一,引言
上一節關於 Terraform 的文章講到 Terraform 使用到的一些語法,以及通過演示使用 Terraform 在Azure 上部署資源組,極大的方便了基礎設施實施人員,也提高了基礎設施團隊的工作效率,同時可以利用 IAC 工具來管理雲基礎設施資源。
這個時候就有人問到,既然 Terraform 這么強大,那可不可以自動化部署其他Azure 資源,比方我們公司的項目就部署在Azure Web 應用上,用戶訪問的流量通過 Traffic Manager(流量配置分發管理器) 將流量分發到后端的 Web 應用程序,基礎設施架構圖如下圖所示:
那我們今天就已當前基礎設施架構圖為模板,通過Terraform 實現基礎設施資源的自動化部署
--------------------Azure Terraform 系列--------------------
1,Azure Terraform(一)入門簡介
2,Azure Terraform(二)語法詳解
3,Azure Terraform(三)部署 Web 應用程序
4,Azure Terraform(四)狀態文件存儲
5,Azure Terraform(五)利用Azure DevOps 實現自動化部署基礎資源
6,Azure Terraform(六)Common Module
7,Azure Terraform(七)利用Azure DevOps 實現自動化部署基礎資源(補充)
8,Azure Terraform(八)利用Azure DevOps 實現Infra資源和.NET CORE Web 應用程序的持續集成、持續部署
二,正文
1,Terraform 下的資源架構
1.1 Data Source
這個我們引入一個新的概念,Terraform Data Source
provider "azurerm" { version = "~>2.0" features {} } data "azurerm_resource_group" "cnbate_resource_group" { name = "Web_Test_TF_RG" }
使用 data 標記的資源訪問有關現有資源組的信息,意思就是在Azure 上我們已有一個名為 “Web_Test_TF_RG”,我們直接引用現有的資源組,在此資源組下創建其他雲資源。
1.2 Web 應用程序
注意:根據架構圖所示,兩個 Web 應用程序
resource "azurerm_app_service_plan" "cnbate_app_service_plan01" { name = "cnbate_appserviceplan01" location = local.location_eastAsia resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name sku { tier = "Standard" size = "S1" } } resource "azurerm_app_service_plan" "cnbate_app_service_plan02" { name = "cnbate_appserviceplan02" location = local.location_southeastAsia resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name sku { tier = "Standard" size = "S1" } } resource "azurerm_app_service" "cnbate_app_service01" { name = "CnBateBlogWeb01" location = local.location_eastAsia resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name app_service_plan_id = azurerm_app_service_plan.cnbate_app_service_plan01.id app_settings = { "ASPNETCORE_ENVIRONMENT" = "Production" } } resource "azurerm_app_service" "cnbate_app_service02" { name = "CnBateBlogWeb02" location = local.location_southeastAsia resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name app_service_plan_id = azurerm_app_service_plan.cnbate_app_service_plan02.id app_settings = { "ASPNETCORE_ENVIRONMENT" = "Production" } }
1.3,Traffic Manager Profile(流量管理器配置)
resource "azurerm_traffic_manager_profile" "cnbate_traffic_manager_profile" { name = "cnbateblogweb" resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name traffic_routing_method = "Geographic" dns_config { relative_name = "cnbateblogweb" ttl = 60 } monitor_config { protocol = "http" port = 80 path = "/" interval_in_seconds = 30 timeout_in_seconds = 10 tolerated_number_of_failures = 3 } tags = { Environment = "Production" } }
1.4 Traffic Manager Endpoint(流量管理器終結點)
resource "azurerm_traffic_manager_endpoint" "cnbate_traffic_manager_endpoint01" { name = "cnbateblogweb_webapp01_performance" resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name profile_name = azurerm_traffic_manager_profile.cnbate_traffic_manager_profile.name target_resource_id = azurerm_app_service.cnbate_app_service01.id type = "azureEndpoints" geo_mappings = ["CN"] } resource "azurerm_traffic_manager_endpoint" "cnbate_traffic_manager_endpoint02" { name = "cnbateblogweb_webapp02_performance" resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name profile_name = azurerm_traffic_manager_profile.cnbate_traffic_manager_profile.name target_resource_id = azurerm_app_service.cnbate_app_service02.id type = "azureEndpoints" geo_mappings = ["SG"] }
完整請查看文章底部 github 鏈接
2,執行 Terraform 部署計划並且驗證部署結果
2.1,使用以下 terraform apply 命令進行部署
1 PS D:\Core\Terraform\Azure\terraform_cnbate_traffic manager> terraform apply 2 data.azurerm_resource_group.cnbate_resource_group: Refreshing state... 3 4 An execution plan has been generated and is shown below. 5 Resource actions are indicated with the following symbols: 6 + create 7 8 Terraform will perform the following actions: 9 10 # azurerm_app_service.cnbate_app_service01 will be created 11 + resource "azurerm_app_service" "cnbate_app_service01" { 12 + app_service_plan_id = (known after apply) 13 + app_settings = { 14 + "ASPNETCORE_ENVIRONMENT" = "Production" 15 } 16 + client_affinity_enabled = false 17 + client_cert_enabled = false 18 + custom_domain_verification_id = (known after apply) 19 + default_site_hostname = (known after apply) 20 + enabled = true 21 + https_only = false 22 + id = (known after apply) 23 + location = "eastasia" 24 + name = "CnBateBlogWeb01" 25 + outbound_ip_address_list = (known after apply) 26 + outbound_ip_addresses = (known after apply) 27 + possible_outbound_ip_address_list = (known after apply) 28 + possible_outbound_ip_addresses = (known after apply) 29 + resource_group_name = "Web_Test_TF_RG" 30 + site_credential = (known after apply) 31 32 + auth_settings { 33 + additional_login_params = (known after apply) 34 + allowed_external_redirect_urls = (known after apply) 35 + default_provider = (known after apply) 36 + enabled = (known after apply) 37 + issuer = (known after apply) 38 + runtime_version = (known after apply) 39 + token_refresh_extension_hours = (known after apply) 40 + token_store_enabled = (known after apply) 41 + unauthenticated_client_action = (known after apply) 42 43 + active_directory { 44 + allowed_audiences = (known after apply) 45 + client_id = (known after apply) 46 + client_secret = (sensitive value) 47 } 48 49 + facebook { 50 + app_id = (known after apply) 51 + app_secret = (sensitive value) 52 + oauth_scopes = (known after apply) 53 } 54 55 + google { 56 + client_id = (known after apply) 57 + client_secret = (sensitive value) 58 + oauth_scopes = (known after apply) 59 } 60 61 + microsoft { 62 + client_id = (known after apply) 63 + client_secret = (sensitive value) 64 + oauth_scopes = (known after apply) 65 } 66 67 + twitter { 68 + consumer_key = (known after apply) 69 + consumer_secret = (sensitive value) 70 } 71 } 72 73 + connection_string { 74 + name = (known after apply) 75 + type = (known after apply) 76 + value = (sensitive value) 77 } 78 79 + identity { 80 + identity_ids = (known after apply) 81 + principal_id = (known after apply) 82 + tenant_id = (known after apply) 83 + type = (known after apply) 84 } 85 86 + logs { 87 + detailed_error_messages_enabled = (known after apply) 88 + failed_request_tracing_enabled = (known after apply) 89 90 + application_logs { 91 + file_system_level = (known after apply) 92 93 + azure_blob_storage { 94 + level = (known after apply) 95 + retention_in_days = (known after apply) 96 + sas_url = (sensitive value) 97 } 98 } 99 100 + http_logs { 101 + azure_blob_storage { 102 + retention_in_days = (known after apply) 103 + sas_url = (sensitive value) 104 } 105 106 + file_system { 107 + retention_in_days = (known after apply) 108 + retention_in_mb = (known after apply) 109 } 110 } 111 } 112 113 + site_config { 114 + always_on = (known after apply) 115 + app_command_line = (known after apply) 116 + auto_swap_slot_name = (known after apply) 117 + default_documents = (known after apply) 118 + dotnet_framework_version = (known after apply) 119 + ftps_state = (known after apply) 120 + health_check_path = (known after apply) 121 + http2_enabled = (known after apply) 122 + ip_restriction = (known after apply) 123 + java_container = (known after apply) 124 + java_container_version = (known after apply) 125 + java_version = (known after apply) 126 + linux_fx_version = (known after apply) 127 + local_mysql_enabled = (known after apply) 128 + managed_pipeline_mode = (known after apply) 129 + min_tls_version = (known after apply) 130 + php_version = (known after apply) 131 + python_version = (known after apply) 132 + remote_debugging_enabled = (known after apply) 133 + remote_debugging_version = (known after apply) 134 + scm_ip_restriction = (known after apply) 135 + scm_type = (known after apply) 136 + scm_use_main_ip_restriction = (known after apply) 137 + use_32_bit_worker_process = (known after apply) 138 + websockets_enabled = (known after apply) 139 + windows_fx_version = (known after apply) 140 141 + cors { 142 + allowed_origins = (known after apply) 143 + support_credentials = (known after apply) 144 } 145 } 146 147 + source_control { 148 + branch = (known after apply) 149 + manual_integration = (known after apply) 150 + repo_url = (known after apply) 151 + rollback_enabled = (known after apply) 152 + use_mercurial = (known after apply) 153 } 154 155 + storage_account { 156 + access_key = (sensitive value) 157 + account_name = (known after apply) 158 + mount_path = (known after apply) 159 + name = (known after apply) 160 + share_name = (known after apply) 161 + type = (known after apply) 162 } 163 } 164 165 # azurerm_app_service.cnbate_app_service02 will be created 166 + resource "azurerm_app_service" "cnbate_app_service02" { 167 + app_service_plan_id = (known after apply) 168 + app_settings = { 169 + "ASPNETCORE_ENVIRONMENT" = "Production" 170 } 171 + client_affinity_enabled = false 172 + client_cert_enabled = false 173 + custom_domain_verification_id = (known after apply) 174 + default_site_hostname = (known after apply) 175 + enabled = true 176 + https_only = false 177 + id = (known after apply) 178 + location = "southeastasia" 179 + name = "CnBateBlogWeb02" 180 + outbound_ip_address_list = (known after apply) 181 + outbound_ip_addresses = (known after apply) 182 + possible_outbound_ip_address_list = (known after apply) 183 + possible_outbound_ip_addresses = (known after apply) 184 + resource_group_name = "Web_Test_TF_RG" 185 + site_credential = (known after apply) 186 187 + auth_settings { 188 + additional_login_params = (known after apply) 189 + allowed_external_redirect_urls = (known after apply) 190 + default_provider = (known after apply) 191 + enabled = (known after apply) 192 + issuer = (known after apply) 193 + runtime_version = (known after apply) 194 + token_refresh_extension_hours = (known after apply) 195 + token_store_enabled = (known after apply) 196 + unauthenticated_client_action = (known after apply) 197 198 + active_directory { 199 + allowed_audiences = (known after apply) 200 + client_id = (known after apply) 201 + client_secret = (sensitive value) 202 } 203 204 + facebook { 205 + app_id = (known after apply) 206 + app_secret = (sensitive value) 207 + oauth_scopes = (known after apply) 208 } 209 210 + google { 211 + client_id = (known after apply) 212 + client_secret = (sensitive value) 213 + oauth_scopes = (known after apply) 214 } 215 216 + microsoft { 217 + client_id = (known after apply) 218 + client_secret = (sensitive value) 219 + oauth_scopes = (known after apply) 220 } 221 222 + twitter { 223 + consumer_key = (known after apply) 224 + consumer_secret = (sensitive value) 225 } 226 } 227 228 + connection_string { 229 + name = (known after apply) 230 + type = (known after apply) 231 + value = (sensitive value) 232 } 233 234 + identity { 235 + identity_ids = (known after apply) 236 + principal_id = (known after apply) 237 + tenant_id = (known after apply) 238 + type = (known after apply) 239 } 240 241 + logs { 242 + detailed_error_messages_enabled = (known after apply) 243 + failed_request_tracing_enabled = (known after apply) 244 245 + application_logs { 246 + file_system_level = (known after apply) 247 248 + azure_blob_storage { 249 + level = (known after apply) 250 + retention_in_days = (known after apply) 251 + sas_url = (sensitive value) 252 } 253 } 254 255 + http_logs { 256 + azure_blob_storage { 257 + retention_in_days = (known after apply) 258 + sas_url = (sensitive value) 259 } 260 261 + file_system { 262 + retention_in_days = (known after apply) 263 + retention_in_mb = (known after apply) 264 } 265 } 266 } 267 268 + site_config { 269 + always_on = (known after apply) 270 + app_command_line = (known after apply) 271 + auto_swap_slot_name = (known after apply) 272 + default_documents = (known after apply) 273 + dotnet_framework_version = (known after apply) 274 + ftps_state = (known after apply) 275 + health_check_path = (known after apply) 276 + http2_enabled = (known after apply) 277 + ip_restriction = (known after apply) 278 + java_container = (known after apply) 279 + java_container_version = (known after apply) 280 + java_version = (known after apply) 281 + linux_fx_version = (known after apply) 282 + local_mysql_enabled = (known after apply) 283 + managed_pipeline_mode = (known after apply) 284 + min_tls_version = (known after apply) 285 + php_version = (known after apply) 286 + python_version = (known after apply) 287 + remote_debugging_enabled = (known after apply) 288 + remote_debugging_version = (known after apply) 289 + scm_ip_restriction = (known after apply) 290 + scm_type = (known after apply) 291 + scm_use_main_ip_restriction = (known after apply) 292 + use_32_bit_worker_process = (known after apply) 293 + websockets_enabled = (known after apply) 294 + windows_fx_version = (known after apply) 295 296 + cors { 297 + allowed_origins = (known after apply) 298 + support_credentials = (known after apply) 299 } 300 } 301 302 + source_control { 303 + branch = (known after apply) 304 + manual_integration = (known after apply) 305 + repo_url = (known after apply) 306 + rollback_enabled = (known after apply) 307 + use_mercurial = (known after apply) 308 } 309 310 + storage_account { 311 + access_key = (sensitive value) 312 + account_name = (known after apply) 313 + mount_path = (known after apply) 314 + name = (known after apply) 315 + share_name = (known after apply) 316 + type = (known after apply) 317 } 318 } 319 320 # azurerm_app_service_plan.cnbate_app_service_plan01 will be created 321 + resource "azurerm_app_service_plan" "cnbate_app_service_plan01" { 322 + id = (known after apply) 323 + kind = "Windows" 324 + location = "eastasia" 325 + maximum_elastic_worker_count = (known after apply) 326 + maximum_number_of_workers = (known after apply) 327 + name = "cnbate_appserviceplan01" 328 + resource_group_name = "Web_Test_TF_RG" 329 330 + sku { 331 + capacity = (known after apply) 332 + size = "S1" 333 + tier = "Standard" 334 } 335 } 336 337 # azurerm_app_service_plan.cnbate_app_service_plan02 will be created 338 + resource "azurerm_app_service_plan" "cnbate_app_service_plan02" { 339 + id = (known after apply) 340 + kind = "Windows" 341 + location = "southeastasia" 342 + maximum_elastic_worker_count = (known after apply) 343 + maximum_number_of_workers = (known after apply) 344 + name = "cnbate_appserviceplan02" 345 + resource_group_name = "Web_Test_TF_RG" 346 347 + sku { 348 + capacity = (known after apply) 349 + size = "S1" 350 + tier = "Standard" 351 } 352 } 353 354 # azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint01 will be created 355 + resource "azurerm_traffic_manager_endpoint" "cnbate_traffic_manager_endpoint01" { 356 + endpoint_location = (known after apply) 357 + endpoint_monitor_status = (known after apply) 358 + endpoint_status = (known after apply) 359 + geo_mappings = [ 360 + "CN", 361 ] 362 + id = (known after apply) 363 + name = "cnbateblogweb_webapp01_performance" 364 + priority = (known after apply) 365 + profile_name = "cnbateblogweb" 366 + resource_group_name = "Web_Test_TF_RG" 367 + target = (known after apply) 368 + target_resource_id = (known after apply) 369 + type = "azureEndpoints" 370 + weight = (known after apply) 371 } 372 373 # azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint02 will be created 374 + resource "azurerm_traffic_manager_endpoint" "cnbate_traffic_manager_endpoint02" { 375 + endpoint_location = (known after apply) 376 + endpoint_monitor_status = (known after apply) 377 + endpoint_status = (known after apply) 378 + geo_mappings = [ 379 + "SG", 380 ] 381 + id = (known after apply) 382 + name = "cnbateblogweb_webapp02_performance" 383 + priority = (known after apply) 384 + profile_name = "cnbateblogweb" 385 + resource_group_name = "Web_Test_TF_RG" 386 + target = (known after apply) 387 + target_resource_id = (known after apply) 388 + type = "azureEndpoints" 389 + weight = (known after apply) 390 } 391 392 # azurerm_traffic_manager_profile.cnbate_traffic_manager_profile will be created 393 + resource "azurerm_traffic_manager_profile" "cnbate_traffic_manager_profile" { 394 + fqdn = (known after apply) 395 + id = (known after apply) 396 + name = "cnbateblogweb" 397 + profile_status = (known after apply) 398 + resource_group_name = "Web_Test_TF_RG" 399 + tags = { 400 + "Environment" = "Production" 401 } 402 + traffic_routing_method = "Geographic" 403 404 + dns_config { 405 + relative_name = "cnbateblogweb" 406 + ttl = 60 407 } 408 409 + monitor_config { 410 + interval_in_seconds = 30 411 + path = "/" 412 + port = 80 413 + protocol = "http" 414 + timeout_in_seconds = 10 415 + tolerated_number_of_failures = 3 416 } 417 } 418 419 Plan: 7 to add, 0 to change, 0 to destroy. 420 421 Do you want to perform these actions? 422 Terraform will perform the actions described above. 423 Only 'yes' will be accepted to approve. 424 425 Enter a value: yes 426 427 azurerm_app_service_plan.cnbate_app_service_plan02: Creating... 428 azurerm_app_service_plan.cnbate_app_service_plan01: Creating... 429 azurerm_traffic_manager_profile.cnbate_traffic_manager_profile: Creating... 430 azurerm_traffic_manager_profile.cnbate_traffic_manager_profile: Creation complete after 5s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Network/trafficManagerProfiles/cnbateblogweb] 431 azurerm_app_service_plan.cnbate_app_service_plan01: Creation complete after 7s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Web/serverfarms/cnbate_appserviceplan01] 432 azurerm_app_service.cnbate_app_service01: Creating... 433 azurerm_app_service_plan.cnbate_app_service_plan02: Creation complete after 8s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Web/serverfarms/cnbate_appserviceplan02] 434 azurerm_app_service.cnbate_app_service02: Creating... 435 azurerm_app_service.cnbate_app_service01: Still creating... [10s elapsed] 436 azurerm_app_service.cnbate_app_service02: Still creating... [10s elapsed] 437 azurerm_app_service.cnbate_app_service01: Still creating... [20s elapsed] 438 azurerm_app_service.cnbate_app_service02: Still creating... [20s elapsed] 439 azurerm_app_service.cnbate_app_service01: Still creating... [30s elapsed] 440 azurerm_app_service.cnbate_app_service02: Still creating... [30s elapsed] 441 azurerm_app_service.cnbate_app_service01: Creation complete after 33s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Web/sites/CnBateBlogWeb01] 442 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint01: Creating... 443 azurerm_app_service.cnbate_app_service02: Creation complete after 33s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Web/sites/CnBateBlogWeb02] 444 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint02: Creating... 445 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint01: Still creating... [10s elapsed] 446 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint01: Creation complete after 10s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Network/trafficManagerProfiles/cnbateblogweb/azureEndpoints/cnbateblogweb_webapp01_performance] 447 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint02: Still creating... [10s elapsed] 448 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint02: Still creating... [20s elapsed] 449 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint02: Creation complete after 21s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Network/trafficManagerProfiles/cnbateblogweb/azureEndpoints/cnbateblogweb_webapp02_performance] 450 451 Apply complete! Resources: 7 added, 0 changed, 0 destroyed. 452 PS D:\Core\Terraform\Azure\terraform_cnbate_traffic manager>
登錄 Azure Portal 中,查看剛剛部署完成的資源
Traffic Manager profile (流量管理配置) 終結點配置
來自 “亞洲=》中國” 的流量轉發到 “CnBateBlogWeb01”
來自 ”亞洲=》新加坡“ 的流量轉發到 “CnBateBlogWeb02”
3,部署 Web 應用程序
發布 CnBateBlogWeb01
選擇 Web_Test_TF_RG 資源組下的 ”CnBateBlogWeb01“ Web 應用程序
點擊 ”發布“,進行發布操作
發布成功后,點擊 ”Browse“ 再瀏覽器中訪問。
顯示OK,沒有任何問題,為了兩個Web App 部署做區分,我這里在 ”CnBateBlogWeb01“ 上顯示 ”This is China“
同樣,我們發布項目到 ”CnBateBlogWeb02“,同樣的也為了區分,頁面顯示 ”This is Singapore"
發布項目完成后,就開始測試 Azure Traffic Manager profile(流量管理配置)是否可以將用戶通過 Traffic Manager 來的請求是否能能夠正常的轉發后對於的終結點
測試區域 ”亞洲=》中國“
訪問ok,成功的將來自 ”china“ 的流量轉發到后端 ”CnBateBlogWeb01“
測試區域 ”亞洲=》新加坡“
訪問ok,成功的將來自 ”Singapore“ 的流量轉發到后端 ”CnBateBlogWeb02“
溫馨提示,大家記得 ”terraform destroy“ 刪除所有的資源
三,結尾
今天的內容其實很簡單,回歸了一下 Azure Traffic Manger 的相關知識點,通過設置 ”Geograhpic“ (基於地理位置的路由策略),當用戶訪問 Traffic Manger ,它在不同的地理位置上部署服務器以就近響應用戶的請求。同時利用 Terraform 快速實現雲基礎設置資源的搭建,提高了整個團隊在雲資源構建方面的能力。
參考資料:Terraform 官方,azurerm 文檔
Terraform_Cnbate_Traffic_Manager github:https://github.com/yunqian44/Terraform_Cnbate_Traffic_Manager
CnBateBlogWeb github:https://github.com/yunqian44/CnBateBlogWeb
作者:Allen
版權:轉載請在文章明顯位置注明作者及出處。如發現錯誤,歡迎批評指正。