Terraform资源导入实践

发表于 | 分类于
字数统计: 1.1k 字 | 阅读时长 ≈ 5 分钟

前言

本文介绍将已有的公有云资源导入terraform,以及如何通过复制文件的方式创建新资源,完成跨地域复制。

导入已有资源

terraform支持单个资源导入以及通过开源工具实现多资源导入

  • 资源文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# main.tf
provider "tencentcloud" {
  region = var.region
}

//获取用户appid
data "tencentcloud_user_info" "users" {}

resource "tencentcloud_cos_bucket" "mycos" {
  bucket = "tf-demo1-${data.tencentcloud_user_info.users.app_id}"
  acl    = "private"
  #   versioning_enable = true   # 版本控制
}

resource "tencentcloud_vpc" "vpc" {
  count = length(var.cidr_block)
  name       = "vpc-${count.index}"
  cidr_block = var.cidr_block[count.index]
}

---
# outputs.tf
output "app_id" {
  value = data.tencentcloud_user_info.users.app_id
}

output "bucket_name" {
  value = tencentcloud_cos_bucket.mycos.bucket
}

---
# variables.tf
variable "region" {
  type      = string
  default   = "ap-beijing"
  sensitive = true
}

# variable "vpc_name" {
#   type    = string
#   # default = "tf-vpc1"
# }

variable "cidr_block" {
  type    = list
  default = ["10.10.0.0/16","10.11.0.0/16"]
}

---
# versions.tf
terraform {
  required_providers {
    tencentcloud = {
      source  = "tencentcloudstack/tencentcloud"
      version = "1.79.2"
    }
  }
}

---
# backend.tf
terraform {
  backend "cos" {
    region = "ap-beijing"
    bucket = "tf-demo1-1251987943"
    prefix = "backend"
  }
}
导入单个资源
  • 新建空资源对象
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# main.tf
provider "tencentcloud" {
  region = var.region
}

//获取用户appid
data "tencentcloud_user_info" "users" {}

resource "tencentcloud_cos_bucket" "mycos" {
  bucket = "tf-demo1-${data.tencentcloud_user_info.users.app_id}"
  acl    = "private"
  #   versioning_enable = true   # 版本控制
}

resource "tencentcloud_vpc" "vpc" {
  count = length(var.cidr_block)
  name       = "vpc-${count.index}"
  cidr_block = var.cidr_block[count.index]
}

# 导入已有vpc,增加resource [资源类型].[名称] {}
# 如不想先增加resource,可在terraform import后增加-allow-missing-config,表示允许本地不需要预先声明block。
resource "tencentcloud_vpc" "import_vpc1" {}
  • 命令行导入
1
2
3
4
5
# 控制台查看到已有vpc的id
terraform import tencentcloud_vpc.import_vpc1 vpc-o7rgzi0c

# 导入有问题,移除
terraform state rm tencentcloud_vpc.import_vpc1
  • 查看导入资源代码并补充到main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
terraform show

# 自行过滤掉不需要的参数
resource "tencentcloud_vpc" "import_vpc1" {
    assistant_cidrs        = []
    cidr_block             = "10.12.0.0/16"
    create_time            = "2023-02-15 16:18:46"
    default_route_table_id = "rtb-2496pegd"
    dns_servers            = [
        "183.60.82.98",
        "183.60.83.19",
    ]
    docker_assistant_cidrs = []
    id                     = "vpc-o7rgzi0c"
    is_default             = false
    is_multicast           = false
    name                   = "liyk"
    tags                   = {}
}
1
2
3
4
resource "tencentcloud_vpc" "import_vpc1" {
  cidr_block             = "10.12.0.0/16"
  name                   = "liyk"
}
  • 再次执行apply验证
    1
    terraform apply --auto-approve

批量导入

资源量较多时可借助terraformer进行批量导入。terraformer是GoogleCloudPlatform 的命令行工具,可以把账号下大部分云资源标记并导入为 TF 文件。

  • 安装
    1
    2
    https://github.com/GoogleCloudPlatform/terraformer/releases
    # 这里有all版本比较大,这里测试方便选择针对腾讯云的

  • 导入
    1
    terraformer import tencentcloud --resources="vpc,security_group" --regions=ap-beijing

执行命令后在当前执行位置写入./generated目录,此例导入vpc和sg

当然并不是所有资源terraformer都支持导入,具体参考源码列表:https://github.com/GoogleCloudPlatform/terraformer/tree/master/providers/tencentcloud

  • 修改源

    更改provider.tf文件,按云资源环境添加对应source字段

导入已有资源并关联绑定其他资源

本次测试将已有的eip导入terraform,同时将该资源与tf中创建的nat网关绑定

  • tf创建nat网关和eip
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# provider.tf
terraform {
  required_providers {
    tencentcloud = {
      source  = "tencentcloudstack/tencentcloud"
      version = "1.79.10"
    }
  }
}

# main.tf
provider "tencentcloud" {
  region = "ap-beijing"
}

# 使用已存在的VPC
data "tencentcloud_vpc_instances" "liyk" {
  name = "Default-VPC"
}

# 输出确认vpc id
output "tencentcloud_vpc_id" {
  value = data.tencentcloud_vpc_instances.liyk.instance_list[0].vpc_id
}

# 创建EIP
resource "tencentcloud_eip" "eip1_nat" {
  name = "tf_nat_test1"
}

# 创建nat网关
resource "tencentcloud_nat_gateway" "nat_test" {
  vpc_id = "${data.tencentcloud_vpc_instances.liyk.instance_list[0].vpc_id}"
  name = "nat_tf"
  bandwidth = 10
  max_concurrent = "1000000"

  assigned_eip_set = [ "${tencentcloud_eip.eip1_nat.public_ip}" ]
}

  • 控制台创建eip,复制下资源id

  • tf中导入eip

1
2
3
4
5
6
# 首先创建空resource来放置需要导入的eip
resource "tencentcloud_eip" "eip_import" {
}

# 导入eip
terraform import tencentcloud_eip.eip_import eip-jp7at129

  • 获取tfstate状态文件修改到tf文件中
    1
    2
    3
    # 查看state文件
    terraform show ,或者直接查看terraform.tfstate文件
    把eip唯一属性值name编辑到tf中

  • 绑定新增eip到nat网关

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    # 创建nat网关
    resource "tencentcloud_nat_gateway" "nat_test" {
      vpc_id = "${data.tencentcloud_vpc_instances.liyk.instance_list[0].vpc_id}"
      name = "nat_tf"
      bandwidth = 10
      max_concurrent = "1000000"

      assigned_eip_set = [ "${tencentcloud_eip.eip1_nat.public_ip}",
                           "${tencentcloud_eip.eip_import.public_ip}"  # 新导入eip绑定
      ]
    }

  • 执行apply绑定并同步资源到tfstate

    1
    terraform apply --auto-approve

-------------本文结束感谢您的阅读-------------
原创技术分享,感谢您的支持。