name
      secgroup_resource_group_name = local.secgroup_resource_group_name
      secgroup_env_name            = local.secgroup_env_name
      subnet_ids                   = local.subnet_ids
    
      ports = [
        {
          port     = "80"
          priority = 100
        },
        {
          port     = "22"
          priority = 101
        },
        {
          port     = "443"
          priority = 102
        }
      ]
    
    }
    
    
    # 登录Azure
    $ az login --use-device-code
    
    # 声明环境变量
    export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
    
    # 执行terraform命令
    $ terraform init 
    $ terraform fmt 或 terraform init -recursive
    $ terraform validate
    $ terraform plan
    $ terraform apply 或 terraform apply -auto-approve
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49

    备注:

    • 项目这里创建的子网安全组是调用modules下的security-group模块进行创建的
    • 控制台验证子网安全组的创建结果

    image-20220923105950836

    # 四、开通网络接口和公网IP

    # 公共参数剥离
    # 进入项目目录
    $ cd terraform-azure-operator/env/dev/network
    $  tree  ./
    ./
    ├── backend.tf
    ├── main.tf
    ├── network-security_group.tf
    ├── outputs.tf
    ├── variables.tf
    ├── versions.tf
    └── virtual-net.tf
    
    0 directories, 7 files
    
    # 查看独立出来的公共参数
    $ cat main.tf 
    locals {
      location_name       = "East US"
      resource_group_name = "terraform-demo"
      subnet_ids = module.network.network_subnet_ids
      env_name   = "dev"
    }
    
    # 登录Azure
    $ az login --use-device-code
    
    # 声明环境变量
    export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
    
    # 执行terraform命令
    $ terraform init 
    $ terraform fmt 或 terraform init -recursive
    $ terraform validate
    $ terraform plan
    $ terraform apply 或 terraform apply -auto-approve
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    # 创建公网IP

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip

    这里依赖的是modules下面的模块创建的资源: "terraform-azure-operator/modules/public-ip"

    # 进入项目目录
    $ cd terraform-azure-operator/env/dev/network
    
    # 依赖公共参数
    $  vim main.tf
    locals {
      location_name       = "East US"
      resource_group_name = "terraform-demo"
      env_name   = "dev"
    }
    
    # 穿件公网IP
    $ vim public_ip.tf
    module "public-ip" {
      source              = "../../../modules/public-ip"
      location_name       = local.location_name
      resource_group_name = local.resource_group_name
      env_name            = local.env_name
      public_name_groups  = ["serve01", "server02"]
    }
    
    
    # 登录Azure
    $ az login --use-device-code
    
    # 声明环境变量
    export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
    
    # 执行terraform命令
    $ terraform init 
    $ terraform fmt 或 terraform init -recursive
    $ terraform validate
    $ terraform plan
    $ terraform apply 或 terraform apply -auto-approve
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34

    备注:

    • 项目这里创建的公网IP是调用modules下的public-ip模块进行创建的
    • 控制台验证公网IP的创建结果

    image-20220923151926609

    image-20220923151957291

    # VM-NIC 网络接口
    • 创建VM-NIC网络接口并关联上 上面的公网IP地址

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface

    这里依赖的是modules下面的模块创建的资源: "terraform-azure-operator/modules/nics"

    # 进入项目目录
    $ cd terraform-azure-operator/env/dev/network
    
    # 依赖的公共参数
    $  vim main.tf
    locals {
      location_name       = "East US"
      resource_group_name = "terraform-demo"
      subnet_ids = module.network.network_subnet_ids
      public_ids = module.public-ip.public_id_list
      env_name   = "dev"
    }
    
    # 创建vm-nic并关联公网地址
    $ vim vms.tf
    module "vms" {
      source              = "../../../modules/vms"
      location_name       = local.location_name
      resource_group_name = local.resource_group_name
      vms = ["serve01", "server02"]
      vms_configs = {
        serve01 = {
          subnet_id = "${local.subnet_ids[0]}"
          public_id = "${local.public_ids[0]}"
        },
        server02 = {
          subnet_id = "${local.subnet_ids[1]}"
          public_id = "${local.public_ids[1]}"
        }
      }
    }
    
    
    # 登录Azure
    $ az login --use-device-code
    
    # 声明环境变量
    export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
    
    # 执行terraform命令
    $ terraform init 
    $ terraform fmt 或 terraform init -recursive
    $ terraform validate
    $ terraform plan
    $ terraform apply 或 terraform apply -auto-approve
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45

    备注:

    • 项目这里创建的网络接口是调用modules下的nics模块进行创建的
    • 控制台验证网络接口的创建结果

    image-20220923145116039

    image-20220923151211280

    # 五、开通Linux虚拟机资源

    • 过滤获取可用的image

      https://learn.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage

    # 查看所有的 image
    $ az vm image list --output table
    You are viewing an offline list of images, use --all to retrieve an up-to-date list
    Architecture    Offer                         Publisher               Sku                                 Urn                                                                             UrnAlias                 Version
    --------------  ----------------------------  ----------------------  ----------------------------------  ------------------------------------------------------------------------------  -----------------------  ---------
    x64             CentOS                        OpenLogic               7.5                                 OpenLogic:CentOS:7.5:latest                                                     CentOS                   latest
    x64             debian-10                     Debian                  10                                  Debian:debian-10:10:latest                                                      Debian                   latest
    x64             flatcar-container-linux-free  kinvolk                 stable                              kinvolk:flatcar-container-linux-free:stable:latest                              Flatcar                  latest
    x64             opensuse-leap-15-3            SUSE                    gen2                                SUSE:opensuse-leap-15-3:gen2:latest                                             openSUSE-Leap            latest
    x64             RHEL                          RedHat                  7-LVM                               RedHat:RHEL:7-LVM:latest                                                        RHEL                     latest
    x64             sles-15-sp3                   SUSE                    gen2                                SUSE:sles-15-sp3:gen2:latest                                                    SLES                     latest
    x64             UbuntuServer                  Canonical               18.04-LTS                           Canonical:UbuntuServer:18.04-LTS:latest                                         UbuntuLTS                latest
    x64             WindowsServer                 MicrosoftWindowsServer  2022-Datacenter                     MicrosoftWindowsServer:WindowsServer:2022-Datacenter:latest                     Win2022Datacenter        latest
    x64             WindowsServer                 MicrosoftWindowsServer  2022-datacenter-azure-edition-core  MicrosoftWindowsServer:WindowsServer:2022-datacenter-azure-edition-core:latest  Win2022AzureEditionCore  latest
    x64             WindowsServer                 MicrosoftWindowsServer  2019-Datacenter                     MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest                     Win2019Datacenter        latest
    x64             WindowsServer                 MicrosoftWindowsServer  2016-Datacenter                     MicrosoftWindowsServer:WindowsServer:2016-Datacenter:latest                     Win2016Datacenter        latest
    x64             WindowsServer                 MicrosoftWindowsServer  2012-R2-Datacenter                  MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:latest                  Win2012R2Datacenter      latest
    x64             WindowsServer                 MicrosoftWindowsServer  2012-Datacenter                     MicrosoftWindowsServer:WindowsServer:2012-Datacenter:latest                     Win2012Datacenter        latest
    x64             WindowsServer                 MicrosoftWindowsServer  2008-R2-SP1                         MicrosoftWindowsServer:WindowsServer:2008-R2-SP1:latest                         Win2008R2SP1             latest
    
    # 根据指定条件过滤image
    ## 区域为`westus` ,`publisher`为Canonical(典型),`offer`提供为`UbuntuServer`,`sku`为`18.04-LTS`
    az vm image list \
        --location westus \
        --publisher Canonical \
        --offer UbuntuServer \
        --sku 18.04-LTS \
        --all --output table
    
    ## publisher为`Canonical`典型的
    $ az vm image list --offer Ubuntu --all --publisher Canonical --output table
    $ az vm image list --offer Ubuntu --all --output table
    $ az vm image list --offer Centos --all --output table
    $ az vm image list --offer Ubuntu --all --output table|more
    Architecture    Offer                                               Publisher                           Sku                              
                       Urn                                                                                                                   
                Version
    --------------  --------------------------------------------------  ----------------------------------  ---------------------------------
    -----------------  ----------------------------------------------------------------------------------------------------------------------
    ----------  ----------------
    x64             nsimd-ubuntu-20-04                                  ageniumscale1591804889317           plan-for-nsimd-ubuntu-20-04      
                       ageniumscale1591804889317:nsimd-ubuntu-20-04:plan-for-nsimd-ubuntu-20-04:1.0.0                                        
                1.0.0
    x64             aquaveo-tethys-platform-33-ubuntu-2004              aquaveollc1633710529908             tethys33                         
                       aquaveollc1633710529908:aquaveo-tethys-platform-33-ubuntu-2004:tethys33:3.3.0                                         
                3.3.0
    x64             abantecart-on-ubuntu-1804                           apps-4-rent                         abantecart-on-ubuntu-1804        
                       apps-4-rent:abantecart-on-ubuntu-1804:abantecart-on-ubuntu-1804:1.0.1                                                 
                1.0.1
    x64             minecraft-bedrock-ubuntu-18-04-minimal              articentgroupllc1635512619530       minecraft-bedrock-ubuntu-18-04-mi
    nimal              articentgroupllc1635512619530:minecraft-bedrock-ubuntu-18-04-minimal:minecraft-bedrock-ubuntu-18-04-minimal:1.0.0     
                1.0.0
    x64             active-mq-on-ubuntu-eighteen                        apps-4-rent                         active-mq-on-ubuntu-eighteen     
                       apps-4-rent:active-mq-on-ubuntu-eighteen:active-mq-on-ubuntu-eighteen:1.0.1                                           
                1.0.1
    x64             activemq_ubuntu18_04lts                             askforcloudllc1651766049149         activemq_ubuntu18_04lts          
                       askforcloudllc1651766049149:activemq_ubuntu18_04lts:activemq_ubuntu18_04lts:0.0.1                                     
                0.0.1
    x64             minecraft-bedrock-ubuntu-20-04-minimal              articentgroupllc1635512619530       minecraft-bedrock-ubuntu-20-04-mi
    nimal              articentgroupllc1635512619530:minecraft-bedrock-ubuntu-20-04-minimal:minecraft-bedrock-ubuntu-20-04-minimal:1.0.0     
                1.0.0
    x64             akaunting-on-ubuntu                                 apps-4-rent                         akaunting-on-ubuntu              
                       apps-4-rent:akaunting-on-ubuntu:akaunting-on-ubuntu:1.0.1
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine

    https://www.terraform.io/language/functions/base64encode

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/managed_disk

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_data_disk_attachment

    查看可选用的系统镜像:

    ​ https://learn.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage

    ​ https://learn.microsoft.com/en-us/azure/virtual-machines/linux/imaging

    vm实例类型:

    ​ https://learn.microsoft.com/en-us/azure/virtual-machines/sizes

    ​ https://learn.microsoft.com/en-us/azure/virtual-machines/sizes-b-series-burstable

    Azure 托管磁盘:

    ​ https://learn.microsoft.com/en-us/azure/virtual-machines/managed-disks-overview

    ​ https://learn.microsoft.com/en-us/azure/virtual-machines/disks-scalability-targets

    这里依赖的是modules下面的模块创建的资源: "terraform-azure-operator/modules/vms"

    # 进入项目目录
    $ cd terraform-azure-operator/env/dev/service
    
    # 创建服务连接公私钥
    $ mkdir -pv config
    $ ssh-keygen -t rsa -m PEM -f config/public_key  # 创建用于ssh连接的private key;(-f:指定文件名,-C:备注)
    $ mv config/public_key config/public_key.pem
    
    $  tree  ./
    ./
    ├── backend.tf
    ├── config
    │   ├── public_key.pem
    │   └── public_key.pub
    ├── main.tf
    ├── outputs.tf
    ├── variables.tf
    ├── versions.tf
    └── vms.tf
    
    1 directory, 8 files
    
    
    
    # 依赖的公共参数
    $  vim main.tf
    data "terraform_remote_state" "network-data" {
      backend = "azurerm"
      config = {
        resource_group_name  = "terraform-demo"
        storage_account_name = "tfstateadmin111"
        container_name       = "tfstate"
        key                  = "env/dev/network/terraform-network.tfstate"
      }
    }
    
    locals {
      location_name       = "East US"
      resource_group_name = "terraform-demo"
      env_name            = "dev"
    
      # 这里的`vms`和`vms_config`,会被`vms.tf`和`mount-data-disk.tf`使用到
      vms = ["server01", "server02"]
      vms_cofigs = {
        server01 = {
          zone      = "1"
          subnet_id = data.terraform_remote_state.network-data.outputs.subnet_ids[0]
          publicip  = data.terraform_remote_state.network-data.outputs.public_ids[0]
          nic_id    = data.terraform_remote_state.network-data.outputs.nics_ids[0]
        },
        server02 = {
          zone      = "2"
          subnet_id = data.terraform_remote_state.network-data.outputs.subnet_ids[1]
          publicip  = data.terraform_remote_state.network-data.outputs.public_ids[1]
          nic_id    = data.terraform_remote_state.network-data.outputs.nics_ids[1]
        }
      }
    }
    
    
    # 创建vms实例
    $ vim vims.tf
    module "vms" {
      source         = "../../../modules/vms"
      vms_size       = "Standard_B2s"
      admin_username = "adminuser"
      # 这里取消使用密码登录
      # admin_password                  = "root@123"
      # 开启禁用密码登录参数
      disable_password_authentication = true
      os_disk_caching                 = "ReadWrite"
      os_disk_storage_account_type    = "Standard_LRS"
      os_disk_size                    = 50
      source_image_publisher          = "Canonical"
      source_image_offer              = "UbuntuServer"
      source_image_sku                = "18.04-LTS"
      source_image_version            = "latest"
      resource_group_name             = local.resource_group_name
      location_name                   = local.location_name
      public_key_path                 = file("${path.module}/config/public_key.pub")
      vms                             = local.vms
      vms_cofigs                      = local.vms_cofigs
    }
    
    # 创建额外挂载的数据盘
    $ vim mount-data-disk.tf
    module "attachment-data-disk" {
      source                         = "../../../modules/data-disk"
      location_name                  = local.location_name
      resource_group_name            = local.resource_group_name
      data_disk_option               = "Empty"
      data_disk_size                 = 50
      data_disk_storage_account_type = "Standard_LRS"
      data_disk_in_os_id             = "10"
      data_disk_caching              = "ReadWrite"
      vms                            = local.vms
      vms_cofigs                     = local.vms_cofigs
      virtual_machine_ids            = module.vms.vms_ids
    }
    
    # 登录Azure
    $ az login --use-device-code
    
    # 声明环境变量
    export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
    
    # 执行terraform命令
    $ terraform init 
    $ terraform fmt 或 terraform init -recursive
    $ terraform validate
    $ terraform plan
    $ terraform apply 或 terraform apply -auto-approve
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112

    备注:

    • 项目这里创建linux虚拟机是调用modules下的vms模块进行创建的
    • 控制台验证linux虚拟机的创建结果

    image-20220923232502899

    image-20220923232402397

    image-20220923232436870

    • 远程登录服务测试
    # 使用秘钥登录
    $ ssh -i public_key.pem adminuser@20.246.216.106
    
    # 使用密码方式登录
    $ ssh adminuser@20.246.216.106
    The authenticity of host '20.246.216.106 (20.246.216.106)' can't be established.
    ECDSA key fingerprint is SHA256:+/iejTew26GoXSqEAPkZQtYa2YLYDd/OCTy1N55Eh3g.
    ECDSA key fingerprint is MD5:ac:7b:4c:63:38:77:ff:56:71:bd:ec:fc:ef:e2:68:ff.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '20.246.216.106' (ECDSA) to the list of known hosts.
    adminuser@20.246.216.106's password: 
    Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 5.4.0-1091-azure x86_64)
    
     * Documentation:  https://help.ubuntu.com
     * Management:     https://landscape.canonical.com
     * Support:        https://ubuntu.com/advantage
    
      System information as of Fri Sep 23 15:26:31 UTC 2022
    
      System load:  0.09              Processes:           114
      Usage of /:   4.9% of 28.89GB   Users logged in:     0
      Memory usage: 22%               IP address for eth0: 10.0.1.4
      Swap usage:   0%
    
    0 updates can be applied immediately.
    
    
    
    The programs included with the Ubuntu system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.
    
    Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
    applicable law.
    
    To run a command as administrator (user "root"), use "sudo <command>".
    See "man sudo_root" for details.
    
    $ ps -ef |grep nginx
    root      2250     1  0 15:22 ?        00:00:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
    www-data  2255  2250  0 15:22 ?        00:00:00 nginx: worker process
    adminus+  2478  2440  0 15:27 pts/0    00:00:00 grep --color=auto nginx
    adminuser@server01:~$ curl http://localhost:80
    server01
    
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    • 访问linux虚拟机绑定的公网IP地址测试nginx服务是否正常

    image-20220923232952072

    image-20220923233000791

    # 注意:
    • Azure资源变更替换
    # 先创建出来需要替换的资源,再来替换旧的资源
      lifecycle {
        create_before_destroy = true
      }
      
      # Azure 使用`create_before_destroy`后的错误(在Azure是直接进行modify修或者是遵循先destroy后create操作)
    ## Azure会对资源的名称进行一致性校验,所以创建同样名称的新资源是无法通过的
    
    │ Error: A resource with the ID "/subscriptions/d3a12c16-4024-403e-826f-fdd73da900e8/resourceGroups/terraform-demo/providers/Microsoft.Compute/virtualMachines/server02" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_linux_virtual_machine" for more information.
    │ 
    │   with module.vms.azurerm_linux_virtual_machine.server["server02"],
    │   on ../../../modules/vms/main.tf line 1, in resource "azurerm_linux_virtual_machine" "server":
    │    1: resource "azurerm_linux_virtual_machine" "server" {
    │ 
    ╵
    ╷
    │ Error: A resource with the ID "/subscriptions/d3a12c16-4024-403e-826f-fdd73da900e8/resourceGroups/terraform-demo/providers/Microsoft.Compute/virtualMachines/server01" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_linux_virtual_machine" for more information.
    │ 
    │   with module.vms.azurerm_linux_virtual_machine.server["server01"],
    │   on ../../../modules/vms/main.tf line 1, in resource "azurerm_linux_virtual_machine" "server":
    │    1: resource "azurerm_linux_virtual_machine" "server" {
    │ 
    ╵
    Releasing state lock. This may take a few moments...
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24

    # 六、开通负载均衡器

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb_backend_address_pool

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb_backend_address_pool_address

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb_rule

    这里依赖的是modules下面的模块创建的资源: "terraform-azure-operator/modules/lb"

    # 进入项目目录
    $ cd terraform-azure-operator/env/dev/service
    $  vim lb.tf
    module "lb" {
      source                 = "../../../modules/lb"
      lb_name                = "terraformdemo-lb"
      lb_sku                 = "Standard"
      lb_backend_pool        = "terraformdemo-lb-backend-pool"
      lb_rule_name           = "terraformdemo-lb-rule"
      frontend_port          = 80
      backend_port           = 80
      location_name          = local.location_name
      resource_group_name    = local.resource_group_name
      public_ip_address_id   = data.terraform_remote_state.network-data.outputs.lb_public_ip
      vnet_id                = data.terraform_remote_state.network-data.outputs.virtual_network_id
      vms_private_ip_address = module.vms.vms_private_ip_address
    }
    
    # 登录Azure
    $ az login --use-device-code
    
    # 声明环境变量
    export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
    
    # 执行terraform命令
    $ terraform init 
    $ terraform fmt 或 terraform init -recursive
    $ terraform validate
    $ terraform plan
    $ terraform apply 或 terraform apply -auto-approve
    # 自动迁移状态
    $ terraform init -migrate-state
    
    # 存储当前配置而不更改状态
    $ terraform init -reconfigure
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35

    备注:

    • 项目这里创建的负载均衡器是调用modules下的lb模块进行创建的
    • 控制台验证负载均衡器的创建结果

    image-20220924023359091

    image-20220924023431210

    image-20220924023555524

    image-20220924023457027

    image-20220924024606667

    • 测试负载均衡
    $ for i in `seq 100`;do curl -s http://20.169.228.129;done|sort |uniq -c
         27 server01
         73 server02
    
    1
    2
    3

    # 七、dns解析

    • 这里使用阿里云dns做一个模板,因为Azure用的是国外的资源;阿里云国内资源不能解析国外地址
    # 进入项目目录
    $ cd terraform-azure-operator/env/dev/service
    $  vim alicloud-dns.tf.origin
    locals {
      dns_zone_name = "chsaos.com"
      dns_record    = "azure"
      eip           = data.terraform_remote_state.network-data.outputs.lb_public_address
      record_type   = "CNAME"
    }
    
    # demo.chsaos.com
    resource "alicloud_dns_record" "record" {
      name        = local.dns_zone_name
      host_record = local.dns_record
      type        = local.record_type
      value       = local.eip
    }
    
    
    # 需要使用api认证的export
    # export ALICLOUD_ACCESS_KEY="xxxxxx"
    # export ALICLOUD_SECRET_KEY="xxxxxx"
    # export ALICLOUD_REGION="cn-shanghai"
    # export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
    
    # 登录Azure
    $ az login --use-device-code
    
    # 声明环境变量
    export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
    
    # 执行terraform命令
    $ terraform init 
    $ terraform fmt 或 terraform init -recursive
    $ terraform validate
    $ terraform plan
    $ terraform apply 或 terraform apply -auto-approve
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    上次更新: 2024/04/09, 16:48:42
    Terraform扩展
    K8S实践

    ← Terraform扩展 K8S实践→

    最近更新
    01
    AWS NAT-NetWork-Firwalld配置(一)
    04-09
    02
    AWS NAT-NetWork-Firwalld配置(二)
    04-09
    03
    kubernetes部署minio对象存储
    01-18
    更多文章>
    Theme by Vdoing | Copyright © 2019-2024 Bruce Tao Blog Space | MIT License
    • 跟随系统
    • 浅色模式
    • 深色模式
    • 阅读模式