expert1

expert1

关注
发信
关注(28)粉丝(399)

terraform 创建AWS EC2/puppet/zabbix的repo

    https://www.terraform.io/docs/index.html 可以创建AWS/openstack/Azure等,一个开源的云平台管理工具,假如你用了Azure/openstack等混杂云环境,可以考虑用这个,官方文档非常的简洁。下边例子是创建VPC/subnet/若干个EC2,后端的subnet的ec2通过nat-box上网并且安装puppet/zabbix的yum repo。不多说了,talk is cheap, show me the code.
  
  注意provisioner有个问题:创建EIP和remote-exec, 由于remote-exec需要EIP但terraform会等remote-exec执行完才得到eip,这显然是不可能的,需要depends_on来指定先后顺序和用null_resource, 这这里也有说明。https://github.com/hashicorp/terraform/issues/557
# variables

  1. provider "aws" {
  2.   access_key = "${var.access_key}"
  3.   secret_key = "${var.secret_key}"
  4.   region = "${var.region}"
  5. }

  7. resource "aws_vpc" "demo" {
  8.   cidr_block = "10.0.0.0/16"

  10.   tags {
  11.     Name = "demo"
  12.   }
  13. }

  15. resource "aws_subnet" "public" {
  16.   vpc_id = "${aws_vpc.demo.id}"
  17.   cidr_block = "10.0.10.0/24"

  19.   tags {
  20.     Name = "demo-public"
  21.   }
  22. }

  24. resource "aws_subnet" "private" {
  25.   vpc_id = "${aws_vpc.demo.id}"
  26.   cidr_block = "10.0.80.0/24"

  28.   tags {
  29.     Name = "demo-private"
  30.   }
  31. }

  33. resource "aws_internet_gateway" "default" {
  34.   vpc_id = "${aws_vpc.demo.id}"

  36.   tags {
  37.     Name = "default-IGW"
  38.   }
  39. }

  41. resource "aws_route_table" "internet_access" {
  42.   vpc_id = "${aws_vpc.demo.id}"

  44.   route {
  45.     cidr_block = "0.0.0.0/0"
  46.     gateway_id = "${aws_internet_gateway.default.id}"
  47.   }

  49.   tags {
  50.     Name = "igw"
  51.   }
  52. }

  54. resource "aws_route_table_association" "public" {
  55.   subnet_id = "${aws_subnet.public.id}"
  56.   route_table_id = "${aws_route_table.internet_access.id}"
  57. }

  59. resource "aws_route_table" "private" {
  60.   vpc_id = "${aws_vpc.demo.id}"

  62.   route {
  63.     cidr_block = "0.0.0.0/0"
  64.     instance_id = "${aws_instance.nat.id}"
  65.   }
  66. }

  68. resource "aws_route_table_association" "private" {
  69.   subnet_id = "${aws_subnet.private.id}"
  70.   route_table_id = "${aws_route_table.private.id}"
  71. }

  73. resource "aws_elb" "web" {
  74.   name = "pcf-elb"
  75.   subnets = ["${aws_subnet.private.id}"]
  76.   security_groups = ["${aws_security_group.elb.id}"]

  78.   listener {
  79.     instance_port = 80
  80.     instance_protocol = "http"
  81.     lb_port = 80
  82.     lb_protocol = "http"
  83.   }

  85.   health_check {
  86.     healthy_threshold = 2
  87.     unhealthy_threshold = 2
  88.     timeout = 3
  89.     target = "HTTP:80/"
  90.     interval = 30
  91.   }

  93.   # The instance is registered automatically


  96.   # instances = ["${aws_instance.web.id}"]

  98.   cross_zone_load_balancing = true
  99.   idle_timeout = 400
  100.   connection_draining = true
  101.   connection_draining_timeout = 400
  102.   tags {
  103.     Name = "test-pcf"
  104.   }
  105. }

  107. /*
  108.    resource "aws_lb_cookie_stickiness_policy" "default" {
  109.    name = "lbpolicy"
  110.    load_balancer = "${aws_elb.web.id}"
  111.    lb_port = 80
  112.    cookie_expiration_period = 600
  113.    } */

  115. resource "aws_security_group" "elb" {
  116.   name = "example_elb"
  117.   description = "Nothing more"
  118.   vpc_id = "${aws_vpc.demo.id}"

  120.   # HTTP access from anywhere
  121.   ingress {
  122.     from_port = 80
  123.     to_port = 80
  124.     protocol = "tcp"
  125.     cidr_blocks = ["0.0.0.0/0"]
  126.   }

  128.   # outbound internet access
  129.   egress {
  130.     from_port = 0
  131.     to_port = 0
  132.     protocol = "-1"
  133.     cidr_blocks = ["0.0.0.0/0"]
  134.   }
  135. }

  137. resource "aws_eip" "demo" {
  138.   instance = "${aws_instance.zabbix-server.id}"
  139.   depends_on = ["aws_instance.zabbix-server"]
  140.   vpc = true
  141. }

  143. resource "aws_instance" "zabbix-server" {
  144.   ami = "${lookup(var.aws_opsman_ami,var.region)}"
  145.   instance_type = "m3.medium"
  146.   key_name = "${var.key_name}"
  147.   subnet_id = "${aws_subnet.public.id}"
  148.   vpc_security_group_ids = ["${aws_security_group.all_pass.id}"]

  150.   tags {
  151.     Name = "zabbix-server"
  152.   }

  154. }

  156. resource "null_resource" "server-provisioning" {
  157.   triggers {
  158.     instance = "${aws_instance.zabbix-server.id}"
  159.   }

  161.   connection {
  162.     host = "${aws_eip.demo.public_ip}"
  163.     user = "ec2-user"
  164.     timeout = "5m"
  165.     private_key = "${file("./hfu.pem")}"
  166.   }


  169.   provisioner "file" {
  170.     # puppet.conf
  171.     content = <<EOF
  172. [main]
  173. certname = ${var.puppetname}
  174. server = ${var.puppetname}
  175. strict_variables = true
  176. masterport = 8140

  178. [master]
  179. node_terminus = exec
  180. external_nodes = /etc/puppetlabs/enc.rb
  181. autosign = true
  182. vardir = /opt/puppetlabs/server/data/puppetserver
  183. logdir = /var/log/puppetlabs/puppetserver
  184. rundir = /var/run/puppetlabs/puppetserver
  185. pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
  186. codedir = /etc/puppetlabs/code

  188. [agent]
  189. puppetmaster = ${var.puppetname}
  190. environment = production
  191. runinterval = 1h

  193. EOF

  195.     destination = "/tmp/puppetmaster"
  196.   }

  198.   provisioner "file" {

  200.     # external node classifier
  201.     content =<<EOF
  202. #!/usr/bin/env ruby

  204. require 'yaml'
  205. node = ARGV[0]

  207. # agent FQDN : ${app}.${env}.${Location || IDC}, e.g web01.prod.bjcnc

  209. if node =~ /(^[a-zA-Z]+)(\d+)\.(\S+)\.(\S+)$/

  211.     hostname = $1
  212.     env = $3
  213.     config = YAML.load_file('defaults.yaml')[env]
  214.     print YAML.dump(config.fetch(hostname))
  215.     exit 0

  217. else

  219.     config = YAML.load_file('defaults.yaml')
  220.     print YAML.dump(config.fetch('base'))
  221.     exit 0

  223. end

  225. EOF

  227.     destination = "/tmp/enc"

  229.   }

  231.   provisioner "remote-exec" {
  232.     inline = [
  233.       # reserve EC2 for future usage.
  234.       "sudo echo ${join(",", aws_instance.trial.*.private_ip)} >>/tmp/ec2_list" ,
  235.       "sudo bash -c 'echo puppet \"${aws_instance.zabbix-server.private_ip} puppet.xxx.com\" >> /etc/hosts'" ,
  236.       "sudo rpm -ivh http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/zabbix-release-3.0-1.el7.noarch.rpm",
  237.       "sudo rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm",
  238.       "sudo sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/redhat-rhui.repo",
  239.       "sudo yum -y install ruby mariadb mariadb-server vim-enhanced telnet zabbix-server-mysql zabbix-web-mysql puppetserver 1 >/dev/null ",

  241.       "sudo mv /tmp/puppetmaster /etc/puppetlabs/puppet/puppet.conf",
  242.       "sudo mv /tmp/enc /etc/puppetlabs/enc.rb",
  243.       "sudo chmod a+x /etc/puppetlabs/enc.rb",
  244.       # start puppetmaster
  245. # "sudo systemctl start puppetserver",
  246.     ]
  247.   }
  248. }

  250. resource "aws_instance" "trial" {
  251.   count = 1
  252.   ami = "${var.other_ami}"
  253.   instance_type = "t2.micro"
  254.   key_name = "${var.key_name}"
  255.   subnet_id = "${aws_subnet.private.id}"
  256.   vpc_security_group_ids = ["${aws_security_group.all_pass.id}"]

  258.   tags {
  259.     # generate sequential tag , Name = "${format("web-%03d", count.index)}"
  260.     Name = "${lookup(var.instance_tag, count.index)}"

  262.   }

  264.   provisioner "local-exec" {
  265.     /*
  266.     To reference attributes of your own resource, the syntax is self.ATTRIBUTE. For example ${self.private_ip_address} will interpolate that resource's private IP address. Note that this is only allowed/valid within provisioners.

  268.     */
  269.     command = "echo ${self.private_ip} > private_ips"
  270.   }

  272.   connection {
  273.     host = "${self.private_ip}"
  274.     bastion_host = "${aws_eip.demo.public_ip}"
  275.     user = "ec2-user"
  276.     timeout = "5m"
  277.     bastion_port = "22"
  278.     bastion_private_key = "${file("./hfu.pem")}"
  279.   }

  281.   provisioner "file" {
  282.     # puppet.conf of agent
  283.     content = <
  284. [agent]
  285. puppetmaster = ${var.puppetname}
  286. environment = production
  287. runinterval = 1h
  288. EOF

  290.     destination = "/tmp/init_env.sh"
  291.   }

  293.   provisioner "remote-exec" {
  294.     inline = [
  295.       "sudo bash -c 'echo puppet \"${aws_instance.zabbix-server.private_ip} puppet.xxx.com\" >> /etc/hosts


  1. variable "access_key" {
  2.   default = "xxxx"
  3. }

  5. variable "secret_key" {
  6.   default = "xxxxxxx"
  7. }

  9. variable "key_name" {
  10.   default = "hfu"
  11. }

  13. variable "region" {
  14.   default = "cn-north-1"
  15. }

  17. variable "aws_opsman_ami" {
  18.   type = "map"

  20.   default = {
  21.     cn-north-1 = "ami-52d1183f"
  22.     us-east-1 = "ami-xx"
  23.   }
  24. }

  26. variable "other_ami" {
  27.     default = "ami-52d1183f"
  28. }

  30. variable "aws_nat_ami" {
  31.   type = "map"

  33.   default = {
  34.     cn-north-1 = "ami-1848da21"
  35.     us-east-1 = "ami-xxx"
  36.   }
  37. }

  39. variable "puppetname" {

  41.     default = "puppet.xxx.com"
  42. }
  43. variable "instance_tag" {
  44.   default = {
  45.     "0" = "client"
  46.   }
  47. }

需要设置的变量都在variables.tf里,然后直接terrafrom apply, 详细的输出可以告诉你哪些资源被创建了。
安装完毕,puppetmaster,zabbix-server以及agent设置好了。

至于层次结构跟cloudformation差不多,只不过它不是json文件,这个要注意。其他什么input/output/provider/provisioner也大同小异不多说了。

09-04 15:51
Powered by LMLPHP ©2024 expert1 0.089022