本文主要介绍Terraform,以及如何使用 Terraform 管理 分析型数据库 PostgreSQL版。
1. Terraform 简介
Terraform 是一个开源的自动化的资源编排工具,支持多家云服务提供商。阿里云作为第三大云服务提供商,terraform-alicloud-provider 已经支持了超过 90 多个 Resource 和 Data Source,覆盖 20 多个服务和产品,吸引了越来越多的开发者加入到阿里云 Terraform 生态的建设中。
HashiCorp Terraform 是一个IT基础架构自动化编排工具,可以用代码来管理维护 IT 资源。Terraform 的命令行接口(CLI) 提供一种简单机制,用于将配置文件部署到阿里云或其他任意支持的云上,并对其进行版本控制。它编写了描述云资源拓扑的配置文件中的基础结构,例如虚拟机、存储帐户和网络接口。Terraform 是一个高度可扩展的工具,通过 Provider 来支持新的基础架构。您可以使用 Terraform 来创建、修改或删除 OSS、ECS、VPC、RDS、SLB 等多种资源。
Terraform宣称可以“为任意的应用部署任意的基础设施资源”,这得益于丰富的Terraform Provider,目前全球顶级云计算玩家和热门的云计算架构(Aws/OpenStack/Kubernetes/Docker)都为Terraform贡献了provider。
Alibaba Cloud Terraform Provider作为支持Terraform的providers之一,目前支持ECS, SLB, VPC, RDS, OSS, AnalyticDB for PostgreSQL等云产品编排和部署。
2. 分析型数据库 PostgreSQL版 Terraform Module 功能
分析型数据库 PostgreSQL版 的 Terraform Module 目前主要提供实例管理、网络管理的功能。例如:
实例管理功能
- 创建实例
- 设置描述
- 设置白名单
- 释放实例
网络管理功能
- 创建外网地址
- 设置网络端口
- 释放外网地址
3. 安装配置 Terraform
使用 Terraform 前,您需要参考以下步骤安装并配置 Terraform:
- 前往 appropriate package 下载适用于您的操作系统的程序包,本文以 Linux 系统为例。
- 将程序包解压到
/usr/local/bin。如果将可执行文件解压到其他目录,则需要将路径加入到全局变量。 运行 Terraform 验证路径配置,若显示可用的 Terraform 选项的列表,表示安装完成。
[root@iZ2zehtpzc0kbyw8kj2vblZ ~]# wget https://releases.hashicorp.com/terraform/0.11.9/terraform_0.11.9_linux_amd64.zip [root@iZ2zehtpzc0kbyw8kj2vblZ ~]# unzip terraform_0.11.9_linux_amd64.zip -d /usr/local/bin/ [root@iZ2zehtpzc0kbyw8kj2vblZ ~]# terraform Usage: terraform [-version] [-help] <command> [args] The available commands for execution are listed below. The most common, useful commands are shown first, followed by less common or more advanced commands. If you're just getting started with Terraform, stick with the common commands. For the other commands, please read the help and docs before usage. Common commands: apply Builds or changes infrastructure console Interactive console for Terraform interpolations destroy Destroy Terraform-managed infrastructure env Workspace management fmt Rewrites config files to canonical format get Download and install modules for the configuration graph Create a visual graph of Terraform resources import Import existing infrastructure into Terraform init Initialize a Terraform working directory output Read an output from a state file plan Generate and show an execution plan providers Prints a tree of the providers used in the configuration refresh Update local state file against real resources show Inspect Terraform state or plan taint Manually mark a resource for recreation untaint Manually unmark a resource as tainted validate Validates the Terraform files version Prints the Terraform version workspace Workspace management All other commands: 0.12upgrade Rewrites pre-0.12 module source code for v0.12 debug Debug output management (experimental) force-unlock Manually unlock the terraform state push Obsolete command for Terraform Enterprise legacy (v1) state Advanced state management创建 RAM 用户,并为其授权。( 注意:请不要使用主账号的 AccessKey 配置 Terraform 工具 )
创建 1 个独立的工作目录:
[root@iZ2zehtpzc0kbyw8kj2vblZ ~]# mkdir adb4pg [root@iZ2zehtpzc0kbyw8kj2vblZ ~]# cd adb4pg/创建配置文件。Terraform 在运行时,会读取该目录空间下所有.tf和.tfvars 文件。因此,您可以按照实际用途将配置信息写入到不同的文件中。下面列出几个常用的配置文件:
provider.tf -- provider 配置 terraform.tfvars -- 配置 provider 要用到的变量 varable.tf -- 通用变量 resource.tf -- 资源定义 data.tf -- 包文件定义 output.tf -- 输出如创建 provider.tf 文件时,您可按以下格式配置您的身份认证信息:
[root@iZ2zehtpzc0kbyw8kj2vblZ adb4pg]# vim provider.tf provider "alicloud" { access_key = "L****************j" secret_key = "C************0" region = "cn-beijing" }更多配置可以参考:Alicloud Provider
使用terraform init命令初始化工作目录:[root@iZ2zehtpzc0kbyw8kj2vblZ adb4pg]# terraform init Initializing provider plugins... - Checking for available provider plugins on https://releases.hashicorp.com... - Downloading plugin for provider "alicloud" (1.47.0)... The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, it is recommended to add version = "..." constraints to the corresponding provider blocks in configuration, with the constraint strings suggested below. * provider.alicloud: version = "~> 1.47" Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.注意:在新建工作目录,并创建配置文件后,都需要重新初始化工作目录
以上操作完成之后,您就可以使用 Terraform 工具了。
4. 使用 Terraform 管理 分析型数据库 PostgreSQL版
Terraform 安装完成之后,您就可以通过 Terraform 的操作命令管理 分析型数据库 PostgreSQL版了,下面介绍几个常用的操作命令:
terraform plan:预览功能,允许在正式执行之前查看将要执行那些操作。例如,您添加了一个创建实例的配置文件 test.tf :[root@iZ2zehtpzc0kbyw8kj2vblZ adb4pg]# vim test.tf resource "alicloud_gpdb_instance" "default" { description = "tf-adb4pg-test" engine = "gpdb" engine_version = "4.3" instance_class = "gpdb.group.segsdx2" instance_group_count = "2" availability_zone = "cn-beijing-c" security_ip_list = ["10.168.1.12", "100.69.7.112"] }使用
terraform plan可查看到将会执行的操作:[root@iZ2zehtpzc0kbyw8kj2vblZ adb4pg]# terraform plan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ alicloud_gpdb_instance.default
id: <computed>
availability_zone: "cn-beijing-c"
description: "tf-adb4pg-test"
engine: "gpdb"
engine_version: "4.3"
instance_charge_type: <computed>
instance_class: "gpdb.group.segsdx2"
instance_group_count: "2"
security_ip_list.#: "2"
security_ip_list.3064759514: "100.69.7.112"
security_ip_list.4095458986: "10.168.1.12"
vswitch_id: <computed>
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
```
terraform apply:执行工作目录中的配置文件。
例如,您想创建一个名为 test-adb4pg-test 的实例,您需要先添加一个创建实例的配置文件 test.tf :
[root@iZ2zehtpzc0kbyw8kj2vblZ adb4pg]# vim test.tf
resource "alicloud_gpdb_instance" "default" {
description = "tf-adb4pg-test"
engine = "gpdb"
engine_version = "4.3"
instance_class = "gpdb.group.segsdx2"
instance_group_count = "2"
availability_zone = "cn-beijing-c"
security_ip_list = ["10.168.1.12", "100.69.7.112"]
}之后使用 `terraform apply` 命令执行配置文件即可。
```bash
[root@iZ2zehtpzc0kbyw8kj2vblZ adb4pg]# terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ alicloud_gpdb_instance.default
id: <computed>
availability_zone: "cn-beijing-c"
description: "tf-adb4pg-test"
engine: "gpdb"
engine_version: "4.3"
instance_charge_type: <computed>
instance_class: "gpdb.group.segsdx2"
instance_group_count: "2"
security_ip_list.#: "2"
security_ip_list.3064759514: "100.69.7.112"
security_ip_list.4095458986: "10.168.1.12"
vswitch_id: <computed>
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
alicloud_gpdb_instance.default: Creating...
availability_zone: "" => "cn-beijing-c"
description: "" => "tf-adb4pg-test"
engine: "" => "gpdb"
engine_version: "" => "4.3"
instance_charge_type: "" => "<computed>"
instance_class: "" => "gpdb.group.segsdx2"
instance_group_count: "" => "2"
security_ip_list.#: "" => "2"
security_ip_list.3064759514: "" => "100.69.7.112"
security_ip_list.4095458986: "" => "10.168.1.12"
vswitch_id: "" => "<computed>"
alicloud_gpdb_instance.default: Still creating... (10s elapsed)
...
alicloud_gpdb_instance.default: Still creating... (12m10s elapsed)
alicloud_gpdb_instance.default: Creation complete after 12m19s (ID: gp-2zepm0ofe9fr0ms7h)
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
```
**说明:此配置运行后,将开始创建实例,整个执行耗时大概需要10-15分钟。**
**说明:若希望创建VPC网络类型的实例,请移步参考 [alicloud_gpdb_instance](https://www.terraform.io/docs/providers/alicloud/r/gpdb_instance.html)**
terraform show:查看当前 Terraform 管理的实例状态。[root@iZ2zehtpzc0kbyw8kj2vblZ adb4pg]# terraform show alicloud_gpdb_instance.default: id = gp-2ze73p908o86lv527 availability_zone = cn-beijing-c description = tf-adb4pg-test engine = gpdb engine_version = 4.3 instance_charge_type = Postpaid instance_class = gpdb.group.segsdx2 instance_group_count = 2 security_ip_list.# = 2 security_ip_list.3064759514 = 100.69.7.112 security_ip_list.4095458986 = 10.168.1.12terraform destroy:可删除通过 Terraform 创建的实例。[root@iZ2zehtpzc0kbyw8kj2vblZ adb4pg]# terraform destroy alicloud_gpdb_instance.default: Refreshing state... (ID: gp-2ze73p908o86lv527) An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: - alicloud_gpdb_instance.default
Plan: 0 to add, 0 to change, 1 to destroy.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
alicloud_gpdb_instance.default: Destroying... (ID: gp-2ze73p908o86lv527)
alicloud_gpdb_instance.default: Destruction complete after 0s
Destroy complete! Resources: 1 destroyed.
```
- 导入已有实例:若实例不是通过 Terraform 创建,可通过命令导入现有的实例。
首先,创建一个 main.tf 的文件,并写入实例相关信息:
[root@iZ2zehtpzc0kbyw8kj2vblZ adb4pg]# vim main.tf
resource "alicloud_gpdb_instance" "gp-2ze6gx923241v8m16" {
description = "tf-testAccXueqian"
}使用如下命令导入实例ID=gp-2ze6gx923241v8m16的这个实例:
```bash
[root@iZ2zehtpzc0kbyw8kj2vblZ adb4pg]# terraform import alicloud_gpdb_instance.gp-2ze6gx923241v8m16 gp-2ze6gx923241v8m16
alicloud_gpdb_instance.gp-2ze6gx923241v8m16: Importing from ID "gp-2ze6gx923241v8m16"...
alicloud_gpdb_instance.gp-2ze6gx923241v8m16: Import complete!
Imported alicloud_gpdb_instance (ID: gp-2ze6gx923241v8m16)
alicloud_gpdb_instance.gp-2ze6gx923241v8m16: Refreshing state... (ID: gp-2ze6gx923241v8m16)
Import successful!
The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.
```
使用terraform show命令查看当前实例状态
```bash
[root@iZ2zehtpzc0kbyw8kj2vblZ adb4pg]# terraform show
alicloud_gpdb_instance.default:
id = gp-2zepm0ofe9fr0ms7h
availability_zone = cn-beijing-c
description = tf-adb4pg-test
engine = gpdb
engine_version = 4.3
instance_charge_type = Postpaid
instance_class = gpdb.group.segsdx2
instance_group_count = 2
security_ip_list.# = 2
security_ip_list.3064759514 = 100.69.7.112
security_ip_list.4095458986 = 10.168.1.12
alicloud_gpdb_instance.gp-2ze6gx923241v8m16:
id = gp-2ze6gx923241v8m16
availability_zone = cn-beijing-c
description = gp-2ze6gx923241v8m16
engine = gpdb
engine_version = 4.3
instance_charge_type = Prepaid
instance_class = gpdb.group.segsdx2
instance_group_count = 2
security_ip_list.# = 1
security_ip_list.3151207060 = 127.0.0.1
```
参考文档:
- 更多 分析型数据库 PostgreSQL版 实例配置操作实例请参见:https://www.terraform.io/docs/providers/alicloud/r/gpdb_instance.html
- 更多 分析型数据库 PostgreSQL版 Terraform Module 介绍请参见:https://www.terraform.io/docs/providers/alicloud/d/gpdb_instances.html
