Terraform 用例创建多个几乎相同的基础设施副本

Question

I have TF templates whose purpose is to create multiple copies of the same cloud infrastructure. For example you have multiple business units inside a big organization, and you want to build out the same basic networks. Or you want an easy way for a developer to spin up the stack that he's working on. The only difference between "tf apply" invokations is the variable BUSINESS_UNIT, for example, which is passed in as an environment variable.

Is anyone else using a system like this, and if so, how do you manage the state files ?

Answer 1

You should use a Terraform Module . Creating a module is nothing special: just put any Terraform templates in a folder. What makes a module special is how you use it.

Let's say you put the Terraform code for your infrastructure in the folder /terraform/modules/common-infra . Then, in the templates that actually define your live infrastructure (eg /terraform/live/business-units/main.tf ), you could use the module as follows:

module "business-unit-a" {
  source = "/terraform/modules/common-infra"
}

To create the infrastructure for multiple business units, you could use the same module multiple times:

module "business-unit-a" {
  source = "/terraform/modules/common-infra"
}

module "business-unit-b" {
  source = "/terraform/modules/common-infra"
}

module "business-unit-c" {
  source = "/terraform/modules/common-infra"
}

If each business unit needs to customize some parameters, then all you need to do is define an input variable in the module (eg under /terraform/modules/common-infra/vars.tf ):

variable "business_unit_name" {
  description = "The name of the business unit"
}

Now you can set this variable to a different value each time you use the module:

module "business-unit-a" {
  source = "/terraform/modules/common-infra"
  business_unit_name = "a"
}

module "business-unit-b" {
  source = "/terraform/modules/common-infra"
  business_unit_name = "b"
}

module "business-unit-c" {
  source = "/terraform/modules/common-infra"
  business_unit_name = "c"
}

For more information, see How to create reusable infrastructure with Terraform modules and Terraform: Up & Running .

Answer 2

There's two ways of doing this that jump to mind.

Firstly, you could go down the route of using the same Terraform configuration folder that you apply and simply pass in a variable when running Terraform (either via the command line or through environment variables). You'd also want to have the same wrapper script that calls Terraform to configure your state settings to make them differ.

This might end up with something like this:

variable "BUSINESS_UNIT" {}
variable "ami" { default = "ami-123456" }

resource "aws_instance" "web" {
    ami = "${var.ami}"
    instance_type = "t2.micro"
    tags {
        Name = "web"
        Business_Unit = "${var.BUSINESS_UNIT}"
    }
}

resource "aws_db_instance" "default" {
  allocated_storage    = 10
  engine               = "mysql"
  engine_version       = "5.6.17"
  instance_class       = "db.t2.micro"
  name                 = "${var.BUSINESS_UNIT}"
  username             = "foo"
  password             = "bar"
  db_subnet_group_name = "db_subnet_group"
  parameter_group_name = "default.mysql5.6"
}

Which creates an EC2 instance and an RDS instance. You would then call that with something like this:

#!/bin/bash

if [ "$#" -ne 1 ]; then
    echo "Illegal number of parameters - specify business unit as positional parameter"
fi

business_unit=$1

terraform remote config -backend="s3" \
                        -backend-config="bucket=${business_unit}" \
                        -backend-config="key=state"

terraform remote pull

terraform apply -var 'BUSINESS_UNIT=${business_unit}'

terraform remote push

As an alternative route you might want to consider using modules to wrap your Terraform configuration.

So instead you might have something that now looks like:

web-instance/main.tf

variable "BUSINESS_UNIT" {}
variable "ami" { default = "ami-123456" }

resource "aws_instance" "web" {
    ami = "${var.ami}"
    instance_type = "t2.micro"
    tags {
        Name = "web"
        Business_Unit = "${var.BUSINESS_UNIT}"
    }
}

db-instance/main.tf

variable "BUSINESS_UNIT" {}

resource "aws_db_instance" "default" {
  allocated_storage    = 10
  engine               = "mysql"
  engine_version       = "5.6.17"
  instance_class       = "db.t2.micro"
  name                 = "${var.BUSINESS_UNIT}"
  username             = "foo"
  password             = "bar"
  db_subnet_group_name = "db_subnet_group"
  parameter_group_name = "default.mysql5.6"
}

And then you might have different folders that call these modules per business unit:

business-unit-1/main.tf

variable "BUSINESS_UNIT" { default = "business-unit-1" }

module "web_instance" {
  source = "../web-instance"
  BUSINESS_UNIT = "${var.BUSINESS_UNIT}"
}

module "db_instance" {
  source = "../db-instance"
  BUSINESS_UNIT = "${var.BUSINESS_UNIT}"
}

and

business-unit-2/main.tf

variable "BUSINESS_UNIT" { default = "business-unit-2" }

module "web_instance" {
  source = "../web-instance"
  BUSINESS_UNIT = "${var.BUSINESS_UNIT}"
}

module "db_instance" {
  source = "../db-instance"
  BUSINESS_UNIT = "${var.BUSINESS_UNIT}"
}

You still need a wrapper script to manage state configuration as before but going this route enables you to provide a rough template in your modules and then hard code certain extra configuration by business unit such as the instance size or the number of instances that are built for them.

Answer 3

This is rather popular use case. To archive this you can let developers to pass variable from command-line or from tfvars file into resource to make different resources unique:

main.tf:

resource "aws_db_instance" "db" {
  identifier = "${var.BUSINESS_UNIT}"
  # ... read more in docs
}

---

$ terraform apply -var 'BUSINESS_UNIT=unit_name'

PS: We do this often to provision infrastructure for specific git branch name, and since all resources are identifiable and are located in separate tfstate files, we can safely destroy them when we don't need them.