目录
一、实验
1.环境
2.huaweicloud华为云创建用户
3.Windows使用Terraform 连接 huaweicloud
4.Windows给Terraform项目添加huaweicloud华为云OBS (实现代码与资源分离)
二、问题
1. Windows terraform 初始化失败
2.Terraform 初始化后端资源失败
3.HC、HCS、HCSO有哪些区别
一、实验
1.环境
(1)主机
表1-1 主机
主机 | 系统 | 软件 | 工具 | 备注 |
jia | Windows | Terraform 1.6.6 | VS Code、 PowerShell、 Chocolatey |
2.huaweicloud华为云创建用户
(1)登录 (统一身份认证)
(2)查看
统一身份认证服务-用户组
统一身份认证服务-用户
(3)新建用户组
(4)用户组授权
授权
提示
完成
(5)新建用户
选中“编程访问”
加入用户组
提示
完成
(6)成功新建用户
(7)查看tentcloud provider 示例
Terraform Registry
USE PROVIDER 示例
terraform {required_providers {huaweicloud = {source = "huaweicloud/huaweicloud"version = "1.60.1"}}
}provider "huaweicloud" {# Configuration options
}
Example Usage 示例
terraform {required_providers {huaweicloud = {source = "huaweicloud/huaweicloud"version = ">= 1.36.0"}}
}# Configure the HuaweiCloud Provider
provider "huaweicloud" {region = "cn-north-4"access_key = "my-access-key"secret_key = "my-secret-key"
}# Create a VPC
resource "huaweicloud_vpc" "example" {name = "my_vpc"cidr = "192.168.0.0/16"
}
(11)下载软件包
https://github.com/huaweicloud/terraform-provider-huaweicloud/releases
(12) 华为云查询地域和可用区
地区和终端节点_开发者中心-华为云 (huaweicloud.com)
3.Windows使用Terraform 连接 huaweicloud
(1)验证版本
terraform -v 或 terraform --version
(2)创建主配置文件
main.tf
# Configuration options
provider "huaweicloud" {access_key = var.access_keysecret_key = var.secret_keyregion = var.region}
(3) 创建密钥配置文件
terraform.tfvars
access_key = "XXXXX"
secret_key = "XXXXX"
(4)创建版本配置文件
versions.tf
terraform {required_providers {tencentcloud = {source = "tencentcloudstack/tencentcloud"version = "1.81.69"}}
}
(5)创建变量配置文件
variables.tf
variable "access_key" {type = string
}variable "secret_key" {type = string
}variable "region" {type = stringdefault = "cn-east-3"sensitive = true
}
(6)初始化
terraform init
(7)格式化代码
terraform fmt
(8)验证代码
terraform validate terraform validate -json
4.Windows给Terraform项目添加huaweicloud华为云OBS (实现代码与资源分离)
(1)修改主配置文件
main.tf ,添加如下代码
resource "huaweicloud_obs_bucket" "bucket" {bucket = "tfhexian-backend-bucket"acl = "private"tags = {type = "bucket"}
}
(2)创建输出配置文件
outputs.tf
output "bucket_name" {value = huaweicloud_obs_bucket.bucket.bucket
}
(3) 初始化
terraform init
(4) 格式化代码
terraform fmt
(5) 验证代码
terraform validate
(6) 计划与预览
terraform plan
成功拿到存储桶name
(7) 申请资源
terraform apply
yes
(8)华为云查看OBS服务
桶列表为空
(9)展示资源
terraform show
(10)登录华为云系统查看
已新增1个存储桶
(11)创建后端存储配置文件
backend.tf
(12) 初始化
terraform init
yes ,系统上传配置文件到华为云OBS
(13)登录华为云系统查看
①查看Bucket 列表
配置文件已上传
(14)查看项目目录
(15)删除项目配置文件
(16)再次查看项目目录
(17)查看版本
多了provider的仓库地址
terraform versionterraform -v
二、问题
1. Windows terraform 初始化失败
(1)报错
(2)原因分析
国内用户在下载 Provider 时会遇到下载缓慢甚至下载失败的问题
(3)解决方法
手工下载华为云 provider至本地目录,然后搭建本地registry并修改 terraform块中的required_providers配置。
① 配置方案
1)下载华为云 provider至本地目录,选择对应的版本号和操作系统进行下载。2)搭建本地registry,将下载后的华为云 provider解压至如下目录:
Linux:~/.terraform.d/plugins/<local-registry>/<organization>/huaweicloud/<version>/<os_arch>Windows:%APPDATA%\terraform.d\plugins\<local registry>\<organization>\huaweicloud\<version>\<os_arch>
② 查看目录
echo $env:APPDATA
③ 进入目录
④在相关目录下创建子目录
安装包移动:
⑤ 成功
2.Terraform 初始化后端资源失败
(1)报错
╷
│ Warning: Deprecated Parameter
│
│ on backend.tf line 8, in terraform:
│ 8: endpoint = "obs.cn-east-3.myhuaweicloud.com"
│
│ The parameter "endpoint" is deprecated. Use parameter "endpoints.s3" instead.
╵╷
│ Warning: Complete URL Expected
│
│ on backend.tf line 8, in terraform:
│ 8: endpoint = "obs.cn-east-3.myhuaweicloud.com"
│
│ The value should be a valid URL containing at least a scheme and hostname. Had "obs.cn-east-3.myhuaweicloud.com".
│
│ Using an incomplete URL, such as a hostname only, may work, but may have unexpected behavior.
╵╷
│ Error: Retrieving AWS account details: AWS account ID not previously found and failed retrieving via all available methods.
│
│ See https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id for workaround and implications.
│ Errors: 2 errors occurred:
│ * retrieving caller identity from STS: operation error STS: GetCallerIdentity, exceeded maximum number of attempts, 5, https response error StatusCode: 0, RequestID: , request send failed, Post "https://sts.cn-east-3.amazonaws.com.cn/": dial tcp: lookup sts.cn-east-3.amazonaws.com.cn: getaddrinfow: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server.
│ * retrieving account information via iam:ListRoles: operation error IAM: ListRoles, https response error StatusCode: 403, RequestID: 3bc79174-c32f-4c3e-9744-bf8b3fe193a0, api error InvalidClientTokenId: The security token included in the request is invalid.
(2)原因分析
Terraform Registry
Example (Terraform 高于1.6.3版本) 部分参数调整
terraform {backend "s3" {bucket = "terraformbucket"key = "terraform.tfstate"region = "cn-north-1"endpoints = {s3 = "https://obs.cn-north-1.myhuaweicloud.com"}skip_region_validation = trueskip_credentials_validation = trueskip_metadata_api_check = trueskip_requesting_account_id = trueskip_s3_checksum = true}
}
申明变量 (参考Linux环境)
(3)解决方法
修改配置文件。
修改前:
修改后:
成功:
3.HC、HCS、HCSO有哪些区别
(1)区别
1)HC
Huawei Cloud,既是华为的公有云产品,也是华为公有云、私有云、混合云等所有相关解决方案的统一品牌。公有云:华为机房,华为运维。2)HCS
Huawei Cloud Stack,华为的全栈云解决方案(HCS还是私有云产品,需要部署在客户数据中心、运维需要客户自己运维,只是和公有云服务体验类似、应用类似、可以互通)。客户机房,客户运维。3)HCSO
Huawei Cloud Stack Online,由华为云Stack演变而来,区别在于用私有云架构去使用公有云服务,还是部署在客户数据中心,但是专线接入华为云运维中心,由华为运维; 本质是私有云,运维托管。客户机房,华为运维。
(2)选择
HC
Terraform Registry
HCS
Terraform Registry
HCSO
Terraform Registry