本指南将在Ubuntu 20.04 | 18.04和CentOS 7上安装Terraform。Terraform是一种基础结构即代码工具，可让我们轻松地以版本化方式管理云资源。我们可以使用Terraform构建，更改和版本化部署在流行服务提供商上的基础结构。此工具不是不可知论的，它支持自定义内部解决方案。

借助Terraform，我们可以使用简单的声明式编程语言来管理云计算，网络，负载平衡器，DNS等。请参阅Terraform Provider的完整列表。可以将复杂的变更集应用于基础架构，而无需进行过多的人工干预

在Ubuntu 20.04 | 18.04/CentOS 7上安装Terraform

Terraform在Github上作为tar包分发。在下载以下内容之前，请先查看Terraform版本页面上的最新版本。

在撰写本文时，最新版本是v0.12.26. 如下下载：

确保已安装wget和unzip：

--- Ubuntu --
sudo apt-get install wget unzip

--- CentOS --
sudo yum install wget unzip

然后下载terraform存档。

TER_VER=`curl -s https://api.github.com/repos/hashicorp/terraform/releases/latest | grep tag_name | cut -d: -f2 | tr -d \"\,\v | awk '{=};1'`
wget https://releases.hashicorp.com/terraform/${TER_VER}/terraform_${TER_VER}_linux_amd64.zip

下载后，解压缩存档：

$unzip terraform_${VER}_linux_amd64.zip
Archive:  terraform_0.12.26_linux_amd64.zip
  inflating: terraform

这将在工作目录中创建aterraform二进制文件。将该文件移到目录"/usr/local/bin"。

sudo mv terraform /usr/local/bin/

这将使所有用户帐户均可使用该工具。

$which terraform
/usr/local/bin/terraform

确认安装的版本

$terraform -v
Terraform v0.12.26

验证该工具是否有效：

$terraform
Usage: terraform [-version] [-help] <command> [args]

The available commands for execution are listed below.
The most common, useful commands are shown first, followed by
less common or more advanced commands. If you're just getting
started with Terraform, stick with the common commands. For the
other commands, please read the help and docs before usage.

Common commands:
    apply              Builds or changes infrastructure
    console            Interactive console for Terraform interpolations
    destroy            Destroy Terraform-managed infrastructure
    env                Workspace management
    fmt                Rewrites config files to canonical format
    get                Download and install modules for the configuration
    graph              Create a visual graph of Terraform resources
    import             Import existing infrastructure into Terraform
    init               Initialize a Terraform working directory
    output             Read an output from a state file
    plan               Generate and show an execution plan
    providers          Prints a tree of the providers used in the configuration
    push               Upload this Terraform module to Atlas to run
    refresh            Update local state file against real resources
    show               Inspect Terraform state or plan
    taint              Manually mark a resource for recreation
    untaint            Manually unmark a resource as tainted
    validate           Validates the Terraform files
    version            Prints the Terraform version
    workspace          Workspace management

All other commands:
    debug              Debug output management (experimental)
    force-unlock       Manually unlock the terraform state
    state              Advanced state management

使用Terraform管理基础架构

现在已经安装了terraform，让我们创建一个测试项目。

$mkdir projects
$cd projects

创建Terraform主配置文件。

touch main.tf

我正在与AWS Provider进行测试，但我们可以将其他Provider用于项目。我的terraform配置提供程序部分如下。

$vim main.tf

# Provider
 provider "aws" {
   access_key = ""
   secret_key = ""
   region = "us-west-1"
 }

将AWS Access Key和Secret Key分别粘贴到access_key和secret_key部分中。我们还可以使用AWS CLI工具配置AWS访问凭证。

完成后，运行Terraform init初始化Terraform工作目录。

$terraform init
 Initializing provider plugins…
 Checking for available provider plugins
 Downloading plugin for provider "aws" (2.1.0)… 
 The following providers do not have any version constraints in configuration,
 so the latest version was installed.
 To prevent automatic upgrades to new major versions that Jan contain breaking
 changes, it is recommended to add version = "…" constraints to the
 corresponding provider blocks in configuration, with the constraint strings
 suggested below.
 provider.aws: version = "~> 2.1" 
 Terraform has been successfully initialized!
 You Jan now begin working with Terraform. Try running "terraform plan" to see
 any changes that are required for your infrastructure. All Terraform commands
 should now work.
 If you ever set or change modules or backend configuration for Terraform,
 rerun this command to reinitialize your working directory. If you forget, other
 commands will detect it and remind you to do so if necessary.

Terraform将自动将提供程序配置文件下载到.terraform目录。

现在让我们添加资源部分，通过编辑main.tf文件来创建AWS VPC和子网资源。

# Provider
 provider "aws" {
   access_key = ""
   secret_key = ""
   region = ""
 }

# Retrieve the AZ where we want to create network resources
data "aws_availability_zones" "available" {}

# VPC Resource
resource "aws_vpc" "main" {
  cidr_block = "10.11.0.0/16"
  enable_dns_support = true
  enable_dns_hostnames = true
  tags {
    Name = "Test-VPC"
  }
  tags {
    Environment = "Test"
  }
}

# AWS subnet resource
resource "aws_subnet" "test" {
 vpc_id = "${aws_vpc.main.id}"
 cidr_block = "10.11.1.0/24"
 availability_zone = "${data.aws_availability_zones.available.names[0]}"
 map_public_ip_on_launch = "false"
 tags {
   Name = "Test_subnet1"
 }
}

添加资源定义和设置AWS变量后，保存文件，然后生成并显示执行计划。

$terraform plan

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.aws_availability_zones.available: Refreshing state...

-----------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + aws_subnet.test
      id:                               <computed>
      arn:                              <computed>
      assign_ipv6_address_on_creation:  "false"
      availability_zone:                "us-east-1a"
      availability_zone_id:             <computed>
      cidr_block:                       "10.11.1.0/24"
      ipv6_cidr_block:                  <computed>
      ipv6_cidr_block_association_id:   <computed>
      map_public_ip_on_launch:          "false"
      owner_id:                         <computed>
      tags.%:                           "1"
      tags.Name:                        "Test_subnet1"
      vpc_id:                           "${aws_vpc.main.id}"

  + aws_vpc.main
      id:                               <computed>
      arn:                              <computed>
      assign_generated_ipv6_cidr_block: "false"
      cidr_block:                       "10.11.0.0/16"
      default_network_acl_id:           <computed>
      default_route_table_id:           <computed>
      default_security_group_id:        <computed>
      dhcp_options_id:                  <computed>
      enable_classiclink:               <computed>
      enable_classiclink_dns_support:   <computed>
      enable_dns_hostnames:             "true"
      enable_dns_support:               "true"
      instance_tenancy:                 "default"
      ipv6_association_id:              <computed>
      ipv6_cidr_block:                  <computed>
      main_route_table_id:              <computed>
      owner_id:                         <computed>
      tags.%:                           "2"
      tags.Environment:                 "Test"
      tags.Name:                        "Test-VPC"

Plan: 2 to add, 0 to change, 0 to destroy.

-----------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

最后，使用Terraform apply构建带有Terraform的基础架构。

$terraform apply

data.aws_availability_zones.available: Refreshing state...

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + aws_subnet.test
      id:                               <computed>
      arn:                              <computed>
      assign_ipv6_address_on_creation:  "false"
      availability_zone:                "us-east-1a"
      availability_zone_id:             <computed>
      cidr_block:                       "10.11.1.0/24"
      ipv6_cidr_block:                  <computed>
      ipv6_cidr_block_association_id:   <computed>
      map_public_ip_on_launch:          "false"
      owner_id:                         <computed>
      tags.%:                           "1"
      tags.Name:                        "Test_subnet1"
      vpc_id:                           "${aws_vpc.main.id}"
...........................

确认要进行的更改，然后执行"是"以启动修改。

Plan: 2 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.
Enter a value: yes

成功的地形运行应在最后打印成功消息。

Terraform状态保存到。/terraform.tfstate，但是可以更改后端。我们可以从AWS控制台确认基础架构更改。

破坏Terraform基础设施

我们已经确认我们在CentOS 7/Ubuntu 20.04/18.04上的Terraform安装能够按预期进行。通过运行" terraform destroy"命令来销毁Terraform管理的基础架构。

$terraform destroy

aws_vpc.main: Refreshing state... (ID: vpc-0e94a7d72c02dab2b)
data.aws_availability_zones.available: Refreshing state...
aws_subnet.test: Refreshing state... (ID: subnet-0ad06c2e86542ddc1)

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  - aws_subnet.test

  - aws_vpc.main

Plan: 0 to add, 0 to change, 2 to destroy.

Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes

如果我们不希望确认提示，请使用：

terraform destroy -auto-approve