Azure实践
# 一、实践介绍
# 云产品资源
- 网络(VirtualNet)
- ZONE
- Subnet
- 负载均衡 Load Balancer
- 云服务器 VM
- 对象存储
# 二、初始化配置
# 地域和可用区
https://docs.microsoft.com/en-us/azure/availability-zones/az-overview
# 安装Azure-CLI
https://learn.microsoft.com/zh-cn/cli/azure/install-azure-cli
https://docs.azure.cn/zh-cn/cli/install-azure-cli-yum?view=azure-cli-latest
az账户登录: https://learn.microsoft.com/zh-cn/cli/azure/authenticate-azure-cli
# CentOS安装"Azure-cli"
CentOS系统登录
Azure账户需要使用az login --use-device-code方式登录,正常方式不适用
# CentOS7 配置`azure-cli`yum源
sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
echo -e "[azure-cli]
name=Azure CLI
baseurl=https://packages.microsoft.com/yumrepos/azure-cli
enabled=1
gpgcheck=1
gpgkey=https://packages.microsoft.com/keys/microsoft.asc" | sudo tee /etc/yum.repos.d/azure-cli.repo
$ yum makecahe
# 使用dnf install命令安装`azure-cli`
$ yum install dnf -y
$ dnf install azure-cli -y
# 登陆和退出Azure账户
## 将登录`https://microsoft.com/devicelogin`地址拷贝到浏览器上进行操作,然后将验证的`HJ7FST4R7`KEY拷贝到时候使用
$ az login --use-device-code
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HE4HDF9P8 to authenticate.
# 登录后的返回结果
az login --use-device-code
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HJ7FST4R7 to authenticate.
[
{
"cloudName": "AzureCloud",
"homeTenantId": "39e875d4-60ed-4dea-b35b-5efbccf67d48",
"id": "d3a12c16-4024-403e-826f-fdd73da900e8",
"isDefault": true,
"managedByTenants": [],
"name": "免费试用",
"state": "Enabled",
"tenantId": "39e875d4-60ed-4dea-b35b-5efbccf67d48",
"user": {
"name": "xxxxxxx1@gmail.com",
"type": "user"
}
}
]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# 其他环境安装Azure CLI
- 参考
Azure CLI安装.md文档
# 配置Terraform本地缓存
# 项目目录结构
$ cd terraform-azure-operator
$ tree .
.
├── env
│ └── dev
│ ├── network
│ └── service
├── global
│ └── backend
└── modules
7 directories
# 在根目录创建`.terraformrc`文件
## 本地缓存目录: "$HOME/.terraform.d/terraform-plugin-cache" 或 "/root/.terraform.d/terraform-plugin-cache"
$ vim .terraformrc
plugin_cache_dir = "$HOME/.terraform.d/terraform-plugin-cache"
disable_checkpoint = true
provider_installation {
filesystem_mirror {
path = "/root/.terraform.d/terraform-plugin-cache"
include = ["registry.terraform.io/*/*"]
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# Backend初始化配置
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
# 进入目录
$ cd terraform-azure-operator/global/backend
$ vim versions.tf # 编辑`versions.tf `文件
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=3.23.0"
}
}
}
# 初始化项目并下载terraform provider plugin组件
## 这里报错需要先去除`.terraformrc`文件中的如下部分,等`terraform init`完成之后再添加回去即可
provider_installation {
filesystem_mirror {
path = "/root/.terraform.d/terraform-plugin-cache"
include = ["registry.terraform.io/*/*"]
}
}
## 报错信息
$ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/azurerm versions matching "3.23.0"...
╷
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider hashicorp/azurerm: provider registry.terraform.io/hashicorp/azurerm was not found
│ in any of the search locations
│
│ - /mnt/e/Github-Project/Terraform-Home/.terraform.d/terraform-plugin-cache
╵
# 初始化正常
$ terraform init
Initializing the backend...
Initializing provider plugins...
- Reusing previous version of hashicorp/azurerm from the dependency lock file
- Using previously-installed hashicorp/azurerm v3.23.0
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# Azure Storage Account
存储帐户包含所有 Azure 存储数据对象:blobs, file shares, queues, tables, and disks. 存储帐户为你的 Azure 存储数据提供了一个唯一的命名空间;存储帐户名称在 Azure 中必须是唯一的
https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container
# 进入项目目录
$ cd terraform-azure-operator/global/backend
$ ree ./
./
├── main.tf
└── versions.tf
0 directories, 2 files
# 登录Azure
$ az login --use-device-code
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HJ7FST4R7 to authenticate.
[
{
"cloudName": "AzureCloud",
"homeTenantId": "39e875d4-60ed-4dea-b35b-5efbccf67d48",
"id": "d3a12c16-4024-403e-826f-fdd73da900e8",
"isDefault": true,
"managedByTenants": [],
"name": "免费试用",
"state": "Enabled",
"tenantId": "39e875d4-60ed-4dea-b35b-5efbccf67d48",
"user": {
"name": "xxxxxx@gmail.com",
"type": "user"
}
}
]
# 声明环境变量
export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
# 执行terraform命令
$ terraform init
$ terraform fmt 或 terraform init -recursive
$ terraform validate
$ terraform plan
$ terraform apply 或 terraform apply -auto-approve
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
备注
- 控制台查看
Azure Storage Account的创建结果
# Backend同步状态到远程
https://www.terraform.io/language/settings/backends/azurerm
# 进入项目目录
$ cd terraform-azure-operator/global/backend
$ vim backend.tf
terraform {
backend "azurerm" {
resource_group_name = "terraform-demo"
storage_account_name = "tfstateadmin111"
container_name = "tfstate"
key = "global/backend/terraform-backend.tfstate"
}
}
# 登录Azure
$ az login --use-device-code
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code HJ7FST4R7 to authenticate.
[
{
"cloudName": "AzureCloud",
"homeTenantId": "39e875d4-60ed-4dea-b35b-5efbccf67d48",
"id": "d3a12c16-4024-403e-826f-fdd73da900e8",
"isDefault": true,
"managedByTenants": [],
"name": "免费试用",
"state": "Enabled",
"tenantId": "39e875d4-60ed-4dea-b35b-5efbccf67d48",
"user": {
"name": "xxxxxx@gmail.com",
"type": "user"
}
}
]
# 声明环境变量
export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
# 执行terraform命令
$ terraform init
$ terraform fmt 或 terraform init -recursive
$ terraform validate
$ terraform plan
$ terraform apply 或 terraform apply -auto-approve
# terraform init初始化并同步状态到远程
$ terraform init
Initializing the backend...
Acquiring state lock. This may take a few moments...
Do you want to copy existing state to the new backend?
Pre-existing state was found while migrating the previous "local" backend to the
newly configured "azurerm" backend. No existing state was found in the newly
configured "azurerm" backend. Do you want to copy this state to the new "azurerm"
backend? Enter "yes" to copy and "no" to start with an empty state.
Enter a value: yes
Releasing state lock. This may take a few moments...
Successfully configured the backend "azurerm"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Reusing previous version of hashicorp/azurerm from the dependency lock file
- Using previously-installed hashicorp/azurerm v3.23.0
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
备注
- 控制台查看state的同步结果
# 二、开通虚拟网络和子网资源
# 创建资源
- VirtualNetwork 虚拟网络
- Subnet 子网
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet
这里依赖的是modules下面的模块创建的资源: "terraform-azure-operator/modules/virtul-net"
# 进入项目目录
$ cd terraform-azure-operator/env/dev/network
$ tree ./
./
├── backend.tf
├── outputs.tf
├── variables.tf
├── versions.tf
└── virtual-net.tf
0 directories, 5 files
# 登录Azure
$ az login --use-device-code
# 声明环境变量
export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
# 执行terraform命令
$ terraform init
$ terraform fmt 或 terraform init -recursive
$ terraform validate
$ terraform plan
$ terraform apply 或 terraform apply -auto-approve
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
备注:
- 项目这里创建的虚拟网络和子网是调用modules下的virtual-net模块进行创建的
- 控制台验证虚拟网络和子网的创建结果
# 三、开通安全组资源
- security_group 安全组和规则
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association
这里依赖的是modules下面的模块创建的资源: "terraform-azure-operator/modules/security-group"
# 进入项目目录
$ cd terraform-azure-operator/env/dev/network
$ vim network-security_group.tf
locals {
security_group_name = "dev-network-secgroup"
secgroup_location_name = "East US"
secgroup_resource_group_name = "terraform-demo"
secgroup_env_name = "dev-network-security-group"
subnet_ids = module.network.network_subnet_ids
}
module "security-groups" {
source = "../../../modules/security-group"
security_group_name = local.security_group_name
secgroup_location_name = local.secgroup_location_name
secgroup_resource_group_name = local.secgroup_resource_group_name
secgroup_env_name = local.secgroup_env_name
subnet_ids = local.subnet_ids
ports = [
{
port = "80"
priority = 100
},
{
port = "22"
priority = 101
},
{
port = "443"
priority = 102
}
]
}
# 登录Azure
$ az login --use-device-code
# 声明环境变量
export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
# 执行terraform命令
$ terraform init
$ terraform fmt 或 terraform init -recursive
$ terraform validate
$ terraform plan
$ terraform apply 或 terraform apply -auto-approve
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
备注:
- 项目这里创建的子网安全组是调用modules下的security-group模块进行创建的
- 控制台验证子网安全组的创建结果
# 四、开通网络接口和公网IP
# 公共参数剥离
# 进入项目目录
$ cd terraform-azure-operator/env/dev/network
$ tree ./
./
├── backend.tf
├── main.tf
├── network-security_group.tf
├── outputs.tf
├── variables.tf
├── versions.tf
└── virtual-net.tf
0 directories, 7 files
# 查看独立出来的公共参数
$ cat main.tf
locals {
location_name = "East US"
resource_group_name = "terraform-demo"
subnet_ids = module.network.network_subnet_ids
env_name = "dev"
}
# 登录Azure
$ az login --use-device-code
# 声明环境变量
export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
# 执行terraform命令
$ terraform init
$ terraform fmt 或 terraform init -recursive
$ terraform validate
$ terraform plan
$ terraform apply 或 terraform apply -auto-approve
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# 创建公网IP
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip
这里依赖的是modules下面的模块创建的资源: "terraform-azure-operator/modules/public-ip"
# 进入项目目录
$ cd terraform-azure-operator/env/dev/network
# 依赖公共参数
$ vim main.tf
locals {
location_name = "East US"
resource_group_name = "terraform-demo"
env_name = "dev"
}
# 穿件公网IP
$ vim public_ip.tf
module "public-ip" {
source = "../../../modules/public-ip"
location_name = local.location_name
resource_group_name = local.resource_group_name
env_name = local.env_name
public_name_groups = ["serve01", "server02"]
}
# 登录Azure
$ az login --use-device-code
# 声明环境变量
export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
# 执行terraform命令
$ terraform init
$ terraform fmt 或 terraform init -recursive
$ terraform validate
$ terraform plan
$ terraform apply 或 terraform apply -auto-approve
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
备注:
- 项目这里创建的公网IP是调用modules下的public-ip模块进行创建的
- 控制台验证公网IP的创建结果
# VM-NIC 网络接口
- 创建VM-NIC网络接口并关联上 上面的公网IP地址
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface
这里依赖的是modules下面的模块创建的资源: "terraform-azure-operator/modules/nics"
# 进入项目目录
$ cd terraform-azure-operator/env/dev/network
# 依赖的公共参数
$ vim main.tf
locals {
location_name = "East US"
resource_group_name = "terraform-demo"
subnet_ids = module.network.network_subnet_ids
public_ids = module.public-ip.public_id_list
env_name = "dev"
}
# 创建vm-nic并关联公网地址
$ vim vms.tf
module "vms" {
source = "../../../modules/vms"
location_name = local.location_name
resource_group_name = local.resource_group_name
vms = ["serve01", "server02"]
vms_configs = {
serve01 = {
subnet_id = "${local.subnet_ids[0]}"
public_id = "${local.public_ids[0]}"
},
server02 = {
subnet_id = "${local.subnet_ids[1]}"
public_id = "${local.public_ids[1]}"
}
}
}
# 登录Azure
$ az login --use-device-code
# 声明环境变量
export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
# 执行terraform命令
$ terraform init
$ terraform fmt 或 terraform init -recursive
$ terraform validate
$ terraform plan
$ terraform apply 或 terraform apply -auto-approve
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
备注:
- 项目这里创建的网络接口是调用modules下的nics模块进行创建的
- 控制台验证网络接口的创建结果
# 五、开通Linux虚拟机资源
过滤获取可用的image
https://learn.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage
# 查看所有的 image
$ az vm image list --output table
You are viewing an offline list of images, use --all to retrieve an up-to-date list
Architecture Offer Publisher Sku Urn UrnAlias Version
-------------- ---------------------------- ---------------------- ---------------------------------- ------------------------------------------------------------------------------ ----------------------- ---------
x64 CentOS OpenLogic 7.5 OpenLogic:CentOS:7.5:latest CentOS latest
x64 debian-10 Debian 10 Debian:debian-10:10:latest Debian latest
x64 flatcar-container-linux-free kinvolk stable kinvolk:flatcar-container-linux-free:stable:latest Flatcar latest
x64 opensuse-leap-15-3 SUSE gen2 SUSE:opensuse-leap-15-3:gen2:latest openSUSE-Leap latest
x64 RHEL RedHat 7-LVM RedHat:RHEL:7-LVM:latest RHEL latest
x64 sles-15-sp3 SUSE gen2 SUSE:sles-15-sp3:gen2:latest SLES latest
x64 UbuntuServer Canonical 18.04-LTS Canonical:UbuntuServer:18.04-LTS:latest UbuntuLTS latest
x64 WindowsServer MicrosoftWindowsServer 2022-Datacenter MicrosoftWindowsServer:WindowsServer:2022-Datacenter:latest Win2022Datacenter latest
x64 WindowsServer MicrosoftWindowsServer 2022-datacenter-azure-edition-core MicrosoftWindowsServer:WindowsServer:2022-datacenter-azure-edition-core:latest Win2022AzureEditionCore latest
x64 WindowsServer MicrosoftWindowsServer 2019-Datacenter MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest Win2019Datacenter latest
x64 WindowsServer MicrosoftWindowsServer 2016-Datacenter MicrosoftWindowsServer:WindowsServer:2016-Datacenter:latest Win2016Datacenter latest
x64 WindowsServer MicrosoftWindowsServer 2012-R2-Datacenter MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:latest Win2012R2Datacenter latest
x64 WindowsServer MicrosoftWindowsServer 2012-Datacenter MicrosoftWindowsServer:WindowsServer:2012-Datacenter:latest Win2012Datacenter latest
x64 WindowsServer MicrosoftWindowsServer 2008-R2-SP1 MicrosoftWindowsServer:WindowsServer:2008-R2-SP1:latest Win2008R2SP1 latest
# 根据指定条件过滤image
## 区域为`westus` ,`publisher`为Canonical(典型),`offer`提供为`UbuntuServer`,`sku`为`18.04-LTS`
az vm image list \
--location westus \
--publisher Canonical \
--offer UbuntuServer \
--sku 18.04-LTS \
--all --output table
## publisher为`Canonical`典型的
$ az vm image list --offer Ubuntu --all --publisher Canonical --output table
$ az vm image list --offer Ubuntu --all --output table
$ az vm image list --offer Centos --all --output table
$ az vm image list --offer Ubuntu --all --output table|more
Architecture Offer Publisher Sku
Urn
Version
-------------- -------------------------------------------------- ---------------------------------- ---------------------------------
----------------- ----------------------------------------------------------------------------------------------------------------------
---------- ----------------
x64 nsimd-ubuntu-20-04 ageniumscale1591804889317 plan-for-nsimd-ubuntu-20-04
ageniumscale1591804889317:nsimd-ubuntu-20-04:plan-for-nsimd-ubuntu-20-04:1.0.0
1.0.0
x64 aquaveo-tethys-platform-33-ubuntu-2004 aquaveollc1633710529908 tethys33
aquaveollc1633710529908:aquaveo-tethys-platform-33-ubuntu-2004:tethys33:3.3.0
3.3.0
x64 abantecart-on-ubuntu-1804 apps-4-rent abantecart-on-ubuntu-1804
apps-4-rent:abantecart-on-ubuntu-1804:abantecart-on-ubuntu-1804:1.0.1
1.0.1
x64 minecraft-bedrock-ubuntu-18-04-minimal articentgroupllc1635512619530 minecraft-bedrock-ubuntu-18-04-mi
nimal articentgroupllc1635512619530:minecraft-bedrock-ubuntu-18-04-minimal:minecraft-bedrock-ubuntu-18-04-minimal:1.0.0
1.0.0
x64 active-mq-on-ubuntu-eighteen apps-4-rent active-mq-on-ubuntu-eighteen
apps-4-rent:active-mq-on-ubuntu-eighteen:active-mq-on-ubuntu-eighteen:1.0.1
1.0.1
x64 activemq_ubuntu18_04lts askforcloudllc1651766049149 activemq_ubuntu18_04lts
askforcloudllc1651766049149:activemq_ubuntu18_04lts:activemq_ubuntu18_04lts:0.0.1
0.0.1
x64 minecraft-bedrock-ubuntu-20-04-minimal articentgroupllc1635512619530 minecraft-bedrock-ubuntu-20-04-mi
nimal articentgroupllc1635512619530:minecraft-bedrock-ubuntu-20-04-minimal:minecraft-bedrock-ubuntu-20-04-minimal:1.0.0
1.0.0
x64 akaunting-on-ubuntu apps-4-rent akaunting-on-ubuntu
apps-4-rent:akaunting-on-ubuntu:akaunting-on-ubuntu:1.0.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine
https://www.terraform.io/language/functions/base64encode
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/managed_disk
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_data_disk_attachment
查看可选用的系统镜像:
https://learn.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage
https://learn.microsoft.com/en-us/azure/virtual-machines/linux/imaging
vm实例类型:
https://learn.microsoft.com/en-us/azure/virtual-machines/sizes
https://learn.microsoft.com/en-us/azure/virtual-machines/sizes-b-series-burstable
Azure 托管磁盘:
https://learn.microsoft.com/en-us/azure/virtual-machines/managed-disks-overview
https://learn.microsoft.com/en-us/azure/virtual-machines/disks-scalability-targets
这里依赖的是modules下面的模块创建的资源: "terraform-azure-operator/modules/vms"
# 进入项目目录
$ cd terraform-azure-operator/env/dev/service
# 创建服务连接公私钥
$ mkdir -pv config
$ ssh-keygen -t rsa -m PEM -f config/public_key # 创建用于ssh连接的private key;(-f:指定文件名,-C:备注)
$ mv config/public_key config/public_key.pem
$ tree ./
./
├── backend.tf
├── config
│ ├── public_key.pem
│ └── public_key.pub
├── main.tf
├── outputs.tf
├── variables.tf
├── versions.tf
└── vms.tf
1 directory, 8 files
# 依赖的公共参数
$ vim main.tf
data "terraform_remote_state" "network-data" {
backend = "azurerm"
config = {
resource_group_name = "terraform-demo"
storage_account_name = "tfstateadmin111"
container_name = "tfstate"
key = "env/dev/network/terraform-network.tfstate"
}
}
locals {
location_name = "East US"
resource_group_name = "terraform-demo"
env_name = "dev"
# 这里的`vms`和`vms_config`,会被`vms.tf`和`mount-data-disk.tf`使用到
vms = ["server01", "server02"]
vms_cofigs = {
server01 = {
zone = "1"
subnet_id = data.terraform_remote_state.network-data.outputs.subnet_ids[0]
publicip = data.terraform_remote_state.network-data.outputs.public_ids[0]
nic_id = data.terraform_remote_state.network-data.outputs.nics_ids[0]
},
server02 = {
zone = "2"
subnet_id = data.terraform_remote_state.network-data.outputs.subnet_ids[1]
publicip = data.terraform_remote_state.network-data.outputs.public_ids[1]
nic_id = data.terraform_remote_state.network-data.outputs.nics_ids[1]
}
}
}
# 创建vms实例
$ vim vims.tf
module "vms" {
source = "../../../modules/vms"
vms_size = "Standard_B2s"
admin_username = "adminuser"
# 这里取消使用密码登录
# admin_password = "root@123"
# 开启禁用密码登录参数
disable_password_authentication = true
os_disk_caching = "ReadWrite"
os_disk_storage_account_type = "Standard_LRS"
os_disk_size = 50
source_image_publisher = "Canonical"
source_image_offer = "UbuntuServer"
source_image_sku = "18.04-LTS"
source_image_version = "latest"
resource_group_name = local.resource_group_name
location_name = local.location_name
public_key_path = file("${path.module}/config/public_key.pub")
vms = local.vms
vms_cofigs = local.vms_cofigs
}
# 创建额外挂载的数据盘
$ vim mount-data-disk.tf
module "attachment-data-disk" {
source = "../../../modules/data-disk"
location_name = local.location_name
resource_group_name = local.resource_group_name
data_disk_option = "Empty"
data_disk_size = 50
data_disk_storage_account_type = "Standard_LRS"
data_disk_in_os_id = "10"
data_disk_caching = "ReadWrite"
vms = local.vms
vms_cofigs = local.vms_cofigs
virtual_machine_ids = module.vms.vms_ids
}
# 登录Azure
$ az login --use-device-code
# 声明环境变量
export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
# 执行terraform命令
$ terraform init
$ terraform fmt 或 terraform init -recursive
$ terraform validate
$ terraform plan
$ terraform apply 或 terraform apply -auto-approve
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
备注:
- 项目这里创建linux虚拟机是调用modules下的vms模块进行创建的
- 控制台验证linux虚拟机的创建结果
- 远程登录服务测试
# 使用秘钥登录
$ ssh -i public_key.pem adminuser@20.246.216.106
# 使用密码方式登录
$ ssh adminuser@20.246.216.106
The authenticity of host '20.246.216.106 (20.246.216.106)' can't be established.
ECDSA key fingerprint is SHA256:+/iejTew26GoXSqEAPkZQtYa2YLYDd/OCTy1N55Eh3g.
ECDSA key fingerprint is MD5:ac:7b:4c:63:38:77:ff:56:71:bd:ec:fc:ef:e2:68:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '20.246.216.106' (ECDSA) to the list of known hosts.
adminuser@20.246.216.106's password:
Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 5.4.0-1091-azure x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Fri Sep 23 15:26:31 UTC 2022
System load: 0.09 Processes: 114
Usage of /: 4.9% of 28.89GB Users logged in: 0
Memory usage: 22% IP address for eth0: 10.0.1.4
Swap usage: 0%
0 updates can be applied immediately.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
$ ps -ef |grep nginx
root 2250 1 0 15:22 ? 00:00:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 2255 2250 0 15:22 ? 00:00:00 nginx: worker process
adminus+ 2478 2440 0 15:27 pts/0 00:00:00 grep --color=auto nginx
adminuser@server01:~$ curl http://localhost:80
server01
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
- 访问linux虚拟机绑定的公网IP地址测试nginx服务是否正常
# 注意:
- Azure资源变更替换
# 先创建出来需要替换的资源,再来替换旧的资源
lifecycle {
create_before_destroy = true
}
# Azure 使用`create_before_destroy`后的错误(在Azure是直接进行modify修或者是遵循先destroy后create操作)
## Azure会对资源的名称进行一致性校验,所以创建同样名称的新资源是无法通过的
│ Error: A resource with the ID "/subscriptions/d3a12c16-4024-403e-826f-fdd73da900e8/resourceGroups/terraform-demo/providers/Microsoft.Compute/virtualMachines/server02" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_linux_virtual_machine" for more information.
│
│ with module.vms.azurerm_linux_virtual_machine.server["server02"],
│ on ../../../modules/vms/main.tf line 1, in resource "azurerm_linux_virtual_machine" "server":
│ 1: resource "azurerm_linux_virtual_machine" "server" {
│
╵
╷
│ Error: A resource with the ID "/subscriptions/d3a12c16-4024-403e-826f-fdd73da900e8/resourceGroups/terraform-demo/providers/Microsoft.Compute/virtualMachines/server01" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_linux_virtual_machine" for more information.
│
│ with module.vms.azurerm_linux_virtual_machine.server["server01"],
│ on ../../../modules/vms/main.tf line 1, in resource "azurerm_linux_virtual_machine" "server":
│ 1: resource "azurerm_linux_virtual_machine" "server" {
│
╵
Releasing state lock. This may take a few moments...
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# 六、开通负载均衡器
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb_backend_address_pool
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb_backend_address_pool_address
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb_rule
这里依赖的是modules下面的模块创建的资源: "terraform-azure-operator/modules/lb"
# 进入项目目录
$ cd terraform-azure-operator/env/dev/service
$ vim lb.tf
module "lb" {
source = "../../../modules/lb"
lb_name = "terraformdemo-lb"
lb_sku = "Standard"
lb_backend_pool = "terraformdemo-lb-backend-pool"
lb_rule_name = "terraformdemo-lb-rule"
frontend_port = 80
backend_port = 80
location_name = local.location_name
resource_group_name = local.resource_group_name
public_ip_address_id = data.terraform_remote_state.network-data.outputs.lb_public_ip
vnet_id = data.terraform_remote_state.network-data.outputs.virtual_network_id
vms_private_ip_address = module.vms.vms_private_ip_address
}
# 登录Azure
$ az login --use-device-code
# 声明环境变量
export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
# 执行terraform命令
$ terraform init
$ terraform fmt 或 terraform init -recursive
$ terraform validate
$ terraform plan
$ terraform apply 或 terraform apply -auto-approve
# 自动迁移状态
$ terraform init -migrate-state
# 存储当前配置而不更改状态
$ terraform init -reconfigure
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
备注:
- 项目这里创建的负载均衡器是调用modules下的lb模块进行创建的
- 控制台验证负载均衡器的创建结果
- 测试负载均衡
$ for i in `seq 100`;do curl -s http://20.169.228.129;done|sort |uniq -c
27 server01
73 server02
1
2
3
2
3
# 七、dns解析
- 这里使用阿里云dns做一个模板,因为Azure用的是国外的资源;阿里云国内资源不能解析国外地址
# 进入项目目录
$ cd terraform-azure-operator/env/dev/service
$ vim alicloud-dns.tf.origin
locals {
dns_zone_name = "chsaos.com"
dns_record = "azure"
eip = data.terraform_remote_state.network-data.outputs.lb_public_address
record_type = "CNAME"
}
# demo.chsaos.com
resource "alicloud_dns_record" "record" {
name = local.dns_zone_name
host_record = local.dns_record
type = local.record_type
value = local.eip
}
# 需要使用api认证的export
# export ALICLOUD_ACCESS_KEY="xxxxxx"
# export ALICLOUD_SECRET_KEY="xxxxxx"
# export ALICLOUD_REGION="cn-shanghai"
# export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
# 登录Azure
$ az login --use-device-code
# 声明环境变量
export TF_CLI_CONFIG_FILE=/home/terraform/youdianzhishi-terraform/terraform-azure-operator/.terraformrc
# 执行terraform命令
$ terraform init
$ terraform fmt 或 terraform init -recursive
$ terraform validate
$ terraform plan
$ terraform apply 或 terraform apply -auto-approve
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
上次更新: 2024/04/09, 16:48:42
- 01
- AWS NAT-NetWork-Firwalld配置(一)04-09
- 02
- AWS NAT-NetWork-Firwalld配置(二)04-09
- 03
- kubernetes部署minio对象存储01-18