安裝Terraform

• 使用阿里云Cloud Shell。阿里云Cloud Shell是一款幫助您運維的免費產品，預裝了Terraform的組件，并配置好身份憑證（credentials）。因此您可直接在Cloud Shell中運行Terraform的命令。詳情請參見Cloud Shell。

• 在本地安裝和配置Terraform，請參見在本地安裝和配置Terraform。

  安裝完成后，您可以打開命令行終端，輸入terraform version，若返回版本信息表示已成功安裝。

編寫模板

Terraform通過命令實現對Terraform模板中所定義的資源進行創建、修改、查看和刪除。

1. 創建執行目錄并進入。

   說明

   需要為每個Terraform項目創建一個獨立的執行目錄。

   • Linux或macOS：

     sudo mkdir /usr/local/terraform
     cd /usr/local/rds_terraform

     重要

     如果您使用的非root權限用戶，則還需要為rds_terraform目錄授權，使用sudo chown -R <當前用戶名>:<用戶所屬組名> /usr/local/terraform命令，將rds_terraform文件夾的owner修改為當前用戶。

   • Windows：以D盤下創建rds_terraform文件夾為例，進入rds_terraform文件夾。

2. 在執行目錄下，創建Terraform模板（terraform.tf）文件。

   • Linux或macOS：

     touch terraform.tf

   • Windows：手動創建terraform.tf文件。

3. 以查詢RDS PostgreSQL可用區信息為例，編輯terraform.tf文件，補充如下信息。

   resource "alicloud_vpc" "main" {
     vpc_name       = "alicloud"
     cidr_block = "172.16.0.0/16"
   }
   
   resource "alicloud_vswitch" "main" {
     vpc_id            = alicloud_vpc.main.id
     cidr_block        = "172.16.192.0/20"
     zone_id = "cn-hangzhou-j"
     depends_on = [alicloud_vpc.main]
   }
   
   resource "alicloud_db_instance" "instance" {
     engine           = "PostgreSQL"
     engine_version   = "13.0"
     instance_type    = "pg.n2.2c.2m"
     instance_storage = "30"
     instance_charge_type = "Postpaid"
     vswitch_id       = alicloud_vswitch.main.id
   }

運行模板

本示例以Windows操作系統下使用本地安裝的Terraform為例，在其他操作系統中，運行命令的具體方式可能會有所不同。

1. 進入D:\rds_terraform目錄下，初始化加載模塊，包括Provider等模板。

   terraform init

   返回結果

   Initializing the backend...
   Initializing provider plugins...
   - Finding latest version of hashicorp/alicloud...
   - Installing hashicorp/alicloud v1.226.0...
   - Installed hashicorp/alicloud v1.226.0 (signed by HashiCorp)
   Terraform has created a lock file .terraform.lock.hcl to record the provider
   selections it made above. Include this file in your version control repository
   so that Terraform can guarantee to make the same selections by default when
   you run "terraform init" in the future.
   
   ?
   │ Warning: Additional provider information from registry
   │
   │ The remote registry returned warnings for registry.terraform.io/hashicorp/alicloud:
   │ - For users on Terraform 0.13 or greater, this provider has moved to aliyun/alicloud. Please update your source in required_providers.
   ?
   Terraform has been successfully initialized!
   
   You may now begin working with Terraform. Try running "terraform plan" to see
   any changes that are required for your infrastructure. All Terraform commands
   should now work.
   
   If you ever set or change modules or backend configuration for Terraform,
   rerun this command to reinitialize your working directory. If you forget, other
   commands will detect it and remind you to do so if necessary.

2. 驗證模板語法是否正確。

   terraform validate

   返回結果：

   Success! The configuration is valid.

3. 預覽模板。

   terraform plan

   返回結果

   Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
     + create
   
   Terraform will perform the following actions:
   
     # alicloud_db_instance.instance will be created
     + resource "alicloud_db_instance" "instance" {
         + acl                        = (known after apply)
         + auto_upgrade_minor_version = (known after apply)
         + babelfish_port             = (known after apply)
         + ca_type                    = (known after apply)
         + category                   = (known after apply)
         + connection_string          = (known after apply)
         + connection_string_prefix   = (known after apply)
         + create_time                = (known after apply)
         + db_instance_storage_type   = (known after apply)
         + db_instance_type           = (known after apply)
         + db_is_ignore_case          = (known after apply)
         + db_time_zone               = (known after apply)
         + deletion_protection        = false
         + engine                     = "PostgreSQL"
         + engine_version             = "14.0"
         + force_restart              = false
         + ha_config                  = (known after apply)
         + id                         = (known after apply)
         + instance_charge_type       = "Postpaid"
         + instance_storage           = 30
         + instance_type              = "pg.n2.2c.2m"
         + maintain_time              = (known after apply)
         + monitoring_period          = (known after apply)
         + node_id                    = (known after apply)
         + port                       = (known after apply)
         + private_ip_address         = (known after apply)
         + replication_acl            = (known after apply)
         + resource_group_id          = (known after apply)
         + role_arn                   = (known after apply)
         + security_group_id          = (known after apply)
         + security_group_ids         = (known after apply)
         + security_ip_mode           = "normal"
         + security_ips               = (known after apply)
         + server_cert                = (known after apply)
         + server_key                 = (known after apply)
         + sql_collector_config_value = 30
         + sql_collector_status       = (known after apply)
         + ssl_action                 = (known after apply)
         + ssl_connection_string      = (known after apply)
         + ssl_status                 = (known after apply)
         + status                     = (known after apply)
         + target_minor_version       = (known after apply)
         + tcp_connection_type        = (known after apply)
         + tde_status                 = (known after apply)
         + vpc_id                     = (known after apply)
         + vswitch_id                 = (known after apply)
         + zone_id                    = (known after apply)
         + zone_id_slave_a            = (known after apply)
         + zone_id_slave_b            = (known after apply)
   
         + babelfish_config (known after apply)
   
         + parameters (known after apply)
   
         + pg_hba_conf (known after apply)
       }
   
     # alicloud_vpc.main will be created
     + resource "alicloud_vpc" "main" {
         + cidr_block            = "172.16.0.0/16"
         + create_time           = (known after apply)
         + id                    = (known after apply)
         + ipv6_cidr_block       = (known after apply)
         + ipv6_cidr_blocks      = (known after apply)
         + name                  = (known after apply)
         + resource_group_id     = (known after apply)
         + route_table_id        = (known after apply)
         + router_id             = (known after apply)
         + router_table_id       = (known after apply)
         + secondary_cidr_blocks = (known after apply)
         + status                = (known after apply)
         + user_cidrs            = (known after apply)
         + vpc_name              = "alicloud"
       }
   
     # alicloud_vswitch.main will be created
     + resource "alicloud_vswitch" "main" {
         + availability_zone    = (known after apply)
         + cidr_block           = "172.16.192.0/20"
         + create_time          = (known after apply)
         + id                   = (known after apply)
         + ipv6_cidr_block      = (known after apply)
         + ipv6_cidr_block_mask = (known after apply)
         + name                 = (known after apply)
         + status               = (known after apply)
         + vpc_id               = (known after apply)
         + vswitch_name         = (known after apply)
         + zone_id              = "cn-hangzhou-j"
       }
   
     Plan: 3 to add, 0 to change, 0 to destroy.
   
   

4. 應用模板配置。

   terraform apply

   出現如下配置信息后，確認配置信息并輸入yes，開始創建。

   返回結果

   Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
     + create
   
   Terraform will perform the following actions:
   
     # alicloud_db_instance.instance will be created
     + resource "alicloud_db_instance" "instance" {
         + acl                        = (known after apply)
         + auto_upgrade_minor_version = (known after apply)
         + babelfish_port             = (known after apply)
         + ca_type                    = (known after apply)
         + category                   = (known after apply)
         + connection_string          = (known after apply)
         + connection_string_prefix   = (known after apply)
         + create_time                = (known after apply)
         + db_instance_storage_type   = (known after apply)
         + db_instance_type           = (known after apply)
         + db_is_ignore_case          = (known after apply)
         + db_time_zone               = (known after apply)
         + deletion_protection        = false
         + engine                     = "PostgreSQL"
         + engine_version             = "14.0"
         + force_restart              = false
         + ha_config                  = (known after apply)
         + id                         = (known after apply)
         + instance_charge_type       = "Postpaid"
         + instance_storage           = 30
         + instance_type              = "pg.n2.2c.2m"
         + maintain_time              = (known after apply)
         + monitoring_period          = (known after apply)
         + node_id                    = (known after apply)
         + port                       = (known after apply)
         + private_ip_address         = (known after apply)
         + replication_acl            = (known after apply)
         + resource_group_id          = (known after apply)
         + role_arn                   = (known after apply)
         + security_group_id          = (known after apply)
         + security_group_ids         = (known after apply)
         + security_ip_mode           = "normal"
         + security_ips               = (known after apply)
         + server_cert                = (known after apply)
         + server_key                 = (known after apply)
         + sql_collector_config_value = 30
         + sql_collector_status       = (known after apply)
         + ssl_action                 = (known after apply)
         + ssl_connection_string      = (known after apply)
         + ssl_status                 = (known after apply)
         + status                     = (known after apply)
         + target_minor_version       = (known after apply)
         + tcp_connection_type        = (known after apply)
         + tde_status                 = (known after apply)
         + vpc_id                     = (known after apply)
         + vswitch_id                 = (known after apply)
         + zone_id                    = (known after apply)
         + zone_id_slave_a            = (known after apply)
         + zone_id_slave_b            = (known after apply)
   
         + babelfish_config (known after apply)
   
         + parameters (known after apply)
   
         + pg_hba_conf (known after apply)
       }
   
     # alicloud_vpc.main will be created
     + resource "alicloud_vpc" "main" {
         + cidr_block            = "172.16.0.0/16"
         + create_time           = (known after apply)
         + id                    = (known after apply)
         + ipv6_cidr_block       = (known after apply)
         + ipv6_cidr_blocks      = (known after apply)
         + name                  = (known after apply)
         + resource_group_id     = (known after apply)
         + route_table_id        = (known after apply)
         + router_id             = (known after apply)
         + router_table_id       = (known after apply)
         + secondary_cidr_blocks = (known after apply)
         + status                = (known after apply)
         + user_cidrs            = (known after apply)
         + vpc_name              = "alicloud"
       }
   
     # alicloud_vswitch.main will be created
     + resource "alicloud_vswitch" "main" {
         + availability_zone    = (known after apply)
         + cidr_block           = "172.16.192.0/20"
         + create_time          = (known after apply)
         + id                   = (known after apply)
         + ipv6_cidr_block      = (known after apply)
         + ipv6_cidr_block_mask = (known after apply)
         + name                 = (known after apply)
         + status               = (known after apply)
         + vpc_id               = (known after apply)
         + vswitch_name         = (known after apply)
         + zone_id              = "cn-hangzhou-j"
       }
   
   Plan: 3 to add, 0 to change, 0 to destroy.
   
   Do you want to perform these actions?
     Terraform will perform the actions described above.
     Only 'yes' will be accepted to approve.
   
     Enter a value: 

   出現類似如下日志時，表示創建成功。

   配置日志

   alicloud_vpc.main: Creating...
   alicloud_vpc.main: Creation complete after 9s [id=vpc-bp1apzkp9l5gkuq0****]
   alicloud_vswitch.main: Creating...
   alicloud_vswitch.main: Creation complete after 4s [id=vsw-bp1lmhzc42h5cc0t8****]
   alicloud_db_instance.instance: Creating...
   alicloud_db_instance.instance: Still creating... [10s elapsed]
   alicloud_db_instance.instance: Still creating... [20s elapsed]
   ...
   alicloud_db_instance.instance: Still creating... [6m1s elapsed]
   alicloud_db_instance.instance: Still creating... [6m11s elapsed]
   alicloud_db_instance.instance: Creation complete after 6m20s [id=pgm-bp10ckaa2340****]
   
   Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

5. 查看結果。

   訪問RDS實例列表，查看已創建的RDS實例。