Cloud Virtual Machine Provisioning

    如果您手头没有 架构的PC、笔记本、Mac,使用即用即毁的云虚拟机可能是另一个不错的选择。

    是开源免费的 基础设施即代码 工具。您只需要声明好所需的云虚拟机、网络与安全组配置等,一键即可拉起对应的资源。

    在MacOS下安装Terraform,只需要执行brew install terraform即可。然后您需要有云厂商账号,并获取AccessKey与AccessSecret凭证,充点钱,就可以开始云端沙箱部署之旅啦。

    项目根目录 terraform/ 中提供了若干云厂商的 Terraform 资源定义文件,您可以使用这些模板快速在云上申请虚拟机资源用于部署Pigsty。这里以阿里云为例:

    1. provider "alicloud" {
    2.   access_key = "xxxxxx"
    3.   secret_key = "xxxxxx"
    4.   region = "cn-beijing"
    5. }
    7. # use 10.10.10.0/24 cidr block as demo network
    8. resource "alicloud_vpc" "vpc" {
    9.   vpc_name   = "pigsty-demo-network"
    10.   cidr_block = "10.10.10.0/24"
    11. }
    13. # add virtual switch for pigsty demo network
    14. resource "alicloud_vswitch" "vsw" {
    15.   vpc_id     = "${alicloud_vpc.vpc.id}"
    16.   cidr_block = "10.10.10.0/24"
    17.   zone_id    = "cn-beijing-k"
    18. }
    20. # add default security group and allow all tcp traffic
    21. resource "alicloud_security_group" "default" {
    22.   name   = "default"
    23.   vpc_id = "${alicloud_vpc.vpc.id}"
    24. }
    25. resource "alicloud_security_group_rule" "allow_all_tcp" {
    26.   ip_protocol       = "tcp"
    27.   type              = "ingress"
    28.   nic_type          = "intranet"
    29.   policy            = "accept"
    30.   port_range        = "1/65535"
    31.   priority          = 1
    32.   security_group_id = "${alicloud_security_group.default.id}"
    33.   cidr_ip           = "0.0.0.0/0"
    34. }
    36. # https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/instance
    37. resource "alicloud_instance" "pg-meta-1" {
    38.   instance_name              = "pg-meta-1"
    39.   host_name                  = "pg-meta-1"
    40.   instance_type              = "ecs.s6-c1m2.small"
    41.   vswitch_id                 = "${alicloud_vswitch.vsw.id}"
    42.   security_groups            = ["${alicloud_security_group.default.id}"]
    43.   image_id                   = "centos_7_8_x64_20G_alibase_20200914.vhd"
    44.   password                   = "PigstyDemo4"
    45.   private_ip                 = "10.10.10.10"
    46.   internet_max_bandwidth_out = 40 # 40Mbps , alloc a public IP
    47. }
    49. resource "alicloud_instance" "pg-test-1" {
    50.   instance_name   = "pg-test-1"
    51.   host_name       = "pg-test-1"
    52.   instance_type   = "ecs.s6-c1m1.small"
    53.   vswitch_id      = "${alicloud_vswitch.vsw.id}"
    54.   security_groups = ["${alicloud_security_group.default.id}"]
    55.   image_id        = "centos_7_8_x64_20G_alibase_20200914.vhd"
    56.   password        = "PigstyDemo4"
    57.   private_ip      = "10.10.10.11"
    58. }
    60. resource "alicloud_instance" "pg-test-2" {
    61.   instance_name   = "pg-test-2"
    62.   host_name       = "pg-test-2"
    63.   instance_type   = "ecs.s6-c1m1.small"
    64.   vswitch_id      = "${alicloud_vswitch.vsw.id}"
    65.   security_groups = ["${alicloud_security_group.default.id}"]
    66.   image_id        = "centos_7_8_x64_20G_alibase_20200914.vhd"
    67.   password        = "PigstyDemo4"
    68.   private_ip      = "10.10.10.12"
    69. }
    71. resource "alicloud_instance" "pg-test-3" {
    72.   instance_name   = "pg-test-3"
    73.   host_name       = "pg-test-3"
    74.   instance_type   = "ecs.s6-c1m1.small"
    75.   vswitch_id      = "${alicloud_vswitch.vsw.id}"
    76.   security_groups = ["${alicloud_security_group.default.id}"]
    77.   image_id        = "centos_7_8_x64_20G_alibase_20200914.vhd"
    78.   password        = "PigstyDemo4"
    79.   private_ip      = "10.10.10.13"
    80. }
    83. output "meta_ip" {
    84.   value = "${alicloud_instance.pg-meta-1.public_ip}"
    85. }

    首先,使用terraform命令,创建上面定义的云资源(共享1C1G临时用用很便宜,按需付费)

    执行 apply 并输入 yes后,terraform会调用阿里云API创建对应的虚拟机资源。

    Terraform Apply执行结果

    1. Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
    2.   + create
    4. Terraform will perform the following actions:
    6.   # alicloud_instance.pg-meta-1 will be created
    7.   + resource "alicloud_instance" "pg-meta-1" {
    8.       + availability_zone                  = (known after apply)
    9.       + credit_specification               = (known after apply)
    10.       + deletion_protection                = false
    11.       + dry_run                            = false
    12.       + host_name                          = "pg-meta-1"
    13.       + id                                 = (known after apply)
    14.       + image_id                           = "centos_7_8_x64_20G_alibase_20200914.vhd"
    15.       + instance_charge_type               = "PostPaid"
    16.       + instance_name                      = "pg-meta-1"
    17.       + instance_type                      = "ecs.s6-c1m2.small"
    18.       + internet_max_bandwidth_in          = (known after apply)
    19.       + internet_max_bandwidth_out         = 40
    21.       + password                           = (sensitive value)
    22.       + private_ip                         = "10.10.10.10"
    23.       + public_ip                          = (known after apply)
    24.       + role_name                          = (known after apply)
    25.       + secondary_private_ip_address_count = (known after apply)
    26.       + secondary_private_ips              = (known after apply)
    27.       + security_groups                    = (known after apply)
    28.       + spot_strategy                      = "NoSpot"
    29.       + status                             = "Running"
    30.       + subnet_id                          = (known after apply)
    31.       + system_disk_category               = "cloud_efficiency"
    32.       + system_disk_performance_level      = (known after apply)
    33.       + system_disk_size                   = 40
    34.       + volume_tags                        = (known after apply)
    35.       + vswitch_id                         = (known after apply)
    36.     }
    38.   # alicloud_instance.pg-test-1 will be created
    39.   + resource "alicloud_instance" "pg-test-1" {
    40.       + availability_zone                  = (known after apply)
    41.       + credit_specification               = (known after apply)
    42.       + deletion_protection                = false
    43.       + dry_run                            = false
    44.       + host_name                          = "pg-test-1"
    45.       + id                                 = (known after apply)
    46.       + image_id                           = "centos_7_8_x64_20G_alibase_20200914.vhd"
    47.       + instance_charge_type               = "PostPaid"
    48.       + instance_name                      = "pg-test-1"
    49.       + instance_type                      = "ecs.s6-c1m1.small"
    50.       + internet_max_bandwidth_in          = (known after apply)
    51.       + internet_max_bandwidth_out         = 0
    52.       + key_name                           = (known after apply)
    53.       + password                           = (sensitive value)
    54.       + private_ip                         = "10.10.10.11"
    55.       + public_ip                          = (known after apply)
    56.       + role_name                          = (known after apply)
    57.       + secondary_private_ip_address_count = (known after apply)
    58.       + secondary_private_ips              = (known after apply)
    59.       + security_groups                    = (known after apply)
    60.       + spot_strategy                      = "NoSpot"
    61.       + status                             = "Running"
    62.       + subnet_id                          = (known after apply)
    63.       + system_disk_category               = "cloud_efficiency"
    64.       + system_disk_performance_level      = (known after apply)
    65.       + system_disk_size                   = 40
    66.       + volume_tags                        = (known after apply)
    67.       + vswitch_id                         = (known after apply)
    68.     }
    70.   # alicloud_instance.pg-test-2 will be created
    71.   + resource "alicloud_instance" "pg-test-2" {
    72.       + availability_zone                  = (known after apply)
    73.       + credit_specification               = (known after apply)
    74.       + deletion_protection                = false
    75.       + dry_run                            = false
    76.       + host_name                          = "pg-test-2"
    77.       + id                                 = (known after apply)
    78.       + image_id                           = "centos_7_8_x64_20G_alibase_20200914.vhd"
    79.       + instance_charge_type               = "PostPaid"
    80.       + instance_name                      = "pg-test-2"
    81.       + instance_type                      = "ecs.s6-c1m1.small"
    82.       + internet_max_bandwidth_in          = (known after apply)
    83.       + internet_max_bandwidth_out         = 0
    84.       + key_name                           = (known after apply)
    85.       + password                           = (sensitive value)
    86.       + private_ip                         = "10.10.10.12"
    87.       + public_ip                          = (known after apply)
    88.       + role_name                          = (known after apply)
    89.       + secondary_private_ip_address_count = (known after apply)
    90.       + secondary_private_ips              = (known after apply)
    91.       + security_groups                    = (known after apply)
    92.       + spot_strategy                      = "NoSpot"
    93.       + status                             = "Running"
    94.       + subnet_id                          = (known after apply)
    95.       + system_disk_category               = "cloud_efficiency"
    96.       + system_disk_performance_level      = (known after apply)
    97.       + system_disk_size                   = 40
    98.       + volume_tags                        = (known after apply)
    99.       + vswitch_id                         = (known after apply)
    100.     }
    102.   # alicloud_instance.pg-test-3 will be created
    103.   + resource "alicloud_instance" "pg-test-3" {
    104.       + availability_zone                  = (known after apply)
    105.       + credit_specification               = (known after apply)
    106.       + deletion_protection                = false
    107.       + dry_run                            = false
    108.       + host_name                          = "pg-test-3"
    109.       + id                                 = (known after apply)
    110.       + image_id                           = "centos_7_8_x64_20G_alibase_20200914.vhd"
    111.       + instance_charge_type               = "PostPaid"
    112.       + instance_name                      = "pg-test-3"
    113.       + instance_type                      = "ecs.s6-c1m1.small"
    114.       + internet_max_bandwidth_in          = (known after apply)
    115.       + internet_max_bandwidth_out         = 0
    116.       + key_name                           = (known after apply)
    117.       + password                           = (sensitive value)
    118.       + private_ip                         = "10.10.10.13"
    119.       + public_ip                          = (known after apply)
    120.       + role_name                          = (known after apply)
    121.       + secondary_private_ip_address_count = (known after apply)
    122.       + secondary_private_ips              = (known after apply)
    123.       + security_groups                    = (known after apply)
    124.       + spot_strategy                      = "NoSpot"
    125.       + subnet_id                          = (known after apply)
    126.       + system_disk_category               = "cloud_efficiency"
    127.       + system_disk_performance_level      = (known after apply)
    128.       + system_disk_size                   = 40
    130.       + vswitch_id                         = (known after apply)
    131.     }
    133.   # alicloud_security_group.default will be created
    134.   + resource "alicloud_security_group" "default" {
    135.       + id                  = (known after apply)
    136.       + inner_access        = (known after apply)
    137.       + inner_access_policy = (known after apply)
    138.       + name                = "default"
    139.       + security_group_type = "normal"
    140.       + vpc_id              = (known after apply)
    141.     }
    143.   # alicloud_security_group_rule.allow_all_tcp will be created
    144.   + resource "alicloud_security_group_rule" "allow_all_tcp" {
    145.       + cidr_ip           = "0.0.0.0/0"
    146.       + id                = (known after apply)
    147.       + ip_protocol       = "tcp"
    148.       + nic_type          = "intranet"
    149.       + policy            = "accept"
    150.       + port_range        = "1/65535"
    151.       + priority          = 1
    152.       + security_group_id = (known after apply)
    153.       + type              = "ingress"
    154.     }
    156.   # alicloud_vpc.vpc will be created
    157.   + resource "alicloud_vpc" "vpc" {
    158.       + cidr_block        = "10.10.10.0/24"
    159.       + id                = (known after apply)
    160.       + ipv6_cidr_block   = (known after apply)
    161.       + name              = (known after apply)
    162.       + resource_group_id = (known after apply)
    163.       + route_table_id    = (known after apply)
    164.       + router_id         = (known after apply)
    165.       + router_table_id   = (known after apply)
    166.       + status            = (known after apply)
    167.       + vpc_name          = "pigsty-demo-network"
    168.     }
    170.   # alicloud_vswitch.vsw will be created
    171.   + resource "alicloud_vswitch" "vsw" {
    172.       + availability_zone = (known after apply)
    173.       + cidr_block        = "10.10.10.0/24"
    174.       + id                = (known after apply)
    175.       + name              = (known after apply)
    176.       + status            = (known after apply)
    177.       + vpc_id            = (known after apply)
    178.       + vswitch_name      = (known after apply)
    179.       + zone_id           = "cn-beijing-k"
    180.     }
    182. Plan: 8 to add, 0 to change, 0 to destroy.
    184. Changes to Outputs:
    185.   + meta_ip = (known after apply)
    187. Do you want to perform these actions?
    188.   Terraform will perform the actions described above.
    189.   Only 'yes' will be accepted to approve.
    191.   Enter a value: yes
    193. alicloud_vpc.vpc: Creating...
    194. alicloud_vpc.vpc: Creation complete after 6s [id=vpc-2zed78z7n5z06o1dmydhj]
    195. alicloud_security_group.default: Creating...
    196. alicloud_vswitch.vsw: Creating...
    197. alicloud_security_group.default: Creation complete after 1s [id=sg-2ze7x7zu8tcdsefroofa]
    198. alicloud_security_group_rule.allow_all_tcp: Creating...
    199. alicloud_security_group_rule.allow_all_tcp: Creation complete after 0s [id=sg-2ze7x7zu8tcdsefroofa:ingress:tcp:1/65535:intranet:0.0.0.0/0:accept:1]
    200. alicloud_vswitch.vsw: Creation complete after 6s [id=vsw-2zejctjdr16ryz194jxz4]
    201. alicloud_instance.pg-test-3: Creating...
    202. alicloud_instance.pg-test-2: Creating...
    203. alicloud_instance.pg-test-1: Creating...
    204. alicloud_instance.pg-meta-1: Creating...
    205. alicloud_instance.pg-test-3: Still creating... [10s elapsed]
    206. alicloud_instance.pg-test-2: Still creating... [10s elapsed]
    207. alicloud_instance.pg-test-1: Still creating... [10s elapsed]
    208. alicloud_instance.pg-meta-1: Still creating... [10s elapsed]
    209. alicloud_instance.pg-meta-1: Creation complete after 16s [id=i-2zef4frw6kezb47339wr]
    210. alicloud_instance.pg-test-1: Still creating... [20s elapsed]
    211. alicloud_instance.pg-test-2: Still creating... [20s elapsed]
    212. alicloud_instance.pg-test-3: Still creating... [20s elapsed]
    213. alicloud_instance.pg-test-2: Creation complete after 23s [id=i-2zefzvz0fyl7mloc4v30]
    214. alicloud_instance.pg-test-1: Still creating... [30s elapsed]
    215. alicloud_instance.pg-test-3: Still creating... [30s elapsed]
    216. alicloud_instance.pg-test-3: Creation complete after 33s [id=i-2zeeyodo2pc8b1k2d167]
    217. alicloud_instance.pg-test-1: Creation complete after 33s [id=i-2zef4frw6kezb47339ws]

    其中,管理机将分配一个按量付费的公网IP,您也可以使用命令terraform output将其打印出来。

    1. # 创建 ~/.ssh/pigsty_terraform 文件,包含云端管理机器的SSH定义(可选,好用一点)
    2. cat > ~/.ssh/pigsty_terraform <<-EOF
    3. Host demo
    4.   User root
    5.   HostName ${public_ip}
    6.   UserKnownHostsFile /dev/null
    7.   StrictHostKeyChecking no
    8.   PasswordAuthentication yes
    9. EOF
    10. chmod 0600 ~/.ssh/pigsty_terraform 
    12. # 启用该配置
    13. if ! grep --quiet "Include ~/.ssh/pigsty_terraform" ~/.ssh/config ; then
    14.     (echo 'Include ~/.ssh/pigsty_terraform' && cat ~/.ssh/config) >  ~/.ssh/config.tmp;
    15. fi

    然后,您可以通过SSH别名demo访问该云端管理机了。

    然后,您就可以免密从本地访问该节点了,如果只需要进行单节点安装,这样就行了。接下来,在该元节点上完成标准安装

    阿里云虚拟机CentOS 7.8镜像中运行有 nscd ,锁死了 glibc 版本,会导致安装时出现RPM依赖错误。

    在所有机器上执行 即可解决此问题。