本文介紹Terraform的安裝和配置詳情,以及如何使用Terraform來管理OSS。
文中僅以RAM用戶為例,更多Terraform相關信息請參考Terraform Registry。
安裝并配置Terraform
使用Terraform前,您需要按照以下步驟安裝并配置Terraform。
前往Terraform官網下載適用于您的操作系統的程序包。
本文以Linux系統為例。
將程序包解壓到/usr/local/bin。
如果將可執行文件解壓到其他目錄,則需要將路徑加入到全局變量。
執行以下命令驗證是否已成功安裝Terraform。
terraform
成功返回示例如下。
Usage: terraform [-version] [-help] <command> [args]
創建RAM用戶,并為其授權。
重要阿里云賬號AccessKey擁有所有API的訪問權限,風險很高。強烈建議您創建并使用RAM用戶的AccessKey配置Terraform工具。
執行以下命令為Terraform項目創建工作目錄。
重要每個Terraform項目都需要1個獨立的工作目錄。
mkdir terraform-test
執行以下命令進入工作目錄terraform-test。
cd terraform-test
Terraform在執行時,會讀取該目錄空間下所有*.tf和*.tfvars文件。因此,您可以按照實際用途將配置信息寫入到不同的文件中。常用配置文件如下。
文件
說明
provider.tf
provider配置
terraform.tfvars
配置provider要用到的變量
variable.tf
通用變量
resource.tf
資源定義
data.tf
包文件定義
output.tf
輸出
本文以provider配置文件provider.tf為例。
執行以下命令創建身份認證信息配置文件provider.tf。
vim provider.tf
配置文件信息示例如下。
provider "alicloud" { region = "cn-beijing" access_key = "LTA**********NO2" secret_key = "MOk8x0*********************wwff" }
執行以下命令初始化工作目錄terraform-test。
重要每個Terraform項目在新建Terraform工作目錄并創建配置文件后,都需要初始化工作目錄。
terraform init
成功返回示例如下。
Initializing provider plugins... - Checking for available provider plugins on https://releases.hashicorp.com... - Downloading plugin for provider "alicloud" (1.25.0)... The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, it is recommended to add version = "..." constraints to the corresponding provider blocks in configuration, with the constraint strings suggested below. * provider.alicloud: version = "~> 1.25" Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
使用Terraform管理OSS
Terraform安裝完成之后,您就可以通過Terraform的操作命令管理OSS了,下面介紹幾個常用的操作命令。
terraform plan
terraform plan用于預覽將要執行的操作。該命令允許您在正式執行配置文件之前,查看將要執行哪些操作。
使用terraform plan預覽創建Bucket的操作示例如下。
執行以下命令創建配置文件test.tf。
vim test.tf
配置文件信息示例如下。
resource "alicloud_oss_bucket" "bucket-acl"{ bucket = "demo-2023" acl = "private" }
執行以下命令查看將會執行的操作。
terraform plan
成功返回示例如下。
Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ------------------------------------------------------------------------ An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: + alicloud_oss_bucket.bucket-acl id: <computed> acl: "private" bucket: "demo-2023" creation_date: <computed> extranet_endpoint: <computed> intranet_endpoint: <computed> location: <computed> logging_isenable: "true" owner: <computed> referer_config.#: <computed> storage_class: <computed> Plan: 1 to add, 0 to change, 0 to destroy. ------------------------------------------------------------------------ Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run.
terraform apply
terraform apply用于執行工作目錄中的配置文件。
使用terraform apply創建Bucket的操作示例如下。
執行以下命令創建配置文件test.tf。
vim test.tf
配置文件信息示例如下。
resource "alicloud_oss_bucket" "bucket-acl"{ bucket = "demo-2023" acl = "private" }
執行以下命令執行配置文件。
terraform apply
成功返回示例如下。
An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: + alicloud_oss_bucket.bucket-acl id: <computed> acl: "private" bucket: "demo-2023" creation_date: <computed> extranet_endpoint: <computed> intranet_endpoint: <computed> location: <computed> logging_isenable: "true" owner: <computed> referer_config.#: <computed> storage_class: <computed> Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_oss_bucket.bucket-acl: Creating... acl: "" => "private" bucket: "" => "demo-2023" creation_date: "" => "<computed>" extranet_endpoint: "" => "<computed>" intranet_endpoint: "" => "<computed>" location: "" => "<computed>" logging_isenable: "" => "true" owner: "" => "<computed>" referer_config.#: "" => "<computed>" storage_class: "" => "<computed>" alicloud_oss_bucket.bucket-acl: Creation complete after 1s (ID: demo-2023) Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
說明此配置執行后,如果demo-2023這個Bucket不存在,則創建一個Bucket。如果已存在,且為Terraform創建的空Bucket,則會刪除原有Bucket并重新生成。
terraform destroy
terraform destroy可刪除通過Terraform創建的空Bucket。
使用terraform import刪除通過Terraform創建的空Bucket的操作示例如下。
執行以下命令創建配置文件test.tf。
vim test.tf
配置文件信息示例如下。
resource "alicloud_oss_bucket" "bucket-acl"{ bucket = "demo-2023" acl = "private" }
執行以下命令來執行配置文件。
terraform destroy
成功返回示例如下。
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # alicloud_oss_bucket.bucket-acl will be destroyed - resource "alicloud_oss_bucket" "bucket-acl" { - acl = "private" -> null - bucket = "demo-2023" -> null - creation_date = "2023-01-04" -> null - extranet_endpoint = "oss-cn-hangzhou.aliyuncs.com" -> null - force_destroy = false -> null - id = "demo-2023" -> null - intranet_endpoint = "oss-cn-hangzhou-internal.aliyuncs.com" -> null - location = "oss-cn-hangzhou" -> null - owner = "1379***" -> null - redundancy_type = "LRS" -> null - storage_class = "Standard" -> null - tags = {} -> null } Plan: 0 to add, 0 to change, 1 to destroy. Do you really want to destroy all resources? Terraform will destroy all your managed infrastructure, as shown above. There is no undo. Only 'yes' will be accepted to confirm. Enter a value: yes alicloud_oss_bucket.bucket-acl: Destroying... [id=demo-2023] alicloud_oss_bucket.bucket-acl: Destruction complete after 2s Destroy complete! Resources: 1 destroyed.
terraform import
如果Bucket不是通過Terraform創建,可通過terraform import導入現有的Bucket。
使用terraform import導入Bucket的操作示例如下。
執行以下命令創建配置文件。
vim main.tf
配置文件信息示例如下。
resource "alicloud_oss_bucket" "bucket" { bucket = "aliyundoc-demo" acl = "private" }
執行以下命令執行配置文件。
terraform import alicloud_oss_bucket.bucket aliyundoc-demo
成功返回示例如下。
alicloud_oss_bucket.bucket: Importing from ID "aliyundoc-demo"... alicloud_oss_bucket.bucket: Import prepared! Prepared alicloud_oss_bucket for import alicloud_oss_bucket.bucket: Refreshing state... [id=aliyundoc-demo] Import successful! The resources that were imported are shown above. These resources are now in your Terraform state and will henceforth be managed by Terraform.
相關文檔
更多Bucket配置操作示例,請參見alicloud_oss_bucket。
更多Object配置操作示例,請參見alicloud_oss_bucket_object。
更多Terraform相關信息,請參見Terraform Registry。