ben
/
mgmt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mgmt/scripts/utilities/terraform-consul-provider.sh

311 lines
6.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Terraform Consul Provider 配置脚本
# 用于配置 Terraform 从 Consul 读取敏感配置
set -euo pipefail
ENVIRONMENT="${ENVIRONMENT:-dev}"
CONSUL_ADDR="${CONSUL_ADDR:-http://localhost:8500}"
# 颜色输出
GREEN='\033[0;32m'
BLUE='\033[0;34m'
NC='\033[0m'
log_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
log_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
# 创建 Terraform Consul Provider 配置
create_consul_provider() {
local tf_dir="infrastructure/environments/${ENVIRONMENT}"
log_info "创建 Terraform Consul Provider 配置..."
cat > "${tf_dir}/consul-provider.tf" << 'EOF'
# Consul Provider 配置
terraform {
required_providers {
consul = {
source = "hashicorp/consul"
version = "~> 2.18"
}
}
}
provider "consul" {
address = var.consul_config.address
token = lookup(var.consul_config, "token", null)
}
# 从 Consul 读取 Oracle Cloud 配置
data "consul_keys" "oracle_config" {
key {
name = "tenancy_ocid"
path = "config/${var.environment}/oracle/tenancy_ocid"
}
key {
name = "user_ocid"
path = "config/${var.environment}/oracle/user_ocid"
}
key {
name = "fingerprint"
path = "config/${var.environment}/oracle/fingerprint"
}
key {
name = "private_key"
path = "config/${var.environment}/oracle/private_key"
}
key {
name = "compartment_ocid"
path = "config/${var.environment}/oracle/compartment_ocid"
}
}
# 创建临时私钥文件
resource "local_file" "oci_private_key" {
content = data.consul_keys.oracle_config.var.private_key
filename = "/tmp/oci_private_key_${var.environment}.pem"
file_permission = "0600"
lifecycle {
ignore_changes = [content]
}
}
# 本地变量,用于构建完整的 OCI 配置
locals {
oci_config_from_consul = {
tenancy_ocid = data.consul_keys.oracle_config.var.tenancy_ocid
user_ocid = data.consul_keys.oracle_config.var.user_ocid
fingerprint = data.consul_keys.oracle_config.var.fingerprint
private_key_path = local_file.oci_private_key.filename
region = var.oci_config.region
compartment_ocid = data.consul_keys.oracle_config.var.compartment_ocid
}
}
EOF
log_success "Consul Provider 配置已创建: ${tf_dir}/consul-provider.tf"
}
# 创建变量定义文件
create_variables() {
local tf_dir="infrastructure/environments/${ENVIRONMENT}"
log_info "更新 Terraform 变量定义..."
cat > "${tf_dir}/variables.tf" << 'EOF'
# 基本变量
variable "environment" {
description = "环境名称"
type = string
}
variable "project_name" {
description = "项目名称"
type = string
}
variable "owner" {
description = "项目所有者"
type = string
}
variable "cloud_providers" {
description = "要启用的云服务商"
type = list(string)
default = []
}
variable "vpc_cidr" {
description = "VPC CIDR 块"
type = string
}
variable "availability_zones" {
description = "可用区列表"
type = list(string)
}
variable "common_tags" {
description = "通用标签"
type = map(string)
default = {}
}
# Consul 配置
variable "consul_config" {
description = "Consul 配置"
type = object({
address = string
token = optional(string)
})
}
# Oracle Cloud 配置(基本信息)
variable "oci_config" {
description = "Oracle Cloud 基本配置"
type = object({
region = string
tenancy_ocid = optional(string, "FROM_CONSUL")
user_ocid = optional(string, "FROM_CONSUL")
fingerprint = optional(string, "FROM_CONSUL")
private_key_path = optional(string, "FROM_CONSUL")
compartment_ocid = optional(string, "FROM_CONSUL")
})
}
# 其他云服务商配置
variable "huawei_config" {
description = "华为云配置"
type = object({
access_key = string
secret_key = string
region = string
project_id = string
})
default = {
access_key = ""
secret_key = ""
region = "cn-north-4"
project_id = ""
}
}
variable "gcp_config" {
description = "Google Cloud 配置"
type = object({
project_id = string
region = string
zone = string
credentials_file = string
})
default = {
project_id = ""
region = "asia-northeast3"
zone = "asia-northeast3-a"
credentials_file = ""
}
}
variable "aws_config" {
description = "AWS 配置"
type = object({
region = string
access_key = string
secret_key = string
})
default = {
region = "ap-northeast-2"
access_key = ""
secret_key = ""
}
}
variable "do_config" {
description = "DigitalOcean 配置"
type = object({
token = string
region = string
})
default = {
token = ""
region = "sgp1"
}
}
EOF
log_success "变量定义已更新: ${tf_dir}/variables.tf"
}
# 创建示例 main.tf
create_main_tf() {
local tf_dir="infrastructure/environments/${ENVIRONMENT}"
log_info "创建示例 main.tf..."
cat > "${tf_dir}/main.tf" << 'EOF'
# 主要 Terraform 配置文件
terraform {
required_version = ">= 1.0"
required_providers {
oci = {
source = "oracle/oci"
version = "~> 5.0"
}
}
}
# Oracle Cloud Provider
provider "oci" {
tenancy_ocid = local.oci_config_from_consul.tenancy_ocid
user_ocid = local.oci_config_from_consul.user_ocid
fingerprint = local.oci_config_from_consul.fingerprint
private_key_path = local.oci_config_from_consul.private_key_path
region = local.oci_config_from_consul.region
}
# 示例:创建 VCN
resource "oci_core_vcn" "main" {
count = contains(var.cloud_providers, "oracle") ? 1 : 0
compartment_id = local.oci_config_from_consul.compartment_ocid
cidr_block = var.vpc_cidr
display_name = "${var.project_name}-${var.environment}-vcn"
freeform_tags = var.common_tags
}
# 输出
output "vcn_id" {
description = "VCN ID"
value = try(oci_core_vcn.main[0].id, null)
}
output "oci_config_source" {
description = "OCI 配置来源"
value = "consul"
}
EOF
log_success "示例 main.tf 已创建: ${tf_dir}/main.tf"
}
# 主函数
main() {
case "${1:-help}" in
"setup")
create_consul_provider
create_variables
create_main_tf
;;
"help"|*)
cat << EOF
Terraform Consul Provider 配置脚本
用法: $0 [选项]
选项:
setup 创建 Terraform Consul Provider 配置
help 显示此帮助信息
环境变量:
ENVIRONMENT 环境名称 (默认: dev)
CONSUL_ADDR Consul 地址 (默认: http://localhost:8500)
EOF
;;
esac
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink