创建阿里云 RAM 子用户,并进行授权
注意,需要将我们生成的 AccessKey 保存至本地
配置环境变量
定义的环境变量必须以 TF_VAR 开头,这样就被 terraform 在读取环境变量时就认为是他自己的环境变量
虽然也可以写在配置文件中明文保存,但是强烈不建议这样用,一旦配置文件泄露,便有非常大的风险。
# 第一种方式,需要去掉 main.tf 中的变量,直接全空即可,此变量是官方默认提供变量,不需要加 TF_VAR
export ALICLOUD_ACCESS_KEY="LTA**************<strong>"
export ALICLOUD_SECRET_KEY="Hp</strong>**************"
export ALICLOUD_REGION="cn-beijing"
# 第二种方式,下边定义阿里云 provider 用的是第二种
export TF_VAR_access_key="LTA**************<strong>"
export TF_VAR_secret_key="Hp</strong>**************"
export TF_VAR_region="cn-beijing"
定义阿里云 provider
version.tf 定义 terraform 版本信息
# versions.tf
// 定义 terraform 的 版本信息
terraform {
required_version = ">= 1.1.0"
required_providers {
alicloud = {
source = "aliyun/alicloud"
version = "1.162.0"
}
}
}
variables.tf 定义相关变量
# variables.tf
// 定义的变量会从环境变量中取值
// 分别对应 ALICLOUD_ACCESS_KEY, ALICLOUD_SECRET_KEY, ALICLOUD_REGION
variable "access_key" {
type = string
}
variable "secret_key" {
type = string
}
variable "region" {
type = string
}
main.tf 定义阿里云登录信息
# main.tf
// 阿里云登录信息,采用的是环境变量
provider "alicloud" {
# Configuration options
access_key = var.access_key
secret_key = var.secret_key
region = var.region
}
alicloud_vpc.tf 定义 vpc 相关配置
# alicloud_vpc.tf
// 创建 VPC 专有网络
resource "alicloud_vpc" "vpc" {
vpc_name = "tf_test_foo"
cidr_block = "172.96.0.0/12"
}
// 创建 Vswitch 交换机
resource "alicloud_vswitch" "vsw" {
vpc_id = alicloud_vpc.vpc.id
cidr_block = "172.96.0.0/21"
zone_id = "cn-beijing-b"
}
alicloud_security_group.tf 定义安全组相关配置
# alicloud_security_group.tf
// 创建 安全组 group
resource "alicloud_security_group" "group" {
name = "demo-group"
vpc_id = alicloud_vpc.vpc.id
security_group_type = "normal"
}
// 定义安全组规则,放开 22 端口
resource "alicloud_security_group_rule" "allow_22_tcp" {
type = "ingress"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "22/22"
priority = 1
security_group_id = alicloud_security_group.group.id
cidr_ip = "0.0.0.0/0"
}
# 相关文件的目录结构
.
├── alicloud_security_group.tf
├── alicloud_vpc.tf
├── main.tf
├── variables.tf
└── versions.tf
0 directories, 5 files
fmt 格式化代码
用于格式化代码,增强其可读性
terraform fmt
init 初始化
下载 provider 的相关插件,此命令需要连接 terraform 仓库
terraform init
init 的操作会把相关包下载到本地,此步骤时间略长
validate 校验
校验配置项中是否有报错的地方
terraform validate -json
# 输出如下结果
{
"format_version": "1.0",
"valid": true,
"error_count": 0,
"warning_count": 0,
"diagnostics": []
}
plan 预览
打印所有资源的期望状态
将期望资源的状态与当前工作目录的状态进行对比
打印当前状态与期望状态的差异,并不会实际实行
~# terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# alicloud_security_group.group will be created
+ resource "alicloud_security_group" "group" {
+ id = (known after apply)
+ inner_access = (known after apply)
+ inner_access_policy = (known after apply)
+ name = "demo-group"
+ security_group_type = "normal"
+ vpc_id = (known after apply)
}
# alicloud_security_group_rule.allow_22_tcp will be created
+ resource "alicloud_security_group_rule" "allow_22_tcp" {
+ cidr_ip = "0.0.0.0/0"
+ id = (known after apply)
+ ip_protocol = "tcp"
+ nic_type = "internet"
+ policy = "accept"
+ port_range = "22/22"
+ prefix_list_id = (known after apply)
+ priority = 1
+ security_group_id = (known after apply)
+ type = "ingress"
}
# alicloud_vpc.vpc will be created
+ resource "alicloud_vpc" "vpc" {
+ cidr_block = "172.96.0.0/12"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ name = (known after apply)
+ resource_group_id = (known after apply)
+ route_table_id = (known after apply)
+ router_id = (known after apply)
+ router_table_id = (known after apply)
+ status = (known after apply)
+ vpc_name = "tf_test_foo"
}
# alicloud_vswitch.vsw will be created
+ resource "alicloud_vswitch" "vsw" {
+ availability_zone = (known after apply)
+ cidr_block = "172.96.0.0/21"
+ id = (known after apply)
+ name = (known after apply)
+ status = (known after apply)
+ vpc_id = (known after apply)
+ vswitch_name = (known after apply)
+ zone_id = "cn-beijing-b"
}
Plan: 4 to add, 0 to change, 0 to destroy.
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform
apply" now.
apply 创建资源
terraform apply
登录阿里云后进行验证
vpc 验证
vswitch 验证
安全组验证
show 查看资源申请情况
~# terraform show
# alicloud_security_group.group:
resource "alicloud_security_group" "group" {
id = "sg-2zee17d94vu8k5kx99fz"
inner_access = true
inner_access_policy = "Accept"
name = "demo-group"
security_group_type = "normal"
tags = {}
vpc_id = "vpc-2zee4goyffxj46uz5j869"
}
# alicloud_security_group_rule.allow_22_tcp:
resource "alicloud_security_group_rule" "allow_22_tcp" {
cidr_ip = "0.0.0.0/0"
id = "sg-2zee17d94vu8k5kx99fz:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "22/22"
priority = 1
security_group_id = "sg-2zee17d94vu8k5kx99fz"
type = "ingress"
}
# alicloud_vpc.vpc:
resource "alicloud_vpc" "vpc" {
cidr_block = "172.96.0.0/12"
id = "vpc-2zee4goyffxj46uz5j869"
name = "tf_test_foo"
resource_group_id = "rg-acfmybfthr6yliq"
route_table_id = "vtb-2zeksbc0su4tecdy7j5er"
router_id = "vrt-2ze1lmeuaf424yol3twki"
router_table_id = "vtb-2zeksbc0su4tecdy7j5er"
secondary_cidr_blocks = []
status = "Available"
user_cidrs = []
vpc_name = "tf_test_foo"
}
# alicloud_vswitch.vsw:
resource "alicloud_vswitch" "vsw" {
availability_zone = "cn-beijing-b"
cidr_block = "172.96.0.0/21"
id = "vsw-2zeqb015cd9hogrp6fa4a"
status = "Available"
tags = {}
vpc_id = "vpc-2zee4goyffxj46uz5j869"
zone_id = "cn-beijing-b"
}
destory 销毁资源
同样可以登录阿里云进行验证,资源已被销毁
~# terraform destroy
alicloud_vpc.vpc: Refreshing state... [id=vpc-2zee4goyffxj46uz5j869]
alicloud_security_group.group: Refreshing state... [id=sg-2zee17d94vu8k5kx99fz]
alicloud_vswitch.vsw: Refreshing state... [id=vsw-2zeqb015cd9hogrp6fa4a]
alicloud_security_group_rule.allow_22_tcp: Refreshing state... [id=sg-2zee17d94vu8k5kx99fz:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# alicloud_security_group.group will be destroyed
- resource "alicloud_security_group" "group" {
- id = "sg-2zee17d94vu8k5kx99fz" -> null
- inner_access = true -> null
- inner_access_policy = "Accept" -> null
- name = "demo-group" -> null
- security_group_type = "normal" -> null
- tags = {} -> null
- vpc_id = "vpc-2zee4goyffxj46uz5j869" -> null
}
# alicloud_security_group_rule.allow_22_tcp will be destroyed
- resource "alicloud_security_group_rule" "allow_22_tcp" {
- cidr_ip = "0.0.0.0/0" -> null
- id = "sg-2zee17d94vu8k5kx99fz:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1" -> null
- ip_protocol = "tcp" -> null
- nic_type = "intranet" -> null
- policy = "accept" -> null
- port_range = "22/22" -> null
- priority = 1 -> null
- security_group_id = "sg-2zee17d94vu8k5kx99fz" -> null
- type = "ingress" -> null
}
# alicloud_vpc.vpc will be destroyed
- resource "alicloud_vpc" "vpc" {
- cidr_block = "172.96.0.0/12" -> null
- id = "vpc-2zee4goyffxj46uz5j869" -> null
- name = "tf_test_foo" -> null
- resource_group_id = "rg-acfmybfthr6yliq" -> null
- route_table_id = "vtb-2zeksbc0su4tecdy7j5er" -> null
- router_id = "vrt-2ze1lmeuaf424yol3twki" -> null
- router_table_id = "vtb-2zeksbc0su4tecdy7j5er" -> null
- secondary_cidr_blocks = [] -> null
- status = "Available" -> null
- user_cidrs = [] -> null
- vpc_name = "tf_test_foo" -> null
}
# alicloud_vswitch.vsw will be destroyed
- resource "alicloud_vswitch" "vsw" {
- availability_zone = "cn-beijing-b" -> null
- cidr_block = "172.96.0.0/21" -> null
- id = "vsw-2zeqb015cd9hogrp6fa4a" -> null
- status = "Available" -> null
- tags = {} -> null
- vpc_id = "vpc-2zee4goyffxj46uz5j869" -> null
- zone_id = "cn-beijing-b" -> null
}
Plan: 0 to add, 0 to change, 4 to destroy.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
alicloud_vswitch.vsw: Destroying... [id=vsw-2zeqb015cd9hogrp6fa4a]
alicloud_security_group_rule.allow_22_tcp: Destroying... [id=sg-2zee17d94vu8k5kx99fz:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1]
alicloud_security_group_rule.allow_22_tcp: Destruction complete after 7s
alicloud_security_group.group: Destroying... [id=sg-2zee17d94vu8k5kx99fz]
alicloud_security_group.group: Destruction complete after 0s
alicloud_vswitch.vsw: Still destroying... [id=vsw-2zeqb015cd9hogrp6fa4a, 10s elapsed]
alicloud_vswitch.vsw: Destruction complete after 15s
alicloud_vpc.vpc: Destroying... [id=vpc-2zee4goyffxj46uz5j869]
alicloud_vpc.vpc: Destruction complete after 6s
Destroy complete! Resources: 4 destroyed.
