archivos
Estructura de archivos en terraform.
- Creamos archivos nuevos:
touch 00.variables.tf \
01.provider.tf \
02.gce.tf \
03.firewall.tf \
04.outputs.tf \
terraform.tfvars
- Archivo
00-variables.tf
variable "image_id" {
description = "ID de la imagen de la vm"
default = "ubuntu-minimal-2210-kinetic-amd64-v20230126"
}
variable "instance_type" {
description = "Tipo de instancia en GCE"
default = "n1-standard-1"
}
variable "server_name" {
description = "Nombre del servidor web"
default = "nginx-server"
}
variable "environment" {
description = "Ambiente"
default = "test"
}
variable "description" {
description = "tags de descripción del ownership"
default = "- env: test, owner: julian sanchez"
} 01-provider.tfEste bloque le dice a Terraform que use el proveedor de Google Cloud y que despliegue los recursos en la regiónprovider "google" {
project = "sils-keeper-infra"
region = "us-central1"
}"us-central1".02-gce.tfresource "google_compute_instance" "nginx-server" {
project = "sils-keeper-infra"
name = var.server_name
machine_type = var.instance_type
zone = "us-central1-a"
tags = ["nginx", "http-server"]
labels = {
environment = var.environment
owner = "julian_sanchez"
team = "sre"
project = "sils-keeper-infra"
}
boot_disk {
initialize_params {
image = var.image_id
}
}
network_interface {
network = "default"
access_config {}
}
metadata_startup_script = <<EOF
#!/bin/bash
sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
| sudo tee /etc/apt/preferences.d/99nginx
sudo apt update
sudo apt install nginx
sudo systemctl enable nginx
sudo systemctl start nginx
EOF
metadata = {
ssh-keys = "${var.server_name}-ssh: ${file("nginx-server.key.pub")}"
}
}03-firewall.tfresource "google_compute_firewall" "ssh" {
name = "allow-ssh"
project = "sils-keeper-infra"
description = "Allow SSH for DevOps team ${var.description}"
allow {
ports = ["22"]
protocol = "tcp"
}
direction = "INGRESS"
network = "default"
priority = 1000
source_ranges = ["0.0.0.0/0"]
target_tags = ["nginx"]
}
resource "google_compute_firewall" "http" {
name = "allow-http"
project = "sils-keeper-infra"
description = "Allow HTTP for DevOps team ${var.description}"
allow {
ports = ["80"]
protocol = "tcp"
}
direction = "INGRESS"
network = "default"
priority = 1000
source_ranges = ["0.0.0.0/0"]
target_tags = ["nginx"]
}
resource "google_compute_firewall" "nginx-egress-all" {
name = "nginx-egress-all"
project = "sils-keeper-infra"
network = "default"
direction = "EGRESS"
allow {
protocol = "all"
}
destination_ranges = ["0.0.0.0/0"]
description = "Allow all outbound traffic ${var.description}"
target_tags = ["nginx"]
}99-outputs.tfoutput "public_ip" {
description = "Dirección IP pública de la instancia GCP"
value = google_compute_instance.nginx-server.network_interface[0].access_config[0].nat_ip
}- Ahora usamos un archivo de variables para crear un ambiente diferente y cambiar el tipo de maquina
terraform.tfvars
image_id = "ubuntu-minimal-2210-kinetic-amd64-v20230126"
instance_type = "n1-standard-1"
server_name = "nginx-server"
environment = "dev" - Hacemos
terraform planpara probar el cambio según la variable
Implementar archivos de variables por ambiente
- Creamos un archivo
qa.tfvarsimage_id = "ubuntu-minimal-2210-kinetic-amd64-v20230126"
instance_type = "e2-micro"
server_name = "nginx-server"
environment = "qa" - Ejecutamos:
terraform plan --var-file=qa.tfvars