快速入门:使用 Terraform 创建虚拟机实例

在本快速入门中,您将学习如何使用 Terraform 创建 Compute Engine 虚拟机 (VM) 实例并连接到该虚拟机实例。

Hashicorp Terraform 是一种基础设施即代码 (IaC) 工具,可让您预配和管理云基础设施。借助适用于 Google Cloud 的 Terraform 提供程序(Google Cloud 提供程序),您可以预配和管理 Google Cloud 基础设施。

准备工作

  1. 如需使用已设置 gcloud CLI 和 Terraform 的在线终端,请激活 Cloud Shell:

    Cloud Shell 会话会在页面底部启动,并显示命令行提示符。该会话可能需要几秒钟来完成初始化。

  2. Create or select a Google Cloud project.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  3. Make sure that billing is enabled for your Google Cloud project.

  4. Enable the Compute Engine API: 

    gcloud services enable compute.googleapis.com

  5. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/compute.instanceAdmin.v1 

    gcloud projects add-iam-policy-binding PROJECT_ID --member="USER_IDENTIFIER" --role=ROLE

准备环境

  1. 克隆包含 Terraform 示例的 GitHub 代码库:

    git clone https://github.com/terraform-google-modules/terraform-docs-samples.git --single-branch

  2. 进入包含快速入门示例的目录:

    cd terraform-docs-samples/compute/quickstart/create_vm

查看 Terraform 文件

查看 main.tf 文件。此文件定义了您要创建的 Google Cloud 资源。

cat main.tf

输出类似于以下内容

resource "google_compute_instance" "default" {
  name         = "my-vm"
  machine_type = "n1-standard-1"
  zone         = "us-central1-a"

  boot_disk {
    initialize_params {
      image = "ubuntu-minimal-2210-kinetic-amd64-v20230126"
    }
  }

  network_interface {
    network = "default"
    access_config {}
  }
}

此文件描述了 google_compute_instance 资源,它是 Compute Engine 虚拟机实例的 Terraform 资源。google_compute_instance 配置为具有以下属性:

  • name 设置为 my-vm
  • machine_type 设置为 n1-standard-1
  • zone 设置为 us-central1-a
  • boot_disk 设置实例的启动磁盘。
  • network_interface 设置为使用 Google Cloud 项目中的默认网络。

创建 Compute Engine 虚拟机实例

  1. 在 Cloud Shell 中,运行以下命令以验证 Terraform 是否可用:

    terraform

    输出应类似如下所示:

    
Usage: terraform [global options] <subcommand> [args]

The available commands for execution are listed below.
The primary workflow commands are given first, followed by
less common or more advanced commands.

Main commands:
  init          Prepare your working directory for other commands
  validate      Check whether the configuration is valid
  plan          Show changes required by the current configuration
  apply         Create or update infrastructure
  destroy       Destroy previously-created infrastructure

  2. 通过运行以下命令来初始化 Terraform。此命令会准备工作区,以便 Terraform 应用您的配置。

    terraform init

    输出应类似如下所示:

    
Initializing the backend...

Initializing provider plugins...
- Finding latest version of hashicorp/google...
- Installing hashicorp/google v5.35.0...
- Installed hashicorp/google v5.35.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

  3. 通过运行以下命令来验证 Terraform 配置。此命令会执行以下操作:

    • 验证 main.tf 的语法是否正确。
    • 显示将要创建的资源的预览。
    terraform plan

    输出应类似如下所示:

    Plan: 1 to add, 0 to change, 0 to destroy.

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

  4. 应用配置以预配 main.tf 文件中所述的资源:

    terraform apply

    出现提示时,输入 yes

    Terraform 会调用 Google Cloud API 来创建 main.tf 文件中定义的虚拟机实例。

    输出应类似如下所示:

    Apply complete! Resources: 1 added, 0 changed, 0 destroyed

连接到虚拟机实例

通过运行以下命令连接到您刚刚创建的虚拟机实例:

gcloud compute ssh --zone=us-central1-a my-vm

清理

为避免因本页面中使用的资源导致您的 Google Cloud 账号产生费用,请删除包含这些资源的 Google Cloud 项目。

在 Cloud Shell 中,运行以下命令以删除 Terraform 资源:

terraform destroy

出现提示时,输入 yes

输出应类似如下所示:

Destroy complete! Resources: 1 destroyed.

后续步骤