Bienvenue dans le troisième chapitre de la série consacrée à l'infrastructure cloud Oracle et terraform, si vous avez manqué les chapitres précédents ici vous pouvez trouver les liens :
- Configurer le fournisseur Terraform Oracle Cloud.
- Déployer une instance de calcul Oracle Cloud à l'aide de terraform
Après avoir lancé avec succès notre première instance, nous sommes maintenant prêts pour un exemple plus compliqué.
Configuration de l'environnement
Dans notre dépôt, changez de répertoire et allez dans le répertoire instance-pool :
cd oracle-cloud-terraform-examples/instance-pool/
Modifiez le fichier vars.tf de la même manière que vous avez modifié le fichier vars.tf dans l'exemple d'instance simple (pour configurer le fichier vars.tf à partir de zéro, suivez la section Configuration des variables)
Variables supplémentaires
Nous avons quelques variables supplémentaires dans cet exemple :
| Variable | Par défaut | Description |
|---|---|---|
fault_domains | "FAULT-DOMAIN-1", "FAULT-DOMAIN-2", "FAULT-DOMAIN-3" | Cette variable est une liste de domaines de pannes où notre pool d'instances déploiera nos instances |
instance_pool_size | 2 | Nombre d'instances à lancer dans le pool d'instances |
Présentation des infrastructures
L'infrastructure est la même que dans l'exemple d'instance simple mais nous avons également :
- un équilibreur de charge réseau, qui acheminera le trafic d'Internet vers nos instances de pool d'instances
- une configuration d'instance utilisée par le pool d'instances
- un pool d'instances
- deux instances de calcul Oracle lancées par le pool d'instances
L'équilibreur de charge réseau est réalisé par :
- un écouteur (port 80)
- un ensemble soutenu
- une sauvegarde pour chacune des instances du pool d'instances
Remarques
Quelques remarques importantes :
- Par défaut, le pare-feu sur les instances de calcul est désactivé. Lors de certains tests, le pare-feu a créé des problèmes
- Nginx sera installé par défaut (nginx est utilisé pour tester les règles de la liste de sécurité et pour tester la configuration de l'équilibreur de charge réseau)
- Le système d'exploitation utilisé est Ubuntu 20.04
Déployer
Créez maintenant le fichier terraform.tfvars (section de configuration de Terraform) et initialisez terraform :
terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/oci...
- Installing hashicorp/oci v4.50.0...
- Installed hashicorp/oci v4.50.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
nous sommes maintenant prêts à déployer notre infrastructure :
terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# oci_core_default_route_table.default_oci_core_default_route_table will be created
+ resource "oci_core_default_route_table" "default_oci_core_default_route_table" {
+ compartment_id = (known after apply)
+ defined_tags = (known after apply)
+ display_name = (known after apply)
+ freeform_tags = (known after apply)
+ id = (known after apply)
+ manage_default_resource_id = (known after apply)
+ state = (known after apply)
+ time_created = (known after apply)
+ route_rules {
+ cidr_block = (known after apply)
+ description = (known after apply)
+ destination = "0.0.0.0/0"
+ destination_type = "CIDR_BLOCK"
+ network_entity_id = (known after apply)
}
}
<TRUNCATED OUTPUT>
Plan: 14 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ instances_ips = [
+ (known after apply),
+ (known after apply),
]
+ lb_ip = (known after apply)
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
si nous n'avons pas d'erreur, lancez:
terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# data.oci_core_instance.ubuntu_instance_pool_instances_ips[0] will be read during apply
# (config refers to values not yet known)
<= data "oci_core_instance" "ubuntu_instance_pool_instances_ips" {
+ agent_config = (known after apply)
+ async = (known after apply)
+ availability_config = (known after apply)
+ availability_domain = (known after apply)
+ boot_volume_id = (known after apply)
+ capacity_reservation_id = (known after apply)
+ compartment_id = (known after apply)
+ create_vnic_details = (known after apply)
+ dedicated_vm_host_id = (known after apply)
+ defined_tags = (known after apply)
+ display_name = (known after apply)
+ extended_metadata = (known after apply)
+ fault_domain = (known after apply)
+ freeform_tags = (known after apply)
+ hostname_label = (known after apply)
+ id = (known after apply)
+ image = (known after apply)
+ instance_id = (known after apply)
+ instance_options = (known after apply)
+ ipxe_script = (known after apply)
+ is_pv_encryption_in_transit_enabled = (known after apply)
+ launch_mode = (known after apply)
+ launch_options = (known after apply)
+ metadata = (known after apply)
+ platform_config = (known after apply)
+ preemptible_instance_config = (known after apply)
+ preserve_boot_volume = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ region = (known after apply)
+ shape = (known after apply)
+ shape_config = (known after apply)
+ source_details = (known after apply)
+ state = (known after apply)
+ subnet_id = (known after apply)
+ system_tags = (known after apply)
+ time_created = (known after apply)
+ time_maintenance_reboot_due = (known after apply)
}
<TRUNCATED OUTPUT>
oci_network_load_balancer_listener.test_listener: Creation complete after 25s [id=networkLoadBalancers/ocid1.networkloadbalancer.oc1.eu-zurich-1.amaaaaaa5kjm7pyarkfapfnqqxrwaowlnmj5mnd3etmig5nfcwd3m5yb7uha/listeners/LB%20test%20listener]
oci_network_load_balancer_backend.test_backend[1]: Still creating... [31s elapsed]
oci_network_load_balancer_backend.test_backend[0]: Still creating... [31s elapsed]
oci_network_load_balancer_backend.test_backend[0]: Still creating... [41s elapsed]
oci_network_load_balancer_backend.test_backend[1]: Still creating... [41s elapsed]
oci_network_load_balancer_backend.test_backend[0]: Creation complete after 42s [id=networkLoadBalancers/ocid1.networkloadbalancer.oc1.eu-zurich-1.amaaaaaa5kjm7pyarkfapfnqqxrwaowlnmj5mnd3etmig5nfcwd3m5yb7uha/backendSets/Backend%20set%20test/backends/ocid1.instance.oc1.eu-zurich-1.an5heljr5kjm7pycu5exolhnubsq5isqo6nveddlmlsblkz7geb6vbwsvbtq.80]
oci_network_load_balancer_backend.test_backend[1]: Still creating... [51s elapsed]
oci_network_load_balancer_backend.test_backend[1]: Still creating... [1m1s elapsed]
oci_network_load_balancer_backend.test_backend[1]: Still creating... [1m11s elapsed]
oci_network_load_balancer_backend.test_backend[1]: Creation complete after 1m14s [id=networkLoadBalancers/ocid1.networkloadbalancer.oc1.eu-zurich-1.amaaaaaa5kjm7pyarkfapfnqqxrwaowlnmj5mnd3etmig5nfcwd3m5yb7uha/backendSets/Backend%20set%20test/backends/ocid1.instance.oc1.eu-zurich-1.an5heljr5kjm7pycft5ixge6ssknpyb5s6q3eihuccogpqrvv2ntqdlww72a.80]
Apply complete! Resources: 14 added, 0 changed, 0 destroyed.
Outputs:
instances_ips = [
"132.x.x.x",
"152.x.x.x",
]
lb_ip = tolist([
{
"ip_address" = "140.x.x.x"
"is_public" = true
"reserved_ip" = tolist([])
},
])
Nous pouvons maintenant utiliser ssh dans l'une des instances déployées :
ssh [email protected]
...
35 updates can be applied immediately.
25 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@inst-ikudx-ubuntu-instance-pool:~$
Après quelques minutes (au moins un backend doit être dans l'état HEALTH), l'équilibreur de charge réseau répondra également à nos requêtes :
curl -v 140.x.x.x
* Trying 140.x.x.x:80...
* TCP_NODELAY set
* Connected to 140.x.x.x (140.x.x.x) port 80 (#0)
> GET / HTTP/1.1
> Host: 140.x.x.x
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.18.0 (Ubuntu)
< Date: Wed, 27 Oct 2021 15:39:51 GMT
< Content-Type: text/html
< Content-Length: 672
< Last-Modified: Wed, 27 Oct 2021 15:33:26 GMT
< Connection: keep-alive
< ETag: "61797146-2a0"
< Accept-Ranges: bytes
...
...
...
Nettoyage
Pour nettoyer/détruire notre infrastructure :
terraform destroy
