19탄-24. 테라폼-AWS-RDS 생성
다음은 주말 CloudNet 테라폼 스터디 내용 참고하여 정리한 부분입니다.
https://gasidaseo.notion.site/gasidaseo/CloudNet-Blog-c9dfa44a27ff431dafdd2edacc8a1863
<1> 환경 확인
<2> rds 배포
<3> web server 배포
<4> 삭제
<1> 환경 확인
stage - service - webserver- main.tf
stage - service - data-stores -mysql - main.tf
global - s3 - main.tf
# 환경변수에 지정
export TF_VAR_bucket_name=<각자 닉네임>-tfstate
export TF_VAR_table_name=<각자 닉네임>-t101-locks
export TF_VAR_bucket_name=masterseo-t101-tfstate
export TF_VAR_table_name=masterseo-t101-locks
# 환경변수 확인
export | grep TF_VAR_
# (옵션) 환경변수 지정 삭제
unset TF_VAR_bucket_name
unset TF_VAR_table_name
# s3
cd /root/terraform-up-and-running-code/code/terraform/03-terraform-state/file-layout-example/global/s3
cat main.tf variables.tf
# cat main.tf variables.tf
terraform {
required_version = ">= 1.0.0, < 2.0.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
}
}
provider "aws" {
region = "us-east-2"
}
resource "aws_s3_bucket" "terraform_state" {
bucket = var.bucket_name
// This is only here so we can destroy the bucket as part of automated tests. You should not copy this for production
// usage
force_destroy = true
}
# Enable versioning so you can see the full revision history of your
# state files
resource "aws_s3_bucket_versioning" "enabled" {
bucket = aws_s3_bucket.terraform_state.id
versioning_configuration {
status = "Enabled"
}
}
# Enable server-side encryption by default
resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
bucket = aws_s3_bucket.terraform_state.id
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
# Explicitly block all public access to the S3 bucket
resource "aws_s3_bucket_public_access_block" "public_access" {
bucket = aws_s3_bucket.terraform_state.id
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}
resource "aws_dynamodb_table" "terraform_locks" {
name = var.table_name
billing_mode = "PAY_PER_REQUEST"
hash_key = "LockID"
attribute {
name = "LockID"
type = "S"
}
}
variable "bucket_name" {
description = "The name of the S3 bucket. Must be globally unique."
type = string
}
variable "table_name" {
description = "The name of the DynamoDB table. Must be unique in this AWS account."
type = string
}[root@ip-172-31-61-209 s3]#
# 초기화 및 검증 : 환경변수 적용 확인
terraform init && terraform plan
버킷 , 키, 리전 입력
masterseo-t101-tfstate
stage/data-stores/mysql/terraform.tfstate
us-east-2
# 배포
terraform apply -auto-approve
# 확인
aws s3 ls
2022-12-06 09:22:01 masterseo-t101-tfstate
aws dynamodb list-tables --output text
TABLENAMES masterseo-t101-locks
<2> rds 배포
# [터미널2] RDS 생성 모니터링
while true; do aws rds describe-db-instances --query "*[].[Endpoint.Address,Endpoint.Port,MasterUsername]" --output text ; echo "------------------------------" ; sleep 1; done
# [터미널1]
cd /root/terraform-up-and-running-code/code/terraform/03-terraform-state/file-layout-example/stage/data-stores/mysql
cat main.tf variables.tf
# 환경변수에 지정
export TF_VAR_db_username='cloudneta'
export TF_VAR_db_password='cloudnetaQ!'
# 환경변수 확인
export | grep TF_VAR_
# main.tf 에 백엔드 부분 수정
vi main.tf
backend "s3" {
# This backend configuration is filled in automatically at test time by Terratest. If you wish to run this example
# manually, uncomment and fill in the config below.
bucket = "masterseo-t101-tfstate"
key = "stage/data-stores/mysql/terraform.tfstate"
region = "us-east-2"
dynamodb_table = "masterseo-t101-locks"
# encrypt = true
}
# 초기화 및 검증 : 환경변수 적용 확인
terraform init && terraform plan
masterseo-t101-tfstate
stage/data-stores/mysql/terraform.tfstate
us-east-2
# 배포 : RDS는 생성 시 6분 정도 시간 소요
terraform apply -auto-approve
암호, 계정 입력
cloudnetaQ!
cloudneta
terraform output
aws s3 ls s3://$TF_VAR_bucket_name --recursive --human-readable --summarize
2022-12-06 09:57:24 4.3 KiB stage/data-stores/mysql/terraform.tfstate
<3> web server 배포
1
#
cd /root/terraform-up-and-running-code/code/terraform/03-terraform-state/file-layout-example/stage/services/webserver-cluster
cat main.tf variables.tf
2
# 환경변수에 지정
export TF_VAR_db_remote_state_bucket=$TF_VAR_bucket_name # description = "The name of the S3 bucket used for the database's remote state storage"
export TF_VAR_db_remote_state_key='stage/data-stores/mysql/terraform.tfstate' # description = "The name of the key in the S3 bucket used for the database's remote state storage"
# 환경변수 확인
export | grep TF_VAR_
3
# 초기화 및 검증 : 환경변수 적용 확인
terraform init && terraform plan
# 배포
terraform apply -auto-approve
4
rds 생성 됨
------------------------------
terraform-up-and-running20221206095338996400000001.c7aitcdywcyg.us-east-2.rds.amazonaws.com 3306 cloudneta
------------------------------
terraform-up-and-running20221206095338996400000001.c7aitcdywcyg.us-east-2.rds.amazonaws.com 3306 cloudneta
------------------------------
5
# ALB DNS주소로 curl 접속 확인
ALBDNS=$(terraform output -raw alb_dns_name)
while true; do curl --connect-timeout 1 http://$ALBDNS ; echo; echo "------------------------------"; date; sleep 1; done
curl -s http://$ALBDNS
------------------------------
Tue Dec 6 10:02:48 UTC 2022
<h1>Hello, World</h1>
<p>DB address: terraform-up-and-running20221206095338996400000001.c7aitcdywcyg.us-east-2.rds.amazonaws.com</p>
<p>DB port: 3306</p>
--------------------------
<4> 삭제
# 각 폴더에서 리소스 삭제
1
stage/services/webserver-cluster$ terraform destroy -auto-approve
2
stage/data-stores/mysql$ terraform destroy -auto-approve
암호, 계정 입력
cloudnetaQ!
cloudneta
3
cd /root/terraform-up-and-running-code/code/terraform/03-terraform-state/file-layout-example/global/s3
global/s3$ terraform destroy -auto-approve
다음
https://brunch.co.kr/@topasvga/2846
https://brunch.co.kr/@topasvga/2421
감사합니다.
