发布2018-09-10 12:22:44
发布2018-09-10 12:22:44


Terraform从其他IaC解决方案中脱颖而出,因为它是一个编排工具,这意味着它专为裸机服务器和虚拟机而设计。应从运行Ubuntu 16.04的客户端计算机运行本指南中的命令。

警告本指南中使用的配置和命令将导致多个Linode添加到您的帐户。请务必在Linode Manager中密切监控您的帐户,以避免产生不必要的费用。


  • 您需要具有sudo权限的系统和标准用户帐户的root访问权限。
  • 为您的Linode帐户创建API密钥。确保在显示API密钥时屏幕截图,它只会出现一次。如果您需要帮助,请参阅我们的API密钥指南。
  • 您需要在系统上安装Git




  • 64位Linux .zip存档。
  • SHA256校验和文件。
  • 校验和签名文件
  • 导入HashiCorp Security GPG密钥: gpg --keyserver keyserver.ubuntu.com --recv 348FFC4C 输出应显示密钥已导入: gpg: requesting key 348FFC4C from hkp server keyserver.ubuntu.com gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key 348FFC4C: public key "HashiCorp Security " imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
  • 验证校验和文件的GPG签名: gpg --verify terraform*.sig terraform*SHA256SUMS 输出应该说签名是好的: gpg: Signature made Wed 31 Jan 2018 08:53:21 PM UTC using RSA key ID 348FFC4C gpg: Good signature from "HashiCorp Security " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 91A6 E7F8 5D05 C656 30BE F189 5185 2D87 348F FC4C
  • 验证指纹是否与HashiCorp安全页面上的指纹相匹配。
  • 验证.zip存档的校验和: sha256sum -c terraform*SHA256SUMS 2>&1 | grep OK 输出应显示文件中给出的terraform*SHA256SUMS文件名: terraform_0.11.3_linux_amd64.zip: OK


从项目的下载页面下载并解压缩Go 。Terraform需要1.9版本: wget -c https://storage.googleapis.com/golang/go1.9.linux-amd64.tar.gz sudo tar -C /usr/local -xzf go*.linux-amd64.tar.gz

为项目可执行文件和源代码创建单独的目录: mkdir -p ~/go_projects/{bin,src,pkg}

将特定PATH于Go的位置添加到用户的环境中。将这些行添加到用户~/.profile文件的底部: 〜/ .profile文件1 2 3 4 export PATH=$PATH:/usr/local/go/bin export PATH=$PATH:$HOME/go_projects/bin export GOPATH="$HOME/go_projects" export GOBIN="$GOPATH/bin"注意您可以将变量更改为适合您的任何位置,只要它包含在PATH变量中即可。

重新加载用户的环境配置文件: source ~/.profile

为Terraform 构建一个Linode插件

下载Terraform存储库: go get github.com/hashicorp/terraform

下载自定义terraform-provider-linode存储库: go get github.com/LinodeContent/terraform-provider-linode

源代码src默认存储在Go的目录中。将目录更改为Terraform Linode插件的位置并构建包。依赖关系将由godeps插件文件夹中已有的自动处理。 cd ~/go_projects/src/github.com/LinodeContent/terraform-provider-linode/bin/terraform-provider-linode go build -o terraform-provider-linode

将新创建的二进制文件和Terraform配置文件移动到~/go_projects/bin: mv ~/go_projects/src/github.com/LinodeContent/terraform-provider-linode/bin/terraform-provider-linode/terraform-provider-linode ~/go_projects/bin mv ~/go_projects/src/github.com/LinodeContent/terraform-provider-linode/linode-template.tf ~/go_projects/bin



下载Terraform存储库: go get github.com/hashicorp/terraform

获取Terraform的Linode插件: wget https://github.com/linode/docs-scripts/raw/master/hosted_scripts/terraform-linode-plugin/terraform-provider-linode

将插件移动到~go_projects/bin: mv terraform-provider-linode ~/go_projects/bin/ chmod 750 ~/go_projects/bin/terraform-provider-linode



linode-template.tf在文本编辑器中打开并添加下面显示的代码段。在指示的位置填写您的Linode API密钥,公共SSH密钥和所需的root密码: 〜/ go_projects /斌/ linode-template.tf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 provider "linode" { key = "your-linode-API-key-here" } resource "linode_linode" "terraform-example" { image = "Ubuntu 16.04 LTS" kernel = "Grub 2" name = "linode-example" group = "terraform-test" region = "Atlanta, GA, USA" size = 1024 ssh_key = "your-ssh-id_rsa.pub-here" root_password = "your-server-password-here" }有关配置语法的特定信息,请参阅Terraform的文档

导航~/go_projects/bin并初始化Terraform配置: cd ~/go_projects/bin terraform init Terraform将确认初始化成功: Terraform has been successfully initialized!

如果发生错误,请在调试模式下再次运行该命令: TF_LOG=debug terraform init



检查您的Terraform计划: terraform plan 你会看见: Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ------------------------------------------------------------------------ An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: + linode_linode.your-terraform-name-here id: disk_expansion: "false" group: "your-linode-group-name-here" helper_distro: "true" image: "Ubuntu 16.04 LTS" ip_address: kernel: "Grub 2" manage_private_ip_automatically: "true" name: "TFtest" plan_storage: plan_storage_utilized: private_ip_address: region: "Atlanta, GA, USA" root_password: "wAZ9SvTofwDbrGO2FWgoI3BZFy0bvqxnQnNF1qn9pIQ=" size: "1024" ssh_key: "QLWOVauEwNxWGbj2ErWF9vFYIXsxW/2duL/og8gtV84=" status: swap_size: "512" Plan: 1 to add, 0 to change, 0 to destroy. ------------------------------------------------------------------------ Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run. 如果您需要解决任何问题,请激活调试模式: TF_LOG=debug terraform plan 该terraform plan命令不会对您的Linode帐户采取任何操作或进行任何更改。Terraform使用声明性方法,其中您的配置文件指定所需的基础结构最终状态。运行时terraform plan,将执行分析以确定实现此状态所需的操作。

如果没有错误,请开始部署: terraform apply 系统会要求您确认操作,输入yes并按Enter键: An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: + linode_linode.your-terraform-name-here id: disk_expansion: "false" group: "your-linode-group-name-here" helper_distro: "true" image: "Ubuntu 16.04 LTS" ip_address: kernel: "Grub 2" manage_private_ip_automatically: "true" name: "your-linode-name-here" plan_storage: plan_storage_utilized: private_ip_address: region: "Atlanta, GA, USA" root_password: "wAZ9SvTofwDbrGO2FWgoI3BZFy0bvqxnQnNF1qn9pIQ=" size: "1024" ssh_key: "QLWOVauEwNxWGbj2ErWF9vFYIXsxW/2duL/og8gtV84=" status: swap_size: "512" Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value:





  • Terraform将工作目录中存在“.tf”扩展名的所有文件加载到内存中。因此,所有文件都连接在一起(在内存中),您不需要在此文件中定义提供程序,因为它已在声明中声明linode-template.tf
  • 资源不能重复,因此您需要为每个资源分配唯一的名称。
  • 在此示例中,正在使用相同的SSH密钥和root密码。您应该在生产环境中更改这些值。
  • 新参数swap_size用于覆盖默认值512Mb。您可以terraform-provider-linode在插件GitHub存储库readme.md中检查所有可用选项。
  • linode-template.tf创建另一个名为linode-www.tf(不要删除linode-template.tf)的文件: 〜/ go_projects /斌/ linode-www.tf 1 2 3 4 5 6 7 8 9 10 11 resource "linode_linode" "terraform-www" { image = "CentOS 7" kernel = "Grub 2" name = "www" group = "web" region = "Dallas, TX, USA" size = 2048 swap_size = 1024 ssh_key = "your-ssh-id_rsa.pub-here" root_password = "your-server-password-here" }
  • 检查您的错误计划: terraform plan
  • 应用所有更改: terraform apply
  • 检查Linode Manager以确保wwwLinode已添加到web您帐户的显示组中。



修改 linode-template.tf 〜/ go_projects /斌/ linode-template.tf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 provider "linode" { key = "your-linode-API-key-here" } resource "linode_linode" "terraform-example" { image = "Ubuntu 16.04 LTS" kernel = "Grub 2" name = "database" group = "web" region = "Atlanta, GA, USA" size = 2048 swap_size = 1024 ssh_key = "your-ssh-id_rsa.pub-here" root_password = "your-server-password-here" }

检查你的计划: terraform plan

应用您的更改: terraform apply 警告更改Linode的大小将强制关闭服务器并将其迁移到同一数据中心的其他主机。每3-5千兆字节的数据,相关的磁盘迁移大约需要1分钟。有关调整大小的更多信息,请阅读调整大小Linode指南。

返回Linode Manager以验证更改。


到目前为止,向基础结构添加新节点的过程是创建新文件并运行该terraform apply命令。但是当您计划的基础架构有数十台服务器时会发生什么?在此示例中,您将使用非常简单的Terraform配置文件版本,该文件使用变量。

出于此示例的目的,您将需要删除以前的节点: terraform plan -destroy 返回: Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. linode_linode.your-terraform-name-here: Refreshing state... (ID: 6630470) ------------------------------------------------------------------------ An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: - linode_linode.TFtest Plan: 0 to add, 0 to change, 1 to destroy. ------------------------------------------------------------------------ Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run.

与之类似terraform plan,上述命令会在进行任何更改之前检查您的基础结构。要执行删除,请运行: terraform destroy 那会回来: linode_linode.your-terraform-name-here: Refreshing state... (ID: 6630470) An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: - linode_linode.TFtest Plan: 0 to add, 0 to change, 1 to destroy. Do you really want to destroy? Terraform will destroy all your managed infrastructure, as shown above. There is no undo. Only 'yes' will be accepted to confirm. Enter a value: yes linode_linode.your-terraform-name-here: Destroying... (ID: 6630470) linode_linode.your-terraform-name-here: Destruction complete after 0s Destroy complete! Resources: 1 destroyed.


删除(或移动到其他位置)所有Terraform文件。 rm *.tf*

创建一个新文件来定义变量。您可以使用任何名称,但对于此示例,我们将使用variables.tf: 〜/ go_projects /斌/ variables.tf1 2 3 4 5 6 variable "linode_key" {} variable "ssh_key" {} variable "root_password" {} variable "region" { default = "Atlanta, GA, USA" }

创建文件terraform.tfvars以存储变量。创建后,您无法更改此文件名: 〜/ go_projects /斌/ terraform.tfvars1 2 3 linode_key = "your-linode-API-key-here" ssh_key = "your-ssh-id_rsa.pub-here" root_password ="your-root-password-here"

创建一个名为的新配置文件linode-mod-template.tf: 〜/ go_projects /斌/ linode-mod-template.tf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 # Linode Provider definition provider "linode" { key = "${var.linode_key}" } # Example Web Server resource "linode_linode" "www-01" { image = "CentOS 7" kernel = "Latest 64 bit" name = "www" group = "web" region = "Dallas, TX, USA" size = 2048 swap_size = 1024 ssh_key = "${var.ssh_key}" root_password = "${var.root_password}" } # Example Database Server resource "linode_linode" "db-01" { image = "Ubuntu 16.04 LTS" kernel = "Latest 64 bit" name = "database" group = "web" region = "${var.region}" size = 2048 swap_size = 1024 ssh_key = "${var.ssh_key}" root_password = "${var.root_password}" }

检查新部署是否有错误: terraform plan

应用所有更改: terraform apply 最终结果与以前相同。变量的使用为Terraform提供了极大的灵活性,不仅可以存储重复数据(作为键),还可以为任何字段分配默认值。

使用Terraform 管理您的基础架构







〜/ go_projects / bin中/模块/应用服务器/ main.tf

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

# Application Server resource "linode_linode" "appserver" { image = "Ubuntu 16.04 LTS" kernel = "Latest 64 bit" name = "${var.appserver_name}" group = "web" region = "${var.region}" size = 2048 swap_size = 1024 ssh_key = "${var.ssh_key}" root_password = "${var.root_password}" } # Database Server resource "linode_linode" "dbserver" { image = "CentOS 7" kernel = "Latest 64 bit" name = "${var.dbserver_name}" group = "web" region = "${var.region}" size = "${var.db_size}" swap_size = 1024 ssh_key = "${var.ssh_key}" root_password = "${var.root_password}" }


〜/ go_projects / bin中/模块/应用服务器/ variables.tf

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

variable "appserver_name" { description = "The name for the Application Server" default = "default-app" } variable "dbserver_name" { description = "The name for the Database Server" default = "default-db" } variable "db_size" { description = "The size (plan) for your Database Linode" default = "1024" } variable "region" { description = "The default Linode region to deploy the infrastructure" default = "default-region" } variable "ssh_key" { description = "The Public id_rsa.pub key used for secure SSH connections" default = "default-ssh-key" } variable "root_password" { description = "The default root password for the Linode server" default = "default-root-pwd" }



〜/ go_projects /斌/测试/ main.tf

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

# Newark Testing Environment Infrastructure provider "linode" { key = "your-linode-API-key-here" } module "appserver" { source = "/your/absolute/path/to/modules/appserver" # Variables Specific to this Deployment region = "Newark, NJ, USA" ssh_key = "your-ssh-id_rsa" root_password ="your-root-password-here" # Variables Specific to Servers appserver_name = "NJ-app" dbserver_name = "NJ-db" db_size = "8192" }


cd ~/go_projects/bin/testing/
terraform init
terraform planned
terraform apply

模块的可能性是无穷无尽的。您可以一次使用多个模块,可以将模块的使用与传统resource定义混合使用,或者甚至可以从远程源调用模块。有关更多信息,请阅读Terraform 模块文档



  • 自定义脚本,可以包含在配置文件本身中,也可以从本地或远程文件中调用。
  • 与Terraform集成的专业软件工具,如Chef或Puppet。
  • 基于容器的解决方案,如Docker或Kubernetes。
  • 基于Terraform插件的解决方案。


