Willkommen zum dritten Kapitel der Reihe, das der Cloud-Infrastruktur und Terraform von Oracle gewidmet ist. Wenn Sie die vorherigen Kapitel verpasst haben, finden Sie hier die Links:
- Richten Sie den Terraform Oracle Cloud-Anbieter ein.
- Stellen Sie eine Oracle Cloud-Recheninstanz mit Terraform bereit
Nachdem wir unsere erste Instanz erfolgreich gestartet haben, sind wir nun bereit für ein komplizierteres Beispiel.
Einrichtung der Umgebung
Wechseln Sie in unserem Repository in das Verzeichnis und gehen Sie in das Instance-Pool-Verzeichnis:
cd oracle-cloud-terraform-examples/instance-pool/
Ändern Sie die Datei vars.tf auf die gleiche Weise, wie Sie die Datei vars.tf im einfachen Instanzbeispiel geändert haben (um die Datei vars.tf von Grund auf neu einzurichten, folgen Sie dem Abschnitt zur Einrichtung von Variablen)
Zusätzliche Variablen
Wir haben in diesem Beispiel einige zusätzliche Variablen:
Variable | Standard | Beschreibung |
---|---|---|
fault_domains | "FAULT-DOMAIN-1", "FAULT-DOMAIN-2", "FAULT-DOMAIN-3" | Diese Variable ist eine Liste von Fehlerdomänen, in denen unser Instanzpool unsere Instanzen bereitstellt |
instance_pool_size | 2 | Anzahl der im Instanzpool zu startenden Instanzen |
Infrastrukturübersicht
Die Infrastruktur ist dieselbe wie im einfachen Instanzbeispiel, aber wir haben auch:
- ein Netzwerk-Load-Balancer, der den Datenverkehr aus dem Internet zu unseren Instanzpoolinstanzen weiterleitet
- eine Instanzkonfiguration, die vom Instanzpool verwendet wird
- ein Instanzpool
- zwei vom Instanzpool gestartete Oracle-Compute-Instanzen
Der Netzwerk-Load-Balancer wird erstellt von:
- ein Listener (Port 80)
- ein gesicherter Satz
- eine für jede der Instanzen im Instanzpool gesichert
Notizen
Einige wichtige Hinweise:
- Standardmäßig ist die Firewall auf den Compute-Instanzen deaktiviert. Bei einigen Tests hat die Firewall einige Probleme verursacht
- Nginx wird standardmäßig installiert (nginx wird zum Testen der Sicherheitslistenregeln und zum Testen der Netzwerk-Load-Balancer-Einrichtung verwendet)
- Das verwendete Betriebssystem ist Ubuntu 20.04
Bereitstellen
Erstellen Sie nun die Datei terraform.tfvars (Terraform-Setup-Abschnitt) und initialisieren Sie Terraform:
terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/oci...
- Installing hashicorp/oci v4.50.0...
- Installed hashicorp/oci v4.50.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Wir sind jetzt bereit, unsere Infrastruktur bereitzustellen:
terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# oci_core_default_route_table.default_oci_core_default_route_table will be created
+ resource "oci_core_default_route_table" "default_oci_core_default_route_table" {
+ compartment_id = (known after apply)
+ defined_tags = (known after apply)
+ display_name = (known after apply)
+ freeform_tags = (known after apply)
+ id = (known after apply)
+ manage_default_resource_id = (known after apply)
+ state = (known after apply)
+ time_created = (known after apply)
+ route_rules {
+ cidr_block = (known after apply)
+ description = (known after apply)
+ destination = "0.0.0.0/0"
+ destination_type = "CIDR_BLOCK"
+ network_entity_id = (known after apply)
}
}
<TRUNCATED OUTPUT>
Plan: 14 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ instances_ips = [
+ (known after apply),
+ (known after apply),
]
+ lb_ip = (known after apply)
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
Wenn wir keinen Fehler haben, führen Sie Folgendes aus:
terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# data.oci_core_instance.ubuntu_instance_pool_instances_ips[0] will be read during apply
# (config refers to values not yet known)
<= data "oci_core_instance" "ubuntu_instance_pool_instances_ips" {
+ agent_config = (known after apply)
+ async = (known after apply)
+ availability_config = (known after apply)
+ availability_domain = (known after apply)
+ boot_volume_id = (known after apply)
+ capacity_reservation_id = (known after apply)
+ compartment_id = (known after apply)
+ create_vnic_details = (known after apply)
+ dedicated_vm_host_id = (known after apply)
+ defined_tags = (known after apply)
+ display_name = (known after apply)
+ extended_metadata = (known after apply)
+ fault_domain = (known after apply)
+ freeform_tags = (known after apply)
+ hostname_label = (known after apply)
+ id = (known after apply)
+ image = (known after apply)
+ instance_id = (known after apply)
+ instance_options = (known after apply)
+ ipxe_script = (known after apply)
+ is_pv_encryption_in_transit_enabled = (known after apply)
+ launch_mode = (known after apply)
+ launch_options = (known after apply)
+ metadata = (known after apply)
+ platform_config = (known after apply)
+ preemptible_instance_config = (known after apply)
+ preserve_boot_volume = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ region = (known after apply)
+ shape = (known after apply)
+ shape_config = (known after apply)
+ source_details = (known after apply)
+ state = (known after apply)
+ subnet_id = (known after apply)
+ system_tags = (known after apply)
+ time_created = (known after apply)
+ time_maintenance_reboot_due = (known after apply)
}
<TRUNCATED OUTPUT>
oci_network_load_balancer_listener.test_listener: Creation complete after 25s [id=networkLoadBalancers/ocid1.networkloadbalancer.oc1.eu-zurich-1.amaaaaaa5kjm7pyarkfapfnqqxrwaowlnmj5mnd3etmig5nfcwd3m5yb7uha/listeners/LB%20test%20listener]
oci_network_load_balancer_backend.test_backend[1]: Still creating... [31s elapsed]
oci_network_load_balancer_backend.test_backend[0]: Still creating... [31s elapsed]
oci_network_load_balancer_backend.test_backend[0]: Still creating... [41s elapsed]
oci_network_load_balancer_backend.test_backend[1]: Still creating... [41s elapsed]
oci_network_load_balancer_backend.test_backend[0]: Creation complete after 42s [id=networkLoadBalancers/ocid1.networkloadbalancer.oc1.eu-zurich-1.amaaaaaa5kjm7pyarkfapfnqqxrwaowlnmj5mnd3etmig5nfcwd3m5yb7uha/backendSets/Backend%20set%20test/backends/ocid1.instance.oc1.eu-zurich-1.an5heljr5kjm7pycu5exolhnubsq5isqo6nveddlmlsblkz7geb6vbwsvbtq.80]
oci_network_load_balancer_backend.test_backend[1]: Still creating... [51s elapsed]
oci_network_load_balancer_backend.test_backend[1]: Still creating... [1m1s elapsed]
oci_network_load_balancer_backend.test_backend[1]: Still creating... [1m11s elapsed]
oci_network_load_balancer_backend.test_backend[1]: Creation complete after 1m14s [id=networkLoadBalancers/ocid1.networkloadbalancer.oc1.eu-zurich-1.amaaaaaa5kjm7pyarkfapfnqqxrwaowlnmj5mnd3etmig5nfcwd3m5yb7uha/backendSets/Backend%20set%20test/backends/ocid1.instance.oc1.eu-zurich-1.an5heljr5kjm7pycft5ixge6ssknpyb5s6q3eihuccogpqrvv2ntqdlww72a.80]
Apply complete! Resources: 14 added, 0 changed, 0 destroyed.
Outputs:
instances_ips = [
"132.x.x.x",
"152.x.x.x",
]
lb_ip = tolist([
{
"ip_address" = "140.x.x.x"
"is_public" = true
"reserved_ip" = tolist([])
},
])
Jetzt können wir in einer der bereitgestellten Instanzen ssh:
ssh [email protected]
...
35 updates can be applied immediately.
25 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@inst-ikudx-ubuntu-instance-pool:~$
Nach einigen Minuten (mindestens ein Backend muss sich im Zustand HEALTH befinden) antwortet auch der Network Load Balancer auf unsere Anfragen:
curl -v 140.x.x.x
* Trying 140.x.x.x:80...
* TCP_NODELAY set
* Connected to 140.x.x.x (140.x.x.x) port 80 (#0)
> GET / HTTP/1.1
> Host: 140.x.x.x
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.18.0 (Ubuntu)
< Date: Wed, 27 Oct 2021 15:39:51 GMT
< Content-Type: text/html
< Content-Length: 672
< Last-Modified: Wed, 27 Oct 2021 15:33:26 GMT
< Connection: keep-alive
< ETag: "61797146-2a0"
< Accept-Ranges: bytes
...
...
...
Aufräumen
So säubern/zerstören Sie unsere Infrastruktur:
terraform destroy