“当被问及‘云’是什么时,大多数人首先想到的要么是真正的云,要么是天空,要么是与天气有关的东西。”
简而言之,云计算是指通过互联网(“云”)提供计算服务,包括服务器、存储、数据库、网络、软件、分析和智能等,从而实现更快的创新、更灵活的资源和规模经济。您通常只需为使用的云服务付费,这有助于降低运营成本、更高效地运行基础设施,并随着业务需求的变化进行扩展。
亚马逊网络服务 (AWS)是全球最全面、应用最广泛的云平台,在全球数据中心提供超过 212 项功能齐全的服务。AWS 是亚马逊的子公司,以按需付费的方式向个人、公司和政府提供云计算平台和 API。
2020 年,AWS 包含 212 多项服务,包括计算、存储、网络、数据库、分析、应用程序服务、部署、管理、移动、开发人员工具和物联网工具。
云计算正以前所未有的方式迈向新的领域。随着越来越多的组织迁移到某种类型的云平台,服务提供商也在不断探索创建真正全自动云环境的方法。虽然我们尚未完全实现这一目标,但我们正在不断接近。
云自动化是一个统称,通常用来指代那些能够帮助我们减少部署和维护云端IT基础设施时所需人工投入的专用软件、工具和操作。简而言之,它就是以编程方式自动执行任务。
自动化之所以被广泛接受和使用,一个关键原因是自动化减少了部署一系列任务所需的人工工作量和干预。
IaC 工具大致分为四类:
Terraform是由HashiCorp开发的开源“基础设施即代码”工具,用于安全高效地构建、变更和版本控制基础设施。Terraform 可以管理现有的常用服务提供商以及定制的内部解决方案。
Terraform 是一款声明式编码工具,它允许开发人员使用名为 HCL(HashiCorp 配置语言)的高级配置语言来描述运行应用程序所需的云端或本地基础设施的“最终状态”。然后,它会生成一个实现该最终状态的计划,并执行该计划来配置基础设施。
Terraform 支持众多公共和私有云基础设施提供商,例如Amazon Web Services (AWS)、IBM Cloud(以前称为 Bluemix)、阿里云、Google Cloud Platform、DigitalOcean、Linode、Microsoft Azure、Oracle Cloud Infrastructure、OVH、Scaleway、VMware vSphere或Open Telekom Cloud,以及OpenNebula和Openstack。
没错,听起来可能不太现实,我们竟然能在不了解任何云命令的情况下搭建起完整的云基础设施。但我保证,读完这篇文章后,你一定会领略到Terraform的真正威力。
任何云服务都拥有美观且动态的图形用户界面 (GUI) 门户,用户友好且易于使用。只需点击几下,即可访问并使用其上的任何服务。但如今,自动化已成为主流,而仅靠 GUI 无法实现自动化。
此外,如果我们已经在云端创建了一个基础设施,现在需要再次创建完全相同的基础设施,那么使用图形用户界面(GUI)会非常耗时,而且人工操作难免会遗漏一些细节。这时,基础设施即代码(IaC)就派上了用场。开发人员编写代码来创建基础设施,运行这段代码后,只需一条命令即可创建完整的基础设施;如果想要销毁该基础设施,也只需运行一条命令即可。
因此,我创建了一个强大的 Terraform 设置,以帮助您实现完整的端到端云基础设施自动化,在这里我选择了 AWS 作为云基础设施提供商。
真正的刺激现在才开始!!
要使用 AWS 服务,您需要登录 AWS 控制台,为此您必须拥有 AWS 账户。
点击此处创建新的 AWS 账户。
AWS CLI已安装并添加到路径中
Terraform已安装并添加到路径
为了遵循最佳实践,我们来创建一个用户。
快速配置 AWS CLI:
$ aws configure
AWS Access Key ID [None]: ###############
AWS Secret Access Key [None]:
###############
Default region name [None]: us-west-2
Default output format [None]: json
AWS CLI 将此信息存储在名为 default 的配置文件(一组设置)中。
<!DOCTYPE html>
<html>
<head>
<title>
Slack Invitation Link - hrshmistry
</title>
<!-- Style to create button -->
<style>
.SLK {
background-color: white;
border: 3px solid black;
color: green;
text-align: center;
display: inline-block;
font-size: 80px;
cursor: pointer;
}
</style>
</head>
<body >
<center style="font-size:70px;color:red;font-family:'Courier New'">Hybrid Multi-Cloud</center>
<p align = "center"><img src="https://s3hrsh.s3.ap-south-1.amazonaws.com/cloud.jpg" width="300" height="300"></p>
<center style="font-size:40px;color:blue;font-family:'Courier New'">Your Personal Slack Invitation Link</center>
<!-- Adding link to the button on the onclick event -->
<center>
<button class="SLK"
onclick="window.location.href = 'https://join.slack.com/t/hybridmulti-cloud/shared_invite/zt-etnyk2vm-gngGCm2hnk1VbOPR9nGpnw';">
JOIN NOW
</button>
</center>
</body>
</html>
#Describing Provider
provider "aws" {
region = "ap-south-1"
profile = "harsh"
}
#Creating Variable for AMI Id
variable "ami_id" {
type = string
default = "ami-0447a12f28fddb066"
}
#Creating Variable for AMI Type
variable "ami_type" {
type = string
default = "t2.micro"
}
#Creating Variable for key
variable "EC2_Key" {
type = string
default = "Task1Key"
}
#Creating tls_private_key using RSA algorithm
resource "tls_private_key" "tls_key" {
algorithm = "RSA"
rsa_bits = 4096
}
#Generating Key-Value Pair
resource "aws_key_pair" "generated_key" {
depends_on = [
tls_private_key.tls_key
]
key_name = var.EC2_Key
public_key = tls_private_key.tls_key.public_key_openssh
}
#Saving Private Key PEM File
resource "local_file" "key-file" {
depends_on = [
tls_private_key.tls_key
]
content = tls_private_key.tls_key.private_key_pem
filename = var.EC2_Key
}
resource "aws_security_group" "firewall" {
depends_on = [
aws_key_pair.generated_key
]
name = "firewall"
description = "allows ssh and httpd protocol"
#Adding Rules to Security Group
ingress {
description = "SSH Port"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTPD Port"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "security-group-1"
}
}
resource "aws_instance" "autos" {
depends_on = [
aws_security_group.firewall
]
ami = var.ami_id
instance_type = var.ami_type
key_name = var.EC2_Key
security_groups = ["${aws_security_group.firewall.name}"]
connection {
type = "ssh"
user = "ec2-user"
private_key = tls_private_key.tls_key.private_key_pem
host = aws_instance.autos.public_ip
}
provisioner "remote-exec" {
inline = [
"sudo yum install httpd php git -y",
"sudo systemctl restart httpd",
"sudo systemctl enable httpd"
]
}
tags = {
Name = "autos"
env = "Production"
}
}
#Creating EBS volume and attaching it to EC2 Instance.
resource "aws_ebs_volume" "ebs" {
availability_zone = aws_instance.autos.availability_zone
size = 1
tags = {
Name = "autos_ebs"
}
}
/*
variable "volume_name" {
type = string
default = "dh"
}
*/
resource "aws_volume_attachment" "ebs_att" {
device_name = "/dev/sdh"
volume_id = aws_ebs_volume.ebs.id
instance_id = aws_instance.autos.id
force_detach = true
}
output "autos_public_ip" {
value = aws_instance.autos.public_ip
}
resource "null_resource" "print_public_ip" {
provisioner "local-exec" {
command = "echo ${aws_instance.autos.public_ip} > autos_public_ip.txt"
}
}
resource "null_resource" "mount_ebs_volume" {
depends_on = [
aws_volume_attachment.ebs_att
]
connection {
type = "ssh"
user = "ec2-user"
private_key = tls_private_key.tls_key.private_key_pem
host = aws_instance.autos.public_ip
}
provisioner "remote-exec" {
inline = [
"sudo mkfs.ext4 /dev/xvdh",
"sudo mount /dev/xvdh /var/www/html",
"sudo rm -rf /var/www/html",
"sudo git clone https://github.com/hrshmistry/Code-Cloud.git /var/www/html/"
]
}
}
resource "aws_s3_bucket" "S3" {
bucket = "autos-s3-bucket"
acl = "public-read"
}
#Putting Objects in S3 Bucket
resource "aws_s3_bucket_object" "S3_Object" {
depends_on = [
aws_s3_bucket.S3
]
bucket = aws_s3_bucket.S3.bucket
key = "Cloud.JPG"
source = "D:/LW/Hybrid-Multi-Cloud/Terraform/tera/task/Cloud.JPG"
acl = "public-read"
}
locals {
S3_Origin_Id = aws_s3_bucket.S3.id
}
resource "aws_cloudfront_distribution" "CloudFront" {
depends_on = [
aws_s3_bucket_object.S3_Object
]
origin {
domain_name = aws_s3_bucket.S3.bucket_regional_domain_name
origin_id = aws_s3_bucket.S3.id
# OR origin_id = local.S3_Origin_Id
}
enabled = true
is_ipv6_enabled = true
comment = "S3 Web Distribution"
default_cache_behavior {
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
target_origin_id = aws_s3_bucket.S3.id
# OR origin_id = local.S3_Origin_Id
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
viewer_protocol_policy = "allow-all"
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
# Cache behavior with precedence 0
ordered_cache_behavior {
path_pattern = "/content/immutable/*"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = aws_s3_bucket.S3.id
# OR origin_id = local.S3_Origin_Id
forwarded_values {
query_string = false
headers = ["Origin"]
cookies {
forward = "none"
}
}
min_ttl = 0
default_ttl = 86400
max_ttl = 31536000
compress = true
viewer_protocol_policy = "redirect-to-https"
}
# Cache behavior with precedence 1
ordered_cache_behavior {
path_pattern = "/content/*"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD"]
target_origin_id = aws_s3_bucket.S3.id
# OR origin_id = local.S3_Origin_Id
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
compress = true
viewer_protocol_policy = "redirect-to-https"
}
price_class = "PriceClass_200"
restrictions {
geo_restriction {
restriction_type = "whitelist"
locations = ["IN"]
}
}
tags = {
Name = "CF Distribution"
Environment = "Production"
}
viewer_certificate {
cloudfront_default_certificate = true
}
retain_on_delete = true
}
resource "null_resource" "CF_URL" {
depends_on = [
aws_cloudfront_distribution.CloudFront
]
connection {
type = "ssh"
user = "ec2-user"
private_key = tls_private_key.tls_key.private_key_pem
host = aws_instance.autos.public_ip
}
provisioner "remote-exec" {
inline = [
"echo '<p align = 'center'>'",
"echo '<img src='https://${aws_cloudfront_distribution.CloudFront.domain_name}/Cloud.JPG' width='100' height='100'>' | sudo tee -a /var/www/html/Slack.html",
"echo '</p>'"
]
}
}
resource "aws_ebs_snapshot" "ebs_snapshot" {
depends_on = [
null_resource.CF_URL
]
volume_id = aws_ebs_volume.ebs.id
tags = {
Name = "ebs_snap"
}
}
resource "null_resource" "web-server-site-on-browser" {
depends_on = [
null_resource.CF_URL
]
provisioner "local-exec" {
command = "brave ${aws_instance.autos.public_ip}/Slack.html"
}
}
terraform apply -auto-approve
terraform destroy -auto-approve
至此,我们完美地完成了通过 HashiCorp 的 Terraform 实现的端到端 AWS 云基础设施自动化!
hrshmistry / Cloud-Automation-Terraform
文章来源:https://dev.to/hrshmistry/end-to-end-aws-cloud-infrastruct-automation-through-terraform-by-hashicorp-2gklTerraform 是由 HashiCorp 开发的开源“基础设施即代码”工具,用于安全高效地构建、变更和版本控制基础设施。
{ 作者:@hrshmistry } #DEVCommunity dev.to/hrshmistry/end…2020年6月20日 下午11:15
