之前,資源都定義好了,現在就是去申請資源了。
申請這些資源就需要使用terraform的指令行了,開始初始化後端,後端是有存儲檔案的,預設情況下是在本地存儲的,然後會多一些檔案。 (下載下傳插件)
初始化後端,相當于tf的資料存儲,然後就是provider插件的下載下傳。
這裡生成了.terraform的目錄
stat檔案是狀态檔案,第一次tf建立了資源,會将目前的狀态記錄下來,第二次再定義的時候會去拿這個狀态和我的期望狀态做對比,有哪些差異,然後去變更這些差異。
現在是放在本地進行存儲,後面為了安全可以放到遠端的存儲裡面。
PS C:\Users\W10\Desktop\terraform> terraform init
Initializing the backend...
Initializing provider plugins...
- Finding aliyun/alicloud versions matching "1.188.0"...
- Installing aliyun/alicloud v1.188.0...
- Installed aliyun/alicloud v1.188.0 (signed by a HashiCorp partner, key ID 47422B4AA9FA381B)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary. 初始化也需要注意,當你将provider版本,子產品或者其他配置做了變更,那麼你就重新再運作下初始化,不然到時候找不到了。
而且遵循幂等性,多運作幾次是沒有影響的。
對代碼進行格式化,tf也是有樣式要求的,通過ft可以自動的進行文法的檢查和修正,那些被格式化的檔案在這裡被列出來了。
在配置流水線的時候,可以對它進行基本的校驗,真正要內建的時候還是輸出為json格式,比如和json做內建。
計劃和預覽,列印要申請哪些資源列舉出來。
PS C:\Users\W10\Desktop\terraform> terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
+ create
Terraform will perform the following actions:
# alicloud_security_group.group will be created
+ resource "alicloud_security_group" "group" {
+ id = (known after apply)
+ inner_access = (known after apply)
+ inner_access_policy = (known after apply)
+ name = "new-group"
+ security_group_type = "normal"
+ vpc_id = (known after apply)
}
# alicloud_security_group_rule.allow_80_tcp will be created
+ resource "alicloud_security_group_rule" "allow_80_tcp" {
+ cidr_ip = "0.0.0.0/0"
+ id = (known after apply)
+ ip_protocol = "tcp"
+ nic_type = "intranet"
+ policy = "accept"
+ port_range = "80/80"
+ prefix_list_id = (known after apply)
+ priority = 1
+ security_group_id = (known after apply)
+ type = "ingress"
}
# alicloud_vpc.vpc will be created
+ resource "alicloud_vpc" "vpc" {
+ cidr_block = "172.16.0.0/12"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ name = (known after apply)
+ resource_group_id = (known after apply)
+ route_table_id = (known after apply)
+ router_id = (known after apply)
+ router_table_id = (known after apply)
+ secondary_cidr_blocks = (known after apply)
+ status = (known after apply)
+ vpc_name = "tf_test_foo"
}
# alicloud_vswitch.vsw will be created
+ resource "alicloud_vswitch" "vsw" {
+ availability_zone = (known after apply)
+ cidr_block = "172.16.0.0/21"
+ id = (known after apply)
+ name = (known after apply)
+ status = (known after apply)
+ vpc_id = (known after apply)
+ vswitch_name = (known after apply)
+ zone_id = "cn-hangzhou-b"
}
Plan: 4 to add, 0 to change, 0 to destroy. 首先建立了安全組,然後建立了安全組的規則....................這個計劃就是友善我們去預覽。
直接去申請資源其實你也不知道資源的狀态,直接申請會出問題,是以plan去預覽一下。
注意資源的順序是tf自動幫你去處理的,無須我們去定義的。
alicloud_vpc.vpc: Creating...
alicloud_vpc.vpc: Creation complete after 6s [id=vpc-bp10cbf0gj65vrx953gge]
alicloud_security_group.group: Creating...
alicloud_vswitch.vsw: Creating...
alicloud_security_group.group: Creation complete after 2s [id=sg-bp1efisqbwav93v64dki]
alicloud_security_group_rule.allow_80_tcp: Creating...
alicloud_security_group_rule.allow_80_tcp: Creation complete after 0s [id=sg-bp1efisqbwav93v64dki:ingress:tcp:80/80:intranet:0.0.0.0/0:accept:1]
alicloud_vswitch.vsw: Creation complete after 6s [id=vsw-bp164q3dx49ljj50bh53m]
Apply complete! Resources: 4 added, 0 changed, 0 destroyed. 可以看到VPC ID,網段資訊,region資訊,使用者網段,建立時間,狀态。
上面都是互動需要輸入yes,如果你确定沒有問題了,那麼加上自動的選項,-auto-approve,就不會輸出資訊了,就直接申請就行了。