快速入门
本文介绍Terraform的安装配置,并以创建一个华为云VPC为例介绍如何使用Terraform。
安装Terraform
Terraform是以二进制可执行文件发布,您只需下载terraform,然后将terraform可执行文件所在目录添加到系统环境变量PATH中即可。
- 登录Terraform官网,下载对应操作系统的安装包。
- 解压安装包,并将terraform可执行文件所在目录添加到系统环境变量PATH中。
- 在命令行中执行如下命令验证配置路径是否正确。
terraform
如果回显如下则说明配置正确,terraform可以运行。
Usage: terraform [-version] [-help] <command> [args] ....
认证与鉴权
Terraform支持编排华为云上的各种云资源,使用Terraform管理华为云资源前,您需要获取AK/SK,并在Terraform上进行配置,从而认证鉴权。
您可以使用如下两种方式配置Terraform。
- 静态凭证(Static credentials)
静态凭证即在Terraform配置文件中添加AK/SK信息,如下所示。
provider "huaweicloud" { region = "cn-north-1" access_key = "my-access-key" secret_key = "my-secret-key" } - 环境变量(Environment variables)
您可以将如下信息添加到环境变量中进行认证鉴权。
$ export HW_REGION_NAME="cn-north-1" $ export HW_ACCESS_KEY="my-access-key" $ export HW_SECRET_KEY="my-secret-key"
更多配置参数请参见 https://registry.terraform.io/providers/huaweicloud/huaweicloud/latest/docs。
使用Terraform创建华为云VPC
下面以创建一个华为云VPC为例介绍如何使用Terraform。示例中使用的Terraform版本为0.13,华为云Provider的版本为1.20.0。
- 在工作目录下创建 "versions.tf" 文件,指定华为云Provider的registry源和版本,文件内容如下:
terraform { required_providers { huaweicloud = { source = "huaweicloud/huaweicloud" version = ">= 1.20.0" } } }如果需要使用本地的registry源,请参考如何加速下载Provider?
- 创建“main.tf”文件,配置华为云Provider并创建一个VPC,文件内容如下:
# Configure the HuaweiCloud Provider provider "huaweicloud" { region = "cn-north-1" access_key = "my-access-key" secret_key = "my-secret-key" } # Create a VPC resource "huaweicloud_vpc" "example" { name = "terraform_vpc" cidr = "192.168.0.0/16" }上半部分为HuaweiCloud Provider的配置,包含认证鉴权的内容,请根据认证与鉴权配置相关参数;如果使用环境变量方式认证鉴权,可以省略该部分内容。
下半部分描述一个名为example的VPC资源,其中VPC名称为terraform_vpc,cidr为192.168.0.0/16。
- 执行如下命令初始化。
terraform init
回显如下,首次执行时会下载HuaweiCloud Provider并安装。
$ terraform init Initializing the backend... Initializing provider plugins... - Finding latest version of huaweicloud/huaweicloud - Installing huaweicloud/huaweicloud v1.20.0... ... Terraform has been successfully initialized!
- 执行如下命令查看要创建的资源。
terraform plan
回显如下,Terraform会显示要创建哪些资源。
... An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # huaweicloud_vpc.example will be created + resource "huaweicloud_vpc" "example" { + cidr = "192.168.0.0/16" + id = (known after apply) + name = "terraform_vpc" + region = (known after apply) + routes = (known after apply) + shared = (known after apply) + status = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy. ... - 执行如下命令创建资源。
terraform apply
根据提示输入“yes”,回显如下,可以看到名为terraform_vpc的VPC已经创建,您也可以到华为云控制台上查看资源是否已经创建。
An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # huaweicloud_vpc.example will be created + resource "huaweicloud_vpc" "example" { + cidr = "192.168.0.0/16" + id = (known after apply) + name = "terraform_vpc" + region = (known after apply) + routes = (known after apply) + shared = (known after apply) + status = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes huaweicloud_vpc.example: Creating... huaweicloud_vpc.example: Creation complete after 7s [id=ceab8267-38e5-4a4c-8065-12967ad9eb31] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
后续操作
您可以浏览用户指南了解如何创建常用的华为云资源。
