一,引言
上一节关于 Terraform 的文章讲到 Terraform 使用到的一些语法,以及通过演示使用 Terraform 在Azure 上部署资源组,极大的方便了基础设施实施人员,也提高了基础设施团队的工作效率,同时可以利用 IAC 工具来管理云基础设施资源。
这个时候就有人问到,既然 Terraform 这么强大,那可不可以自动化部署其他Azure 资源,比方我们公司的项目就部署在Azure Web 应用上,用户访问的流量通过 Traffic Manager(流量配置分发管理器) 将流量分发到后端的 Web 应用程序,基础设施架构图如下图所示:
那我们今天就已当前基础设施架构图为模板,通过Terraform 实现基础设施资源的自动化部署
——————–Azure Terraform 系列——————–
1,Azure Terraform(一)入门简介
2,Azure Terraform(二)语法详解
3,Azure Terraform(三)部署 Web 应用程序
4,Azure Terraform(四)状态文件存储
5,Azure Terraform(五)利用Azure DevOps 实现自动化部署基础资源
6,Azure Terraform(六)Common Module
7,Azure Terraform(七)利用Azure DevOps 实现自动化部署基础资源(补充)
8,Azure Terraform(八)利用Azure DevOps 实现Infra资源和.NET CORE Web 应用程序的持续集成、持续部署
二,正文
1,Terraform 下的资源架构
1.1 Data Source
这个我们引入一个新的概念,Terraform Data Source
provider "azurerm" { version = "~>2.0" features {} } data "azurerm_resource_group" "cnbate_resource_group" { name = "Web_Test_TF_RG" }
使用 data 标记的资源访问有关现有资源组的信息,意思就是在Azure 上我们已有一个名为 “Web_Test_TF_RG”,我们直接引用现有的资源组,在此资源组下创建其他云资源。
1.2 Web 应用程序
注意:根据架构图所示,两个 Web 应用程序
resource "azurerm_app_service_plan" "cnbate_app_service_plan01" { name = "cnbate_appserviceplan01" location = local.location_eastAsia resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name sku { tier = "Standard" size = "S1" } } resource "azurerm_app_service_plan" "cnbate_app_service_plan02" { name = "cnbate_appserviceplan02" location = local.location_southeastAsia resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name sku { tier = "Standard" size = "S1" } } resource "azurerm_app_service" "cnbate_app_service01" { name = "CnBateBlogWeb01" location = local.location_eastAsia resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name app_service_plan_id = azurerm_app_service_plan.cnbate_app_service_plan01.id app_settings = { "ASPNETCORE_ENVIRONMENT" = "Production" } } resource "azurerm_app_service" "cnbate_app_service02" { name = "CnBateBlogWeb02" location = local.location_southeastAsia resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name app_service_plan_id = azurerm_app_service_plan.cnbate_app_service_plan02.id app_settings = { "ASPNETCORE_ENVIRONMENT" = "Production" } }
1.3,Traffic Manager Profile(流量管理器配置)
resource "azurerm_traffic_manager_profile" "cnbate_traffic_manager_profile" { name = "cnbateblogweb" resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name traffic_routing_method = "Geographic" dns_config { relative_name = "cnbateblogweb" ttl = 60 } monitor_config { protocol = "http" port = 80 path = "/" interval_in_seconds = 30 timeout_in_seconds = 10 tolerated_number_of_failures = 3 } tags = { Environment = "Production" } }
1.4 Traffic Manager Endpoint(流量管理器终结点)
resource "azurerm_traffic_manager_endpoint" "cnbate_traffic_manager_endpoint01" { name = "cnbateblogweb_webapp01_performance" resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name profile_name = azurerm_traffic_manager_profile.cnbate_traffic_manager_profile.name target_resource_id = azurerm_app_service.cnbate_app_service01.id type = "azureEndpoints" geo_mappings = ["CN"] } resource "azurerm_traffic_manager_endpoint" "cnbate_traffic_manager_endpoint02" { name = "cnbateblogweb_webapp02_performance" resource_group_name = data.azurerm_resource_group.cnbate_resource_group.name profile_name = azurerm_traffic_manager_profile.cnbate_traffic_manager_profile.name target_resource_id = azurerm_app_service.cnbate_app_service02.id type = "azureEndpoints" geo_mappings = ["SG"] }
完整请查看文章底部 github 链接
2,执行 Terraform 部署计划并且验证部署结果
2.1,使用以下 terraform apply 命令进行部署
1 PS D:\Core\Terraform\Azure\terraform_cnbate_traffic manager> terraform apply 2 data.azurerm_resource_group.cnbate_resource_group: Refreshing state... 3 4 An execution plan has been generated and is shown below. 5 Resource actions are indicated with the following symbols: 6 + create 7 8 Terraform will perform the following actions: 9 10 # azurerm_app_service.cnbate_app_service01 will be created 11 + resource "azurerm_app_service" "cnbate_app_service01" { 12 + app_service_plan_id = (known after apply) 13 + app_settings = { 14 + "ASPNETCORE_ENVIRONMENT" = "Production" 15 } 16 + client_affinity_enabled = false 17 + client_cert_enabled = false 18 + custom_domain_verification_id = (known after apply) 19 + default_site_hostname = (known after apply) 20 + enabled = true 21 + https_only = false 22 + id = (known after apply) 23 + location = "eastasia" 24 + name = "CnBateBlogWeb01" 25 + outbound_ip_address_list = (known after apply) 26 + outbound_ip_addresses = (known after apply) 27 + possible_outbound_ip_address_list = (known after apply) 28 + possible_outbound_ip_addresses = (known after apply) 29 + resource_group_name = "Web_Test_TF_RG" 30 + site_credential = (known after apply) 31 32 + auth_settings { 33 + additional_login_params = (known after apply) 34 + allowed_external_redirect_urls = (known after apply) 35 + default_provider = (known after apply) 36 + enabled = (known after apply) 37 + issuer = (known after apply) 38 + runtime_version = (known after apply) 39 + token_refresh_extension_hours = (known after apply) 40 + token_store_enabled = (known after apply) 41 + unauthenticated_client_action = (known after apply) 42 43 + active_directory { 44 + allowed_audiences = (known after apply) 45 + client_id = (known after apply) 46 + client_secret = (sensitive value) 47 } 48 49 + facebook { 50 + app_id = (known after apply) 51 + app_secret = (sensitive value) 52 + oauth_scopes = (known after apply) 53 } 54 55 + google { 56 + client_id = (known after apply) 57 + client_secret = (sensitive value) 58 + oauth_scopes = (known after apply) 59 } 60 61 + microsoft { 62 + client_id = (known after apply) 63 + client_secret = (sensitive value) 64 + oauth_scopes = (known after apply) 65 } 66 67 + twitter { 68 + consumer_key = (known after apply) 69 + consumer_secret = (sensitive value) 70 } 71 } 72 73 + connection_string { 74 + name = (known after apply) 75 + type = (known after apply) 76 + value = (sensitive value) 77 } 78 79 + identity { 80 + identity_ids = (known after apply) 81 + principal_id = (known after apply) 82 + tenant_id = (known after apply) 83 + type = (known after apply) 84 } 85 86 + logs { 87 + detailed_error_messages_enabled = (known after apply) 88 + failed_request_tracing_enabled = (known after apply) 89 90 + application_logs { 91 + file_system_level = (known after apply) 92 93 + azure_blob_storage { 94 + level = (known after apply) 95 + retention_in_days = (known after apply) 96 + sas_url = (sensitive value) 97 } 98 } 99 100 + http_logs { 101 + azure_blob_storage { 102 + retention_in_days = (known after apply) 103 + sas_url = (sensitive value) 104 } 105 106 + file_system { 107 + retention_in_days = (known after apply) 108 + retention_in_mb = (known after apply) 109 } 110 } 111 } 112 113 + site_config { 114 + always_on = (known after apply) 115 + app_command_line = (known after apply) 116 + auto_swap_slot_name = (known after apply) 117 + default_documents = (known after apply) 118 + dotnet_framework_version = (known after apply) 119 + ftps_state = (known after apply) 120 + health_check_path = (known after apply) 121 + http2_enabled = (known after apply) 122 + ip_restriction = (known after apply) 123 + java_container = (known after apply) 124 + java_container_version = (known after apply) 125 + java_version = (known after apply) 126 + linux_fx_version = (known after apply) 127 + local_mysql_enabled = (known after apply) 128 + managed_pipeline_mode = (known after apply) 129 + min_tls_version = (known after apply) 130 + php_version = (known after apply) 131 + python_version = (known after apply) 132 + remote_debugging_enabled = (known after apply) 133 + remote_debugging_version = (known after apply) 134 + scm_ip_restriction = (known after apply) 135 + scm_type = (known after apply) 136 + scm_use_main_ip_restriction = (known after apply) 137 + use_32_bit_worker_process = (known after apply) 138 + websockets_enabled = (known after apply) 139 + windows_fx_version = (known after apply) 140 141 + cors { 142 + allowed_origins = (known after apply) 143 + support_credentials = (known after apply) 144 } 145 } 146 147 + source_control { 148 + branch = (known after apply) 149 + manual_integration = (known after apply) 150 + repo_url = (known after apply) 151 + rollback_enabled = (known after apply) 152 + use_mercurial = (known after apply) 153 } 154 155 + storage_account { 156 + access_key = (sensitive value) 157 + account_name = (known after apply) 158 + mount_path = (known after apply) 159 + name = (known after apply) 160 + share_name = (known after apply) 161 + type = (known after apply) 162 } 163 } 164 165 # azurerm_app_service.cnbate_app_service02 will be created 166 + resource "azurerm_app_service" "cnbate_app_service02" { 167 + app_service_plan_id = (known after apply) 168 + app_settings = { 169 + "ASPNETCORE_ENVIRONMENT" = "Production" 170 } 171 + client_affinity_enabled = false 172 + client_cert_enabled = false 173 + custom_domain_verification_id = (known after apply) 174 + default_site_hostname = (known after apply) 175 + enabled = true 176 + https_only = false 177 + id = (known after apply) 178 + location = "southeastasia" 179 + name = "CnBateBlogWeb02" 180 + outbound_ip_address_list = (known after apply) 181 + outbound_ip_addresses = (known after apply) 182 + possible_outbound_ip_address_list = (known after apply) 183 + possible_outbound_ip_addresses = (known after apply) 184 + resource_group_name = "Web_Test_TF_RG" 185 + site_credential = (known after apply) 186 187 + auth_settings { 188 + additional_login_params = (known after apply) 189 + allowed_external_redirect_urls = (known after apply) 190 + default_provider = (known after apply) 191 + enabled = (known after apply) 192 + issuer = (known after apply) 193 + runtime_version = (known after apply) 194 + token_refresh_extension_hours = (known after apply) 195 + token_store_enabled = (known after apply) 196 + unauthenticated_client_action = (known after apply) 197 198 + active_directory { 199 + allowed_audiences = (known after apply) 200 + client_id = (known after apply) 201 + client_secret = (sensitive value) 202 } 203 204 + facebook { 205 + app_id = (known after apply) 206 + app_secret = (sensitive value) 207 + oauth_scopes = (known after apply) 208 } 209 210 + google { 211 + client_id = (known after apply) 212 + client_secret = (sensitive value) 213 + oauth_scopes = (known after apply) 214 } 215 216 + microsoft { 217 + client_id = (known after apply) 218 + client_secret = (sensitive value) 219 + oauth_scopes = (known after apply) 220 } 221 222 + twitter { 223 + consumer_key = (known after apply) 224 + consumer_secret = (sensitive value) 225 } 226 } 227 228 + connection_string { 229 + name = (known after apply) 230 + type = (known after apply) 231 + value = (sensitive value) 232 } 233 234 + identity { 235 + identity_ids = (known after apply) 236 + principal_id = (known after apply) 237 + tenant_id = (known after apply) 238 + type = (known after apply) 239 } 240 241 + logs { 242 + detailed_error_messages_enabled = (known after apply) 243 + failed_request_tracing_enabled = (known after apply) 244 245 + application_logs { 246 + file_system_level = (known after apply) 247 248 + azure_blob_storage { 249 + level = (known after apply) 250 + retention_in_days = (known after apply) 251 + sas_url = (sensitive value) 252 } 253 } 254 255 + http_logs { 256 + azure_blob_storage { 257 + retention_in_days = (known after apply) 258 + sas_url = (sensitive value) 259 } 260 261 + file_system { 262 + retention_in_days = (known after apply) 263 + retention_in_mb = (known after apply) 264 } 265 } 266 } 267 268 + site_config { 269 + always_on = (known after apply) 270 + app_command_line = (known after apply) 271 + auto_swap_slot_name = (known after apply) 272 + default_documents = (known after apply) 273 + dotnet_framework_version = (known after apply) 274 + ftps_state = (known after apply) 275 + health_check_path = (known after apply) 276 + http2_enabled = (known after apply) 277 + ip_restriction = (known after apply) 278 + java_container = (known after apply) 279 + java_container_version = (known after apply) 280 + java_version = (known after apply) 281 + linux_fx_version = (known after apply) 282 + local_mysql_enabled = (known after apply) 283 + managed_pipeline_mode = (known after apply) 284 + min_tls_version = (known after apply) 285 + php_version = (known after apply) 286 + python_version = (known after apply) 287 + remote_debugging_enabled = (known after apply) 288 + remote_debugging_version = (known after apply) 289 + scm_ip_restriction = (known after apply) 290 + scm_type = (known after apply) 291 + scm_use_main_ip_restriction = (known after apply) 292 + use_32_bit_worker_process = (known after apply) 293 + websockets_enabled = (known after apply) 294 + windows_fx_version = (known after apply) 295 296 + cors { 297 + allowed_origins = (known after apply) 298 + support_credentials = (known after apply) 299 } 300 } 301 302 + source_control { 303 + branch = (known after apply) 304 + manual_integration = (known after apply) 305 + repo_url = (known after apply) 306 + rollback_enabled = (known after apply) 307 + use_mercurial = (known after apply) 308 } 309 310 + storage_account { 311 + access_key = (sensitive value) 312 + account_name = (known after apply) 313 + mount_path = (known after apply) 314 + name = (known after apply) 315 + share_name = (known after apply) 316 + type = (known after apply) 317 } 318 } 319 320 # azurerm_app_service_plan.cnbate_app_service_plan01 will be created 321 + resource "azurerm_app_service_plan" "cnbate_app_service_plan01" { 322 + id = (known after apply) 323 + kind = "Windows" 324 + location = "eastasia" 325 + maximum_elastic_worker_count = (known after apply) 326 + maximum_number_of_workers = (known after apply) 327 + name = "cnbate_appserviceplan01" 328 + resource_group_name = "Web_Test_TF_RG" 329 330 + sku { 331 + capacity = (known after apply) 332 + size = "S1" 333 + tier = "Standard" 334 } 335 } 336 337 # azurerm_app_service_plan.cnbate_app_service_plan02 will be created 338 + resource "azurerm_app_service_plan" "cnbate_app_service_plan02" { 339 + id = (known after apply) 340 + kind = "Windows" 341 + location = "southeastasia" 342 + maximum_elastic_worker_count = (known after apply) 343 + maximum_number_of_workers = (known after apply) 344 + name = "cnbate_appserviceplan02" 345 + resource_group_name = "Web_Test_TF_RG" 346 347 + sku { 348 + capacity = (known after apply) 349 + size = "S1" 350 + tier = "Standard" 351 } 352 } 353 354 # azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint01 will be created 355 + resource "azurerm_traffic_manager_endpoint" "cnbate_traffic_manager_endpoint01" { 356 + endpoint_location = (known after apply) 357 + endpoint_monitor_status = (known after apply) 358 + endpoint_status = (known after apply) 359 + geo_mappings = [ 360 + "CN", 361 ] 362 + id = (known after apply) 363 + name = "cnbateblogweb_webapp01_performance" 364 + priority = (known after apply) 365 + profile_name = "cnbateblogweb" 366 + resource_group_name = "Web_Test_TF_RG" 367 + target = (known after apply) 368 + target_resource_id = (known after apply) 369 + type = "azureEndpoints" 370 + weight = (known after apply) 371 } 372 373 # azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint02 will be created 374 + resource "azurerm_traffic_manager_endpoint" "cnbate_traffic_manager_endpoint02" { 375 + endpoint_location = (known after apply) 376 + endpoint_monitor_status = (known after apply) 377 + endpoint_status = (known after apply) 378 + geo_mappings = [ 379 + "SG", 380 ] 381 + id = (known after apply) 382 + name = "cnbateblogweb_webapp02_performance" 383 + priority = (known after apply) 384 + profile_name = "cnbateblogweb" 385 + resource_group_name = "Web_Test_TF_RG" 386 + target = (known after apply) 387 + target_resource_id = (known after apply) 388 + type = "azureEndpoints" 389 + weight = (known after apply) 390 } 391 392 # azurerm_traffic_manager_profile.cnbate_traffic_manager_profile will be created 393 + resource "azurerm_traffic_manager_profile" "cnbate_traffic_manager_profile" { 394 + fqdn = (known after apply) 395 + id = (known after apply) 396 + name = "cnbateblogweb" 397 + profile_status = (known after apply) 398 + resource_group_name = "Web_Test_TF_RG" 399 + tags = { 400 + "Environment" = "Production" 401 } 402 + traffic_routing_method = "Geographic" 403 404 + dns_config { 405 + relative_name = "cnbateblogweb" 406 + ttl = 60 407 } 408 409 + monitor_config { 410 + interval_in_seconds = 30 411 + path = "/" 412 + port = 80 413 + protocol = "http" 414 + timeout_in_seconds = 10 415 + tolerated_number_of_failures = 3 416 } 417 } 418 419 Plan: 7 to add, 0 to change, 0 to destroy. 420 421 Do you want to perform these actions? 422 Terraform will perform the actions described above. 423 Only 'yes' will be accepted to approve. 424 425 Enter a value: yes 426 427 azurerm_app_service_plan.cnbate_app_service_plan02: Creating... 428 azurerm_app_service_plan.cnbate_app_service_plan01: Creating... 429 azurerm_traffic_manager_profile.cnbate_traffic_manager_profile: Creating... 430 azurerm_traffic_manager_profile.cnbate_traffic_manager_profile: Creation complete after 5s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Network/trafficManagerProfiles/cnbateblogweb] 431 azurerm_app_service_plan.cnbate_app_service_plan01: Creation complete after 7s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Web/serverfarms/cnbate_appserviceplan01] 432 azurerm_app_service.cnbate_app_service01: Creating... 433 azurerm_app_service_plan.cnbate_app_service_plan02: Creation complete after 8s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Web/serverfarms/cnbate_appserviceplan02] 434 azurerm_app_service.cnbate_app_service02: Creating... 435 azurerm_app_service.cnbate_app_service01: Still creating... [10s elapsed] 436 azurerm_app_service.cnbate_app_service02: Still creating... [10s elapsed] 437 azurerm_app_service.cnbate_app_service01: Still creating... [20s elapsed] 438 azurerm_app_service.cnbate_app_service02: Still creating... [20s elapsed] 439 azurerm_app_service.cnbate_app_service01: Still creating... [30s elapsed] 440 azurerm_app_service.cnbate_app_service02: Still creating... [30s elapsed] 441 azurerm_app_service.cnbate_app_service01: Creation complete after 33s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Web/sites/CnBateBlogWeb01] 442 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint01: Creating... 443 azurerm_app_service.cnbate_app_service02: Creation complete after 33s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Web/sites/CnBateBlogWeb02] 444 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint02: Creating... 445 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint01: Still creating... [10s elapsed] 446 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint01: Creation complete after 10s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Network/trafficManagerProfiles/cnbateblogweb/azureEndpoints/cnbateblogweb_webapp01_performance] 447 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint02: Still creating... [10s elapsed] 448 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint02: Still creating... [20s elapsed] 449 azurerm_traffic_manager_endpoint.cnbate_traffic_manager_endpoint02: Creation complete after 21s [id=/subscriptions/c4206323-2bc4-4732-a41e-df2f392c0afc/resourceGroups/Web_Test_TF_RG/providers/Microsoft.Network/trafficManagerProfiles/cnbateblogweb/azureEndpoints/cnbateblogweb_webapp02_performance] 450 451 Apply complete! Resources: 7 added, 0 changed, 0 destroyed. 452 PS D:\Core\Terraform\Azure\terraform_cnbate_traffic manager>
powershell
登录 Azure Portal 中,查看刚刚部署完成的资源
Traffic Manager profile (流量管理配置) 终结点配置
来自 “亚洲=》中国” 的流量转发到 “CnBateBlogWeb01”
来自 ”亚洲=》新加坡“ 的流量转发到 “CnBateBlogWeb02”
3,部署 Web 应用程序
发布 CnBateBlogWeb01
选择 Web_Test_TF_RG 资源组下的 ”CnBateBlogWeb01“ Web 应用程序
点击 ”发布“,进行发布操作
发布成功后,点击 ”Browse“ 再浏览器中访问。
显示OK,没有任何问题,为了两个Web App 部署做区分,我这里在 ”CnBateBlogWeb01“ 上显示 ”This is China“
同样,我们发布项目到 ”CnBateBlogWeb02“,同样的也为了区分,页面显示 ”This is Singapore”
发布项目完成后,就开始测试 Azure Traffic Manager profile(流量管理配置)是否可以将用户通过 Traffic Manager 来的请求是否能能够正常的转发后对于的终结点
测试区域 ”亚洲=》中国“
访问ok,成功的将来自 ”china“ 的流量转发到后端 ”CnBateBlogWeb01“
测试区域 ”亚洲=》新加坡“
访问ok,成功的将来自 ”Singapore“ 的流量转发到后端 ”CnBateBlogWeb02“
温馨提示,大家记得 ”terraform destroy“ 删除所有的资源
三,结尾
今天的内容其实很简单,回归了一下 Azure Traffic Manger 的相关知识点,通过设置 ”Geograhpic“ (基于地理位置的路由策略),当用户访问 Traffic Manger ,它在不同的地理位置上部署服务器以就近响应用户的请求。同时利用 Terraform 快速实现云基础设置资源的搭建,提高了整个团队在云资源构建方面的能力。
参考资料:Terraform 官方,azurerm 文档
Terraform_Cnbate_Traffic_Manager github:https://github.com/yunqian44/Terraform_Cnbate_Traffic_Manager
CnBateBlogWeb github:https://github.com/yunqian44/CnBateBlogWeb
作者:Allen
版权:转载请在文章明显位置注明作者及出处。如发现错误,欢迎批评指正。