Cloud Virtual Machine Provisioning

如何使用Terraform迅速在阿里云创建Pigsty部署所需的虚拟机资源

如果您手头没有 x86_64 架构的PC、笔记本、Mac,使用即用即毁的云虚拟机可能是另一个不错的选择。

Terraform

Terraform 是开源免费的 基础设施即代码 工具。您只需要声明好所需的云虚拟机、网络与安全组配置等,一键即可拉起对应的资源。

在MacOS下安装Terraform,只需要执行brew install terraform即可。然后您需要有云厂商账号,并获取AccessKey与AccessSecret凭证,充点钱,就可以开始云端沙箱部署之旅啦。

TF配置文件

项目根目录 terraform/ 中提供了若干云厂商的 Terraform 资源定义文件,您可以使用这些模板快速在云上申请虚拟机资源用于部署Pigsty。这里以阿里云为例:

  1. cd terraform # 进入terraform目录中
  2. vi alicloud.tf # 编辑配置文件,填入您的阿里云AccessKey与SecretKey

阿里云样例Terraform文件

  1. provider "alicloud" {
  2. access_key = "xxxxxx"
  3. secret_key = "xxxxxx"
  4. region = "cn-beijing"
  5. }
  6. # use 10.10.10.0/24 cidr block as demo network
  7. resource "alicloud_vpc" "vpc" {
  8. vpc_name = "pigsty-demo-network"
  9. cidr_block = "10.10.10.0/24"
  10. }
  11. # add virtual switch for pigsty demo network
  12. resource "alicloud_vswitch" "vsw" {
  13. vpc_id = "${alicloud_vpc.vpc.id}"
  14. cidr_block = "10.10.10.0/24"
  15. zone_id = "cn-beijing-k"
  16. }
  17. # add default security group and allow all tcp traffic
  18. resource "alicloud_security_group" "default" {
  19. name = "default"
  20. vpc_id = "${alicloud_vpc.vpc.id}"
  21. }
  22. resource "alicloud_security_group_rule" "allow_all_tcp" {
  23. ip_protocol = "tcp"
  24. type = "ingress"
  25. nic_type = "intranet"
  26. policy = "accept"
  27. port_range = "1/65535"
  28. priority = 1
  29. security_group_id = "${alicloud_security_group.default.id}"
  30. cidr_ip = "0.0.0.0/0"
  31. }
  32. # https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/instance
  33. resource "alicloud_instance" "pg-meta-1" {
  34. instance_name = "pg-meta-1"
  35. host_name = "pg-meta-1"
  36. instance_type = "ecs.s6-c1m2.small"
  37. vswitch_id = "${alicloud_vswitch.vsw.id}"
  38. security_groups = ["${alicloud_security_group.default.id}"]
  39. image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
  40. password = "PigstyDemo4"
  41. private_ip = "10.10.10.10"
  42. internet_max_bandwidth_out = 40 # 40Mbps , alloc a public IP
  43. }
  44. resource "alicloud_instance" "pg-test-1" {
  45. instance_name = "pg-test-1"
  46. host_name = "pg-test-1"
  47. instance_type = "ecs.s6-c1m1.small"
  48. vswitch_id = "${alicloud_vswitch.vsw.id}"
  49. security_groups = ["${alicloud_security_group.default.id}"]
  50. image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
  51. password = "PigstyDemo4"
  52. private_ip = "10.10.10.11"
  53. }
  54. resource "alicloud_instance" "pg-test-2" {
  55. instance_name = "pg-test-2"
  56. host_name = "pg-test-2"
  57. instance_type = "ecs.s6-c1m1.small"
  58. vswitch_id = "${alicloud_vswitch.vsw.id}"
  59. security_groups = ["${alicloud_security_group.default.id}"]
  60. image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
  61. password = "PigstyDemo4"
  62. private_ip = "10.10.10.12"
  63. }
  64. resource "alicloud_instance" "pg-test-3" {
  65. instance_name = "pg-test-3"
  66. host_name = "pg-test-3"
  67. instance_type = "ecs.s6-c1m1.small"
  68. vswitch_id = "${alicloud_vswitch.vsw.id}"
  69. security_groups = ["${alicloud_security_group.default.id}"]
  70. image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
  71. password = "PigstyDemo4"
  72. private_ip = "10.10.10.13"
  73. }
  74. output "meta_ip" {
  75. value = "${alicloud_instance.pg-meta-1.public_ip}"
  76. }

执行计划

首先,使用terraform命令,创建上面定义的云资源(共享1C1G临时用用很便宜,按需付费)

  1. terraform init # 安装 terraform provider: aliyun (仅第一次需要)
  2. terraform apply # 生成执行计划:创建虚拟机,虚拟网段/交换机/安全组

执行 apply 并输入 yes后,terraform会调用阿里云API创建对应的虚拟机资源。

Terraform Apply执行结果

  1. Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  2. + create
  3. Terraform will perform the following actions:
  4. # alicloud_instance.pg-meta-1 will be created
  5. + resource "alicloud_instance" "pg-meta-1" {
  6. + availability_zone = (known after apply)
  7. + credit_specification = (known after apply)
  8. + deletion_protection = false
  9. + dry_run = false
  10. + host_name = "pg-meta-1"
  11. + id = (known after apply)
  12. + image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
  13. + instance_charge_type = "PostPaid"
  14. + instance_name = "pg-meta-1"
  15. + instance_type = "ecs.s6-c1m2.small"
  16. + internet_charge_type = "PayByTraffic"
  17. + internet_max_bandwidth_in = (known after apply)
  18. + internet_max_bandwidth_out = 40
  19. + key_name = (known after apply)
  20. + password = (sensitive value)
  21. + private_ip = "10.10.10.10"
  22. + public_ip = (known after apply)
  23. + role_name = (known after apply)
  24. + secondary_private_ip_address_count = (known after apply)
  25. + secondary_private_ips = (known after apply)
  26. + security_groups = (known after apply)
  27. + spot_strategy = "NoSpot"
  28. + status = "Running"
  29. + subnet_id = (known after apply)
  30. + system_disk_category = "cloud_efficiency"
  31. + system_disk_performance_level = (known after apply)
  32. + system_disk_size = 40
  33. + volume_tags = (known after apply)
  34. + vswitch_id = (known after apply)
  35. }
  36. # alicloud_instance.pg-test-1 will be created
  37. + resource "alicloud_instance" "pg-test-1" {
  38. + availability_zone = (known after apply)
  39. + credit_specification = (known after apply)
  40. + deletion_protection = false
  41. + dry_run = false
  42. + host_name = "pg-test-1"
  43. + id = (known after apply)
  44. + image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
  45. + instance_charge_type = "PostPaid"
  46. + instance_name = "pg-test-1"
  47. + instance_type = "ecs.s6-c1m1.small"
  48. + internet_max_bandwidth_in = (known after apply)
  49. + internet_max_bandwidth_out = 0
  50. + key_name = (known after apply)
  51. + password = (sensitive value)
  52. + private_ip = "10.10.10.11"
  53. + public_ip = (known after apply)
  54. + role_name = (known after apply)
  55. + secondary_private_ip_address_count = (known after apply)
  56. + secondary_private_ips = (known after apply)
  57. + security_groups = (known after apply)
  58. + spot_strategy = "NoSpot"
  59. + status = "Running"
  60. + subnet_id = (known after apply)
  61. + system_disk_category = "cloud_efficiency"
  62. + system_disk_performance_level = (known after apply)
  63. + system_disk_size = 40
  64. + volume_tags = (known after apply)
  65. + vswitch_id = (known after apply)
  66. }
  67. # alicloud_instance.pg-test-2 will be created
  68. + resource "alicloud_instance" "pg-test-2" {
  69. + availability_zone = (known after apply)
  70. + credit_specification = (known after apply)
  71. + deletion_protection = false
  72. + dry_run = false
  73. + host_name = "pg-test-2"
  74. + id = (known after apply)
  75. + image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
  76. + instance_charge_type = "PostPaid"
  77. + instance_name = "pg-test-2"
  78. + instance_type = "ecs.s6-c1m1.small"
  79. + internet_max_bandwidth_in = (known after apply)
  80. + internet_max_bandwidth_out = 0
  81. + key_name = (known after apply)
  82. + password = (sensitive value)
  83. + private_ip = "10.10.10.12"
  84. + public_ip = (known after apply)
  85. + role_name = (known after apply)
  86. + secondary_private_ip_address_count = (known after apply)
  87. + secondary_private_ips = (known after apply)
  88. + security_groups = (known after apply)
  89. + spot_strategy = "NoSpot"
  90. + status = "Running"
  91. + subnet_id = (known after apply)
  92. + system_disk_category = "cloud_efficiency"
  93. + system_disk_performance_level = (known after apply)
  94. + system_disk_size = 40
  95. + volume_tags = (known after apply)
  96. + vswitch_id = (known after apply)
  97. }
  98. # alicloud_instance.pg-test-3 will be created
  99. + resource "alicloud_instance" "pg-test-3" {
  100. + availability_zone = (known after apply)
  101. + credit_specification = (known after apply)
  102. + deletion_protection = false
  103. + dry_run = false
  104. + host_name = "pg-test-3"
  105. + id = (known after apply)
  106. + image_id = "centos_7_8_x64_20G_alibase_20200914.vhd"
  107. + instance_charge_type = "PostPaid"
  108. + instance_name = "pg-test-3"
  109. + instance_type = "ecs.s6-c1m1.small"
  110. + internet_max_bandwidth_in = (known after apply)
  111. + internet_max_bandwidth_out = 0
  112. + key_name = (known after apply)
  113. + password = (sensitive value)
  114. + private_ip = "10.10.10.13"
  115. + public_ip = (known after apply)
  116. + role_name = (known after apply)
  117. + secondary_private_ip_address_count = (known after apply)
  118. + secondary_private_ips = (known after apply)
  119. + security_groups = (known after apply)
  120. + spot_strategy = "NoSpot"
  121. + status = "Running"
  122. + subnet_id = (known after apply)
  123. + system_disk_category = "cloud_efficiency"
  124. + system_disk_performance_level = (known after apply)
  125. + system_disk_size = 40
  126. + volume_tags = (known after apply)
  127. + vswitch_id = (known after apply)
  128. }
  129. # alicloud_security_group.default will be created
  130. + resource "alicloud_security_group" "default" {
  131. + id = (known after apply)
  132. + inner_access = (known after apply)
  133. + inner_access_policy = (known after apply)
  134. + name = "default"
  135. + security_group_type = "normal"
  136. + vpc_id = (known after apply)
  137. }
  138. # alicloud_security_group_rule.allow_all_tcp will be created
  139. + resource "alicloud_security_group_rule" "allow_all_tcp" {
  140. + cidr_ip = "0.0.0.0/0"
  141. + id = (known after apply)
  142. + ip_protocol = "tcp"
  143. + nic_type = "intranet"
  144. + policy = "accept"
  145. + port_range = "1/65535"
  146. + priority = 1
  147. + security_group_id = (known after apply)
  148. + type = "ingress"
  149. }
  150. # alicloud_vpc.vpc will be created
  151. + resource "alicloud_vpc" "vpc" {
  152. + cidr_block = "10.10.10.0/24"
  153. + id = (known after apply)
  154. + ipv6_cidr_block = (known after apply)
  155. + name = (known after apply)
  156. + resource_group_id = (known after apply)
  157. + route_table_id = (known after apply)
  158. + router_id = (known after apply)
  159. + router_table_id = (known after apply)
  160. + status = (known after apply)
  161. + vpc_name = "pigsty-demo-network"
  162. }
  163. # alicloud_vswitch.vsw will be created
  164. + resource "alicloud_vswitch" "vsw" {
  165. + availability_zone = (known after apply)
  166. + cidr_block = "10.10.10.0/24"
  167. + id = (known after apply)
  168. + name = (known after apply)
  169. + status = (known after apply)
  170. + vpc_id = (known after apply)
  171. + vswitch_name = (known after apply)
  172. + zone_id = "cn-beijing-k"
  173. }
  174. Plan: 8 to add, 0 to change, 0 to destroy.
  175. Changes to Outputs:
  176. + meta_ip = (known after apply)
  177. Do you want to perform these actions?
  178. Terraform will perform the actions described above.
  179. Only 'yes' will be accepted to approve.
  180. Enter a value: yes
  181. alicloud_vpc.vpc: Creating...
  182. alicloud_vpc.vpc: Creation complete after 6s [id=vpc-2zed78z7n5z06o1dmydhj]
  183. alicloud_security_group.default: Creating...
  184. alicloud_vswitch.vsw: Creating...
  185. alicloud_security_group.default: Creation complete after 1s [id=sg-2ze7x7zu8tcdsefroofa]
  186. alicloud_security_group_rule.allow_all_tcp: Creating...
  187. alicloud_security_group_rule.allow_all_tcp: Creation complete after 0s [id=sg-2ze7x7zu8tcdsefroofa:ingress:tcp:1/65535:intranet:0.0.0.0/0:accept:1]
  188. alicloud_vswitch.vsw: Creation complete after 6s [id=vsw-2zejctjdr16ryz194jxz4]
  189. alicloud_instance.pg-test-3: Creating...
  190. alicloud_instance.pg-test-2: Creating...
  191. alicloud_instance.pg-test-1: Creating...
  192. alicloud_instance.pg-meta-1: Creating...
  193. alicloud_instance.pg-test-3: Still creating... [10s elapsed]
  194. alicloud_instance.pg-test-2: Still creating... [10s elapsed]
  195. alicloud_instance.pg-test-1: Still creating... [10s elapsed]
  196. alicloud_instance.pg-meta-1: Still creating... [10s elapsed]
  197. alicloud_instance.pg-meta-1: Creation complete after 16s [id=i-2zef4frw6kezb47339wr]
  198. alicloud_instance.pg-test-1: Still creating... [20s elapsed]
  199. alicloud_instance.pg-test-2: Still creating... [20s elapsed]
  200. alicloud_instance.pg-test-3: Still creating... [20s elapsed]
  201. alicloud_instance.pg-test-2: Creation complete after 23s [id=i-2zefzvz0fyl7mloc4v30]
  202. alicloud_instance.pg-test-1: Still creating... [30s elapsed]
  203. alicloud_instance.pg-test-3: Still creating... [30s elapsed]
  204. alicloud_instance.pg-test-3: Creation complete after 33s [id=i-2zeeyodo2pc8b1k2d167]
  205. alicloud_instance.pg-test-1: Creation complete after 33s [id=i-2zef4frw6kezb47339ws]

SSH配置与微调

其中,管理机将分配一个按量付费的公网IP,您也可以使用命令terraform output将其打印出来。

  1. # 打印公网IP与root密码
  2. ssh_pass='PigstyDemo4'
  3. public_ip=$(terraform output | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
  4. echo "meta node: root:${ssh_pass}@${public_ip}"

接下来,我们先来配置本地登录云端管理机器的SSH配置(默认用户root,密码PigstyDemo4

  1. # 创建 ~/.ssh/pigsty_terraform 文件,包含云端管理机器的SSH定义(可选,好用一点)
  2. cat > ~/.ssh/pigsty_terraform <<-EOF
  3. Host demo
  4. User root
  5. HostName ${public_ip}
  6. UserKnownHostsFile /dev/null
  7. StrictHostKeyChecking no
  8. PasswordAuthentication yes
  9. EOF
  10. chmod 0600 ~/.ssh/pigsty_terraform
  11. # 启用该配置
  12. if ! grep --quiet "Include ~/.ssh/pigsty_terraform" ~/.ssh/config ; then
  13. (echo 'Include ~/.ssh/pigsty_terraform' && cat ~/.ssh/config) > ~/.ssh/config.tmp;
  14. mv ~/.ssh/config.tmp ~/.ssh/config && chmod 0600 ~/.ssh/config;
  15. fi

然后,您可以通过SSH别名demo访问该云端管理机了。

  1. # 添加本地到元节点的免密访问
  2. sshpass -p ${ssh_pass} ssh-copy-id demo

然后,您就可以免密从本地访问该节点了,如果只需要进行单节点安装,这样就行了。接下来,在该元节点上完成标准安装

特殊注意事项

阿里云虚拟机CentOS 7.8镜像中运行有 nscd ,锁死了 glibc 版本,会导致安装时出现RPM依赖错误。

在所有机器上执行 yum remove -y nscd 即可解决此问题。

完成上述准备工作后,所有机器准备工作已经就绪,可以开始常规的 Pigsty下载配置安装三部曲啦。

Last modified 2022-06-03: add scaffold for en docs (6a6eded)