terraform基础
# 一、开发环境配置
# 安装命令
https://www.terraform.io/downloads
https://learn.hashicorp.com/tutorials/terraform/install-cli?in=terraform/aws-get-started
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo yum -y install terraform
1
2
3
2
3
# Vscode的插件安装
# Terraform语法配置
- Terraform的配置文件都是以.tf为后缀
- Terraform支持两种模式HCL、JSON
# 二、配置阿里云RAM账户
# RAM账户
# 三、配置阿里云Provider
# 3.1.静态凭据
# Provider
Terraform通过Provider管理基础设施,使用Provider与云供应商API进行交互
每个Provider都包含相关的资源和数据源;
Alicloud Provider
https://registry.terraform.io/providers/aliyun/alicloud/latest/docs
https://github.com/aliyun/terraform-provider-alicloud
# 创建项目基础文件
touch ./{main.tf,variables.tf,version.tf}
1
# 配置方式一
需要去掉
main.tf中的变量,直接全空即可,此变量是官方默认提供变量.不需要加 TF_VAR.
声明Provider
- required_provider() 定义provider
- source 定义provider的源地址
- version指定provider的版本号
# version.tf
terraform {
required_version = "1.2.8" // 这里是terraform的版本号,可以通过`terraform -v`获取到
required_providers {
alicloud = {
source = "aliyun/alicloud"
version = "1.183.0"
}
}
}
1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
配置Provider
- alicloud_access_key RAM用户的AK信息
- alicloud_secret_key RAM用户的SK信息
- region定义创建资源的区域
注意报数好AK和ASK,不要暴露最好通过环境变量等方式读取
# main.tf中的变量留空即可
provider "alicloud" {}
1
2
2
定义Variables
- 创建variables.tf文件,存储变量
- 可以从环境变量或者和文件从读取
# 声明环境变量
export ALICLOUD_ACCESS_KEY="******"
export ALICLOUD_SECRET_KEY="******"
export ALICLOUD_REGION="cn-beijing"
# variables.tf,这里也留空不然,在执行的时候terraform还是会去读取认证变量信息
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
执行计划测试命令
$ terraform plan
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and found no
differences, so no changes are needed.
1
2
3
4
5
6
2
3
4
5
6
# 配置方式二
定义的环境变量必须以 TF_VAR 开头,这样
terraform在读取环境变量时就认为是他自己的环境变量
声明Provider
- required_provider() 定义provider
- source 定义provider的源地址
- version指定provider的版本号
# version.tf
terraform {
required_version = "1.2.8" // 这里是terraform的版本号,可以通过`terraform -v`获取到
required_providers {
alicloud = {
source = "aliyun/alicloud"
version = "1.183.0"
}
}
}
1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
配置Provider
- alicloud_access_key RAM用户的AK信息
- alicloud_secret_key RAM用户的SK信息
- region定义创建资源的区域
注意报数好AK和ASK,不要暴露最好通过环境变量等方式读取
# main.tf
provider "alicloud" {
access_key = var.access_key
secret_key = var.secret_key
region = var.region
}
1
2
3
4
5
6
2
3
4
5
6
定义Variables
- 创建variables.tf文件,存储变量
- 可以从环境变量或者和文件从读取
# 声明环境变量
export TF_VAR_alicloud_access_key="******"
export TV_VAR_alicloud_secret_key="******"
export TF_VAR_region="******"
# variables.tf 文件中的变量配置需要注释或者留空,不然terraform还是会去读取认证变量信息
# variable "access_key" {
# type = string
# }
# variable "secret_key" {
# type = string
# }
# variable "region" {
# type = string
# }
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
执行计划测试命令
$ terraform plan
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.
1
2
3
4
5
2
3
4
5
# 3.2.共享凭证文件
**阿里云凭证或配置文件: **https://www.alibabacloud.com/help/zh/alibaba-cloud-cli/latest/interactive-configuration
# 安装阿里云cli
wget https://github.com/aliyun/aliyun-cli/releases/download/v3.0.120/aliyun-cli-linux-3.0.120-amd64.tgz
tar xf aliyun-cli-linux-3.0.120-amd64.tgz
mv aliyun /usr/bin/
chmod +x /usr/bin/aliyun
1
2
3
4
2
3
4
# 凭证配置文
aliyun configure --profile akProfile
Configuring profile 'akProfile' in '' authenticate mode...
Access Key Id []: AccessKey ID
Access Key Secret []: AccessKey Secret
Default Region Id []: cn-hangzhou
Default Output Format [json]: json (Only support json))
Default Language [zh|en] en:
Saving profile[akProfile] ...Done.
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
# Terraform配置Provider配置
# 基础项目结构
tree ./
├── main.tf
├── variables.tf
└── version.tf
# 创建项目基础文件
touch ./{main.tf,variables.tf,version.tf}
# vim main.tf
provider "alicloud" {
region = "cn-shanghai"
shared_credentials_file = "/root/.aliyun/config.json"
profile = "akProfile"
}
# vim variables.tf 暂时不配置任何参数
# variable "alicloud_access_key" {
# type = string
# }
# variable "alicloud_secret_key" {
# type = string
# }
# variable "region" {
# type = string
# }
# vim version.tf
terraform {
required_version = "1.2.8"
required_providers {
alicloud = {
source = "aliyun/alicloud"
version = "1.183.0"
}
}
}
# terraform执行plan命令测试
terraform plan
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and found no differences, so no changes
are needed.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# 四、Resouurce
- 资源来自
Proider,是Terraform中最重要的元素.每个资源块描述一个或多个基础对象,例如网络.计算实例或更高级别的组件,例如DNS记录. - 资源名称必须以字母或下划线开头,并且只能包含字母、数字、下划线和破折号.
resrouce "resource_type" "name" {
//resource_config
}
1
2
3
2
3
# 五、VPC专有网络
- 专有网络VPC(Virtual Private Cloud)是用户基于阿里云创建的自定义私有网络,不同的专有网络之间二层逻辑隔离,用户可以在自己创建的专有网络内创建和管理云产品实例,比如ECS、负载均衡、RDS等.
Terraform alivpc
https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/vpc
# VPC专有网络 as Code
- 资源参数引用:
. . - vswitch的创建需要绑定VPC即VPC的ID;
# alicloud-vpc.tf
# vpc专有网络
resource "alicloud_vpc" "vpc" {
vpc_name = "tf_test"
cidr_block = "172.16.0.0/12"
}
# switch交换机
resource "alicloud_vswitch" "vsw" {
vpc_id = alicloud_vpc.vpc.id
cidr_block = "172.16.10.0/24"
zone_id = "cn-shanghai-b"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
# 六、ECS安全组
- 安全组是一种虚拟防火墙,用于控制安全组内ECS实例的进入流量和出口流量,从而提高ECS实例的安全性.
- 安全组具备状态检测和数据包过滤能力,可以基于安全组的特性和安全组规则配置在云端划分安全域.
# ECS安全组 as Code
- 安全组的创建需要绑定VPC,即VPC的ID;
- https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/security_group
# alicloud_security.tf
# securiity_group 安全组
resource "alicloud_security_group" "group" {
name = "demo-group"
vpc_id = alicloud_vpc.vpc.id
security_group_type = "normal" //普通类型
}
# security_group_rule 规则
resource "alicloud_security_group_rule" "allow_80_tcp" {
type = "ingress"
ip_protocol = "tcp"
policy = "intranet"
policy = "accept"
port_range = "80/80"
priority = 1
security_group_id = alicloud_security_group.group_id
cidr_ip = "0.0.0.0/0"
}
# security_group_rule 规则
resource "alicloud_security_group_rule" "allow_22_tcp" {
type = "ingress"
ip_protocol = "tcp"
policy = "intranet"
policy = "accept"
port_range = "22/22"
priority = 1
security_group_id = alicloud_security_group.group_id
cidr_ip = "0.0.0.0/0"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# 七、申请阿里云资源
阿里云ECS创建: https://help.aliyun.com/document_detail/95830.html
# terraform init初始化
- 初始化: 安装
Proider模块,配置后端State; .terraform目录在初始化时自动创建,Terraform使用它来管理缓存的提供程序插件和模块等配置;state文件用于存储Terraform的数据:terraform.tfstate
$ terraform init
Initializing the backend...
Initializing provider plugins...
- Reusing previous version of aliyun/alicloud from the dependency lock file
- Using previously-installed aliyun/alicloud v1.183.0
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# Terraform fmt格式化代码
- 按照规范格式和样式对当前的
Terraform代码进行格式化;
$ terraform fmt
1
# Terraform validate验证代码
Validate主要是运行检查,验证配置是否在语法上有效,属性名称和值类型的正确性
$ terraform validate
Success! The configuration is valid.
$ terraform validate -json
{
"format_version": "1.0",
"valid": true,
"error_count": 0,
"warning_count": 0,
"diagnostics": []
}
1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
# Terraform plan计划与预览
- 评估
Terraform配置,并打印声明的所有资源的期望值; - 将期望状态与当前工作目录的基础设施对象进行比较
- 打印当前状态和期望状态之间的差异(不会执行变更)
$ terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# alicloud_security_group.group will be created
+ resource "alicloud_security_group" "group" {
+ id = (known after apply)
+ inner_access = (known after apply)
+ inner_access_policy = (known after apply)
+ name = "demo-group"
+ security_group_type = "normal"
+ vpc_id = (known after apply)
}
# alicloud_security_group_rule.allow_22_tcp will be created
+ resource "alicloud_security_group_rule" "allow_22_tcp" {
+ cidr_ip = "0.0.0.0/0"
+ id = (known after apply)
+ ip_protocol = "tcp"
+ nic_type = "internet"
+ policy = "accept"
+ port_range = "22/22"
+ prefix_list_id = (known after apply)
+ priority = 1
+ security_group_id = (known after apply)
+ type = "ingress"
}
# alicloud_security_group_rule.allow_80_tcp will be created
+ resource "alicloud_security_group_rule" "allow_80_tcp" {
+ cidr_ip = "0.0.0.0/0"
+ id = (known after apply)
+ ip_protocol = "tcp"
+ nic_type = "internet"
+ policy = "accept"
+ port_range = "80/80"
+ prefix_list_id = (known after apply)
+ priority = 1
+ security_group_id = (known after apply)
+ type = "ingress"
}
# alicloud_vpc.vpc will be created
+ resource "alicloud_vpc" "vpc" {
+ cidr_block = "172.16.0.0/12"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ name = (known after apply)
+ resource_group_id = (known after apply)
+ route_table_id = (known after apply)
+ router_id = (known after apply)
+ router_table_id = (known after apply)
+ status = (known after apply)
+ vpc_name = "tf_test"
}
# alicloud_vswitch.vsw will be created
+ resource "alicloud_vswitch" "vsw" {
+ availability_zone = (known after apply)
+ cidr_block = "172.16.10.0/24"
+ id = (known after apply)
+ name = (known after apply)
+ status = (known after apply)
+ vpc_id = (known after apply)
+ vswitch_name = (known after apply)
+ zone_id = "cn-shanghai-b"
}
Plan: 5 to add, 0 to change, 0 to destroy.
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform
apply" now.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# Terraform apply申请资源
$ terraform apply
alicloud_vpc.vpc: Refreshing state... [id=vpc-uf6elo1c4akws04l456ss]
alicloud_security_group.group: Refreshing state... [id=sg-uf66x7kyzdf2hsj38fxz]
alicloud_vswitch.vsw: Refreshing state... [id=vsw-uf6xoes2w4qvc1cbk1opg]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# alicloud_security_group_rule.allow_22_tcp will be created
+ resource "alicloud_security_group_rule" "allow_22_tcp" {
+ cidr_ip = "0.0.0.0/0"
+ id = (known after apply)
+ ip_protocol = "tcp"
+ nic_type = "intranet"
+ policy = "accept"
+ port_range = "22/22"
+ prefix_list_id = (known after apply)
+ priority = 1
+ security_group_id = "sg-uf66x7kyzdf2hsj38fxz"
+ type = "ingress"
}
# alicloud_security_group_rule.allow_80_tcp will be created
+ resource "alicloud_security_group_rule" "allow_80_tcp" {
+ cidr_ip = "0.0.0.0/0"
+ id = (known after apply)
+ ip_protocol = "tcp"
+ nic_type = "intranet"
+ policy = "accept"
+ port_range = "80/80"
+ prefix_list_id = (known after apply)
+ priority = 1
+ security_group_id = "sg-uf66x7kyzdf2hsj38fxz"
+ type = "ingress"
}
Plan: 2 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes # 这里必须输入`yes`,如果输入`y`会退出执行
alicloud_security_group_rule.allow_22_tcp: Creating...
alicloud_security_group_rule.allow_80_tcp: Creating...
alicloud_security_group_rule.allow_22_tcp: Creation complete after 1s [id=sg-uf66x7kyzdf2hsj38fxz:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1]
alicloud_security_group_rule.allow_80_tcp: Creation complete after 1s [id=sg-uf66x7kyzdf2hsj38fxz:ingress:tcp:80/80:intranet:0.0.0.0/0:accept:1]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# Terraform show查看资源
# 原始查看状态
$ terraform show
# alicloud_security_group.group:
resource "alicloud_security_group" "group" {
id = "sg-uf66x7kyzdf2hsj38fxz"
inner_access = true
inner_access_policy = "Accept"
name = "demo-group"
security_group_type = "normal"
tags = {}
vpc_id = "vpc-uf6elo1c4akws04l456ss"
}
# alicloud_security_group_rule.allow_22_tcp:
resource "alicloud_security_group_rule" "allow_22_tcp" {
cidr_ip = "0.0.0.0/0"
id = "sg-uf66x7kyzdf2hsj38fxz:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "22/22"
priority = 1
security_group_id = "sg-uf66x7kyzdf2hsj38fxz"
type = "ingress"
}
# alicloud_security_group_rule.allow_80_tcp:
resource "alicloud_security_group_rule" "allow_80_tcp" {
cidr_ip = "0.0.0.0/0"
id = "sg-uf66x7kyzdf2hsj38fxz:ingress:tcp:80/80:intranet:0.0.0.0/0:accept:1"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "80/80"
priority = 1
security_group_id = "sg-uf66x7kyzdf2hsj38fxz"
type = "ingress"
}
# alicloud_vpc.vpc:
resource "alicloud_vpc" "vpc" {
cidr_block = "172.16.0.0/12"
id = "vpc-uf6elo1c4akws04l456ss"
name = "tf_test"
resource_group_id = "rg-acfmzpb34mgigsa"
route_table_id = "vtb-uf66xifydjgtx7gs31vou"
router_id = "vrt-uf6faqbrsvp0u7d1laje5"
router_table_id = "vtb-uf66xifydjgtx7gs31vou"
secondary_cidr_blocks = []
status = "Available"
user_cidrs = []
vpc_name = "tf_test"
}
# alicloud_vswitch.vsw:
resource "alicloud_vswitch" "vsw" {
availability_zone = "cn-shanghai-b"
cidr_block = "172.16.10.0/24"
id = "vsw-uf6xoes2w4qvc1cbk1opg"
status = "Available"
tags = {}
vpc_id = "vpc-uf6elo1c4akws04l456ss"
zone_id = "cn-shanghai-b"
}
# json查看类型,适合集成
$ terraform show -json
{"format_version":"1.0","terraform_version":"1.2.8","values":{"root_module":{"resources":[{"address":"alicloud_security_group.group","mode":"managed","type":"alicloud_security_group","name":"group","provider_name":"registry.terraform.io/aliyun/alicloud","schema_version":0,"values":{"description":"","id":"sg-uf66x7kyzdf2hsj38fxz","inner_access":true,"inner_access_policy":"Accept","name":"demo-group","resource_group_id":"","security_group_type":"normal","tags":{},"vpc_id":"vpc-uf6elo1c4akws04l456ss"},"sensitive_values":{"tags":{}},"depends_on":["alicloud_vpc.vpc"]},{"address":"alicloud_security_group_rule.allow_22_tcp","mode":"managed","type":"alicloud_security_group_rule","name":"allow_22_tcp","provider_name":"registry.terraform.io/aliyun/alicloud","schema_version":0,"values":{"cidr_ip":"0.0.0.0/0","description":"","id":"sg-uf66x7kyzdf2hsj38fxz:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1","ip_protocol":"tcp","ipv6_cidr_ip":"","nic_type":"intranet","policy":"accept","port_range":"22/22","prefix_list_id":"","priority":1,"security_group_id":"sg-uf66x7kyzdf2hsj38fxz","source_group_owner_account":"","source_security_group_id":"","type":"ingress"},"sensitive_values":{},"depends_on":["alicloud_security_group.group"]},{"address":"alicloud_security_group_rule.allow_80_tcp","mode":"managed","type":"alicloud_security_group_rule","name":"allow_80_tcp","provider_name":"registry.terraform.io/aliyun/alicloud","schema_version":0,"values":{"cidr_ip":"0.0.0.0/0","description":"","id":"sg-uf66x7kyzdf2hsj38fxz:ingress:tcp:80/80:intranet:0.0.0.0/0:accept:1","ip_protocol":"tcp","ipv6_cidr_ip":"","nic_type":"intranet","policy":"accept","port_range":"80/80","prefix_list_id":"","priority":1,"security_group_id":"sg-uf66x7kyzdf2hsj38fxz","source_group_owner_account":"","source_security_group_id":"","type":"ingress"},"sensitive_values":{},"depends_on":["alicloud_security_group.group"]},{"address":"alicloud_vpc.vpc","mode":"managed","type":"alicloud_vpc","name":"vpc","provider_name":"registry.terraform.io/aliyun/alicloud","schema_version":0,"values":{"cidr_block":"172.16.0.0/12","description":"","dry_run":null,"enable_ipv6":null,"id":"vpc-uf6elo1c4akws04l456ss","ipv6_cidr_block":"","name":"tf_test","resource_group_id":"rg-acfmzpb34mgigsa","route_table_id":"vtb-uf66xifydjgtx7gs31vou","router_id":"vrt-uf6faqbrsvp0u7d1laje5","router_table_id":"vtb-uf66xifydjgtx7gs31vou","secondary_cidr_blocks":[],"status":"Available","tags":null,"timeouts":null,"user_cidrs":[],"vpc_name":"tf_test"},"sensitive_values":{"secondary_cidr_blocks":[],"user_cidrs":[]}},{"address":"alicloud_vswitch.vsw","mode":"managed","type":"alicloud_vswitch","name":"vsw","provider_name":"registry.terraform.io/aliyun/alicloud","schema_version":0,"values":{"availability_zone":"cn-shanghai-b","cidr_block":"172.16.10.0/24","description":"","id":"vsw-uf6xoes2w4qvc1cbk1opg","name":"","status":"Available","tags":{},"timeouts":null,"vpc_id":"vpc-uf6elo1c4akws04l456ss","vswitch_name":"","zone_id":"cn-shanghai-b"},"sensitive_values":{"tags":{}},"depends_on":["alicloud_vpc.vpc"]}]}}}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# Terraform destroy销毁资源
- 销毁由
Terraform配置管理的所有远程对象
$ terraform destroy
alicloud_vpc.vpc: Refreshing state... [id=vpc-uf6gg77fsdag0cjvod2dj]
alicloud_vswitch.vsw: Refreshing state... [id=vsw-uf6p5q16fu3kcv9bld23e]
alicloud_security_group.group: Refreshing state... [id=sg-uf652ndyjn9ty92p8usx]
alicloud_security_group_rule.allow_all_tcp: Refreshing state... [id=sg-uf652ndyjn9ty92p8usx:egress:tcp:1/65535:intranet:0.0.0.0/0:accept:1]
alicloud_security_group_rule.allow_22_tcp: Refreshing state... [id=sg-uf652ndyjn9ty92p8usx:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1]
alicloud_security_group_rule.allow_80_tcp: Refreshing state... [id=sg-uf652ndyjn9ty92p8usx:ingress:tcp:80/80:intranet:0.0.0.0/0:accept:1]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# alicloud_security_group.group will be destroyed
- resource "alicloud_security_group" "group" {
- id = "sg-uf652ndyjn9ty92p8usx" -> null
- inner_access = true -> null
- inner_access_policy = "Accept" -> null
- name = "demo-group" -> null
- security_group_type = "normal" -> null
- tags = {} -> null
- vpc_id = "vpc-uf6gg77fsdag0cjvod2dj" -> null
}
# alicloud_security_group_rule.allow_22_tcp will be destroyed
- resource "alicloud_security_group_rule" "allow_22_tcp" {
- cidr_ip = "0.0.0.0/0" -> null
- id = "sg-uf652ndyjn9ty92p8usx:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1" -> null
- ip_protocol = "tcp" -> null
- nic_type = "intranet" -> null
- policy = "accept" -> null
- port_range = "22/22" -> null
- priority = 1 -> null
- security_group_id = "sg-uf652ndyjn9ty92p8usx" -> null
- type = "ingress" -> null
}
# alicloud_security_group_rule.allow_80_tcp will be destroyed
- resource "alicloud_security_group_rule" "allow_80_tcp" {
- cidr_ip = "0.0.0.0/0" -> null
- id = "sg-uf652ndyjn9ty92p8usx:ingress:tcp:80/80:intranet:0.0.0.0/0:accept:1" -> null
- ip_protocol = "tcp" -> null
- nic_type = "intranet" -> null
- policy = "accept" -> null
- port_range = "80/80" -> null
- priority = 1 -> null
- security_group_id = "sg-uf652ndyjn9ty92p8usx" -> null
- type = "ingress" -> null
}
# alicloud_security_group_rule.allow_all_tcp will be destroyed
- resource "alicloud_security_group_rule" "allow_all_tcp" {
- cidr_ip = "0.0.0.0/0" -> null
- id = "sg-uf652ndyjn9ty92p8usx:egress:tcp:1/65535:intranet:0.0.0.0/0:accept:1" -> null
- ip_protocol = "tcp" -> null
- nic_type = "intranet" -> null
- policy = "accept" -> null
- port_range = "1/65535" -> null
- priority = 1 -> null
- security_group_id = "sg-uf652ndyjn9ty92p8usx" -> null
- type = "egress" -> null
}
# alicloud_vpc.vpc will be destroyed
- resource "alicloud_vpc" "vpc" {
- cidr_block = "172.16.0.0/12" -> null
- id = "vpc-uf6gg77fsdag0cjvod2dj" -> null
- name = "tf_test" -> null
- resource_group_id = "rg-acfmzpb34mgigsa" -> null
- route_table_id = "vtb-uf623l3jd5hymm9ejbvwp" -> null
- router_id = "vrt-uf657u9h63uhou889ar7s" -> null
- router_table_id = "vtb-uf623l3jd5hymm9ejbvwp" -> null
- secondary_cidr_blocks = [] -> null
- status = "Available" -> null
- user_cidrs = [] -> null
- vpc_name = "tf_test" -> null
}
# alicloud_vswitch.vsw will be destroyed
- resource "alicloud_vswitch" "vsw" {
- availability_zone = "cn-shanghai-b" -> null
- cidr_block = "172.16.10.0/24" -> null
- id = "vsw-uf6p5q16fu3kcv9bld23e" -> null
- status = "Available" -> null
- tags = {} -> null
- vpc_id = "vpc-uf6gg77fsdag0cjvod2dj" -> null
- zone_id = "cn-shanghai-b" -> null
}
Plan: 0 to add, 0 to change, 6 to destroy.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
alicloud_security_group_rule.allow_all_tcp: Destroying... [id=sg-uf652ndyjn9ty92p8usx:egress:tcp:1/65535:intranet:0.0.0.0/0:accept:1]
alicloud_vswitch.vsw: Destroying... [id=vsw-uf6p5q16fu3kcv9bld23e]
alicloud_security_group_rule.allow_22_tcp: Destroying... [id=sg-uf652ndyjn9ty92p8usx:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1]
alicloud_security_group_rule.allow_80_tcp: Destroying... [id=sg-uf652ndyjn9ty92p8usx:ingress:tcp:80/80:intranet:0.0.0.0/0:accept:1]
alicloud_security_group_rule.allow_all_tcp: Destruction complete after 0s
alicloud_security_group_rule.allow_80_tcp: Destruction complete after 1s
alicloud_security_group_rule.allow_22_tcp: Destruction complete after 1s
alicloud_security_group.group: Destroying... [id=sg-uf652ndyjn9ty92p8usx]
alicloud_security_group.group: Destruction complete after 0s
alicloud_vswitch.vsw: Destruction complete after 6s
alicloud_vpc.vpc: Destroying... [id=vpc-uf6gg77fsdag0cjvod2dj]
alicloud_vpc.vpc: Destruction complete after 6s
Destroy complete! Resources: 6 destroyed.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
上次更新: 2024/04/09, 16:48:42
- 01
- AWS NAT-NetWork-Firwalld配置(一)04-09
- 02
- AWS NAT-NetWork-Firwalld配置(二)04-09
- 03
- kubernetes部署minio对象存储01-18