さあ!!
というわけでDigitalOceanでのTerraformを初経験したので、機能などを紹介していきましょう!今回はAWSのEC2にEIP付けて、セキュリティグループ開けて、DNS紐付けたイメージとなります。LBはプラス$10もかかるので簡単なVPS構成となっています。
■やること
- Droplet (AWSでいうEC2)
- OS ubuntu 18.04
- region Singapore
- 2core 2GB
- floating ip (AWSでいうEIP)
- Firewall(22,80,443) (AWSでいうセキュリティーグループ)
- DNS
■準備
- make API
- add ssh-key
- ssh-keyのIDを確認
|
1 2 |
$ ssh-keygen -lf ~/.ssh/id_rsa.pub | awk '{print $2}' 1a:7c:d5:6c:bf:d6:cf:xxxxxxxxxxxxxxxxxx |
・DigitalOcean側のssh-key IDを確認
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
$ curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <API>" "https://api.digitalocean.com/v2/account/keys" | jq . { "ssh_keys": [ { "id": 123456, # メモ "fingerprint": "1a:7c:d5:6c:bf:d6:cf:93:49:39:66:cc:dc:ed:c5:04", "public_key": "...", "name": "mojamoja" }, ... ] } |
- Terraform Cloudの設定
- 構成
|
1 2 3 4 5 6 7 |
$ tree terraform/env/prd terraform/env/prd ├── do_backend.tf ├── do_dns.tf ├── do_droplets.tf ├── do_firewall.tf └── variables.tf |
■Terraform files
- do_backend.tf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
provider "digitalocean" { token = var.token spaces_access_id = var.access_id spaces_secret_key = var.secret_key } terraform { backend "remote" { hostname = "app.terraform.io" organization = "adachin-server" workspaces { name = "adachin-server01-prd" } } required_version = ">= 1.0.5" required_providers { digitalocean = { source = "digitalocean/digitalocean" version = "2.11.1" } } } |
- do_droplets.tf
https://www.terraform.io/docs/providers/do/r/droplet.html
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
provider "digitalocean" { } resource "digitalocean_droplet" "adachin_server01" { ssh_keys = [123456] # DigitalOcean側のssh-key IDを指定 image = "${var.image}" region = "${var.region}" size = "${var.size}" private_networking = true name = "adachin-server01" } resource "digitalocean_floating_ip" "adachin_server01" { droplet_id = "${digitalocean_droplet.adachin_server01.id}" region = "${digitalocean_droplet.adachin_server01.region}" } |
- do_firewall.tf
https://www.terraform.io/docs/providers/do/r/firewall.html
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
resource "digitalocean_firewall" "web" { name = "only-ssh-https" droplet_ids = ["${digitalocean_droplet.adachin_server01.id}"] inbound_rule { protocol = "tcp" port_range = "22" source_addresses = ["0.0.0.0/0"] } inbound_rule { protocol = "tcp" port_range = "80" source_addresses = ["0.0.0.0/0"] } inbound_rule { protocol = "tcp" port_range = "443" source_addresses = ["0.0.0.0/0"] } outbound_rule { protocol = "tcp" port_range = "all" destination_addresses = ["0.0.0.0/0"] } outbound_rule { protocol = "udp" port_range = "all" destination_addresses = ["0.0.0.0/0"] } outbound_rule { protocol = "icmp" destination_addresses = ["0.0.0.0/0"] } } |
- do_dns.tf
https://www.terraform.io/docs/providers/do/r/domain.html
https://www.terraform.io/docs/providers/do/r/record.html
|
1 2 3 4 5 6 7 8 9 10 11 12 |
resource "digitalocean_domain" "adachin_me" { name = "adachin.me" ip_address = "${digitalocean_floating_ip.adachin_server01.ip_address}" } resource "digitalocean_record" "blog_adachin_me" { domain = "${digitalocean_domain.adachin_me.name}" type = "A" name = "blog" value = "${digitalocean_floating_ip.adachin_server01.ip_address}" ttl = "60" } |
- variables.tf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
variable "token" { default = "xxxxxxxxxxxxxxxxxxxx" } variable "access_id" { default = "xxxxxxxxxxxxxx" } variable "secret_key" { default = "xxxxxxxxxxxxxxxxx" } variable "image" { default = "ubuntu-18-04-x64" } variable "region" { default = "sgp1" } variable "size" { default = "s-2vcpu-2gb" } |
■まとめ
特にハマることなく秒で作れたので参考にしてみてください!
0件のコメント