Terraform专题精讲——如何安装 Terraform
如何安装 Terraform
一、Operating System
https://developer.hashicorp.com/terraform/install
Manual installation:
[root@JumperServer:~] # git clone https://github.com/hashicorp/terraform.git [root@JumperServer:~] # cd terraform [root@JumperServer:~] # go install
macOS:
brew tap hashicorp/tap brew install hashicorp/tap/terraform
或者:
wget https://releases.hashicorp.com/terraform/1.6.4/terraform_1.6.4_darwin_amd64.zip wget https://releases.hashicorp.com/terraform/1.6.4/terraform_1.6.4_darwin_arm64.zip
Windows:
https://releases.hashicorp.com/terraform/1.6.4/terraform_1.6.4_windows_386.zip https://releases.hashicorp.com/terraform/1.6.4/terraform_1.6.4_windows_amd64.zip
Linux:
386: https://releases.hashicorp.com/terraform/1.6.4/terraform_1.6.4_linux_386.zip AMD64: https://releases.hashicorp.com/terraform/1.6.4/terraform_1.6.4_linux_amd64.zip ARM: https://releases.hashicorp.com/terraform/1.6.4/terraform_1.6.4_linux_arm.zip ARM64: https://releases.hashicorp.com/terraform/1.6.4/terraform_1.6.4_linux_arm64.zip
Ubuntu/Debian:
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list sudo apt update && sudo apt install terraform
CentOS/RHEL:
sudo yum install -y yum-utils sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo sudo yum -y install terraform
Fedora:
sudo dnf install -y dnf-plugins-core sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo sudo dnf -y install terraform
Amazon Linux:
sudo yum install -y yum-utils shadow-utils sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo sudo yum -y install terraform
Homebrew:
brew tap hashicorp/tap brew install hashicorp/tap/terraform
FreeBSD:
386: https://releases.hashicorp.com/terraform/1.6.4/terraform_1.6.4_freebsd_386.zip ADM64: https://releases.hashicorp.com/terraform/1.6.4/terraform_1.6.4_freebsd_amd64.zip ARM: https://releases.hashicorp.com/terraform/1.6.4/terraform_1.6.4_freebsd_arm.zip
OpenBSD:
386:https://releases.hashicorp.com/terraform/1.6.4/terraform_1.6.4_openbsd_386.zip AMD64: https://releases.hashicorp.com/terraform/1.6.4/terraform_1.6.4_openbsd_amd64.zip
Solaris:
AMD64: https://releases.hashicorp.com/terraform/1.6.4/terraform_1.6.4_solaris_amd64.zip
验证:
[root@JumperServer:~] # terraform version
Terraform v1.6.4
on linux_amd64
[root@JumperServer:~] # terraform -help
Usage: terraform [global options] <subcommand> [args]
The available commands for execution are listed below.
The primary workflow commands are given first, followed by
less common or more advanced commands.
Main commands:
init Prepare your working directory for other commands
validate Check whether the configuration is valid
plan Show changes required by the current configuration
apply Create or update infrastructure
destroy Destroy previously-created infrastructure
All other commands:
console Try Terraform expressions at an interactive command prompt
fmt Reformat your configuration in the standard style
force-unlock Release a stuck lock on the current workspace
get Install or upgrade remote Terraform modules
graph Generate a Graphviz graph of the steps in an operation
import Associate existing infrastructure with a Terraform resource
login Obtain and save credentials for a remote host
logout Remove locally-stored credentials for a remote host
metadata Metadata related commands
output Show output values from your root module
providers Show the providers required for this configuration
refresh Update the state to match remote systems
show Show the current state or a saved plan
state Advanced state management
taint Mark a resource instance as not fully functional
test Execute integration tests for Terraform modules
untaint Remove the 'tainted' state from a resource instance
version Show the current Terraform version
workspace Workspace management
Global options (use these before the subcommand, if any):
-chdir=DIR Switch to a different working directory before executing the
given subcommand.
-help Show this help output, or the help for a specified subcommand.
-version An alias for the "version" subcommand.
[root@JumperServer:~] #
二、Terraform 代码安全性检查
如果想知道自己写的 Terraform 项目代码有没有什么安全风险,那么可以使用 tfsec 这个工具,tfsec 项目地址:https://github.com/aquasecurity/tfsec
go install github.com/aquasecurity/tfsec/cmd/tfsec@latest
使用也非常简单,直接来到 Terraform 项目目录下,使用 tfsec . 命令即可:
tfsec .
三、启动插件缓存
有的时候下载某些 Provider 会非常缓慢,或是在开发环境中存在许多的 Terraform 项目,每个项目都保有自己独立的插件文件夹非常浪费磁盘,这时我们可以使用插件缓存。
有两种方式可以启用插件缓存:
第一种方法:配置 TF_PLUGIN_CACHE_DIR 这个环境变量
export TF_PLUGIN_CACHE_DIR="$HOME/.terraform.d/plugin-cache"
第二种方法:是使用CLI配置文件。Windows下是在相关用户的%APPDATA%目录下创建名为"terraform.rc"的文件,Macos和Linux用户则是在用户的home下创建名为".terraformrc"的文件。在文件中配置如下:
plugin_cache_dir = "$HOME/.terraform.d/plugin-cache"
当启用插件缓存之后,每当执行 terraform init 命令时,Terraform 引擎会首先检查期望使用的插件在缓存文件夹中是否已经存在,如果存在,那么就会将缓存的插件拷贝到当前工作目录下的.terraform文件夹内。如果插件不存在,那么Terraform仍然会像之前那样下载插件,并首先保存在插件文件夹中,随后再从插件文件夹拷贝到当前工作目录下的.terraform文件夹内。为了尽量避免同一份插件被保存多次,只要操作系统提供支持,Terraform就会使用符号连接而不是实际从插件缓存目录拷贝到工作目录。
需要特别注意的是,Windows 系统下 plugin_cache_dir 的路径也必须使用/作为分隔符,应使用C:/somefolder/plugin_cahce而不是C:\somefolder\plugin_cache
Terrafom引擎永远不会主动删除缓存文件夹中的插件,缓存文件夹的尺寸可能会随着时间而增长到非常大,这时需要手工清理。
四、可视化 Terraform
如果 Terraform 项目比较复杂,那么可以利用 tfviz 这个工具,可视化 Terraform 项目,tfviz 项目地址:https://github.com/steeve85/tfviz
GO111MODULE=on go get -u github.com/steeve85/tfviz
到 Terraform 项目目录下使用:
tfviz -input ./ -output tfimg.png
五、配置
5.1、创建配置文件
# 创建缓存目录 mkdir -pv $HOME/.terraform.d/terraform-plugin-cache # 写入配置文件 cat > $HOME/.terraform.d/.terraformrc <<EOF plugin_cache_dir = "$HOME/.terraform.d/terraform-plugin-cache" disable_checkpoint = true EOF # 全局生效配置文件路径 export TF_CLI_CONFIG_FILE=$HOME/.terraform.d/.terraformrc
5.2、初始化
插件下载方式有两种:
- 通过
terraform init自动下载provider 插件; - 登入
registry.terraform.io手动到GitHub下载,并按照目录结构存放到plugin_cache_dir;
- 通过
本次演示先使用terraform init进行操作, 如果手动到registry下载,需要按照目录结构存放;
[root@JumperServer:demo] # cat main.tf
terraform {
required_providers {
huaweicloud = {
source = "huaweicloud/huaweicloud"
version = ">= 1.57.0"
}
}
}
# Configure the HuaweiCloud Provider
provider "huaweicloud" {
region = "cn-north-4"
access_key = "XXXXXXXXXXXX"
secret_key = "XXXXXXXXXXXX"
}
[root@JumperServer:demo] # terraform init
Initializing the backend...
Initializing provider plugins...
- Finding huaweicloud/huaweicloud versions matching ">= 1.57.0"...
- Installing huaweicloud/huaweicloud v1.57.0...
- Installed huaweicloud/huaweicloud v1.57.0 (self-signed, key ID 4FFE1736199213B8)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
[root@JumperServer:demo] # tree /root/.terraform.d/
/root/.terraform.d/
├── checkpoint_cache
├── checkpoint_signature
└── terraform-plugin-cache
└── registry.terraform.io
└── huaweicloud
└── huaweicloud
└── 1.57.0
└── linux_amd64
├── CHANGELOG.md
├── LICENSE
├── README.md
└── terraform-provider-huaweicloud_v1.57.0
6 directories, 6 files
[root@JumperServer:demo] #
