云端虚拟机置备
如何使用Terraform迅速在阿里云创建Pigsty部署所需的虚拟机资源
如果您手头没有 x86_64 架构的PC、笔记本、Mac,使用即用即毁的云虚拟机可能是另一个不错的选择。
Terraform
Terraform 是开源免费的 基础设施即代码 工具。您只需要声明好所需的云虚拟机、网络与安全组配置等,一键即可拉起对应的资源。
在MacOS下安装Terraform,只需要执行brew install terraform即可。然后您需要有云厂商账号,并获取AccessKey与AccessSecret凭证,充点钱,就可以开始云端沙箱部署之旅啦。
TF配置文件
项目根目录 terraform/ 中提供了若干云厂商的 Terraform 资源定义文件,您可以使用这些模板快速在云上申请虚拟机资源用于部署Pigsty。这里以阿里云为例:
cd terraform # 进入terraform目录中
vi alicloud.tf # 编辑配置文件,填入您的阿里云AccessKey与SecretKey
阿里云样例Terraform文件
provider "alicloud" {
access_key = "xxxxxx"
secret_key = "xxxxxx"
region = "cn-beijing"
}
# use 10.10.10.0/24 cidr block as demo network
resource "alicloud_vpc" "vpc" {
vpc_name = "pigsty-demo-network"
cidr_block = "10.10.10.0/24"
}
# add virtual switch for pigsty demo network
resource "alicloud_vswitch" "vsw" {
vpc_id = "${alicloud_vpc.vpc.id}"
cidr_block = "10.10.10.0/24"
zone_id = "cn-beijing-k"
}
# add default security group and allow all tcp traffic
resource "alicloud_security_group" "default" {
name = "default"
vpc_id = "${alicloud_vpc.vpc.id}"
}
resource "alicloud_security_group_rule" "allow_all_tcp" {
ip_protocol = "tcp"
type = "ingress"
nic_type = "intranet"
policy = "accept"
port_range = "1/65535"
priority = 1
security_group_id = "${alicloud_security_group.default.id}"
cidr_ip = "0.0.0.0/0"
}
# https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/instance
resource "alicloud_instance" "pg-meta-1" {
instance_name = "pg-meta-1"
host_name = "pg-meta-1"
instance_type = "ecs.s6-c1m2.small"
vswitch_id = "${alicloud_vswitch.vsw.id}"
security_groups = ["${alicloud_security_group.default.id}"]
image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
password = "PigstyDemo4"
private_ip = "10.10.10.10"
internet_max_bandwidth_out = 40 # 40Mbps , alloc a public IP
}
resource "alicloud_instance" "pg-test-1" {
instance_name = "pg-test-1"
host_name = "pg-test-1"
instance_type = "ecs.s6-c1m1.small"
vswitch_id = "${alicloud_vswitch.vsw.id}"
security_groups = ["${alicloud_security_group.default.id}"]
image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
password = "PigstyDemo4"
private_ip = "10.10.10.11"
}
resource "alicloud_instance" "pg-test-2" {
instance_name = "pg-test-2"
host_name = "pg-test-2"
instance_type = "ecs.s6-c1m1.small"
vswitch_id = "${alicloud_vswitch.vsw.id}"
security_groups = ["${alicloud_security_group.default.id}"]
image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
password = "PigstyDemo4"
private_ip = "10.10.10.12"
}
resource "alicloud_instance" "pg-test-3" {
instance_name = "pg-test-3"
host_name = "pg-test-3"
instance_type = "ecs.s6-c1m1.small"
vswitch_id = "${alicloud_vswitch.vsw.id}"
security_groups = ["${alicloud_security_group.default.id}"]
image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
password = "PigstyDemo4"
private_ip = "10.10.10.13"
}
output "meta_ip" {
value = "${alicloud_instance.pg-meta-1.public_ip}"
}
执行计划
首先,使用terraform命令,创建上面定义的云资源(共享1C1G临时用用很便宜,按需付费)
terraform init # 安装 terraform provider: aliyun (仅第一次需要)
terraform apply # 生成执行计划:创建虚拟机,虚拟网段/交换机/安全组
执行 apply 并输入 yes后,terraform会调用阿里云API创建对应的虚拟机资源。
Terraform Apply执行结果
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# alicloud_instance.pg-meta-1 will be created
+ resource "alicloud_instance" "pg-meta-1" {
+ availability_zone = (known after apply)
+ credit_specification = (known after apply)
+ deletion_protection = false
+ dry_run = false
+ host_name = "pg-meta-1"
+ id = (known after apply)
+ image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
+ instance_charge_type = "PostPaid"
+ instance_name = "pg-meta-1"
+ instance_type = "ecs.s6-c1m2.small"
+ internet_charge_type = "PayByTraffic"
+ internet_max_bandwidth_in = (known after apply)
+ internet_max_bandwidth_out = 40
+ key_name = (known after apply)
+ password = (sensitive value)
+ private_ip = "10.10.10.10"
+ public_ip = (known after apply)
+ role_name = (known after apply)
+ secondary_private_ip_address_count = (known after apply)
+ secondary_private_ips = (known after apply)
+ security_groups = (known after apply)
+ spot_strategy = "NoSpot"
+ status = "Running"
+ subnet_id = (known after apply)
+ system_disk_category = "cloud_efficiency"
+ system_disk_performance_level = (known after apply)
+ system_disk_size = 40
+ volume_tags = (known after apply)
+ vswitch_id = (known after apply)
}
# alicloud_instance.pg-test-1 will be created
+ resource "alicloud_instance" "pg-test-1" {
+ availability_zone = (known after apply)
+ credit_specification = (known after apply)
+ deletion_protection = false
+ dry_run = false
+ host_name = "pg-test-1"
+ id = (known after apply)
+ image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
+ instance_charge_type = "PostPaid"
+ instance_name = "pg-test-1"
+ instance_type = "ecs.s6-c1m1.small"
+ internet_max_bandwidth_in = (known after apply)
+ internet_max_bandwidth_out = 0
+ key_name = (known after apply)
+ password = (sensitive value)
+ private_ip = "10.10.10.11"
+ public_ip = (known after apply)
+ role_name = (known after apply)
+ secondary_private_ip_address_count = (known after apply)
+ secondary_private_ips = (known after apply)
+ security_groups = (known after apply)
+ spot_strategy = "NoSpot"
+ status = "Running"
+ subnet_id = (known after apply)
+ system_disk_category = "cloud_efficiency"
+ system_disk_performance_level = (known after apply)
+ system_disk_size = 40
+ volume_tags = (known after apply)
+ vswitch_id = (known after apply)
}
# alicloud_instance.pg-test-2 will be created
+ resource "alicloud_instance" "pg-test-2" {
+ availability_zone = (known after apply)
+ credit_specification = (known after apply)
+ deletion_protection = false
+ dry_run = false
+ host_name = "pg-test-2"
+ id = (known after apply)
+ image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
+ instance_charge_type = "PostPaid"
+ instance_name = "pg-test-2"
+ instance_type = "ecs.s6-c1m1.small"
+ internet_max_bandwidth_in = (known after apply)
+ internet_max_bandwidth_out = 0
+ key_name = (known after apply)
+ password = (sensitive value)
+ private_ip = "10.10.10.12"
+ public_ip = (known after apply)
+ role_name = (known after apply)
+ secondary_private_ip_address_count = (known after apply)
+ secondary_private_ips = (known after apply)
+ security_groups = (known after apply)
+ spot_strategy = "NoSpot"
+ status = "Running"
+ subnet_id = (known after apply)
+ system_disk_category = "cloud_efficiency"
+ system_disk_performance_level = (known after apply)
+ system_disk_size = 40
+ volume_tags = (known after apply)
+ vswitch_id = (known after apply)
}
# alicloud_instance.pg-test-3 will be created
+ resource "alicloud_instance" "pg-test-3" {
+ availability_zone = (known after apply)
+ credit_specification = (known after apply)
+ deletion_protection = false
+ dry_run = false
+ host_name = "pg-test-3"
+ id = (known after apply)
+ image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
+ instance_charge_type = "PostPaid"
+ instance_name = "pg-test-3"
+ instance_type = "ecs.s6-c1m1.small"
+ internet_max_bandwidth_in = (known after apply)
+ internet_max_bandwidth_out = 0
+ key_name = (known after apply)
+ password = (sensitive value)
+ private_ip = "10.10.10.13"
+ public_ip = (known after apply)
+ role_name = (known after apply)
+ secondary_private_ip_address_count = (known after apply)
+ secondary_private_ips = (known after apply)
+ security_groups = (known after apply)
+ spot_strategy = "NoSpot"
+ status = "Running"
+ subnet_id = (known after apply)
+ system_disk_category = "cloud_efficiency"
+ system_disk_performance_level = (known after apply)
+ system_disk_size = 40
+ volume_tags = (known after apply)
+ vswitch_id = (known after apply)
}
# alicloud_security_group.default will be created
+ resource "alicloud_security_group" "default" {
+ id = (known after apply)
+ inner_access = (known after apply)
+ inner_access_policy = (known after apply)
+ name = "default"
+ security_group_type = "normal"
+ vpc_id = (known after apply)
}
# alicloud_security_group_rule.allow_all_tcp will be created
+ resource "alicloud_security_group_rule" "allow_all_tcp" {
+ cidr_ip = "0.0.0.0/0"
+ id = (known after apply)
+ ip_protocol = "tcp"
+ nic_type = "intranet"
+ policy = "accept"
+ port_range = "1/65535"
+ priority = 1
+ security_group_id = (known after apply)
+ type = "ingress"
}
# alicloud_vpc.vpc will be created
+ resource "alicloud_vpc" "vpc" {
+ cidr_block = "10.10.10.0/24"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ name = (known after apply)
+ resource_group_id = (known after apply)
+ route_table_id = (known after apply)
+ router_id = (known after apply)
+ router_table_id = (known after apply)
+ status = (known after apply)
+ vpc_name = "pigsty-demo-network"
}
# alicloud_vswitch.vsw will be created
+ resource "alicloud_vswitch" "vsw" {
+ availability_zone = (known after apply)
+ cidr_block = "10.10.10.0/24"
+ id = (known after apply)
+ name = (known after apply)
+ status = (known after apply)
+ vpc_id = (known after apply)
+ vswitch_name = (known after apply)
+ zone_id = "cn-beijing-k"
}
Plan: 8 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ meta_ip = (known after apply)
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
alicloud_vpc.vpc: Creating...
alicloud_vpc.vpc: Creation complete after 6s [id=vpc-2zed78z7n5z06o1dmydhj]
alicloud_security_group.default: Creating...
alicloud_vswitch.vsw: Creating...
alicloud_security_group.default: Creation complete after 1s [id=sg-2ze7x7zu8tcdsefroofa]
alicloud_security_group_rule.allow_all_tcp: Creating...
alicloud_security_group_rule.allow_all_tcp: Creation complete after 0s [id=sg-2ze7x7zu8tcdsefroofa:ingress:tcp:1/65535:intranet:0.0.0.0/0:accept:1]
alicloud_vswitch.vsw: Creation complete after 6s [id=vsw-2zejctjdr16ryz194jxz4]
alicloud_instance.pg-test-3: Creating...
alicloud_instance.pg-test-2: Creating...
alicloud_instance.pg-test-1: Creating...
alicloud_instance.pg-meta-1: Creating...
alicloud_instance.pg-test-3: Still creating... [10s elapsed]
alicloud_instance.pg-test-2: Still creating... [10s elapsed]
alicloud_instance.pg-test-1: Still creating... [10s elapsed]
alicloud_instance.pg-meta-1: Still creating... [10s elapsed]
alicloud_instance.pg-meta-1: Creation complete after 16s [id=i-2zef4frw6kezb47339wr]
alicloud_instance.pg-test-1: Still creating... [20s elapsed]
alicloud_instance.pg-test-2: Still creating... [20s elapsed]
alicloud_instance.pg-test-3: Still creating... [20s elapsed]
alicloud_instance.pg-test-2: Creation complete after 23s [id=i-2zefzvz0fyl7mloc4v30]
alicloud_instance.pg-test-1: Still creating... [30s elapsed]
alicloud_instance.pg-test-3: Still creating... [30s elapsed]
alicloud_instance.pg-test-3: Creation complete after 33s [id=i-2zeeyodo2pc8b1k2d167]
alicloud_instance.pg-test-1: Creation complete after 33s [id=i-2zef4frw6kezb47339ws]
SSH配置与微调
其中,管理机将分配一个按量付费的公网IP,您也可以使用命令terraform output将其打印出来。
# 打印公网IP与root密码
ssh_pass='PigstyDemo4'
public_ip=$(terraform output | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
echo "meta node: root:${ssh_pass}@${public_ip}"
接下来,我们先来配置本地登录云端管理机器的SSH配置(默认用户root,密码PigstyDemo4)
# 创建 ~/.ssh/pigsty_terraform 文件,包含云端管理机器的SSH定义(可选,好用一点)
cat > ~/.ssh/pigsty_terraform <<-EOF
Host demo
User root
HostName ${public_ip}
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication yes
EOF
chmod 0600 ~/.ssh/pigsty_terraform
# 启用该配置
if ! grep --quiet "Include ~/.ssh/pigsty_terraform" ~/.ssh/config ; then
(echo 'Include ~/.ssh/pigsty_terraform' && cat ~/.ssh/config) > ~/.ssh/config.tmp;
mv ~/.ssh/config.tmp ~/.ssh/config && chmod 0600 ~/.ssh/config;
fi
然后,您可以通过SSH别名demo访问该云端管理机了。
# 添加本地到元节点的免密访问
sshpass -p ${ssh_pass} ssh-copy-id demo
然后,您就可以免密从本地访问该节点了,如果只需要进行单节点安装,这样就行了。接下来,在该元节点上完成标准安装
特殊注意事项
阿里云虚拟机CentOS 7.8镜像中运行有 nscd ,锁死了 glibc 版本,会导致安装时出现RPM依赖错误。
在所有机器上执行 yum remove -y nscd 即可解决此问题。
完成上述准备工作后,所有机器准备工作已经就绪,可以开始常规的 Pigsty下载配置安装三部曲啦。
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
最后修改 2022-05-27: init commit (1e3e284)