Terraform 시작
- terraform init - 시작, 기록 시작
- 프로비저닝을 위한 .tf파일 생성
- terraform plan - "2"에서 생성한 파일을 검증하고 최종 결과를 예측
- terraform apply - 실제 프로비저닝 시작. libvirt를 통해 인스턴스, 네트워크 등 생성 시작
- main.tf 작성
[root@terraform lab1]# vi main.tf terraform {
required_providers {
libvirt = {
source = "multani/libvirt"
version = "0.6.3-1+4"
}
}
}
provider "libvirt" {
alias = "hypervisor" # hyperisor의 ip를 host에 등록해야함
uri = "qemu+ssh://root@hypervisor/system"
} - Terraform 시작
terraform init
[root@terraform lab1]# terraform init
Initializing the backend...
Initializing provider plugins...
- Finding multani/libvirt versions matching "0.6.3-1+4"...
- Installing multani/libvirt v0.6.3-1+4...
- Installed multani/libvirt v0.6.3-1+4 (self-signed, key ID D888B151BEF9257A)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.- ls -al
[root@terraform lab1]# ls -al
total 12
drwxr-xr-x 3 root root 66 Oct 24 11:53 .
dr-xr-x---. 19 root root 4096 Oct 24 11:53 ..
-rw-r--r-- 1 root root 246 Oct 24 11:53 main.tf
drwxr-xr-x 3 root root 23 Oct 24 11:53 .terraform
-rw-r--r-- 1 root root 364 Oct 24 11:53 .terraform.lock.hcl- centos7 qcow2 이미지 받기
[root@terraform ~]# cd /cloudimg/
[root@terraform cloudimg]# wget https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
--2022-10-24 12:27:25-- https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
Resolving cloud.centos.org (cloud.centos.org)... 3.137.219.52
Connecting to cloud.centos.org (cloud.centos.org)|3.137.219.52|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 858783744 (819M) [application/octet-stream]
Saving to: ‘CentOS-7-x86_64-GenericCloud.qcow2’
100%[=====================================================================================================================================================================>] 858,783,744 950KB/s in 25m 18s
2022-10-24 12:52:44 (552 KB/s) - ‘CentOS-7-x86_64-GenericCloud.qcow2’ saved [858783744/858783744]- qcow2 이미지에 루트 비밀번호 생성
[root@terraform cloudimg]# cp CentOS-7-x86_64-GenericCloud.qcow2 centos-base.qcoe2 [root@terraform cloudimg]# virt-customize \
> -a centos-base.qcow2 \
> --root-password password:test123
[ 0.0] Examining the guest ...
[ 55.9] Setting a random seed
[ 56.0] Setting passwords
[ 58.6] Finishing off- 파일 확인
[root@terraform cloudimg]# ll
total 1677312
-rw-r--r-- 1 root root 858783744 Apr 22 2020 CentOS-7-x86_64-GenericCloud.qcow2
-rw-r--r-- 1 root root 858783744 Oct 24 13:57 centos-base.qcow2- instance.tf 생성
[root@terraform lab1]# vi instance.tf # volume define
resource "libvirt_volume" "centos7vol" {
name = "centos7-1.qcow2"
pool = "default"
source = "/cloudimg/centos-base.qcow2"
format = "qcow2"
}
# instance define
resource "libvirt_domain" "centos7-1" {
name = "centos7-1"
memory = 1024
vcpu = 1
network_interface {
network_name = "default"
}
disk {
volume_id = "${libvirt_volume.centos7vol.id}"
}
console {
type = "pty"
target_type = "serial"
target_port = "0"
}
graphics {
type = "spice"
listen_type = "address"
autoport = true
}
}
# result
output "ip" {
value = "${libvirt_domain.centos7-1.network_interface.0.addresses}"
// network_interface의 첫 번째 인터페이스의 첫 번째 IP를 출력
}
- terraform plan 시도
[root@terraform lab1]# terraform plan
provider.libvirt.uri
libvirt connection URI for operations. See https://libvirt.org/uri.html
Enter a value:uri를 등록했으나, uri를 물으며 진행되지 않는다.
- terraform plan을 하기 위해 hosts 등록
[root@terraform lab1]# vi /etc/hosts 211.183.3.160 hypervisor- hypervisor와 연결 확인
[root@terraform lab1]# ping hypervisor -c 3
PING hypervisor (211.183.3.160) 56(84) bytes of data.
64 bytes from hypervisor (211.183.3.160): icmp_seq=1 ttl=64 time=0.744 ms
64 bytes from hypervisor (211.183.3.160): icmp_seq=2 ttl=64 time=0.389 ms
64 bytes from hypervisor (211.183.3.160): icmp_seq=3 ttl=64 time=0.816 ms
--- hypervisor ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2040ms
rtt min/avg/max/mdev = 0.389/0.649/0.816/0.188 ms- terraform plan 시도
[root@terraform lab1]# terraform plan
provider.libvirt.uri
libvirt connection URI for operations. See https://libvirt.org/uri.html
Enter a value:여전히 uri를 물으며 진행되지 않는다
- 시스템 환경변수로 uri 등록
[root@terraform lab1]# export LIBVIRT_DEFAULT_URI="qemu+ssh://root@hypervisor/system"terraform plan
[root@terraform lab1]# terraform plan
The authenticity of host 'hypervisor (211.183.3.160)' can't be established.
ECDSA key fingerprint is SHA256:OWYoZwU81It4tsmzDIFnv48Ry3Jhy67/l4Y1DT9ezq0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
root@hypervisor's password:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# libvirt_domain.centos7-1 will be created
+ resource "libvirt_domain" "centos7-1" {
+ arch = (known after apply)
+ disk = [
+ {
+ block_device = null
+ file = null
+ scsi = null
+ url = null
+ volume_id = (known after apply)
+ wwn = null
},
]
+ emulator = (known after apply)
+ fw_cfg_name = "opt/com.coreos/config"
+ id = (known after apply)
+ machine = (known after apply)
+ memory = 1024
+ name = "centos7-1"
+ qemu_agent = false
+ running = true
+ vcpu = 1
+ console {
+ source_host = "127.0.0.1"
+ source_service = "0"
+ target_port = "0"
+ target_type = "serial"
+ type = "pty"
}
+ graphics {
+ autoport = true
+ listen_address = "127.0.0.1"
+ listen_type = "address"
+ type = "spice"
}
+ network_interface {
+ addresses = (known after apply)
+ hostname = (known after apply)
+ mac = (known after apply)
+ network_id = (known after apply)
+ network_name = "default"
}
}
# libvirt_volume.centos7vol will be created
+ resource "libvirt_volume" "centos7vol" {
+ format = "qcow2"
+ id = (known after apply)
+ name = "centos7-1.qcow2"
+ pool = "default"
+ size = (known after apply)
+ source = "/cloudimg/centos-base.qcow2"
}
Plan: 2 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ ip = (known after apply)
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.terraform apply
terraform apply -auto-approve
[root@terraform lab1]# terraform apply -auto-approve
root@hypervisor's password:
libvirt_volume.centos7vol: Refreshing state... [id=/var/lib/libvirt/images/centos7-1.qcow2]
libvirt_domain.centos7-1: Refreshing state... [id=45cc54f9-2ee3-4da7-8b36-224dcc005e76]
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan:
# libvirt_domain.centos7-1 has changed
~ resource "libvirt_domain" "centos7-1" {
id = "45cc54f9-2ee3-4da7-8b36-224dcc005e76"
name = "centos7-1"
# (10 unchanged attributes hidden)
~ network_interface {
~ addresses = [
+ "192.168.122.60",
]
# (4 unchanged attributes hidden)
}
# (2 unchanged blocks hidden)
}
Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes.
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Changes to Outputs:
+ ip = [
+ "192.168.122.60",
]
You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.
root@hypervisor's password:
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:
ip = tolist([
"192.168.122.60",
])192.168.122.60
- hypervisor에서 ip 확인
[root@hypervisor cloudimg]# virsh list --all
Id Name State
----------------------------------------------------
4 centos7-1 running
[root@hypervisor cloudimg]# virsh domifaddr centos7-1
Name MAC address Protocol Address
-------------------------------------------------------------------------------
vnet0 52:54:00:82:63:db ipv4 192.168.122.60/24192.168.122.60
- 콘솔 접속
[root@hypervisor cloudimg]# virsh edit centos7-1
Domain centos7-1 XML configuration not changed.
[root@hypervisor cloudimg]# virsh console centos7-1
Connected to domain centos7-1
Escape character is ^]
CentOS Linux 7 (Core)
Kernel 3.10.0-1127.el7.x86_64 on an x86_64
localhost login: root
Password:
[root@localhost ~]# terraform destroy
[root@terraform lab1]# terraform destroy
root@hypervisor's password:
libvirt_volume.centos7vol: Refreshing state... [id=/var/lib/libvirt/images/centos7-1.qcow2]
libvirt_domain.centos7-1: Refreshing state... [id=45cc54f9-2ee3-4da7-8b36-224dcc005e76]
root@hypervisor's password:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# libvirt_domain.centos7-1 will be destroyed
- resource "libvirt_domain" "centos7-1" {
- arch = "x86_64" -> null
- autostart = false -> null
- cmdline = [] -> null
- disk = [
- {
- block_device = ""
- file = ""
- scsi = false
- url = ""
- volume_id = "/var/lib/libvirt/images/centos7-1.qcow2"
- wwn = ""
},
] -> null
- emulator = "/usr/libexec/qemu-kvm" -> null
- fw_cfg_name = "opt/com.coreos/config" -> null
- id = "45cc54f9-2ee3-4da7-8b36-224dcc005e76" -> null
- machine = "pc" -> null
- memory = 1024 -> null
- name = "centos7-1" -> null
- qemu_agent = false -> null
- running = true -> null
- vcpu = 1 -> null
- console {
- source_host = "127.0.0.1" -> null
- source_service = "0" -> null
- target_port = "0" -> null
- target_type = "serial" -> null
- type = "pty" -> null
}
- graphics {
- autoport = true -> null
- listen_address = "127.0.0.1" -> null
- listen_type = "address" -> null
- type = "spice" -> null
}
- network_interface {
- addresses = [
- "192.168.122.60",
] -> null
- mac = "52:54:00:82:63:DB" -> null
- network_id = "9c7ac5f0-39b3-4254-b82a-548e03907305" -> null
- network_name = "default" -> null
- wait_for_lease = false -> null
}
}
# libvirt_volume.centos7vol will be destroyed
- resource "libvirt_volume" "centos7vol" {
- format = "qcow2" -> null
- id = "/var/lib/libvirt/images/centos7-1.qcow2" -> null
- name = "centos7-1.qcow2" -> null
- pool = "default" -> null
- size = 8589934592 -> null
- source = "/cloudimg/centos-base.qcow2" -> null
}
Plan: 0 to add, 0 to change, 2 to destroy.
Changes to Outputs:
- ip = [
- "192.168.122.60",
] -> null
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
root@hypervisor's password:
libvirt_domain.centos7-1: Destroying... [id=45cc54f9-2ee3-4da7-8b36-224dcc005e76]
libvirt_domain.centos7-1: Destruction complete after 0s
libvirt_volume.centos7vol: Destroying... [id=/var/lib/libvirt/images/centos7-1.qcow2]
libvirt_volume.centos7vol: Destruction complete after 0s
Destroy complete! Resources: 2 destroyed.
[root@terraform lab1]# 네트워크 변경
[root@terraform lab1]# vi instance.tf ...
# instance define
resource "libvirt_domain" "centos7-1" {
name = "centos7-1"
memory = 1024
vcpu = 1
network_interface {
# network_name = "default"
bridge = "br0"
}
... br0를 추가
- terraform plan
[root@terraform lab1]# terraform plan
root@hypervisor's password:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# libvirt_domain.centos7-1 will be created
+ resource "libvirt_domain" "centos7-1" {
+ arch = (known after apply)
+ disk = [
+ {
+ block_device = null
+ file = null
+ scsi = null
+ url = null
+ volume_id = (known after apply)
+ wwn = null
},
]
+ emulator = (known after apply)
+ fw_cfg_name = "opt/com.coreos/config"
+ id = (known after apply)
+ machine = (known after apply)
+ memory = 1024
+ name = "centos7-1"
+ qemu_agent = false
+ running = true
+ vcpu = 1
+ console {
+ source_host = "127.0.0.1"
+ source_service = "0"
+ target_port = "0"
+ target_type = "serial"
+ type = "pty"
}
+ graphics {
+ autoport = true
+ listen_address = "127.0.0.1"
+ listen_type = "address"
+ type = "spice"
}
+ network_interface {
+ addresses = (known after apply)
+ bridge = "br0"
+ hostname = (known after apply)
+ mac = (known after apply)
+ network_id = (known after apply)
+ network_name = (known after apply)
}
}
# libvirt_volume.centos7vol will be created
+ resource "libvirt_volume" "centos7vol" {
+ format = "qcow2"
+ id = (known after apply)
+ name = "centos7-1.qcow2"
+ pool = "default"
+ size = (known after apply)
+ source = "/cloudimg/centos-base.qcow2"
}
Plan: 2 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ ip = (known after apply)
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.- terraform apply
[root@terraform lab1]# terraform apply
libvirt_volume.centos7vol: Creating...
libvirt_volume.centos7vol: Creation complete after 7s [id=/var/lib/libvirt/images/centos7-1.qcow2]
libvirt_domain.centos7-1: Creating...
libvirt_domain.centos7-1: Creation complete after 0s [id=98981cf6-8fda-4639-9f0c-b3688a6d43fa]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Outputs:
ip = tolist([])- KVM 생성 확인
[root@hypervisor cloudimg]# virsh list --all
Id Name State
----------------------------------------------------
[root@hypervisor cloudimg]# virsh list --all
Id Name State
----------------------------------------------------
5 centos7-1 running
[root@hypervisor cloudimg]#
[root@hypervisor cloudimg]# virsh console centos7-1
Connected to domain centos7-1
Escape character is ^]
CentOS Linux 7 (Core)
Kernel 3.10.0-1127.el7.x86_64 on an x86_64
localhost login: root
Password:
[root@localhost ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 211.183.3.184 netmask 255.255.255.0 broadcast 211.183.3.255
inet6 fe80::5054:ff:fe82:4238 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:82:42:38 txqueuelen 1000 (Ethernet)
RX packets 57 bytes 6791 (6.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 45 bytes 4166 (4.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0211.183.3.184
- terraform과 ping 확인
[root@terraform lab1]# ping 211.183.3.184 -c 3
PING 211.183.3.184 (211.183.3.184) 56(84) bytes of data.
64 bytes from 211.183.3.184: icmp_seq=1 ttl=64 time=1.29 ms
64 bytes from 211.183.3.184: icmp_seq=2 ttl=64 time=1.42 ms
64 bytes from 211.183.3.184: icmp_seq=3 ttl=64 time=1.68 ms
--- 211.183.3.184 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2005ms
rtt min/avg/max/mdev = 1.292/1.463/1.680/0.167 msip주소 추가
[root@terraform lab1]# vi instance.tf # instance define
resource "libvirt_domain" "centos7-1" {
name = "centos7-1"
memory = 1024
vcpu = 1
network_interface {
addresses = ["211.183.3.199"]
# network_name = "default"
bridge = "br0"- terraform plan
[root@terraform lab1]# terraform plan
root@hypervisor's password:
libvirt_volume.centos7vol: Refreshing state... [id=/var/lib/libvirt/images/centos7-1.qcow2]
libvirt_domain.centos7-1: Refreshing state... [id=98981cf6-8fda-4639-9f0c-b3688a6d43fa]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# libvirt_domain.centos7-1 will be updated in-place
~ resource "libvirt_domain" "centos7-1" {
id = "98981cf6-8fda-4639-9f0c-b3688a6d43fa"
name = "centos7-1"
# (11 unchanged attributes hidden)
~ network_interface {
~ addresses = [
+ "211.183.3.199",
]
# (3 unchanged attributes hidden)
}
# (2 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Changes to Outputs:
~ ip = [
+ "211.183.3.199",
]
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.- terraform apply
[root@terraform lab1]# terraform apply -auto-approve
libvirt_domain.centos7-1: Modifying... [id=98981cf6-8fda-4639-9f0c-b3688a6d43fa]
libvirt_domain.centos7-1: Modifications complete after 0s [id=98981cf6-8fda-4639-9f0c-b3688a6d43fa]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
Outputs:
ip = tolist([
"211.183.3.199",
])- 변경한 ip로 ping 테스트
[root@terraform lab1]# ping 211.183.3.199 -c 3
PING 211.183.3.199 (211.183.3.199) 56(84) bytes of data.
From 211.183.3.150 icmp_seq=1 Destination Host Unreachable
From 211.183.3.150 icmp_seq=2 Destination Host Unreachable
From 211.183.3.150 icmp_seq=3 Destination Host Unreachable
--- 211.183.3.199 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2048ms
pipe 3안 된다. terraform과 libvirt의 호환이 완벽하지 않다. aws나 openstack으로 한다면 될 것이다.
- destroy 후 다시 적용
[root@terraform lab1]# terraform destroy
root@hypervisor's password:
libvirt_volume.centos7vol: Refreshing state... [id=/var/lib/libvirt/images/centos7-1.qcow2]
libvirt_domain.centos7-1: Refreshing state... [id=98981cf6-8fda-4639-9f0c-b3688a6d43fa]
root@hypervisor's password:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# libvirt_domain.centos7-1 will be destroyed
- resource "libvirt_domain" "centos7-1" {
- arch = "x86_64" -> null
- autostart = false -> null
- cmdline = [] -> null
- disk = [
- {
- block_device = ""
- file = ""
- scsi = false
- url = ""
- volume_id = "/var/lib/libvirt/images/centos7-1.qcow2"
- wwn = ""
},
] -> null
- emulator = "/usr/libexec/qemu-kvm" -> null
- fw_cfg_name = "opt/com.coreos/config" -> null
- id = "98981cf6-8fda-4639-9f0c-b3688a6d43fa" -> null
- machine = "pc" -> null
- memory = 1024 -> null
- name = "centos7-1" -> null
- qemu_agent = false -> null
- running = true -> null
- vcpu = 1 -> null
- console {
- source_host = "127.0.0.1" -> null
- source_service = "0" -> null
- target_port = "0" -> null
- target_type = "serial" -> null
- type = "pty" -> null
}
- graphics {
- autoport = true -> null
- listen_address = "127.0.0.1" -> null
- listen_type = "address" -> null
- type = "spice" -> null
}
- network_interface {
- addresses = [] -> null
- bridge = "br0" -> null
- mac = "52:54:00:82:42:38" -> null
- wait_for_lease = false -> null
}
}
# libvirt_volume.centos7vol will be destroyed
- resource "libvirt_volume" "centos7vol" {
- format = "qcow2" -> null
- id = "/var/lib/libvirt/images/centos7-1.qcow2" -> null
- name = "centos7-1.qcow2" -> null
- pool = "default" -> null
- size = 8589934592 -> null
- source = "/cloudimg/centos-base.qcow2" -> null
}
Plan: 0 to add, 0 to change, 2 to destroy.
Changes to Outputs:
- ip = [
- "211.183.3.199",
] -> null
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
root@hypervisor's password:
libvirt_domain.centos7-1: Destroying... [id=98981cf6-8fda-4639-9f0c-b3688a6d43fa]
libvirt_domain.centos7-1: Destruction complete after 0s
libvirt_volume.centos7vol: Destroying... [id=/var/lib/libvirt/images/centos7-1.qcow2]
libvirt_volume.centos7vol: Destruction complete after 0s
Destroy complete! Resources: 2 destroyed.
[root@terraform lab1]# terraform apply -auto-approve
root@hypervisor's password:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# libvirt_domain.centos7-1 will be created
+ resource "libvirt_domain" "centos7-1" {
+ arch = (known after apply)
+ disk = [
+ {
+ block_device = null
+ file = null
+ scsi = null
+ url = null
+ volume_id = (known after apply)
+ wwn = null
},
]
+ emulator = (known after apply)
+ fw_cfg_name = "opt/com.coreos/config"
+ id = (known after apply)
+ machine = (known after apply)
+ memory = 1024
+ name = "centos7-1"
+ qemu_agent = false
+ running = true
+ vcpu = 1
+ console {
+ source_host = "127.0.0.1"
+ source_service = "0"
+ target_port = "0"
+ target_type = "serial"
+ type = "pty"
}
+ graphics {
+ autoport = true
+ listen_address = "127.0.0.1"
+ listen_type = "address"
+ type = "spice"
}
+ network_interface {
+ addresses = [
+ "211.183.3.199",
]
+ bridge = "br0"
+ hostname = (known after apply)
+ mac = (known after apply)
+ network_id = (known after apply)
+ network_name = (known after apply)
}
}
# libvirt_volume.centos7vol will be created
+ resource "libvirt_volume" "centos7vol" {
+ format = "qcow2"
+ id = (known after apply)
+ name = "centos7-1.qcow2"
+ pool = "default"
+ size = (known after apply)
+ source = "/cloudimg/centos-base.qcow2"
}
Plan: 2 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ ip = [
+ "211.183.3.199",
]
root@hypervisor's password:
libvirt_volume.centos7vol: Creating...
libvirt_volume.centos7vol: Creation complete after 7s [id=/var/lib/libvirt/images/centos7-1.qcow2]
libvirt_domain.centos7-1: Creating...
libvirt_domain.centos7-1: Creation complete after 1s [id=ea78d9d7-c7cf-40e8-8a7e-8e547dbd14bb]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Outputs:
ip = tolist([
"211.183.3.199",
])- kvm에서 ip 확인
[root@hypervisor cloudimg]# virsh console centos7-1
Connected to domain centos7-1
Escape character is ^]
CentOS Linux 7 (Core)
Kernel 3.10.0-1127.el7.x86_64 on an x86_64
localhost login: root
Password:
[root@localhost ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 211.183.3.185 netmask 255.255.255.0 broadcast 211.183.3.255
inet6 fe80::5054:ff:fe42:40dc prefixlen 64 scopeid 0x20<link>
ether 52:54:00:42:40:dc txqueuelen 1000 (Ethernet)
RX packets 50 bytes 6143 (5.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 39 bytes 3602 (3.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0211.183.3.199로 설정했으나 211.183.3.185로 설정되었다. libvirt는 네트워크 관련하여 terraform으로 설정 시 잘 적용되지 않는다.
실습 - SSH 키페어 등록
- terraform에서 key-pair 생성 (/root/.ssh/mykey.pem, mykey.pem.pub)
[root@terraform lab1]# ssh-keygen -q -f /root/.ssh/mykey.pem -N ""
[root@terraform lab1]# ls /root/.ssh/
known_hosts mykey.pem mykey.pem.pub- terraform에서 /etc/ssh/ssh_config에 hypervisor로 접속할 때에는 root 계정으로 mykey.pem 이용해서 접속 가능하도록 설정
[root@terraform lab1]# vi /etc/ssh/ssh_config Host hypervisor
User root
IdentityFile /root/.ssh/mykey.pem- mykey.pem.pub 파일의 내용 복사해서 hypervisor의 /root/.ssh/authorized_keys에 붙여넣기 한다.
[root@terraform lab1]# cat /root/.ssh/mykey.pem.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuWlsRPxtF+Ei0jyFWMt1D6qe5wQN6wgdFexL9POTukgh2FQbVJdPJHHIq/tiDjGsF9QOiPPaZgAamN+6tD9hQNlS5yw0l+Tv9edHareLvZfl/iB0ttMyN30/yn+5oXWHpk+OSUKa8n7Nq2HAlUlNAPzRxPcU79ThitwMkjcHW8BSemgiRmML2i2FUb8fisxnEZyV0czqLD+ZFY0LxwRH4+tK+c/B3VtDWhLqBL2gtj2GpalLzV0IfPzEo7gQaEzmqSqUc257PAvvkt7rZ1YJFUO6ZiXbi7PG+C2iGtQuRRnjjftuV+Z1i2WXBWOOOMFL25qoDmGKPF3Qoo4tWJxDeN2EiWscaJKz+GFCmpwyaqD/yiKHOTtXxhfLzzo9OPIrvfw+/LdWIMo6MW0/W/xt2F7bcEjuhDQrDRYOCAnXuRepQd7rhFQ4ONiRR2XGJGWincb5Gby0QItv/IN+wPG0X2YvB3etCCGBMd1F7hDCfmMHczo1cLQBGbobFDZsXX38= root@terraform복사하기
[root@hypervisor .ssh]# echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuWlsRPxtF+Ei0jyFWMt1D6qe5wQN6wgdFexL9POTukgh2FQbVJdPJHHIq/tiDjGsF9QOiPPaZgAamN+6tD9hQNlS5yw0l+Tv9edHareLvZfl/iB0ttMyN30/yn+5oXWHpk+OSUKa8n7Nq2HAlUlNAPzRxPcU79ThitwMkjcHW8BSemgiRmML2i2FUb8fisxnEZyV0czqLD+ZFY0LxwRH4+tK+c/B3VtDWhLqBL2gtj2GpalLzV0IfPzEo7gQaEzmqSqUc257PAvvkt7rZ1YJFUO6ZiXbi7PG+C2iGtQuRRnjjftuV+Z1i2WXBWOOOMFL25qoDmGKPF3Qoo4tWJxDeN2EiWscaJKz+GFCmpwyaqD/yiKHOTtXxhfLzzo9OPIrvfw+/LdWIMo6MW0/W/xt2F7bcEjuhDQrDRYOCAnXuRepQd7rhFQ4ONiRR2XGJGWincb5Gby0QItv/IN+wPG0X2YvB3etCCGBMd1F7hDCfmMHczo1cLQBGbobFDZsXX38= root@terraform" >> authorized_keys hypervisor의 authorized_keys에 넣기
- lab1에서 terraform apply를 시도한다. 이 경우 중간에 yes나 비밀번호 입력 없이 프로비전 되어야 한다.
[root@terraform lab1]# terraform apply -auto-approve
libvirt_volume.centos7vol: Refreshing state... [id=/var/lib/libvirt/images/centos7-1.qcow2]
libvirt_domain.centos7-1: Refreshing state... [id=ea78d9d7-c7cf-40e8-8a7e-8e547dbd14bb]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# libvirt_domain.centos7-1 will be updated in-place
~ resource "libvirt_domain" "centos7-1" {
id = "ea78d9d7-c7cf-40e8-8a7e-8e547dbd14bb"
name = "centos7-1"
# (11 unchanged attributes hidden)
~ network_interface {
~ addresses = [
+ "211.183.3.199",
]
# (3 unchanged attributes hidden)
}
# (2 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
libvirt_domain.centos7-1: Modifying... [id=ea78d9d7-c7cf-40e8-8a7e-8e547dbd14bb]
libvirt_domain.centos7-1: Modifications complete after 0s [id=ea78d9d7-c7cf-40e8-8a7e-8e547dbd14bb]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
Outputs:
ip = tolist([
"211.183.3.199",
])yes나 비밀번호를 묻지 않고 바로 프로비전 된다.
실습 - OpenStack
오픈스택은 두 가지 타임아웃에 대비해야 한다.
1. token의 유효기간: 1시간 -> keystone -> 10시간으로 늘리기
[root@localhost ~]# vi /etc/keystone/keystone.conf 
- web 접속에 대한 session timeout: 30분 -> dashboard(horizon) -> 10시간으로 늘리기
- 재부팅 이후부터는 항상 runlevel 3로 실행되도록 하기
[root@localhost ~]# systemctl set-default multi-user.target
Removed /etc/systemd/system/default.target.
Created symlink /etc/systemd/system/default.target → /usr/lib/systemd/system/multi-user.target.- 압축파일 다운로드
https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-2003.qcow2.xz- 압축 해제
[root@localhost ~]# xz -d CentOS-7-x86_64-GenericCloud-2003.qcow2.xz - 해당 이미지를 glance에 등록하기. 단, 리스트에서는 CentOS7이라는 이름으로 보여야 한다.
[root@localhost ~]# openstack image create \
> "CentOS7" \
> --file CentOS-7-x86_64-GenericCloud-2003.qcow2 \
> --disk-format qcow2 \
> --container-format bare \
> --public
+------------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| container_format | bare |
| created_at | 2022-10-24T08:46:01Z |
| disk_format | qcow2 |
| file | /v2/images/5112e14c-3355-459f-8bad-e2881dc838f5/file |
| id | 5112e14c-3355-459f-8bad-e2881dc838f5 |
| min_disk | 0 |
| min_ram | 0 |
| name | CentOS7 |
| owner | 24def67482ac43e6bd6f0891524cf7ee |
| properties | os_hidden='False', owner_specified.openstack.md5='', owner_specified.openstack.object='images/CentOS7', owner_specified.openstack.sha256='' |
| protected | False |
| schema | /v2/schemas/image |
| status | queued |
| tags | |
| updated_at | 2022-10-24T08:46:01Z |
| visibility | public |
+------------------+---------------------------------------------------------------------------------------------------------------------------------------------+- keystonerc_admin 파일을 이용하여 로그인한 뒤 openstack image list에서 직전 등록한 CentOS7을 볼 수 있어야 한다.
[root@localhost ~(keystone_admin)]# openstack image list
+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| 5112e14c-3355-459f-8bad-e2881dc838f5 | CentOS7 | active |
| 519f20f8-3da6-4fd6-bf3c-da1ceb452a26 | cirros | active |
+--------------------------------------+---------+--------+
take a look
유익한 글 고맙습니다