目录
一、实验
1.环境
2.Terraform 连接 azure Blob
3.申请虚拟网络资源
4.申请子网资源
5.申请安全组资源
6.申请公网IP与网络接口资源
7.申请虚拟机资源
8.申请负载均衡器
9.销毁资源
二、问题
1.存储无法删除
一、实验
1.环境
(1)主机
表1-1 主机
| 主机 | 系统 | 软件 | 工具 | 备注 |
| jia | Windows | Terraform 1.6.6 | Azure CLI、VS Code、 PowerShell、 Chocolatey |
2.Terraform 连接 azure Blob
(1)验证版本
terraform versionterraform -v 
(2)连接
参考本人上一篇博客:
IaC基础设施即代码:使用Terraform 连接 azure 并创建后端Blob-CSDN博客
3.申请虚拟网络资源
(1)查看目录
(2)创建版本配置文件
versions.tf
terraform {required_providers {azurerm = {source = "hashicorp/azurerm"version = "3.89.0"}}
}provider "azurerm" {features {}
}
(3)创建变量配置文件
variables.tf
variable "location" {default = "East US"}variable "resource_group_name" {default = "terraform-demo"}
(4)创建后端配置文件
backend.tf
terraform {backend "azurerm" {resource_group_name = "terraform-demo"storage_account_name = "tfstateadmin777"container_name = "tfstate"key = "env/dev/network/terraform-network.tfstate"}
}
(5) 初始化
terraform init
(6)格式化代码
terraform fmt
(7)验证代码
terraform validate 
(8)登录azure系统查看
已新增网络配置文件
(9) 创建虚拟网络配置文件
vnets.tf
resource "azurerm_virtual_network" "mynetwork" {name = "my-network"location = var.locationresource_group_name = var.resource_group_nameaddress_space = ["10.0.0.0/16"]tags = {environment = "dev"}
}
(10)格式化代码
terraform fmt
(15)验证代码
terraform validate 
(16)计划与预览
terraform plan
(17)申请资源
terraform apply
yes
(18)登录azure系统查看
虚拟网络已添加
4.申请子网资源
(1)查看目录
(2)创建主配置文件
main.tf
locals {subnet_names = ["mysubnet-1", "mysubnet-2"]subnet_config = {mysubnet-1 = {address_prefixes = "10.0.1.0/24"},mysubnet-2 = {address_prefixes = "10.0.2.0/24"}}}
(3)修改虚拟网络配置文件
vnets.tf ,添加如下代码
resource "azurerm_subnet" "mysubnet" {for_each = toset(local.subnet_names)name = each.valueresource_group_name = var.resource_group_namevirtual_network_name = azurerm_virtual_network.mynetwork.nameaddress_prefixes = [local.subnet_config[each.value]["address_prefixes"]]
}
(4)格式化代码
terraform fmt
(5)验证代码
terraform validate 
(6)计划与预览
terraform plan
(7)申请资源
terraform apply
yes
(18)登录azure系统查看
子网已添加
5.申请安全组资源
(1) 修改主配置文件
main.tf ,添加如下代码
ports = [{port = "80"priority = 100},{port = "22"priority = 101},{port = "443"priority = 102}]
(2)创建安全组配置文件
secgroup.tf
resource "azurerm_network_security_group" "mygroup" {name = "MySecurityGroup1"location = var.locationresource_group_name = var.resource_group_name
// 动态生成资源 打上标签dynamic "security_rule" {for_each = local.portscontent {name = "port-${security_rule.value.port}"priority = security_rule.value.prioritydirection = "Inbound"access = "Allow"protocol = "Tcp"source_port_range = "*"destination_port_range = security_rule.value.portsource_address_prefix = "*"destination_address_prefix = "*"}}tags = {environment = "dev"}
}
(3) 创建输出配置文件
outputs.tf
output "subnet_ids" {value = [for k, v in azurerm_subnet.mysubnet : v.id]
}
(4)查看网络目录
(5) 格式化代码
terraform fmt
(6)验证代码
terraform validate 
(7)计划与预览
terraform plan
(8)申请资源
terraform apply
yes ,成功拿到子网id
(9)登录azure系统查看
新增安全组
入站及出站规则
(10)查看关联情况
目前未关联子网
(11)安全组关联子网
修改安全组配置文件 secgroup.tf ,添加如下代码
// 安全组关联子网
resource "azurerm_subnet_network_security_group_association" "mygroup" {count = length([for k, v in azurerm_subnet.mysubnet : v.id])subnet_id = [for k, v in azurerm_subnet.mysubnet : v.id][count.index]network_security_group_id = azurerm_network_security_group.mygroup.id
}
(12)格式化代码
terraform fmt
(13)验证代码
terraform validate 
(14)计划与预览
terraform plan
(7)申请资源
terraform apply
yes ,2个资源将要被创建
(15)登录azure系统查看
安全组已关联2个子网
6.申请公网IP与网络接口资源
(1)查看目录
(2)修改主配置文件
main.tf ,添加如下代码
vms = ["server01", "server02"]vms_config = {server01 = {public_ip_name = "publicip-server1"},server02 = {public_ip_name = "publicip-server2"}}
(3)创建公网IP配置文件
public_ip.tf ,创建2个公网IP与1个负载均衡IP
resource "azurerm_public_ip" "mypublicip" {for_each = toset(local.vms)name = local.vms_config[each.value]["public_ip_name"]resource_group_name = var.resource_group_namelocation = var.locationallocation_method = "Static"zones = ["1", "2", "3"]sku = "Standard"tags = {environment = "dev"}
}resource "azurerm_public_ip" "mylbpublicip" {name = "MyLBPublicIP"resource_group_name = var.resource_group_namelocation = var.locationallocation_method = "Static"sku = "Standard"tags = {environment = "dev"}
}
(4) 修改输出配置文件
outputs.tf ,添加如下代码
output "vm_public_ips" {value = [for k, v in azurerm_public_ip.mypublicip : v.id]}
(5)格式化代码
terraform fmt
(6)验证代码
terraform validate
(7)计划与预览
terraform plan
(8)申请资源
terraform apply
yes , 成功拿到公网IP
(9) 登录azure系统查看
已新增2个公网IP与1个负载均衡IP
(10)创建网络接口配置文件
nics.tf
resource "azurerm_network_interface" "mynic" {count = length(local.vms)name = "nic-${local.vms[count.index]}"location = var.locationresource_group_name = var.resource_group_nameip_configuration {name = "internal"subnet_id = [for k, v in azurerm_subnet.mysubnet : v.id][count.index]private_ip_address_allocation = "Dynamic"public_ip_address_id = [for k, v in azurerm_public_ip.mypublicip : v.id][count.index]}
}
(11)格式化代码
terraform fmt
(12)验证代码
terraform validate
(13)计划与预览
terraform plan
(14)申请资源
terraform apply
yes
(15) 登录azure系统查看
已新增2个接口
每个接口都有公网IP
(16)修改输出配置文件
outputs.tf ,添加如下代码
output "mylb_public_ip" {value = azurerm_public_ip.mylbpublicip.id}output "vnet_id" {value = azurerm_virtual_network.mynetwork.id}output "nic_ids" {value = azurerm_network_interface.mynic.*.id}
(17)计划与预览
terraform plan
(14)申请资源
terraform apply
yes ,成功拿到网络资源的输出
7.申请虚拟机资源
(1)查看服务目录
(2)创建变量配置文件
variables.tf
variable "location" {default = "East US"}variable "resource_group_name" {default = "terraform-demo"}
(3)创建版本配置文件
versions.tf
terraform {required_providers {azurerm = {source = "hashicorp/azurerm"version = "3.89.0"}}
}provider "azurerm" {features {}
}
(4)创建后端配置文件
backend.tf
terraform {backend "azurerm" {resource_group_name = "terraform-demo"storage_account_name = "tfstateadmin777"container_name = "tfstate"key = "env/dev/service/terraform-service.tfstate"}
}
(5) 初始化
terraform init
(6)登录azure查看
服务配置文件已上传
(7)查看软件市场
查询Ubuntu
(8)创建主配置文件
main.tf
data "terraform_remote_state" "network" {backend = "azurerm"config = {resource_group_name = "terraform-demo"storage_account_name = "tfstateadmin777"container_name = "tfstate"key = "env/dev/network/terraform-network.tfstate"}
}locals {vms = ["server01", "server02"]vms_config = {server01 = {zone = "1",subnet_id = data.terraform_remote_state.network.outputs["subnet_ids"][0]publicip = data.terraform_remote_state.network.outputs["vm_public_ips"][0]nic_id = data.terraform_remote_state.network.outputs["nic_ids"][0]},server02 = {zone = "2"subnet_id = data.terraform_remote_state.network.outputs["subnet_ids"][1]publicip = data.terraform_remote_state.network.outputs["vm_public_ips"][1]nic_id = data.terraform_remote_state.network.outputs["nic_ids"][1]}}mylb_public_ip = data.terraform_remote_state.network.outputs["mylb_public_ip"]vnet_id = data.terraform_remote_state.network.outputs["vnet_id"]
}
(9)创建虚拟机配置文件
vms.tf
resource "azurerm_linux_virtual_machine" "myserver" {for_each = toset(local.vms)name = each.valueresource_group_name = var.resource_group_namelocation = var.locationsize = "Standard_B1s"admin_username = "adminuser"admin_password = "Passwd123!"disable_password_authentication = falsezone = local.vms_config[each.value]["zone"]network_interface_ids = [local.vms_config[each.value]["nic_id"]]user_data = base64encode(file("${path.module}/config/install-nginx.sh"))os_disk {name = "disk-${each.value}"caching = "ReadWrite"storage_account_type = "Standard_LRS"}source_image_reference {publisher = "Canonical"offer = "UbuntuServer"sku = "18.04-LTS"version = "latest"}
}
调用脚本
(10)格式化代码
terraform fmt
(11)验证代码
terraform validate
(12)计划与预览
terraform plan
(13)申请资源
terraform apply
yes
(14)登录azure系统查看
已新增2个虚拟机
server01
server02
(15)访问
8.申请负载均衡器
(1)查看服务目录
(2)创建输出配置文件
outputs.tf
output "vm_ips" {value = [for k, v in azurerm_linux_virtual_machine.myserver : v.private_ip_address]}
(3)格式化代码
terraform fmt
(4)验证代码
terraform validate
(5)计划与预览
terraform plan
(6)申请资源
terraform apply
yes ,成功拿到私网IP
(7)创建负载均衡配置文件
lb.tf
// 负载均衡器
resource "azurerm_lb" "mylb" {name = "MyLoadBalancer"location = var.locationresource_group_name = var.resource_group_namesku = "Standard"frontend_ip_configuration {name = "PublicIPAddress"public_ip_address_id = local.mylb_public_ip}
}// 后端地址池
resource "azurerm_lb_backend_address_pool" "mylb" {loadbalancer_id = azurerm_lb.mylb.idname = "BackEndAddressPool"
}//后端地址池添加IP
resource "azurerm_lb_backend_address_pool_address" "mylb" {count = length([for k, v in azurerm_linux_virtual_machine.myserver : v.private_ip_address])name = "server-${count.index}"backend_address_pool_id = azurerm_lb_backend_address_pool.mylb.idvirtual_network_id = local.vnet_idip_address = [for k, v in azurerm_linux_virtual_machine.myserver : v.private_ip_address][count.index]
}//转发规则
resource "azurerm_lb_rule" "mylb" {loadbalancer_id = azurerm_lb.mylb.idname = "LBRule"protocol = "Tcp"frontend_port = 80backend_port = 80frontend_ip_configuration_name = "PublicIPAddress"backend_address_pool_ids = [azurerm_lb_backend_address_pool.mylb.id]
}
(8)格式化代码
terraform fmt
(9)验证代码
terraform validate
(10)计划与预览
terraform plan
(11)申请资源
terraform apply
yes ,5个资源将要被创建
(12)登录azure系统查看
已新增负载均衡器
前端IP
后端池
负载均衡规则
(13)访问
(14)测试负载均衡
for i in `seq 100`;do curl -s http://20.231.44.61 ;done | sort | uniq -c
9.销毁资源
(1)查看完整资源
(2)查看项目目录
(3)销毁服务资源
terraform destroy
yes
(4)azure系统查看资源
目前剩余网络及存储资源
(5) 销毁网络资源
terraform destroy
yes
(5)azure系统查看
所有资源已删除
二、问题
1.存储无法删除
(1)azure系统查看资源
目前剩余容器资源
(2)删除容器资源
确认
完成
(3)删除资源组
确认
