目录

 一、实验

1.环境

 2.Terraform 连接 tencentcloud 腾讯云COS

3.申请VPC专有网络资源

4.申请安全组资源

5.申请CVM资源

6.申请CLB资源

7.申请DNS资源

8.销毁资源

二、问题

1. Terraform申请安全组资源失败

2.Terraform验证云主机资源报错

3. A记录和CNAME的区别

4. 存储桶无法删除

---

 

 

 一、实验

1.环境

（1）主机

表1-1 主机

主机	系统	软件	工具	备注
jia	Windows	Terraform 1.6.6	VS Code、 PowerShell、 Chocolatey

 

 2.Terraform 连接 tencentcloud 腾讯云COS

（1）验证版本

terraform versionterraform -v 

（2）连接

参考本人上一篇博客：

IaC基础设施即代码：使用Terraform 连接 tencentcloud腾讯云 并创建后端COS-CSDN博客

 

3.申请VPC专有网络资源

（1）查看目录

 （2）创建主配置文件

main.tf

# Configure the TencentCloud Provider
provider "tencentcloud" {secret_id  = var.secret_idsecret_key = var.secret_keyregion     = var.region
}

 

(3) 创建密钥配置文件

terraform.tfvars

secret_id = "XXXXX"
secret_key = "XXXXX"

 

 

（4）创建版本配置文件

versions.tf

terraform {required_providers {tencentcloud = {source  = "tencentcloudstack/tencentcloud"version = "1.81.69"}}
}

 

(5)创建变量配置文件

variables.tf

variable "secret_id" {type = string}variable "secret_key" {type = string
}variable "region" {type      = stringdefault   = "ap-nanjing"sensitive = true
}

 

（6）创建后端配置文件

backend.tf

(8) 初始化

terraform init

 

（7）格式化代码

terraform fmt

 

（8）验证代码

terraform validate 

 

 

(9) 创建网络模块

主配置文件 main.tf

resource "tencentcloud_vpc" "vpc" {name         = var.vpc_namecidr_block   = var.vpc_cidr_blocktags = {"env" = var.env_name}
}resource "tencentcloud_subnet" "subnet" {availability_zone = var.availability_zonename              = var.subnet_namevpc_id            = tencentcloud_vpc.vpc.idcidr_block        = var.subnet_cidr_block
}

变量配置文件 variables.tf

variable "vpc_name" {type = stringdefault = "vpc"sensitive = true
}variable "vpc_cidr_block" {type = stringsensitive = true  
}variable "env_name" {type = string
}variable "subnet_cidr_block" {type = string}variable "subnet_name" {type = string}
variable "availability_zone" {type = string}

版本配置文件 versions.tf

terraform {required_providers {tencentcloud = {source  = "tencentcloudstack/tencentcloud"version = "1.81.69"}}
}

(10)查看网络模块目录

（11）创建专有网络资源配置文件

vpc.tf

locals {vpc_name          = "dev-vpc"vpc_cidr_block    = "172.16.0.0/12"env_name          = "dev"subnet_cidr_block = "172.16.0.0/21"availability_zone = "ap-nanjing-1"subnet_name       = "dev-subnet"
}module "dev-vpc" {source = "../../../modules/vpc"vpc_name          = local.vpc_namevpc_cidr_block    = local.vpc_cidr_blockenv_name          = local.env_namesubnet_name       = local.subnet_nameavailability_zone = local.availability_zonesubnet_cidr_block = local.subnet_cidr_block   
}

（12）查看网路服务目录

（13） 初始化

terraform init

 

（14）格式化代码

terraform fmt

 

（15）验证代码

terraform validate 

 

（16）计划与预览

 terraform plan

（17）申请资源

terraform apply

（18）登录腾讯云系统查看

存储桶已添加网络服务配置文件

私有网络

子网

 

4.申请安全组资源

（1） 创建安全组模块

主配置文件 main.tf

 

# Create security group
resource "tencentcloud_security_group" "default" {name        = var.security_group_namedescription = var.security_group_desc
}resource "tencentcloud_security_group_lite_rule" "web" {security_group_id = tencentcloud_security_group.default.idingress = ["ACCEPT#0.0.0.0/0#80#TCP","ACCEPT#0.0.0.0/0#8080#TCP","ACCEPT#0.0.0.0/0#443#TCP","ACCEPT#0.0.0.0/0#22#TCP"]egress = ["ACCEPT#0.0.0.0/0#22#TCP","ACCEPT#0.0.0.0/0#80#TCP", "ACCEPT#0.0.0.0/0#8080#TCP", "ACCEPT#0.0.0.0/0#443#TCP"]
}

 

变量配置文件 variables.tf

variable "security_group_name" {type = string
}variable "security_group_desc" {type = string
}

 

版本配置文件 versions.tf

terraform {required_providers {tencentcloud = {source  = "tencentcloudstack/tencentcloud"version = "1.81.69"}}
}

 

(2)查看安全组模块目录

（3）创建安全配置文件

security_group.tf

locals {security_group_name = "dev-sec-group"security_group_desc = "dev env group"
}module "dev-sec-group" {source              = "../../../modules/security_group"security_group_desc = local.security_group_descsecurity_group_name = local.security_group_name
}

（4）创建输出配置文件

output "vpc_id" {value = module.dev-vpc.vpc_id}output "subnet_id" {value = module.dev-vpc.subnet_id
}output "security_group_id" {value = module.dev-sec-group.security_group_id
}

（5）查看网络服务目录

 

（6）格式化代码

terraform fmt

 

（7）验证代码

terraform validate 

 

（8）计划与预览

 terraform plan

 

（9）申请资源

terraform apply

 

 

（10）登录腾讯云系统查看

安全组

入站规则

出站规则

 

 

 

5.申请CVM资源

（1）查看目录

 （2）创建配置文件

主配置文件main.tf 、密钥配置文件terraform.tfvars、版本配置文件versions.tf 与之前的网络服务相同。

 

（3）创建后端配置文件

backend.tf

(4)  修改主配置文件

main.tf

 

(5) 初始化

terraform init

（6）创建云主机模块

主配置文件main.tf

resource "tencentcloud_instance" "instance" {instance_name              = var.instance_nameavailability_zone          = var.availability_zoneimage_id                   = var.image_idinstance_type              = var.instance_typesystem_disk_type           = "CLOUD_PREMIUM"system_disk_size           = 50allocate_public_ip         = false
#   internet_charge_type       = "BANDWIDTH_POSTPAID_BY_HOUR"internet_max_bandwidth_out = 0orderly_security_groups    =  var.security_group_idvpc_id                     = var.vpc_idsubnet_id                  = var.subnet_idpassword                   = "root@123"user_data_raw              =  <<-EOF#!/bin/bash yum -y install nginx echo `hostname` >/usr/share/nginx/html/index.htmlsystemctl restart nginx EOFlifecycle {create_before_destroy = true}
}

输出配置文件outputs.tf

output "instance_id" {value = tencentcloud_instance.instance.id
}

变量配置文件cariables.tf

variable "instance_name" {type = string}variable "availability_zone" {type = string}variable "image_id" {type = string
}variable "instance_type" {type = string}variable "security_group_id" {type = list(string)
}variable "vpc_id" {
}variable "subnet_id" {
}

版本配置文件versions.tf

terraform {required_providers {tencentcloud = {source  = "tencentcloudstack/tencentcloud"version = "1.81.69"}}
}

 

（7）查看云主机模块

(8) 创建云主机配置文件

cvm.tf

data "tencentcloud_instance_types" "t2c2g" {cpu_core_count   = 2memory_size      = 2exclude_sold_out = truefilter {name   = "instance-family"values = ["S5"]}filter {name   = "zone"values = ["ap-nanjing-1"]}filter {name   = "instance-charge-type"values = ["POSTPAID_BY_HOUR"]}
}data "tencentcloud_images" "images" {image_type = ["PUBLIC_IMAGE"]os_name    = "centos 7.9"
}output "instance_type" {value = data.tencentcloud_instance_types.t2c2g.instance_types.0.instance_type
}output "image_id" {value = data.tencentcloud_images.images.images[0].image_id
}

(9) 计划与预览

 terraform plan

拿到镜像id和实例类型

（10）修改云主机配置文件

cvm.tf ，添加如下代码

locals {instance_name     = "dev-instance"instance_type     = data.tencentcloud_instance_types.t2c2g.instance_types.0.instance_typeimage_id          = data.tencentcloud_images.images.images[0].image_idsecurity_group_id = [data.terraform_remote_state.network-data.outputs.security_group_id]availability_zone = "ap-nanjing-1"counts            = 2vpc_id            = data.terraform_remote_state.network-data.outputs.vpc_idsubnet_id         = data.terraform_remote_state.network-data.outputs.subnet_id
}module "dev-cvm" {source            = "../../../modules/cvm"count             = local.countsinstance_name     = "${local.instance_name}-${count.index}"instance_type     = local.instance_typeimage_id          = local.image_idsecurity_group_id = local.security_group_idavailability_zone = local.availability_zonevpc_id            = local.vpc_idsubnet_id         = local.subnet_id
}

（11）初始化

terraform init

（12）格式化代码

terraform fmt

（13）验证代码

terraform validate

（14）计划与预览

 terraform plan

（15）申请资源

terraform apply

yes

(16) 登录腾讯云系统查看

已新增2台云主机

（17）远程登录

（18）登录成功

(19) 测试

curl 127.0.0.1

返回当前主机名

(20) 查看存储桶

已新增service配置文件

（21）查看服务目录

 

6.申请CLB资源

 （1）创建CLB模块

主配置文件main.tf

resource "tencentcloud_clb_instance" "internal_clb" {network_type = "OPEN"clb_name     = var.clb_namevpc_id       = var.vpc_id
#   subnet_id    = var.subnet_idtags = {test = var.env_name}
}resource "tencentcloud_clb_listener" "listener" {clb_id        = tencentcloud_clb_instance.internal_clb.idlistener_name = var.listener_nameport          = var.listener_portprotocol      = var.listener_protocolhealth_check_switch        = truehealth_check_time_out      = 2health_check_interval_time = 5health_check_health_num    = 3health_check_unhealth_num  = 3session_expire_time        = 30scheduler                  = var.scheduler
}resource "tencentcloud_clb_attachment" "foo" {clb_id      = tencentcloud_clb_instance.internal_clb.idlistener_id = tencentcloud_clb_listener.listener.listener_iddynamic "targets" {for_each = [for instance in var.instance_ids : instance]content {instance_id = targets.valueport        = var.backend_portweight      = var.backend_weight}}
}

 

输出配置文件outputs.tf

output "clb_instance_id" {value = tencentcloud_clb_instance.internal_clb.id
}output "clb_instance_vip" {value = tencentcloud_clb_instance.internal_clb.clb_vips
}

 

变量配置文件cariables.tf

variable "clb_name" {}variable "vpc_id" {}variable "subnet_id" {}variable "env_name" {}variable "listener_name" {}variable "listener_port" {}variable "listener_protocol" {}variable "scheduler" {}variable "instance_ids" {}
variable "backend_port" {}variable "backend_weight" {}

 

版本配置文件versions.tf

terraform {required_providers {tencentcloud = {source  = "tencentcloudstack/tencentcloud"version = "1.81.69"}}
}

 

（7）查看CLB模块

(8) 创建CLB配置文件

clb.tf

locals {clb_name          = "dev-clb"vpc_ids           = data.terraform_remote_state.network-data.outputs.vpc_idsubnet_ids        = data.terraform_remote_state.network-data.outputs.subnet_idenv_name          = "dev"listener_name     = "dev-listener"listener_port     = 80listener_protocol = "TCP"scheduler         = "WRR"instance_ids      = module.dev-cvm.*.instance_idbackend_port      = 80backend_weight    = 100
}module "dev-clb" {source            = "../../../modules/clb"clb_name          = local.clb_namevpc_id            = local.vpc_idssubnet_id         = local.subnet_idsenv_name          = local.env_namelistener_name     = local.listener_namelistener_port     = local.listener_portlistener_protocol = local.listener_protocolscheduler         = local.schedulerinstance_ids      = local.instance_idsbackend_port      = local.backend_portbackend_weight    = local.backend_weight
}

(9) 初始化

terraform init

(10)格式化代码

terraform fmt

(11)验证代码

terraform validate

(12)计划与预览

 terraform plan

3个资源将要被添加

（13）申请资源

terraform apply

yes

(14)登录腾讯云查看

已新增负载均衡

（15）访问地址

（16）查看监听器状态

（17）监听方式

WRR 加权轮询

 

7.申请DNS资源

（1）创建域名

(2) 查看

 

（3）创建DNS配置文件

dns.tf

resource "tencentcloud_dnspod_record" "tfdemo" {domain      = "ruwen.site"record_type = "CNAME"record_line = "默认"value       = "lb-eahy08p4-wyklophm18uf9sxj.clb.ap-nanjing.tencentclb.com"sub_domain = "tfdemo"
}

(3)  计划与预览

 terraform plan

(4) 申请资源

terraform apply

（5）登录腾讯云系统查看

云解析DNS

（6）测试

 dig tfdemo.ruwen.site

 

8.销毁资源

  (1) 销毁服务资源

yes ,6个资源将要被删除

（2）销毁网络资源

yes,4个资源将要被删除

（3）登录腾讯云系统查看

云主机CVM 已删除

DNS云解析已移除

CLB负载均衡已删除

存储桶

（4）查看完整目录

 

二、问题

1. Terraform申请安全组资源失败

（1）报错

╷
│ Warning: Deprecated Resource
│
│   with module.dev-sec-group.tencentcloud_security_group_rule.web,
│   on ..\..\..\modules\security_group\main.tf line 7, in resource "tencentcloud_security_group_rule" "web":
│    7: resource "tencentcloud_security_group_rule" "web" {
│
│ This resource will be offline and no longer supported, beacause single security rule is hardly ordered. Please use 'tencentcloud_security_group_lite_rule' instead.
│
│ (and 2 more similar warnings elsewhere)
╵
╷
│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to module.dev-sec-group.tencentcloud_security_group_rule.ssh, provider "provider[\"registry.terraform.io/tencentcloudstack/tencentcloud\"]" produced an unexpected new value: Root object was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.

（2）原因分析

Terraform Registry

resource "tencentcloud_security_group" "foo" {name = "ci-temp-test-sg"
}resource "tencentcloud_security_group_lite_rule" "foo" {security_group_id = tencentcloud_security_group.foo.idingress = ["ACCEPT#192.168.1.0/24#80#TCP","DROP#8.8.8.8#80,90#UDP","ACCEPT#0.0.0.0/0#80-90#TCP","ACCEPT#sg-7ixn3foj#80-90#TCP","ACCEPT#ipm-epjq5kn0#80-90#TCP","ACCEPT#ipmg-3loavam6#80-90#TCP","ACCEPT#0.0.0.0/0##ppm-xxxxxxxx""ACCEPT#0.0.0.0/0##ppmg-xxxxxxxx"]egress = ["ACCEPT#192.168.0.0/16#ALL#TCP","ACCEPT#10.0.0.0/8#ALL#ICMP","DROP#0.0.0.0/0#ALL#ALL",]
}

安全组规则采用最新的字段：tencentcloud_security_group_lite_rule

（3）解决方法

修改配置文件。

修改前：

# Create security group
resource "tencentcloud_security_group" "default" {name        = var.security_group_namedescription = var.security_group_desc
}resource "tencentcloud_security_group_rule" "web" {security_group_id = tencentcloud_security_group.default.idtype              = "ingress"cidr_ip           = "0.0.0.0/0"ip_protocol       = "tcp"port_range        = "80,8080"policy            = "accept"
}resource "tencentcloud_security_group_rule" "ssh" {security_group_id = tencentcloud_security_group.default.idtype              = "ingress"cidr_ip           = "0.0.0.0/0"ip_protocol       = "tcp"port_range        = "22"policy            = "accept"
}resource "tencentcloud_security_group_rule" "all" {security_group_id = tencentcloud_security_group.default.idtype              = "egress"cidr_ip           = "0.0.0.0/0"policy            = "accept"
}

 

修改后：

# Create security group
resource "tencentcloud_security_group" "default" {name        = var.security_group_namedescription = var.security_group_desc
}resource "tencentcloud_security_group_lite_rule" "web" {security_group_id = tencentcloud_security_group.default.idingress = ["ACCEPT#0.0.0.0/0#80#TCP","ACCEPT#0.0.0.0/0#8080#TCP","ACCEPT#0.0.0.0/0#22#TCP"]egress = ["ACCEPT#0.0.0.0/0#ALL#ALL",]
}

 计划与预览

 terraform plan

申请资源

terraform apply

先删除旧的

yes

 

2.Terraform验证云主机资源报错

（1）报错

（2）原因分析

security_groups 已被弃用，现在使用的是 orderly_security_groups

（3）解决方法

修改配置文件。

  orderly_security_groups    =  var.security_group_id

成功：

3. A记录和CNAME的区别

（1）区别

1）区别一
A 记录直接将域名映射到一个 IPv4 地址，而 CNAME 记录将域名映射到另一个域名。2）区别二
A 记录速度较快，因为它直接映射到 IP 地址，不会引入额外的查询步骤。CNAME 记录可能稍微减慢解析速度，因为它需要额外的查询步骤以查找目标域名的 IP 地址。3）区别三
A 记录适用于需要直接映射到 IP 地址的情况，而 CNAME 记录适用于创建别名或者需要更灵活管理目标位置的情况。

4. 存储桶无法删除

（1）查看

（2）删除

（3）清空

（4）确定

（5）再次删除

（6）成功