一,引言
上一節關於 Terraform 的文章講到 Terraform 使用到的一些語法,以及通過演示使用 Terraform 在Azure 上部署資源組,極大的方便了基礎設施實施人員,也提高了基礎設施團隊的工作效率,同時可以利用 IAC 工具來管理雲基礎設施資源。
這個時候就有人問到,既然 Terraform 這麼強大,那可不可以自動化部署其他Azure 資源,比方我們公司的專案就部署在Azure Web 應用上,使用者訪問的流量通過 Traffic Manager(流量配置分發管理器) 將流量分發到後端的 Web 應用程式,基礎設施架構圖如下圖所示:
那我們今天就已當前基礎設施架構圖為模板,通過Terraform 實現基礎設施資源的自動化部署
--------------------Azure Terraform 系列--------------------
1,Azure Terraform(一)入門簡介
2,Azure Terraform(二)語法詳解
3,Azure Terraform(三)部署 Web 應用程式
二,正文
1,Terraform 下的資源架構
1.1 Data Source
這個我們引入一個新的概念,Terrform Data Source
provider "azurerm" { version = "~>2.0" features {} } data "azurerm_resource_group" "cnbate_resource_group" { name = "Web_Test_TF_RG" }
使用 data 標記的資源訪問有關現有資源組的資訊,意思就是在Azure 上我們已有一個名為 “Web_Test_TF_RG”,我們直接引用現有的資源組,在此資源組下建立其他雲資源。
1.2 Web 應用程式
注意:根據架構圖所示,兩個 Web 應用程式
resource "azurerm_app_service_plan" "cnbate_app_service_plan01" { name = "cnbate_appserviceplan01" location = local.location_eastAsia resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name sku { tier = "Standard" size = "S1" } } resource "azurerm_app_service_plan" "cnbate_app_service_plan02" { name = "cnbate_appserviceplan02" location = local.location_southeastAsia resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name sku { tier = "Standard" size = "S1" } } resource "azurerm_app_service" "cnbate_app_service01" { name = "CnBateBlogWeb01" location = local.location_eastAsia resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name app_service_plan_id = azurerm_app_service_plan.cnbate_app_service_plan01.id app_settings = { "ASPNETCORE_ENVIRONMENT" = "Production" } } resource "azurerm_app_service" "cnbate_app_service02" { name = "CnBateBlogWeb02" location = local.location_southeastAsia resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name app_service_plan_id = azurerm_app_service_plan.cnbate_app_service_plan02.id app_settings = { "ASPNETCORE_ENVIRONMENT" = "Production" } }
1.3,Traffic Manager Profile(流量管理器配置)
resource "azurerm_traffic_manager_profile" "cnbate_traffic_manager_profile" { name = "cnbateblogweb" resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name traffic_routing_method = "Geographic" dns_config { relative_name = "cnbateblogweb" ttl = 60 } monitor_config { protocol = "http" port = 80 path = "/" interval_in_seconds = 30 timeout_in_seconds = 10 tolerated_number_of_failures = 3 } tags = { Environment = "Production" } }
1.4 Traffic Manager Endpoint(流量管理器終結點)
resource "azurerm_traffic_manager_endpoint" "cnbate_traffic_manager_endpoint01" { name = "cnbateblogweb_webapp01_performance" resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name profile_name = azurerm_traffic_manager_profile.cnbate_traffic_manager_profile.name target_resource_id = azurerm_app_service.cnbate_app_service01.id type = "azureEndpoints" geo_mappings = ["CN"] } resource "azurerm_traffic_manager_endpoint" "cnbate_traffic_manager_endpoint02" { name = "cnbateblogweb_webapp02_performance" resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name profile_name = azurerm_traffic_manager_profile.cnbate_traffic_manager_profile.name target_resource_id = azurerm_app_service.cnbate_app_service02.id type = "azureEndpoints" geo_mappings = ["SG"] }
完整請檢視文章底部 github 連結
2,執行 Terraform 部署計劃並且驗證部署結果
2.1,使用以下 terraform apply 命令進行部署
1 PS D:\Core\Terraform\Azure\terraform_cnbate_traffic manager> terraform apply 2 data.azurerm_resource_group.cnbate_resource_group: Refreshing state... 3 4 An execution plan has been generated and is shown below. 5 Resource actions are indicated with the following symbols: 6 + create 7 8 Terraform will perform the following actions: 9 10 # azurerm_app_service.cnbate_app_service01 will be created 11 + resource "azurerm_app_service" "cnbate_app_service01" { 12 + app_service_plan_id = (known after apply) 13 + app_settings = { 14 + "ASPNETCORE_ENVIRONMENT" = "Production" 15 } 16 + client_affinity_enabled = false 17 + client_cert_enabled = false 18 + custom_domain_verification_id = (known after apply) 19 + default_site_hostname = (known after apply) 20 + enabled = true 21 + https_only = false 22 + id = (known after apply) 23 + location = "eastasia" 24 + name = "CnBateBlogWeb01" 25 + outbound_ip_address_list = (known after apply) 26 + outbound_ip_addresses = (known after apply) 27 + possible_outbound_ip_address_list = (known after apply) 28 + possible_outbound_ip_addresses = (known after apply) 29 + resource_group_name = "Web_Test_TF_RG" 30 + site_credential = (known after apply) 31 32 + auth_settings { 33 + additional_login_params = (known after apply) 34 + allowed_external_redirect_urls = (known after apply) 35 + default_provider = (known after apply) 36 + enabled = (known after apply) 37 + issuer = (known after apply) 38 + runtime_version = (known after apply) 39 + token_refresh_extension_hours = (known after apply) 40 + token_store_enabled = (known after apply) 41 + unauthenticated_client_action = (known after apply) 42 43 + active_directory { 44 + allowed_audiences = (known after apply) 45 + client_id = (known after apply) 46 + client_secret = (sensitive value) 47 } 48 49 + facebook { 50 + app_id = (known after apply) 51 + app_secret = (sensitive value) 52 + oauth_scopes = (known after apply) 53 } 54 55 + google { 56 + client_id = (known after apply) 57 + client_secret = (sensitive value) 58 + oauth_scopes = (known after apply) 59 } 60 61 + microsoft { 62 + client_id = (known after apply) 63 + client_secret = (sensitive value) 64 + oauth_scopes = (known after apply) 65 } 66 67 + twitter { 68 + consumer_key = (known after apply) 69 + consumer_secret = (sensitive value) 70 } 71 } 72 73 + connection_string { 74 + name = (known after apply) 75 + type = (known after apply) 76 + value = (sensitive value) 77 } 78 79 + identity { 80 + identity_ids = (known after apply) 81 + principal_id = (known after apply) 82 + tenant_id = (known after apply) 83 + type = (known after apply) 84 } 85 86 + logs { 87 + detailed_error_messages_enabled = (known after apply) 88 + failed_request_tracing_enabled = (known after apply) 89 90 + application_logs { 91 + file_system_level = (known after apply) 92 93 + azure_blob_storage { 94 + level = (known after apply) 95 + retention_in_days = (known after apply) 96 + sas_url = (sensitive value) 97 } 98 } 99 100 + http_logs { 101 + azure_blob_storage { 102 + retention_in_days = (known after apply) 103 + sas_url = (sensitive value) 104 } 105 106 + file_system { 107 + retention_in_days = (known after apply) 108 + retention_in_mb = (known after apply) 109 } 110 } 111 } 112 113 + site_config { 114 + always_on = (known after apply) 115 + app_command_line = (known after apply) 116 + auto_swap_slot_name = (known after apply) 117 + default_documents = (known after apply) 118 + dotnet_framework_version = (known after apply) 119 + ftps_state = (known after apply) 120 + health_check_path = (known after apply) 121 + http2_enabled = (known after apply) 122 + ip_restriction = (known after apply) 123 + java_container = (known after apply) 124 + java_container_version = (known after apply) 125 + java_version = (known after apply) 126 + linux_fx_version = (known after apply) 127 + local_mysql_enabled = (known after apply) 128 + managed_pipeline_mode = (known after apply) 129 + min_tls_version = (known after apply) 130 + php_version = (known after apply) 131 + python_version = (known after apply) 132 + remote_debugging_enabled = (known after apply) 133 + remote_debugging_version = (known after apply) 134 + scm_ip_restriction = (known after apply) 135 + scm_type = (known after apply) 136 + scm_use_main_ip_restriction = (known after apply) 137 + use_32_bit_worker_process = (known after apply) 138 + websockets_enabled = (known after apply) 139 + windows_fx_version = (known after apply) 140 141 + cors { 142 + allowed_origins = (known after apply) 143 + support_credentials = (known after apply) 144 } 145 } 146 147 + source_control { 148 + branch = (known after apply) 149 + manual_integration = (known after apply) 150 + repo_url = (known after apply) 151 + rollback_enabled = (known after apply) 152 + use_mercurial = (known after apply) 153 } 154 155 + storage_account { 156 + access_key = (sensitive value) 157 + account_name = (known after apply) 158 + mount_path = (known after apply) 159 + name = (known after apply) 160 + share_name = (known after apply) 161 + type = (known after apply) 162 } 163 } 164 165 # azurerm_app_service.cnbate_app_service02 will be created 166 + resource "azurerm_app_service" "cnbate_app_service02" { 167 + app_service_plan_id = (known after apply) 168 + app_settings = { 169 + "ASPNETCORE_ENVIRONMENT" = "Production" 170 } 171 + client_affinity_enabled = false 172 + client_cert_enabled = false 173 + custom_domain_verification_id = (known after apply) 174 + default_site_hostname = (known after apply) 175 + enabled = true 176 + https_only = false 177 + id = (known after apply) 178 + location = "southeastasia" 179 + name = "CnBateBlogWeb02" 180 + outbound_ip_address_list = (known after apply) 181 + outbound_ip_addresses = (known after apply) 182 + possible_outbound_ip_address_list = (known after apply) 183 + possible_outbound_ip_addresses = (known after apply) 184 + resource_group_name = "Web_Test_TF_RG" 185 + site_credential = (known after apply) 186 187 + auth_settings { 188 + additional_login_params = (known after apply) 189 + allowed_external_redirect_urls = (known after apply) 190 + default_provider = (known after apply) 191 + enabled = (known after apply) 192 + issuer = (known after apply) 193 + runtime_version = (known after apply) 194 + token_refresh_extension_hours = (known after apply) 195 + token_store_enabled = (known after apply) 196 + unauthenticated_client_action = (known after apply) 197 198 + active_directory { 199 + allowed_audiences = (known after apply) 200 + client_id = (known after apply) 201 + client_secret = (sensitive value) 202 } 203 204 + facebook { 205 + app_id = (known after apply) 206 + app_secret = (sensitive value) 207 + oauth_scopes = (known after apply) 208 } 209 210 + google { 211 + client_id = (known after apply) 212 + client_secret = (sensitive value) 213 + oauth_scopes = (known after apply) 214 } 215 216 + microsoft { 217 + client_id = (known after apply) 218 + client_secret = (sensitive value) 219 + oauth_scopes = (known after apply) 220 } 221 222 + twitter { 223 + consumer_key = (known after apply) 224 + consumer_secret = (sensitive value) 225 } 226 } 227 228 + connection_string { 229 + name = (known after apply) 230 + type = (known after apply) 231 + value = (sensitive value) 232 } 233 234 + identity { 235 + identity_ids = (known after apply) 236 + principal_id = (known after apply) 237 + tenant_id = (known after apply) 238 + type = (known after apply) 239 } 240 241 + logs { 242 + detailed_error_messages_enabled = (known after apply) 243 + failed_request_tracing_enabled = (known after apply) 244 245 + application_logs { 246 + file_system_level = (known after apply) 247 248 + azure_blob_storage { 249 + level = (known after apply) 250 + retention_in_days = (known after apply) 251 + sas_url = (sensitive value) 252 } 253 } 254 255 + http_logs { 256 + azure_blob_storage { 257 + retention_in_days = (known after apply) 258 + sas_url = (sensitive value) 259 } 260 261 + file_system { 262 + retention_in_days = (known after apply) 263 + retention_in_mb = (known after apply) 264 } 265 } 266 } 267 268 + site_config { 269 + always_on = (known after apply) 270 + app_command_line = (known after apply) 271 + auto_swap_slot_name = (known after apply) 272 + default_documents = (known after apply) 273 + dotnet_framework_version = (known after apply) 274 + ftps_state = (known after apply) 275 + health_check_path = (known after apply) 276 + http2_enabled = (known after apply) 277 + ip_restriction = (known after apply) 278 + java_container = (known after apply) 279 + java_container_version = (known after apply) 280 + java_version = (known after apply) 281 + linux_fx_version = (known after apply) 282 + local_mysql_enabled = (known after apply) 283 + managed_pipeline_mode = (known after apply) 284 + min_tls_version = (known after apply) 285 + php_version = (known after apply) 286 + python_version = (known after apply) 287 + remote_debugging_enabled = (known after apply) 288 + remote_debugging_version = (known after apply) 289 + scm_ip_restriction = (known after apply) 290 + scm_type = (known after apply) 291 + scm_use_main_ip_restriction = (known after apply) 292 + use_32_bit_worker_process = (known after apply) 293 + websockets_enabled = (known after apply) 294 + windows_fx_version = (known after apply) 295 296 + cors { 297 + allowed_origins = (known after apply) 298 + support_credentials = (known after apply) 299 } 300 } 301 302 + source_control { 303 + branch = (known after apply) 304 + manual_integration = (known after apply) 305 + repo_url = (known after apply) 306 + rollback_enabled = (known after apply) 307 + use_mercurial = (known after apply) 308 } 309 310 + storage_account { 311 + access_key = (sensitive value) 312 + account_name = (known after apply) 313 + mount_path = (known after apply) 314 + name = (known after apply) 315 + share_name = (known after apply) 316 + type = (known after apply) 317 } 318 } 319 320 # azurerm_app_service_plan.cnbate_app_service_plan01 will be created 321 + resource "azurerm_app_service_plan" "cnbate_app_service_plan01" { 322 + id = (known after apply) 323 + kind = "Windows" 324 + location = "eastasia" 325 + maximum_elastic_worker_count = (known after apply) 326 + maximum_number_of_workers = (known after apply) 327 + name = "cnbate_appserviceplan01" 328 + resource_group_name = "Web_Test_TF_RG" 329 330 + sku { 331 + capacity = (known after apply) 332 + size = "S1" 333 + tier = "Standard" 334 } 335 } 336 337 # azurerm_app_service_plan.cnbate_app_service_plan02 will be created 338 + resource "azurerm_app_service_plan" "cnbate_app_service_plan02" { 339 + id = (known after apply) 340 + kind = "Windows" 341 + location = "southeastasia" 342 + maximum_elastic_worker_count = (known after apply) 343 + maximum_number_of_workers = (known after apply) 344 + name = "cnbate_appserviceplan02" 345 + resource_group_name = "Web_Test_TF_RG" 346 347 + sku { 348 + capacity = (known after apply) 349 + size = "S1" 350 + tier = "Standard" 351 } 352 } 353 354 # azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint01 will be created 355 + resource "azurerm_traffic_manager_endpoint" "cnbate_traffic_manager_endpoint01" { 356 + endpoint_location = (known after apply) 357 + endpoint_monitor_status = (known after apply) 358 + endpoint_status = (known after apply) 359 + geo_mappings = [ 360 + "CN", 361 ] 362 + id = (known after apply) 363 + name = "cnbateblogweb_webapp01_performance" 364 + priority = (known after apply) 365 + profile_name = "cnbateblogweb" 366 + resource_group_name = "Web_Test_TF_RG" 367 + target = (known after apply) 368 + target_resource_id = (known after apply) 369 + type = "azureEndpoints" 370 + weight = (known after apply) 371 } 372 373 # azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint02 will be created 374 + resource "azurerm_traffic_manager_endpoint" "cnbate_traffic_manager_endpoint02" { 375 + endpoint_location = (known after apply) 376 + endpoint_monitor_status = (known after apply) 377 + endpoint_status = (known after apply) 378 + geo_mappings = [ 379 + "SG", 380 ] 381 + id = (known after apply) 382 + name = "cnbateblogweb_webapp02_performance" 383 + priority = (known after apply) 384 + profile_name = "cnbateblogweb" 385 + resource_group_name = "Web_Test_TF_RG" 386 + target = (known after apply) 387 + target_resource_id = (known after apply) 388 + type = "azureEndpoints" 389 + weight = (known after apply) 390 } 391 392 # azurerm_traffic_manager_profile.cnbate_traffic_manager_profile will be created 393 + resource "azurerm_traffic_manager_profile" "cnbate_traffic_manager_profile" { 394 + fqdn = (known after apply) 395 + id = (known after apply) 396 + name = "cnbateblogweb" 397 + profile_status = (known after apply) 398 + resource_group_name = "Web_Test_TF_RG" 399 + tags = { 400 + "Environment" = "Production" 401 } 402 + traffic_routing_method = "Geographic" 403 404 + dns_config { 405 + relative_name = "cnbateblogweb" 406 + ttl = 60 407 } 408 409 + monitor_config { 410 + interval_in_seconds = 30 411 + path = "/" 412 + port = 80 413 + protocol = "http" 414 + timeout_in_seconds = 10 415 + tolerated_number_of_failures = 3 416 } 417 } 418 419 Plan: 7 to add, 0 to change, 0 to destroy. 420 421 Do you want to perform these actions? 422 Terraform will perform the actions described above. 423 Only 'yes' will be accepted to approve. 424 425 Enter a value: yes 426 427 azurerm_app_service_plan.cnbate_app_service_plan02: Creating... 428 azurerm_app_service_plan.cnbate_app_service_plan01: Creating... 429 azurerm_traffic_manager_profile.cnbate_traffic_manager_profile: Creating... 430 azurerm_traffic_manager_profile.cnbate_traffic_manager_profile: Creation complete after 5s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Network/trafficManagerProfiles/cnbateblogweb] 431 azurerm_app_service_plan.cnbate_app_service_plan01: Creation complete after 7s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Web/serverfarms/cnbate_appserviceplan01] 432 azurerm_app_service.cnbate_app_service01: Creating... 433 azurerm_app_service_plan.cnbate_app_service_plan02: Creation complete after 8s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Web/serverfarms/cnbate_appserviceplan02] 434 azurerm_app_service.cnbate_app_service02: Creating... 435 azurerm_app_service.cnbate_app_service01: Still creating... [10s elapsed] 436 azurerm_app_service.cnbate_app_service02: Still creating... [10s elapsed] 437 azurerm_app_service.cnbate_app_service01: Still creating... [20s elapsed] 438 azurerm_app_service.cnbate_app_service02: Still creating... [20s elapsed] 439 azurerm_app_service.cnbate_app_service01: Still creating... [30s elapsed] 440 azurerm_app_service.cnbate_app_service02: Still creating... [30s elapsed] 441 azurerm_app_service.cnbate_app_service01: Creation complete after 33s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Web/sites/CnBateBlogWeb01] 442 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint01: Creating... 443 azurerm_app_service.cnbate_app_service02: Creation complete after 33s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Web/sites/CnBateBlogWeb02] 444 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint02: Creating... 445 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint01: Still creating... [10s elapsed] 446 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint01: Creation complete after 10s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Network/trafficManagerProfiles/cnbateblogweb/azureEndpoints/cnbateblogweb_webapp01_performance] 447 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint02: Still creating... [10s elapsed] 448 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint02: Still creating... [20s elapsed] 449 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint02: Creation complete after 21s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Network/trafficManagerProfiles/cnbateblogweb/azureEndpoints/cnbateblogweb_webapp02_performance] 450 451 Apply complete! Resources: 7 added, 0 changed, 0 destroyed. 452 PS D:\Core\Terraform\Azure\terraform_cnbate_traffic manager>
登入 Azure Portal 中,檢視剛剛部署完成的資源
Traffic Manager profile (流量管理配置) 終結點配置
來自 “亞洲=》中國” 的流量轉發到 “CnBateBlogWeb01”
來自 ”亞洲=》新加坡“ 的流量轉發到 “CnBateBlogWeb02”
3,部署 Web 應用程式
釋出 CnBateBlogWeb01
選擇 Web_Test_TF_RG 資源組下的 ”CnBateBlogWeb01“ Web 應用程式
點選 ”釋出“,進行釋出操作
釋出成功後,點選 ”Browse“ 再瀏覽器中訪問。
顯示OK,沒有任何問題,為了兩個Web App 部署做區分,我這裡在 ”CnBateBlogWeb01“ 上顯示 ”This is China“
同樣,我們釋出專案到 ”CnBateBlogWeb02“,同樣的也為了區分,頁面顯示 ”This is Singapore"
釋出專案完成後,就開始測試 Azure Traffic Manager profile(流量管理配置)是否可以將使用者通過 Traffic Manager 來的請求是否能能夠正常的轉發後對於的終結點
測試區域 ”亞洲=》中國“
訪問ok,成功的將來自 ”china“ 的流量轉發到後端 ”CnBateBlogWeb01“
測試區域 ”亞洲=》新加坡“
訪問ok,成功的將來自 ”Singapore“ 的流量轉發到後端 ”CnBateBlogWeb02“
溫馨提示,大家記得 ”terraform destroy“ 刪除所有的資源
三,結尾
今天的內容其實很簡單,迴歸了一下 Azure Traffic Manger 的相關知識點,通過設定 ”Geograhpic“ (基於地理位置的路由策略),當使用者訪問 Traffic Manger ,它在不同的地理位置上部署伺服器以就近響應使用者的請求。同時利用 Terraform 快速實現雲基礎設定資源的搭建,提高了整個團隊在雲資源構建方面的能力。
參考資料:Terraform 官方,azurerm 文件
github:https://github.com/yunqian44/Terraform_Cnbate_Traffic_Manager
github:https://github.com/yunqian44/CnBateBlogWeb
作者:Allen
版權:轉載請在文章明顯位置註明作者及出處。如發現錯誤,歡迎批評指正。