在 Google 的 Cloud Shell 上使用 Terraform 可以安全且快速的創建 GCE 機器,而不需要另外使用 credentials。
Terraform 是由 HashiCorp 建立的開放原始碼「基礎架構即程式碼」工具。
宣告式 可讓 IT 使用 HCL 的高階語言,只要說明要做哪些事情,Terraform 會自動產生最終狀態的計劃,然後執行計劃以部屬基礎架構,最好的事,各大雲環境都支援,可以跨任何雲或私有地端來執行,定義好一次模板,後續僅修改參數就可以自動且快速部屬無論是 TEST、UIT、PD 等環境。
Cloud Shell
Cloud Shell 是一套線上開發與作業環境,可透過瀏覽器隨時隨地存取,並且 Google 很貼心已經內嵌好 Terraform ,並且所需的 Providers 已經存在。
創建一個 Instances
囿於直接在 Cloud Shell 上開發及執行,不用在另外下載 credentials ,只要確定該使用者的 IAM 有授予足夠權限即可。
- 創建一個檔案為
main.tf 檔案,並輸入下方內容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
# 使用 Google 的 Providers,並創建實例名稱、區域及選擇機器類型
resource "google_compute_instance" "default" {
name = "terraform-lab"
machine_type = "e2-small"
zone = "us-central1-a"
# 定義 metadata 的值
metadata = {
enable-oslogin = "TRUE"
}
# 開機硬碟選擇 RHEL 系列的 Rocky
boot_disk {
initialize_params {
image = "rocky-linux-cloud/rocky-linux-8"
}
}
# 網路使用 default vpc 即可
network_interface {
network = "default"
}
}
|
- 執行
terraform init 載入所需的 Provider。
1
2
3
4
5
6
7
8
9
|
wen9077@cloudshell:~/terraform-instance-lab (tgc101-taibame-01)$ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/google...
- Installing hashicorp/google v4.24.0...
- Installed hashicorp/google v4.24.0 (signed by HashiCorp)
...
|
- 執行
terraform plan產生計畫,並檢查計畫內容是否預期
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
wen9077@cloudshell:~/terraform-instance-lab (tgc101-taibame-01)$ terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# google_compute_instance.default will be created
+ resource "google_compute_instance" "default" {
+ can_ip_forward = false
+ cpu_platform = (known after apply)
+ current_status = (known after apply)
+ deletion_protection = false
+ guest_accelerator = (known after apply)
+ id = (known after apply)
+ instance_id = (known after apply)
+ label_fingerprint = (known after apply)
+ machine_type = "e2-small"
+ metadata = {
+ "enable-oslogin" = "TRUE"
}
+ metadata_fingerprint = (known after apply)
+ min_cpu_platform = (known after apply)
+ name = "terraform-lab"
+ project = (known after apply)
+ self_link = (known after apply)
+ tags_fingerprint = (known after apply)
+ zone = "us-central1-a"
...
|
- 執行
terraform apply,自動創建實例
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
wen9077@cloudshell:~/terraform-instance-lab (tgc101-taibame-01)$ terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# google_compute_instance.default will be created
+ resource "google_compute_instance" "default" {
+ can_ip_forward = false
+ cpu_platform = (known after apply)
+ current_status = (known after apply)
+ deletion_protection = false
+ guest_accelerator = (known after apply)
+ id = (known after apply)
+ instance_id = (known after apply)
+ label_fingerprint = (known after apply)
+ machine_type = "e2-small"
+ metadata = {
+ "enable-oslogin" = "TRUE"
...
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
google_compute_instance.default: Creating...
google_compute_instance.default: Still creating... [10s elapsed]
google_compute_instance.default: Creation complete after 14s [id=projects/tgc101-taibame-01/zones/us-central1-a/instances/terraform-lab]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
|
- 在 GCP 介面上重新整理後就可以看到已經創好的機器
囿於沒有告訴 Terraform 需要分配外部IP,所以一定要貼上 enable-oslogin = "TRUE" 在metadata 中,否則會連不進去機器喔(如果要外部IP的話需要在netword_interface 加上access_config {})
- 執行
terraform destroy ,就能刪除 Terraform 創建資源
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
wen9077@cloudshell:~/terraform-instance-lab (tgc101-taibame-01)$ terraform destroy
google_compute_instance.default: Refreshing state... [id=projects/tgc101-taibame-01/zones/us-central1-a/instances/terraform-lab]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# google_compute_instance.default will be destroyed
- resource "google_compute_instance" "default" {
...
Plan: 0 to add, 0 to change, 1 to destroy.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
...
google_compute_instance.default: Still destroying... [id=projects/tgc101-taibame-01/zones/us-central1-a/instances/terraform-lab, 1m50s elapsed]
google_compute_instance.default: Destruction complete after 1m54s
Destroy complete! Resources: 1 destroyed.
|
