Terraform 是由 HashiCorp 创建的开源、基础设施即代码、软件工具。用户使用称为 HashiCorp 配置语言的声明性配置语言或可选的 JSON 定义和提供数据中心基础设施。
Terraform 将云 API 编码为声明性配置文件。它允许您使用 HCL 将基础设施组合为 Terraform 文件中的代码,以从任何基础设施提供商提供资源。
Digital Ocean 提供托管数据库服务,让您可以轻松创建新的数据库集群并快速使用它们,而无需努力设置它们或管理集群的可用性和扩展性,您可以使用 Digital Ocean 云控制台或通过编写将为您管理集群的创建、更新和删除的 terraform 代码。
在本指南中,我们将学习如何使用 terraform 在数字海洋中创建托管数据库。
安装terraform
您可以根据您的操作系统从此 页面安装 terraform。
我使用的是 Mac,所以这些是在我的机器上安装 terraform 的命令。
brew tap hashicorp/tap
brew install hashicorp/tap/terraform
通过检查安装的版本来确认安装:
➜ terraform version
Terraform v1.2.6
on darwin_arm64
为 DigitalOcean 配置 Terraform
要将 DigitalOcean 提供程序与 Terraform 一起使用,您必须使用提供程序文件配置插件。该文件告诉 Terraform 您正在使用哪个提供者(DigitalOcean)以及在哪里可以找到必要的凭据(您的 DigitalOcean API 令牌)。
创建并移动到您将配置和部署基础架构的目录。这也是您创建提供程序文件的地方。
mkdir do-database
cd do-database
在名为的工作目录中创建一个新文件, provider.tf 然后使用您喜欢的文本编辑器打开它。添加以下内容:
terraform {
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "2.21.0"
}
}
}
variable "do_token" {
type = string
}
provider "digitalocean" {
token = var.do_token
}
创建 Terraform 配置文件
将 Terraform 配置为访问您的 DigitalOcean 帐户后,您就可以开始开发 Terraform 文件,这些文件描述和声明要部署到您的帐户中的 DigitalOcean 资源。.tf Terraform 配置文件是带有扩展名的文本文件 。
创建我们的数据库集群
resource "random_string" "cluster-suffix" {
length = 4
min_lower = 2
min_numeric = 2
special = false
override_special = "/@\\ "
}
resource "digitalocean_database_cluster" "postgres" {
name = "live-citizix-${random_string.cluster-suffix.result}"
engine = "pg"
version = "14"
size = "db-s-1vcpu-1gb"
region = "lon1"
node_count = 1
tags = ["env:live"]
maintenance_window {
day = 6
hour = 10
}
}
创建数据库
resource "digitalocean_database_db" "main" {
cluster_id = digitalocean_database_cluster.postgres.id
name = "citizix"
}
输出值使有关您的基础设施的信息在命令行上可用,并且可以公开信息以供其他 Terraform 配置使用。输出值类似于编程语言中的返回值。
让我们为我们的集群定义一些输出
output "postgres-id" {
value = digitalocean_database_cluster.postgres.id
}
output "postgres-private_host" {
value = digitalocean_database_cluster.postgres.private_host
}
output "postgres-host" {
value = digitalocean_database_cluster.postgres.host
}
output "postgres-database" {
value = digitalocean_database_cluster.postgres.database
}
output "postgres-user" {
value = digitalocean_database_cluster.postgres.user
}
output "postgres-password" {
value = digitalocean_database_cluster.postgres.password
sensitive = true
}
执行 Terraform
配置完 Terraform 文件后,您可以部署从命令行配置的所有资源。Terraform 需要三个部署步骤:初始化目录、查看执行计划和应用(执行)Terraform 计划。
初始化通过考虑 Terraform 后端配置中的任何更改来准备工作目录以供使用。计划步骤为您提供资源的详细清单,供您在执行前查看。最后,该 terraform apply 命令将资源部署到您的帐户中。
初始化工作目录:
➜ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding digitalocean/digitalocean versions matching "2.21.0"...
- Installing digitalocean/digitalocean v2.21.0...
- Installed digitalocean/digitalocean v2.21.0 (signed by a HashiCorp partner, key ID F82037E524B9C0E8)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
如果 Terraform 成功初始化目录,您会收到消息 Terraform has been successfully initialized!。
接下来,您需要创建并查看您的 Terrafrom 计划。要创建您的 Terraform 计划:
export DO_PAT="<token here>"
terraform plan \
-var "do_token=${DO_PAT}"
输出
Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
+ create
Terraform will perform the following actions:
# digitalocean_database_cluster.postgres will be created
+ resource "digitalocean_database_cluster" "postgres" {
+ database = (known after apply)
+ engine = "pg"
+ host = (known after apply)
+ id = (known after apply)
+ name = "live-citizix-cluster"
+ node_count = 1
+ password = (sensitive value)
+ port = (known after apply)
+ private_host = (known after apply)
+ private_network_uuid = (known after apply)
+ private_uri = (sensitive value)
+ region = "lon1"
+ size = "db-s-1vcpu-1gb"
+ tags = [
+ "env:live",
]
+ uri = (sensitive value)
+ urn = (known after apply)
+ user = (known after apply)
+ version = "14"
+ maintenance_window {
+ day = "6"
+ hour = "10"
}
}
# digitalocean_database_db.main will be created
+ resource "digitalocean_database_db" "main" {
+ cluster_id = (known after apply)
+ id = (known after apply)
+ name = "citizix"
}
Plan: 2 to add, 0 to change, 0 to destroy.
当您应用计划时,Terraform 返回将部署的资源清单。它还会创建一个 infra.out 包含清单的文件。Terraform 使用该 infra.out 文件将资源部署到您的帐户中。
查看计划后,您可以应用它并将资源部署到您的帐户。执行计划:
terraform apply \
-var "do_token=${DO_PAT}"
Terraform 将资源部署到您的帐户中。您可以打开 DigitalOcean 控制面板 来查看他们的创作。
破坏你的基础设施
虽然在生产环境中不常用,但 Terraform 也可以破坏它创建的基础设施。这主要在多次部署和销毁的开发环境中有用。
首先,使用以下命令创建一个执行计划来破坏基础设施 terraform plan -destroy:
terraform plan \
-var "do_token=${DO_PAT}" \
--destroy
输出
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# digitalocean_database_cluster.postgres will be destroyed
- resource "digitalocean_database_cluster" "postgres" {
- database = "defaultdb" -> null
- engine = "pg" -> null
- host = "live-citizix-6xc2-do-user-9702479-0.b.db.ondigitalocean.com" -> null
- id = "eb1a80d7-08b8-47f1-ac06-6475b5208884" -> null
- name = "live-citizix-6xc2" -> null
- node_count = 1 -> null
- password = (sensitive value)
- port = 25060 -> null
- private_host = "private-live-citizix-6xc2-do-user-9702479-0.b.db.ondigitalocean.com" -> null
- private_network_uuid = "de5bc948-bc39-4255-8396-c102be57183a" -> null
- private_uri = (sensitive value)
- region = "lon1" -> null
- size = "db-s-1vcpu-1gb" -> null
- tags = [
- "env:live",
] -> null
- uri = (sensitive value)
- urn = "do:dbaas:eb1a80d7-08b8-47f1-ac06-6475b5208884" -> null
- user = "doadmin" -> null
- version = "14" -> null
- maintenance_window {
- day = "saturday" -> null
- hour = "06:31:57" -> null
}
}
# random_string.cluster-suffix will be destroyed
- resource "random_string" "cluster-suffix" {
- id = "6xc2" -> null
- length = 4 -> null
- lower = true -> null
- min_lower = 2 -> null
- min_numeric = 2 -> null
- min_special = 0 -> null
- min_upper = 0 -> null
- number = true -> null
- numeric = true -> null
- override_special = "/@\\ " -> null
- result = "6xc2" -> null
- special = false -> null
- upper = true -> null
}
Plan: 0 to add, 0 to change, 2 to destroy.
Terraform 将输出一个计划,其中资源标记为红色,并以减号为前缀,表示它将删除您的基础设施中的资源。
然后, terraform apply 如果您在文件中有计划或执行 terraform destroy,请使用它来运行计划:
terraform apply terraform.tfplan
terraform destroy \
-var "do_token=${DO_PAT}"
Terraform 将继续销毁资源,如生成的计划中所示。
结论
在本教程中,我们使用 terraform 创建了托管数字海洋数据库实例。我们学会了如何创造和破坏数字海洋资源。现在您了解了 Terraform 的工作原理,您可以创建配置文件来描述您自己的项目的服务器基础架构。