archivos
Estructura de archivos en terraform.
- Creamos archivos nuevos:
touch 00.variables.tf \
01.provider.tf \
02.gce.tf \
03.firewall.tf \
04.outputs.tf \
terraform.tfvars
- Archivo
00-variables.tfvariable "image_id" {description = "ID de la imagen de la vm"default = "ubuntu-minimal-2210-kinetic-amd64-v20230126"}variable "instance_type" {description = "Tipo de instancia en GCE"default = "n1-standard-1"}variable "server_name" {description = "Nombre del servidor web"default = "nginx-server"}variable "environment" {description = "Ambiente"default = "test"}variable "description" {description = "tags de descripción del ownership"default = "- env: test, owner: julian sanchez"} 01-provider.tfEste bloque le dice a Terraform que use el proveedor de Google Cloud y que despliegue los recursos en la regiónprovider "google" {project = "sils-keeper-infra"region = "us-central1"}"us-central1".02-gce.tfresource "google_compute_instance" "nginx-server" {project = "sils-keeper-infra"name = var.server_namemachine_type = var.instance_typezone = "us-central1-a"tags = ["nginx", "http-server"]labels = {environment = var.environmentowner = "julian_sanchez"team = "sre"project = "sils-keeper-infra"}boot_disk {initialize_params {image = var.image_id}}network_interface {network = "default"access_config {}}metadata_startup_script = <<EOF#!/bin/bashsudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyringcurl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/nullgpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpgecho "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \| sudo tee /etc/apt/sources.list.d/nginx.listecho -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \| sudo tee /etc/apt/preferences.d/99nginxsudo apt updatesudo apt install nginxsudo systemctl enable nginxsudo systemctl start nginxEOFmetadata = {ssh-keys = "${var.server_name}-ssh: ${file("nginx-server.key.pub")}"}}03-firewall.tfresource "google_compute_firewall" "ssh" {name = "allow-ssh"project = "sils-keeper-infra"description = "Allow SSH for DevOps team ${var.description}"allow {ports = ["22"]protocol = "tcp"}direction = "INGRESS"network = "default"priority = 1000source_ranges = ["0.0.0.0/0"]target_tags = ["nginx"]}resource "google_compute_firewall" "http" {name = "allow-http"project = "sils-keeper-infra"description = "Allow HTTP for DevOps team ${var.description}"allow {ports = ["80"]protocol = "tcp"}direction = "INGRESS"network = "default"priority = 1000source_ranges = ["0.0.0.0/0"]target_tags = ["nginx"]}resource "google_compute_firewall" "nginx-egress-all" {name = "nginx-egress-all"project = "sils-keeper-infra"network = "default"direction = "EGRESS"allow {protocol = "all"}destination_ranges = ["0.0.0.0/0"]description = "Allow all outbound traffic ${var.description}"target_tags = ["nginx"]}99-outputs.tfoutput "public_ip" {description = "Dirección IP pública de la instancia GCP"value = google_compute_instance.nginx-server.network_interface[0].access_config[0].nat_ip}- Ahora usamos un archivo de variables para crear un ambiente diferente y cambiar el tipo de maquina
terraform.tfvars
image_id = "ubuntu-minimal-2210-kinetic-amd64-v20230126"instance_type = "n1-standard-1"server_name = "nginx-server"environment = "dev" - Hacemos
terraform planpara probar el cambio según la variable
Implementar archivos de variables por ambiente
- Creamos un archivo
qa.tfvarsimage_id = "ubuntu-minimal-2210-kinetic-amd64-v20230126"instance_type = "e2-micro"server_name = "nginx-server"environment = "qa" - Ejecutamos:
terraform plan --var-file=qa.tfvars