一、什么是terraform
Terraform是一个IT基础架构自动化编排工具,可以用代码来管理维护IT资源。它编写了描述云资源拓扑的配置文件中的基础结构,例如虚拟机、存储账户和网络接口。Terraform的命令行接口(Command Line Interface,CLI)提供一种简单机制,用于将配置文件部署到腾讯云或其他任意支持的云上,并对其进行版本控制。
同时,Terraform是一个高度可扩展的工具,通过Provider来支持新的基础架构。用户可以使用Terraform来创建、修改、删除CVM、VPC、CDB、CLB等多种资源。
二、TIC产品简介
腾讯云TIC全称是Tencent Infrastructure as Code,通过与业界领先的开源技术集成,并支持HCL(Terraform)、JSON和YAML语法,来更好的进行云上资源编排、配置管理和符合性检查,另外为了简化用户使用,它还提供了许多遵循腾讯云最佳实践创建的terraform公共模板。
三、功能优势
1、将基础结构部署到多个云
Terraform适用于多云方案,将相类似的基础结构部署到腾讯云、其他云提供商或者本地数据中心。开发人员能够使用相同的工具和相似的配置文件同时管理不同云提供商的资源。
2、自动化管理基础结构
Terraform能够创建配置文件的模板,以可重复、可预测的方式定义和预配CVM资源,减少人为因素导致的部署和管理错误。能够多次部署同一模板,创建相同的开发、测试和生产环境。
3、基础架构即代码(Infrastructure as Code)
可以用代码来管理维护资源。允许保存基础设施状态,从而使用户能够跟踪对系统(基础设施即代码)中不同组件所做的更改,并与其他人共享这些配置。
4、降低开发成本
用户通过按需创建开发和部署环境来降低成本。并且,可以在系统更改之前进行评估。
四、需求和目标
基于一般用户在云上的部署规划需求,下面介绍如何通过TIC来快速创建腾讯云基础资源,并提供terraform代码模板示例。
五、场景说明
绝大部分用户在云上的网络规划,业务划分都基本一致,本文提供的terraform代码模板能够实现的场景如下:</br>
1、在同一个地域创建2个VPC,一个生产环境,一个QA环境,相互隔离</br>
2、生产环境VPC划分3个子网,分别是线上APP环境,数据库及中间件,大数据,QA环境VPC划分1个子网,为QA测试环境</br>
3、线上APP环境,数据库环境,大数据环境,QA测试环境,CLB分别设置相应的安全组策略</br>
4、线上环境创建2台CVM 1台mysql 1台redis 1个EIP 1个CLB实例,QA环境创建2台CVM 1台mysql 1台redis,实例命名以name 序号递增</br>
5、将公网CLB绑定应用环境其中一台CVM上,端口80</br>
6、将EIP绑定到其中一台CVM上,用于跳板机</br>
六、基于腾讯云TIC系统创建云上资源步骤
1、配置API KEY以授权TIC
Settings – API Credentials – New,新建一个授权,填写即将要购买资源的云账号对应的Secret ID与Secret Key
2、编写terraform代码
(1)选择“Templates”,并新建template
(2)根据需求编写terraform代码(在以下第四章节也会提供terraform代码模板)
3、执行terraform代码
(1)新建一个资源栈,选择目 标“Region”(注意region需要跟以下tf文件中availability_zone在同一个地域,比如region选shanghai,availability_zone配置为ap-shanghai-4),点选“Private templates”选择已经编写好的terraform代码
(2)确认代码后,点击Next 进入下一个步骤
(3)执行Plan
(4)执行apply
七、terraform代码模板说明
1、模板中tf文件说明
推荐按照不同的resource来划分单独的tf文件,这样便于阅读、以及后续修改
代码语言:txt复制global_variables.tf #全局变量,定义可用区、所属项目等
variables.tf #变量,定义所用到的变量
vpc.tf #定义vpc相关配置
subnet.tf #定义subnet相关配置
APP_cvm_security_group.tf #定义生产环境cvm安全组策略
cvm_instance.tf #定义cvm相关配置
eip.tf #定义eip相关配置
eip_association.tf #定义eip绑定到cvm相关配置
mysql_instance.tf #定义mysql相关配置
clb_instance.tf #定义clb相关配置
clb_listener.tf #定义clb监听器相关配置
clb_attachment.tf #定义clb绑定到cvm相关配置
redis_instance.tf #定义redis相关配置
BIGDATA_cvm_security_group.tf #定义大数据环境cvm安全组策略
QA_cvm_security_group.tf #定义QA环境cvm安全组策略
APP_DB_security_group.tf #定义生产环境DB安全组策略
QA_DB_security_group.tf #定义QA环境DB安全组策略
clb_security_group.tf #定义clb安全组策略2、具体的terraform代码模板
global_variables.tf代码如下:
代码语言:txt复制# 这里指定可用区为上海4区,用户可以根据需求修改
variable "availability_zone" {
default = "ap-shanghai-4"
}
variable "project_id" {
default = 0
}variables.tf代码如下:
代码语言:txt复制/*APP VPC variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "vpc_name" { default = "shanghai_vpc_APP" }
variable "vpc_cidr" { default = "10.178.0.0/16" }
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "vpc_dns_servers" { default = ["119.29.29.29", "8.8.8.8"] }
variable "vpc_is_multicast" { default = false }
/*QA VPC variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "QA_vpc_name" { default = "shanghai_vpc_QA" }
variable "QA_vpc_cidr" { default = "10.179.0.0/16" }
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "QA_vpc_dns_servers" { default = ["119.29.29.29", "8.8.8.8"] }
variable "QA_vpc_is_multicast" { default = false }
/* subnet variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "subnet_cidr_1" {
default = "10.178.10.0/24"
}
variable "subnet_name_1" { default = "APP_subnet"}
variable "subnet_cidr_2" {
default = "10.178.40.0/24"
}
variable "subnet_name_2" { default = "DB_subnet"}
variable "subnet_cidr_3" {
default = "10.178.100.0/24"
}
variable "subnet_name_3" { default = "BIGDATA_subnet"}
variable "subnet_cidr_4" {
default = "10.179.10.0/24"
}
variable "subnet_name_4" { default = "QA_subnet"}
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "subnet_is_multicast" { default = true }
/* APP cvm instance variables*/
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "APP_cvm_instance_name" {
default = "myapp"
}
variable "APP_cvm_instance_type" {
default = "S5.SMALL2"
}
variable "APP_cvm_system_disk_type" {
default = "CLOUD_PREMIUM"
}
variable "APP_cvm_system_disk_size" {
default = 50
}
variable "APP_cvm_hostname" {
default = "myapp"
}
variable "APP_cvm_data_disk_type" {
default = "CLOUD_PREMIUM"
}
variable "APP_cvm_data_disk_size" {
default = 50
}
variable "APP_cvm_password" {
default = "password"
}
variable "APP_cvm_count" {
default = 2
}
variable "APP_cvm_instance_charge_type" {
default = "POSTPAID_BY_HOUR"
}
/* BIGDATA cvm instance variables*/
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "BIGDATA_cvm_instance_name" {
default = "hadoop"
}
variable "BIGDATA_cvm_instance_type" {
default = "D2.2XLARGE32"
}
variable "BIGDATA_cvm_system_disk_type" {
default = "CLOUD_PREMIUM"
}
variable "BIGDATA_cvm_system_disk_size" {
default = 50
}
variable "BIGDATA_cvm_hostname" {
default = "hadoop"
}
# variable "BIGDATA_cvm_data_disk_type" {
# default = "LOCAL_BASIC"
#}
# variable "BIGDATA_cvm_data_disk_size" {
# default = 1176
#}
variable "BIGDATA_cvm_password" {
default = "password"
}
variable "BIGDATA_cvm_count" {
default = 2
}
variable "BIGDATA_cvm_instance_charge_type" {
default = "POSTPAID_BY_HOUR"
}
/* QA cvm instance variables*/
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "QA_cvm_instance_name" {
default = "QA"
}
variable "QA_cvm_instance_type" {
default = "S5.SMALL2"
}
variable "QA_cvm_system_disk_type" {
default = "CLOUD_PREMIUM"
}
variable "QA_cvm_system_disk_size" {
default = 50
}
variable "QA_cvm_hostname" {
default = "QA"
}
variable "QA_cvm_data_disk_type" {
default = "CLOUD_PREMIUM"
}
variable "QA_cvm_data_disk_size" {
default = 50
}
variable "QA_cvm_password" {
default = "password"
}
variable "QA_cvm_count" {
default = 2
}
variable "QA_cvm_instance_charge_type" {
default = "POSTPAID_BY_HOUR"
}
/* eip variables*/
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "eip_name" {
default = "eip_1"
}
variable "eip_internet_max_bandwidth_out" {
default = 5
}
variable "eip_internet_service_provider" {
default = "BGP"
}
variable "eip_type" {
default = "EIP"
}
variable "eip_internet_charge_type" {
default = "TRAFFIC_POSTPAID_BY_HOUR"
}
/* APP mysql variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "APP_mysql_instance_name" {
default = "APP_mysql_1"
}
variable "APP_mysql_mem_size" {
default = "2000"
}
variable "APP_mysql_root_password" {
default = "password"
}
variable "APP_mysql_volume_size" {
default = "25"
}
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "APP_mysql_engine_version" {
default = "5.7"
}
variable "APP_mysql_intranet_port" {
default = 3306
}
/* QA mysql variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "QA_mysql_instance_name" {
default = "QA_mysql_1"
}
variable "QA_mysql_mem_size" {
default = "2000"
}
variable "QA_mysql_root_password" {
default = "password"
}
variable "QA_mysql_volume_size" {
default = "25"
}
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "QA_mysql_engine_version" {
default = "5.7"
}
variable "QA_mysql_intranet_port" {
default = 3306
}
/* clb variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "clb_name" {
default = "myclb"
}
variable "clb_network_type" {
default = "OPEN"
}
/* APP Redis variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "APP_redis_mem_size" {
default = 8192
}
variable "APP_redis_password" {
default = "password"
}
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "APP_redis_name" {
default = "APP_redis_1"
}
variable "APP_redis_type" {
default = "master_slave_redis"
}
variable "APP_redis_port" {
default = 6379
}
/* QA Redis variables*/
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "QA_redis_mem_size" {
default = 8192
}
variable "QA_redis_password" {
default = "password"
}
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# ---------------------------------------------------------------------------------------------------------------------
variable "QA_redis_name" {
default = "QA_redis_1"
}
variable "QA_redis_type" {
default = "master_slave_redis"
}
variable "QA_redis_port" {
default = 6379
}vpc.tf代码如下:
代码语言:txt复制# Create a VPC resource for app
resource "tencentcloud_vpc" "my_vpc" {
name = var.vpc_name
cidr_block = var.vpc_cidr
dns_servers = var.vpc_dns_servers
is_multicast = var.vpc_is_multicast
}
# Create a VPC resource for QA
resource "tencentcloud_vpc" "QA_vpc" {
name = var.QA_vpc_name
cidr_block = var.QA_vpc_cidr
dns_servers = var.QA_vpc_dns_servers
is_multicast = var.QA_vpc_is_multicast
}subnet.tf代码如下:
代码语言:txt复制# Create 4 subnet resource for live app,DB,BIGDATA,and QA environment
resource "tencentcloud_subnet" "APP_subnet" {
availability_zone = var.availability_zone
cidr_block = var.subnet_cidr_1
name = var.subnet_name_1
vpc_id = tencentcloud_vpc.my_vpc.id
}
resource "tencentcloud_subnet" "DB_subnet" {
availability_zone = var.availability_zone
cidr_block = var.subnet_cidr_2
name = var.subnet_name_2
vpc_id = tencentcloud_vpc.my_vpc.id
}
resource "tencentcloud_subnet" "BIGDATA_subnet" {
availability_zone = var.availability_zone
cidr_block = var.subnet_cidr_3
name = var.subnet_name_3
vpc_id = tencentcloud_vpc.my_vpc.id
}
resource "tencentcloud_subnet" "QA_subnet" {
availability_zone = var.availability_zone
cidr_block = var.subnet_cidr_4
name = var.subnet_name_4
vpc_id = tencentcloud_vpc.QA_vpc.id
}APP_cvm_security_group.tf代码如下:
代码语言:txt复制# Create security group with 3 rules for APP cvm instance
resource "tencentcloud_security_group" "APP_cvm_rules" {
name = "web accessibility"
description = "make it accessible"
}
resource "tencentcloud_security_group_rule" "APP_web" {
security_group_id = tencentcloud_security_group.APP_cvm_rules.id
type = "ingress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "tcp"
port_range = "80,8080"
policy = "accept"
}
resource "tencentcloud_security_group_rule" "APP_ssh" {
security_group_id = tencentcloud_security_group.APP_cvm_rules.id
type = "ingress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "tcp"
port_range = "22"
policy = "accept"
}
resource "tencentcloud_security_group_rule" "APP_icmp" {
security_group_id = tencentcloud_security_group.APP_cvm_rules.id
type = "ingress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "icmp"
policy = "accept"
}cvm_instance.tf代码如下:
代码语言:txt复制# Use this data source to query images
data "tencentcloud_images" "my_favorite_image" {
image_type = ["PUBLIC_IMAGE"]
os_name = "centos 7.5"
}
# Create APP CVMs instance
resource "tencentcloud_instance" "APP_cvm_instance" {
instance_name = join("-", [var.APP_cvm_instance_name, count.index])
availability_zone = var.availability_zone
image_id = data.tencentcloud_images.my_favorite_image.images.0.image_id
instance_type = var.APP_cvm_instance_type
system_disk_type = var.APP_cvm_system_disk_type
system_disk_size = var.APP_cvm_system_disk_size
hostname = join("-", [var.APP_cvm_hostname, count.index])
project_id = var.project_id
vpc_id = tencentcloud_vpc.my_vpc.id
subnet_id = tencentcloud_subnet.APP_subnet.id
security_groups = [tencentcloud_security_group.APP_cvm_rules.id]
password = var.APP_cvm_password
count = var.APP_cvm_count
instance_charge_type = var.APP_cvm_instance_charge_type
data_disks {
data_disk_type = var.APP_cvm_data_disk_type
data_disk_size = var.APP_cvm_data_disk_size
}
}
# Create BIGDATA CVMs instance
resource "tencentcloud_instance" "BIGDATA_cvm_instance" {
instance_name = join("-", [var.BIGDATA_cvm_instance_name, count.index])
availability_zone = var.availability_zone
image_id = data.tencentcloud_images.my_favorite_image.images.0.image_id
instance_type = var.BIGDATA_cvm_instance_type
system_disk_type = var.BIGDATA_cvm_system_disk_type
system_disk_size = var.BIGDATA_cvm_system_disk_size
hostname = join("-", [var.BIGDATA_cvm_hostname, count.index])
project_id = var.project_id
vpc_id = tencentcloud_vpc.my_vpc.id
subnet_id = tencentcloud_subnet.BIGDATA_subnet.id
security_groups = [tencentcloud_security_group.BIGDATA_cvm_rules.id]
password = var.BIGDATA_cvm_password
count = var.BIGDATA_cvm_count
instance_charge_type = var.BIGDATA_cvm_instance_charge_type
# data_disks {
# data_disk_type = var.BIGDATA_cvm_data_disk_type
# data_disk_size = var.BIGDATA_cvm_data_disk_size
# }
}
# Create QA CVMs instance
resource "tencentcloud_instance" "QA_cvm_instance" {
instance_name = join("-", [var.QA_cvm_instance_name, count.index])
availability_zone = var.availability_zone
image_id = data.tencentcloud_images.my_favorite_image.images.0.image_id
instance_type = var.QA_cvm_instance_type
system_disk_type = var.QA_cvm_system_disk_type
system_disk_size = var.QA_cvm_system_disk_size
hostname = join("-", [var.QA_cvm_hostname, count.index])
project_id = var.project_id
vpc_id = tencentcloud_vpc.QA_vpc.id
subnet_id = tencentcloud_subnet.QA_subnet.id
security_groups = [tencentcloud_security_group.QA_cvm_rules.id]
password = var.QA_cvm_password
count = var.QA_cvm_count
instance_charge_type = var.QA_cvm_instance_charge_type
data_disks {
data_disk_type = var.QA_cvm_data_disk_type
data_disk_size = var.QA_cvm_data_disk_size
}
}eip.tf代码如下:
代码语言:txt复制# Create an EIP resource
resource "tencentcloud_eip" "my_eip" {
name = var.eip_name
internet_max_bandwidth_out = var.eip_internet_max_bandwidth_out
internet_service_provider = var.eip_internet_service_provider
type = var.eip_type
internet_charge_type = var.eip_internet_charge_type
}eip_association.tf代码如下:
代码语言:txt复制# Provides an eip resource associated with CVM
resource "tencentcloud_eip_association" "my_eip_association" {
eip_id = tencentcloud_eip.my_eip.id
instance_id = tencentcloud_instance.APP_cvm_instance.0.id
}mysql_instance.tf代码如下:
代码语言:txt复制# Create mysql_instance resource for APP
resource tencentcloud_mysql_instance "APP_mysql_instance" {
engine_version = var.APP_mysql_engine_version
availability_zone = var.availability_zone
instance_name = var.APP_mysql_instance_name
mem_size = var.APP_mysql_mem_size
root_password = var.APP_mysql_root_password
subnet_id = tencentcloud_subnet.DB_subnet.id
volume_size = var.APP_mysql_volume_size
vpc_id = tencentcloud_vpc.my_vpc.id
intranet_port = var.APP_mysql_intranet_port
project_id = var.project_id
security_groups = [tencentcloud_security_group.APP_DB_rules.id]
}
# Create mysql_instance resource for QA
resource tencentcloud_mysql_instance "QA_mysql_instance" {
engine_version = var.QA_mysql_engine_version
availability_zone = var.availability_zone
instance_name = var.QA_mysql_instance_name
mem_size = var.QA_mysql_mem_size
root_password = var.QA_mysql_root_password
subnet_id = tencentcloud_subnet.QA_subnet.id
volume_size = var.QA_mysql_volume_size
vpc_id = tencentcloud_vpc.QA_vpc.id
intranet_port = var.QA_mysql_intranet_port
project_id = var.project_id
security_groups = [tencentcloud_security_group.QA_DB_rules.id]
}clb_instance.tf代码如下:
代码语言:txt复制# create an OPEN CLB resource
resource tencentcloud_clb_instance "open_clb_instance" {
clb_name = var.clb_name
network_type = var.clb_network_type
vpc_id = tencentcloud_vpc.my_vpc.id
project_id = var.project_id
security_groups = [tencentcloud_security_group.CLB_rules.id]
}clb_listener.tf代码如下:
代码语言:txt复制# create a TCP Listener
resource "tencentcloud_clb_listener" "TCP_listener" {
clb_id = tencentcloud_clb_instance.open_clb_instance.id
listener_name = "appweb_listener"
port = 80
protocol = "TCP"
health_check_switch = true
health_check_time_out = 2
health_check_interval_time = 5
health_check_health_num = 3
health_check_unhealth_num = 3
session_expire_time = 30
scheduler = "WRR"
}clb_attachment.tf代码如下:
代码语言:txt复制# Provides a resource to a CLB attachment
resource "tencentcloud_clb_attachment" "foo" {
clb_id = tencentcloud_clb_instance.open_clb_instance.id
listener_id = tencentcloud_clb_listener.TCP_listener.id
targets {
instance_id = tencentcloud_instance.APP_cvm_instance.1.id
port = 80
weight = 10
}
}redis_instance.tf代码如下:
代码语言:txt复制# Create Redis instance for APP
resource "tencentcloud_redis_instance" "APP_redis_instance" {
availability_zone = var.availability_zone
type = var.APP_redis_type
password = var.APP_redis_password
mem_size = var.APP_redis_mem_size
name = var.APP_redis_name
port = var.APP_redis_port
subnet_id = tencentcloud_subnet.DB_subnet.id
vpc_id = tencentcloud_vpc.my_vpc.id
project_id = var.project_id
security_groups = [tencentcloud_security_group.APP_DB_rules.id]
}
# Create Redis instance for QA
resource "tencentcloud_redis_instance" "QA_redis_instance" {
availability_zone = var.availability_zone
type = var.QA_redis_type
password = var.QA_redis_password
mem_size = var.QA_redis_mem_size
name = var.QA_redis_name
port = var.QA_redis_port
subnet_id = tencentcloud_subnet.QA_subnet.id
vpc_id = tencentcloud_vpc.QA_vpc.id
project_id = var.project_id
security_groups = [tencentcloud_security_group.QA_DB_rules.id]
}BIGDATA_cvm_security_group.tf代码如下:
代码语言:txt复制# Create security group with 2 rules for BIGDATA cvm instance
resource "tencentcloud_security_group" "BIGDATA_cvm_rules" {
name = "BIGDATA accessibility"
description = "make it accessible"
}
resource "tencentcloud_security_group_rule" "BIGDATA_ssh" {
security_group_id = tencentcloud_security_group.BIGDATA_cvm_rules.id
type = "ingress"
cidr_ip = "10.178.0.0/16"
ip_protocol = "tcp"
port_range = "22"
policy = "accept"
}
resource "tencentcloud_security_group_rule" "BIGDATA_icmp" {
security_group_id = tencentcloud_security_group.BIGDATA_cvm_rules.id
type = "ingress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "icmp"
policy = "accept"
}QA_cvm_security_group.tf代码如下:
代码语言:txt复制# Create security group with 2 rules for QA cvm instance
resource "tencentcloud_security_group" "QA_cvm_rules" {
name = "QA accessibility"
description = "make it accessible"
}
resource "tencentcloud_security_group_rule" "QA_ssh" {
security_group_id = tencentcloud_security_group.QA_cvm_rules.id
type = "ingress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "tcp"
port_range = "22"
policy = "accept"
}
resource "tencentcloud_security_group_rule" "QA_icmp" {
security_group_id = tencentcloud_security_group.QA_cvm_rules.id
type = "ingress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "icmp"
policy = "accept"
}APP_DB_security_group.tf代码如下:
代码语言:txt复制# Create security group with 2 rules for APP DB
resource "tencentcloud_security_group" "APP_DB_rules" {
name = "APP DB accessibility"
description = "make it accessible"
}
resource "tencentcloud_security_group_rule" "APP_mysql" {
security_group_id = tencentcloud_security_group.APP_DB_rules.id
type = "ingress"
cidr_ip = "10.178.0.0/16"
ip_protocol = "tcp"
port_range = "3306"
policy = "accept"
}
resource "tencentcloud_security_group_rule" "APP_redis" {
security_group_id = tencentcloud_security_group.APP_DB_rules.id
type = "ingress"
cidr_ip = "10.178.0.0/16"
ip_protocol = "tcp"
port_range = "6379"
policy = "accept"
}QA_DB_security_group.tf代码如下:
代码语言:txt复制# Create security group with 2 rules for QA DB
resource "tencentcloud_security_group" "QA_DB_rules" {
name = "QA DB accessibility"
description = "make it accessible"
}
resource "tencentcloud_security_group_rule" "QA_mysql" {
security_group_id = tencentcloud_security_group.QA_DB_rules.id
type = "ingress"
cidr_ip = "10.179.0.0/16"
ip_protocol = "tcp"
port_range = "3306"
policy = "accept"
}
resource "tencentcloud_security_group_rule" "QA_redis" {
security_group_id = tencentcloud_security_group.QA_DB_rules.id
type = "ingress"
cidr_ip = "10.179.0.0/16"
ip_protocol = "tcp"
port_range = "6379"
policy = "accept"
}clb_security_group.tf代码如下:
代码语言:txt复制# Create security group for CLB
resource "tencentcloud_security_group" "CLB_rules" {
name = "CLB accessibility"
description = "make it accessible"
}
resource "tencentcloud_security_group_rule" "CLB_web" {
security_group_id = tencentcloud_security_group.CLB_rules.id
type = "ingress"
cidr_ip = "0.0.0.0/0"
ip_protocol = "tcp"
port_range = "80,8080"
policy = "accept"
}
