Use Infrastructure as Code to provision and manage any cloud, infrastructure, or service 用代码来创建和管理云资源
入门介绍视频
这个视频给你一个基础的入门概念。Best video for learn terraform: Terraform Course - Automate your AWS cloud infrastructure https://www.youtube.com/watch?v=SLB_c_ayRMo
参考文档
https://www.terraform.io/ 官方文档
https://lonegunmanb.github.io/introduction-terraform/ 一位有情怀的大佬巨著,必看。
https://www.alibabacloud.com/help/zh/doc-detail/91285.htm?spm=a2c63.p38356.b99.372.8b994d00YwQjZI 中文版,阿里云文档
https://learn.hashicorp.com/terraform/getting-started/intro 小白学习必看
https://whyliyi.github.io/2020/01/27/terraform-resource.html terraform 中文系列
https://wsgzao.github.io/post/terraform/ 奥哥的大作
terraform 几种用法
- 如果是单人操作,backed 就直接本地存储 state。简单方便
- 如果是团队合作,backend 可以设置为 S3,大家共享 state, 也会有锁来确保不会起冲突。
- 如果财大气粗,可以花钱购买 terraform enterprise(TFE),大家的修改都会上传到 TFE, 有一个队列来依次执行。TFE 可视化效果非常好,还可以 discard 一些 change, 或者 lock TF workspace
基础的命令
Why not use ansible ? because changes to resources aren’t tracked. terraform code 是存在 git 上的,我们可以轻松检查历史记录,和回退
Why didn’t we choose CloudFormation? Its support is limited to AWS. terraform 还支持模块化,复用性可以提升我们效率。而且 terraform 支持多数的云,方便多平台操作。
Terraform config is code we write, state file is a json file. store these on the remote.
Plan is safe to do any where, apply we don’t comment any want. don’t apply locally, don’t apply locally, don’t apply locally!
| Commands | Description |
|---|---|
| terraform init | Initiate Terraform. Terraform must be initiated before you plan/apply terraform. |
| terraform plan | You will be able to examine Terraform’s execution plan before you deploy it to AWS. |
| terraform apply | Deploy your final execution plan to AWS. |
| terraform init -upgrade | Update providers. |
| terraform state show | Inspect the current state. |
| terraform graph | Displays the visual dependency graph of Terraform resources according to configuration files in DIR (or the current directory if omitted). |
| terraform destroy | Destroy all resources created by terraform and also destroy the changes in your state file. |
| terraform plan-out |
To save the displayed plan (from the ‘terraform plan’ command) for reference. |
precedence 优先级
https://www.terraform.io/docs/configuration/variables.html#variable-definition-precedence
Local Values
https://www.terraform.io/docs/configuration/locals.html
Terraform version compatibility
| Terraform Version | Remote State Version | Able to read |
|---|---|---|
| 0.11.14 | 0.12.x | Yes |
| 0.11.14 | 0.13.x | Yes |
| 0.11.14 | 0.14.x | Yes |
| 0.12.2 | 0.11.14 | Yes |
| 0.12.x | > 0.12.x | No |
| 0.12.30 | 0.11.14 | Yes |
| 0.12.30 | 0.12.x | Yes |
| 0.12.30 | 0.13.x | Yes |
| 0.12.30 | 0.14.x | Yes |
| 0.13.x | 0.11.14 | Yes |
| 0.13.x | 0.12.x | Yes |
| 0.13.x | > 0.13.x | No |
| 0.13.6 | 0.11.14 | Yes |
| 0.13.6 | 0.12.x | Yes |
| 0.13.6 | 0.13.x | Yes |
| 0.13.6 | 0.14.x | Yes |
| 0.14.x | >= 0.11.14 | Yes |
Recommendation:
- Move workspaces to atleast 0.12.30. Once the workspaces are moved to 0.12.30 they will no longer face compatibility issues with different state versions.
- If you are moving to Terraform 0.13, use >= 0.13.6
- All 0.14 states are compatible.
terraenv
This is a good multi-version control tools for terraform. https://github.com/aaratn/terraenv
verbose debug
特别是在遇到权限不足的时候,如果想检查是具体哪个 service 权限不足。就需要 debug 输出详细的过程
https://www.terraform.io/docs/internals/debugging.html1
2export TF_LOG=DEBUG
terraform plan
input variables 几种方式
https://www.terraform.io/docs/configuration/variables.html#variable-definition-precedence
terraform modules
https://learn.hashicorp.com/tutorials/terraform/module?in=terraform/modules
Terraform Associate
HashiCorp Certified: Terraform Associate
因为工作中用到了 terraform ,还算比较熟悉,最终通过了考试 HashiCorp Certified: Terraform Associate