commit 70f160b3960c501cc0b345d67cd44c1d7812e67a Author: Ben User Date: Sun Feb 1 06:36:02 2026 +0000 Initial commit: Terraform configurations for multiple cloud providers diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ecac4c2 --- /dev/null +++ b/.gitignore @@ -0,0 +1,18 @@ +# Terraform 相关文件 +.terraform/ +*.tfstate +*.tfstate.* +*.tfvars +.terraform.lock.hcl + +# 编辑器目录 +.vscode/ +.idea/ + +# 日志文件 +*.log + +# 敏感数据 +*.pem +*.key +*.pub \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..8a83f58 --- /dev/null +++ b/README.md @@ -0,0 +1,41 @@ +# 多云 Terraform 项目 + +这是一个用于管理多个云平台基础设施的 Terraform 项目。 + +## 项目结构 + +``` +. +├── volcengine/ # 火山引擎(字节跳动)配置 +├── oracle/ # Oracle Cloud(甲骨文云)配置 +├── aws/ # Amazon Web Services 配置 +└── modules/ # 共享模块 +``` + +## 使用方法 + +### 1. 初始化特定云平台 +```bash +cd volcengine +terraform init +``` + +### 2. 配置访问凭证 +在每个云的 `main.tf` 文件中配置相应的访问凭证: + +- **火山引擎**:需要 `access_key`、`secret_key` 和 `region` +- **Oracle Cloud**:需要 `tenancy_ocid`、`user_ocid`、`fingerprint`、`private_key_path` 和 `region` +- **AWS**:需要 `access_key`、`secret_key` 和 `region` + +### 3. 规划和应用 +```bash +terraform plan +terraform apply +``` + +## 注意事项 + +1. 每个云目录独立管理其 Terraform 状态 +2. 共享模块放在 `modules/` 目录中 +3. 敏感信息应使用环境变量或 Terraform 变量文件管理 +4. 建议使用 `.gitignore` 排除 `.terraform` 目录和状态文件 \ No newline at end of file diff --git a/aliyun_profile b/aliyun_profile new file mode 100644 index 0000000..4f80ed2 --- /dev/null +++ b/aliyun_profile @@ -0,0 +1,8 @@ +# 阿里云 CLI 配置 + +[default] +# 默认配置 +access_key_id = LTAI5tBRm7PbNFdaGZpUaLUJ +access_key_secret = cYRaxAoE9I3MILlHRgUbowfxQzhj1D +region_id = cn-hangzhou +language = zh \ No newline at end of file diff --git a/aws/.env b/aws/.env new file mode 100644 index 0000000..c252779 --- /dev/null +++ b/aws/.env @@ -0,0 +1,11 @@ +seekkey +id +AKIAREGNQE37ZFRTTYXQ +key +3g58bhG2w1rPtcX9wmCMWcmF5EOoHy/zwnGdqoTz + +capitaltrain +id +AKIATAXHIVZIOWQUHY5A +key +Pe/Xb2dq1YOhadqgDTy7zKwbDLkk8dsvrpJ09kNQ \ No newline at end of file diff --git a/aws/capitaltrain/.env b/aws/capitaltrain/.env new file mode 100644 index 0000000..6cb9f7c --- /dev/null +++ b/aws/capitaltrain/.env @@ -0,0 +1,5 @@ +capitaltrain +id +AKIATAXHIVZIOWQUHY5A +key +Pe/Xb2dq1YOhadqgDTy7zKwbDLkk8dsvrpJ09kNQ \ No newline at end of file diff --git a/aws/main.tf b/aws/main.tf new file mode 100644 index 0000000..45300b9 --- /dev/null +++ b/aws/main.tf @@ -0,0 +1,15 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.0.0" + } + } +} + +provider "aws" { + # 配置AWS访问凭证 + # access_key = "your-access-key" + # secret_key = "your-secret-key" + # region = "us-east-1" +} \ No newline at end of file diff --git a/aws/seekkey/.env b/aws/seekkey/.env new file mode 100644 index 0000000..11fa455 --- /dev/null +++ b/aws/seekkey/.env @@ -0,0 +1,5 @@ +seekkey +id +AKIAREGNQE37ZFRTTYXQ +key +3g58bhG2w1rPtcX9wmCMWcmF5EOoHy/zwnGdqoTz \ No newline at end of file diff --git a/datadog/.env b/datadog/.env new file mode 100644 index 0000000..f946962 --- /dev/null +++ b/datadog/.env @@ -0,0 +1,8 @@ +# Datadog Application Key (以 "ee9a" 结尾) +8ad8eed0af8b041adc43653c176e06f34508ee9a + +# Datadog API Key (以 "3c7d" 结尾) +6f3900667c1b401225a8360382c33c7d + +# Datadog Site URL +https://us5.datadoghq.com/ \ No newline at end of file diff --git a/datadog/README.md b/datadog/README.md new file mode 100644 index 0000000..cbe7c6c --- /dev/null +++ b/datadog/README.md @@ -0,0 +1,48 @@ +# Datadog Terraform Integration + +## 配置说明 + +此目录包含用于与 Datadog 服务集成的 Terraform 配置。 + +## 必需的凭证 + +要使用此配置,您需要在 `terraform.tfvars` 文件中提供以下信息: + +- `datadog_api_key`: Datadog API 密钥(以 "3c7d" 结尾:6f3900667c1b401225a8360382c33c7d) +- `datadog_app_key`: Datadog APP 密钥(以 "ee9a" 结尾:8ad8eed0af8b041adc43653c176e06f34508ee9a) +- `datadog_site`: Datadog 站点 URL(已提供:https://us5.datadoghq.com/) + +## 如何获取凭证 + +1. 您的 Datadog 凭证已经完整: + - **API Key**: `6f3900667c1b401225a8360382c33c7d`(以 "3c7d" 结尾) + - **Application Key**: `8ad8eed0af8b041adc43653c176e06f34508ee9a`(以 "ee9a" 结尾,存储在 .env 文件第一行) + - **站点 URL**: `https://us5.datadoghq.com/`(存储在 .env 文件第二行) +2. 这些值已经正确配置在 `terraform.tfvars` 文件中 +3. 连接已验证成功 + +## 验证连接 + +运行以下命令来验证连接: + +```bash +cd datadog +terraform init +terraform plan +``` + +## 支持的资源 + +此配置演示了如何创建 Datadog Monitor,但 Datadog Terraform provider 支持广泛的资源类型,包括: +- Monitors(监控器) +- Dashboards(仪表板) +- Metrics(指标) +- Logs(日志) +- APM 配置 +- Security 规则等 + +## 注意事项 + +- 请确保您的 API 和 APP 密钥具有适当的权限来创建和管理所需的资源 +- 密钥应该安全存储,不要提交到版本控制系统 +- 403 错误表示认证失败,请检查您的密钥是否正确且未过期 \ No newline at end of file diff --git a/datadog/test-datadog.tf b/datadog/test-datadog.tf new file mode 100644 index 0000000..7a7800d --- /dev/null +++ b/datadog/test-datadog.tf @@ -0,0 +1,51 @@ +terraform { + required_providers { + datadog = { + source = "DataDog/datadog" + version = "~> 3.0" + } + } +} + +# Provider configuration +provider "datadog" { + api_key = var.datadog_api_key + app_key = var.datadog_app_key + api_url = var.datadog_site +} + +# Variables +variable "datadog_api_key" { + description = "Datadog API key" + type = string + sensitive = true +} + +variable "datadog_app_key" { + description = "Datadog APP key" + type = string + sensitive = true +} + +variable "datadog_site" { + description = "Datadog site URL" + type = string + default = "https://api.datadoghq.com" +} + +# Example resource - Datadog Monitor +resource "datadog_monitor" "test_monitor" { + name = "Test Monitor" + type = "metric alert" + query = "avg(last_1h):avg:system.cpu.user{*} > 80" + message = "CPU usage is too high" + escalation_message = "Escalation message" + + monitor_thresholds { + critical = "80" + } + + lifecycle { + ignore_changes = [query] # For testing purposes + } +} diff --git a/digitalocean/.env b/digitalocean/.env new file mode 100644 index 0000000..8c0970b --- /dev/null +++ b/digitalocean/.env @@ -0,0 +1 @@ +DIGITALOCEAN_TOKEN=dop_v1_a1683dcab83cb842cbda460a8944d86d84207e77b051f3f4c8055707a34efca8 diff --git a/digitalocean/LIFECYCLE.md b/digitalocean/LIFECYCLE.md new file mode 100644 index 0000000..26749ec --- /dev/null +++ b/digitalocean/LIFECYCLE.md @@ -0,0 +1,71 @@ +# DigitalOcean Terraform 自动销毁说明 + +## 生命周期管理 + +本配置包含自动销毁功能,可以在指定日期后自动删除所有 DigitalOcean 资源。 + +## 配置 + +在 `main.tf` 中设置过期日期: + +```hcl +variable "expiration_date" { + description = "Expiration date in YYYY-MM-DD format. Use with destroy script" + type = string + default = "2026-03-03" +} +``` + +## 使用方法 + +### 1. 手动运行销毁脚本 + +```bash +# 使用默认日期(2026-03-03) +./auto_destroy.sh + +# 指定过期日期 +./auto_destroy.sh 2026-03-01 +``` + +### 2. 设置定时任务(cron) + +每天检查一次是否需要销毁资源: + +```bash +# 编辑 crontab +crontab -e + +# 添加以下行(每天凌晨 2 点检查) +0 2 * * * /home/ben/terraform/digitalocean/auto_destroy.sh 2026-03-03 >> /var/log/do_destroy.log 2>&1 +``` + +### 3. 手动销毁 + +如果需要立即销毁所有资源: + +```bash +terraform destroy -auto-approve -var="do_token=$(grep DIGITALOCEAN_TOKEN .env | cut -d'=' -f2)" +``` + +## 脚本行为 + +- 如果当前日期 **超过** 过期日期:自动执行 `terraform destroy` 删除所有资源 +- 如果当前日期 **未超过** 过期日期:显示剩余天数,不执行任何操作 + +## 注意事项 + +1. 销毁操作不可逆,请确保在过期日期前备份重要数据 +2. 建议在测试环境中先验证脚本行为 +3. 可以通过修改 `main.tf` 中的 `expiration_date` 变量来延长或缩短资源生命周期 +4. 脚本会自动从 `.env` 文件读取 `DIGITALOCEAN_TOKEN` + +## 资源列表 + +以下资源将在过期后自动删除: + +- DigitalOcean Droplet +- Load Balancer +- Floating IP +- SSH Key +- Project diff --git a/digitalocean/auto_destroy.sh b/digitalocean/auto_destroy.sh new file mode 100755 index 0000000..092192f --- /dev/null +++ b/digitalocean/auto_destroy.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +set -e + +cd "$(dirname "$0")" + +EXPIRATION_DATE=${1:-"2026-03-03"} +TODAY=$(date +%Y-%m-%d) + +echo "=========================================" +echo "DigitalOcean Auto Destroy Script" +echo "=========================================" +echo "Expiration Date: $EXPIRATION_DATE" +echo "Today: $TODAY" +echo "=========================================" + +if [[ "$TODAY" > "$EXPIRATION_DATE" ]]; then + echo "⚠️ Resources have expired! Destroying all resources..." + + DO_TOKEN=$(grep DIGITALOCEAN_TOKEN .env | cut -d'=' -f2) + + if [ -z "$DO_TOKEN" ]; then + echo "❌ Error: DIGITALOCEAN_TOKEN not found in .env file" + exit 1 + fi + + echo "Running terraform destroy..." + terraform destroy -auto-approve -var="do_token=$DO_TOKEN" + + echo "✅ All resources destroyed successfully!" +else + echo "✅ Resources are still valid. No action needed." + + DAYS_UNTIL_EXPIRY=$(( ($(date -d "$EXPIRATION_DATE" +%s) - $(date -d "$TODAY" +%s)) / 86400 )) + echo "Days until expiry: $DAYS_UNTIL_EXPIRY" +fi + +echo "=========================================" diff --git a/digitalocean/main.tf b/digitalocean/main.tf new file mode 100644 index 0000000..9337555 --- /dev/null +++ b/digitalocean/main.tf @@ -0,0 +1,153 @@ +terraform { + required_providers { + digitalocean = { + source = "digitalocean/digitalocean" + version = ">= 2.0.0" + } + } +} + +provider "digitalocean" { + token = var.do_token +} + +locals { + balance_json = jsondecode(data.http.do_balance.response_body) +} + +data "http" "do_balance" { + url = "https://api.digitalocean.com/v2/customers/my/balance" + + request_headers = { + Authorization = "Bearer ${var.do_token}" + } +} + +variable "do_token" { + description = "DigitalOcean API Token" + type = string + sensitive = true +} + +variable "project_name" { + description = "Project name" + type = string + default = "terraform-project" +} + +variable "region" { + description = "DigitalOcean region" + type = string + default = "nyc3" +} + +variable "droplet_size" { + description = "Droplet size slug" + type = string + default = "s-1vcpu-1gb" +} + +variable "droplet_image" { + description = "Droplet image slug" + type = string + default = "ubuntu-22-04-x64" +} + +variable "ssh_public_key_path" { + description = "Path to SSH public key file" + type = string + default = "" +} + +variable "expiration_date" { + description = "Expiration date in YYYY-MM-DD format. Use with destroy script" + type = string + default = "2026-03-03" +} + +resource "digitalocean_project" "main" { + name = var.project_name + description = "Managed by Terraform" + purpose = "Web Application" + environment = "Development" +} + +resource "digitalocean_ssh_key" "main" { + count = var.ssh_public_key_path != "" ? 1 : 0 + name = "${var.project_name}-ssh-key" + public_key = file(var.ssh_public_key_path) +} + +resource "digitalocean_droplet" "web" { + image = var.droplet_image + name = "${var.project_name}-web-1" + region = var.region + size = var.droplet_size + + ssh_keys = var.ssh_public_key_path != "" ? [digitalocean_ssh_key.main[0].fingerprint] : [] + + tags = ["${var.project_name}-web"] + + monitoring = true +} + +resource "digitalocean_loadbalancer" "public" { + name = "${var.project_name}-lb" + region = var.region + + forwarding_rule { + entry_port = 80 + entry_protocol = "http" + + target_port = 80 + target_protocol = "http" + } + + healthcheck { + port = 80 + protocol = "http" + path = "/" + } + + droplet_ids = [digitalocean_droplet.web.id] +} + +resource "digitalocean_floating_ip" "main" { + droplet_id = digitalocean_droplet.web.id + region = var.region +} + +output "droplet_ip" { + description = "Public IP of the droplet" + value = digitalocean_droplet.web.ipv4_address +} + +output "droplet_name" { + description = "Name of the droplet" + value = digitalocean_droplet.web.name +} + +output "loadbalancer_ip" { + description = "Public IP of the load balancer" + value = digitalocean_loadbalancer.public.ip +} + +output "floating_ip" { + description = "Floating IP address" + value = digitalocean_floating_ip.main.ip_address +} + +output "account_balance" { + description = "DigitalOcean account balance" + value = local.balance_json.account_balance +} + +output "month_to_date_balance" { + description = "Month to date balance" + value = local.balance_json.month_to_date_balance +} + +output "month_to_date_usage" { + description = "Month to date usage" + value = local.balance_json.month_to_date_usage +} diff --git a/heroku/.env b/heroku/.env new file mode 100644 index 0000000..7f304b3 --- /dev/null +++ b/heroku/.env @@ -0,0 +1,2 @@ +HRKU-AAUX0JnQ334X9YT6wmhiLQWNzhJQIzR6u7CqHhpNuZYA_____wZAJIaLwSNQ +houzhongxu@seekkey.tech \ No newline at end of file diff --git a/heroku/README.md b/heroku/README.md new file mode 100644 index 0000000..c1516f7 --- /dev/null +++ b/heroku/README.md @@ -0,0 +1,127 @@ +# Heroku Terraform 配置说明 + +## 当前状态 + +由于网络连接问题,无法自动下载 Heroku Terraform provider。以下是解决方案。 + +## 方案一:手动下载 Provider(推荐) + +### 1. 手动下载 Heroku Provider + +```bash +# 创建插件目录 +mkdir -p ~/.terraform.d/plugins/linux_amd64/ + +# 下载 provider(需要网络连接) +cd ~/.terraform.d/plugins/linux_amd64/ +wget https://github.com/heroku/terraform-provider-heroku/releases/download/v5.3.2/terraform-provider-heroku_5.3.2_linux_amd64.zip + +# 解压 +unzip terraform-provider-heroku_5.3.2_linux_amd64.zip +rm terraform-provider-heroku_5.3.2_linux_amd64.zip + +# 返回项目目录 +cd /home/ben/terraform/heroku + +# 初始化 +terraform init +``` + +### 2. 使用配置文件 + +```bash +# 应用配置 +terraform apply -var="heroku_api_key=$(head -1 .env)" -var="heroku_email=$(tail -1 .env)" +``` + +## 方案二:使用 Heroku CLI(替代方案) + +如果 Terraform provider 无法使用,可以直接使用 Heroku CLI: + +### 安装 Heroku CLI + +```bash +# 使用 snap 安装 +sudo snap install --classic heroku + +# 或使用 npm +npm install -g heroku +``` + +### 登录 Heroku + +```bash +heroku login +``` + +### 创建应用 + +```bash +# 创建新应用 +heroku create my-app + +# 查看应用 +heroku apps + +# 添加 PostgreSQL +heroku addons:create heroku-postgresql:essential-0 + +# 添加 Redis +heroku addons:create heroku-redis:mini + +# 设置环境变量 +heroku config:set NODE_ENV=production PORT=8080 + +# 查看日志 +heroku logs --tail + +# 部署应用 +git push heroku main +``` + +## 方案三:使用 HTTP 代理 + +如果你有可用的代理,可以配置环境变量: + +```bash +# 设置代理 +export HTTP_PROXY=http://your-proxy:port +export HTTPS_PROXY=http://your-proxy:port + +# 初始化 Terraform +terraform init +``` + +## 当前账户信息 + +根据 API 查询,你的 Heroku 账户有以下应用: + +- **应用名称**: cauldron +- **应用 URL**: https://cauldron-6e3816f9af3f.herokuapp.com/ +- **Stack**: heroku-24 +- **区域**: us +- **邮箱**: houzhongxu@seekkey.tech + +## Terraform 配置文件说明 + +[main.tf](file:///home/ben/terraform/heroku/main.tf) 包含以下资源: + +1. **Heroku App** - 主应用 +2. **Formation** - Web dyno 配置 +3. **PostgreSQL Add-on** - 数据库 +4. **Redis Add-on** - 缓存 +5. **Config Vars** - 环境变量 + +## 可自定义的变量 + +- `app_name` - 应用名称(默认:terraform-app) +- `region` - 区域(默认:us) +- `stack` - Stack 版本(默认:heroku-22) +- `dyno_size` - Dyno 规格(默认:basic) + +## 注意事项 + +1. Heroku 免费版已经停止,需要付费使用 +2. Add-ons 会产生额外费用 +3. 建议先在测试环境验证配置 +4. 记得定期检查账单和资源使用情况 diff --git a/heroku/main.tf b/heroku/main.tf new file mode 100644 index 0000000..5f3904e --- /dev/null +++ b/heroku/main.tf @@ -0,0 +1,99 @@ +terraform { + required_providers { + heroku = { + source = "heroku/heroku" + } + } +} + +provider "heroku" { + email = var.heroku_email + api_key = var.heroku_api_key +} + +variable "heroku_api_key" { + description = "Heroku API Key" + type = string + sensitive = true +} + +variable "heroku_email" { + description = "Heroku Email" + type = string +} + +variable "app_name" { + description = "Heroku App Name" + type = string + default = "terraform-app" +} + +variable "region" { + description = "Heroku Region" + type = string + default = "us" +} + +variable "stack" { + description = "Heroku Stack" + type = string + default = "heroku-22" +} + +variable "dyno_size" { + description = "Dyno Size" + type = string + default = "basic" +} + +resource "heroku_app" "main" { + name = var.app_name + region = var.region + stack = var.stack +} + +resource "heroku_formation" "web" { + app_id = heroku_app.main.id + type = "web" + quantity = 1 + size = var.dyno_size +} + +resource "heroku_addon" "postgres" { + app_id = heroku_app.main.id + plan = "heroku-postgresql:essential-0" +} + +resource "heroku_addon" "redis" { + app_id = heroku_app.main.id + plan = "heroku-redis:mini" +} + +resource "heroku_config" "app_config" { + sensitive_vars = { + NODE_ENV = "production" + PORT = "8080" + } +} + +output "app_url" { + description = "Heroku App URL" + value = "https://${var.app_name}.herokuapp.com" +} + +output "app_name" { + description = "Heroku App Name" + value = heroku_app.main.name +} + +output "postgres_url" { + description = "PostgreSQL Database URL" + value = heroku_addon.postgres.config_var_values + sensitive = true +} + +output "redis_url" { + description = "Redis URL" + value = heroku_addon.redis.config_var_values + sensitive = true +} diff --git a/modules/network/main.tf b/modules/network/main.tf new file mode 100644 index 0000000..634dafc --- /dev/null +++ b/modules/network/main.tf @@ -0,0 +1,13 @@ +# 通用网络模块示例 +# 这是一个跨云网络模块的示例结构 +# 实际实现需要根据具体的云平台进行调整 + +resource "null_resource" "network_example" { + triggers = { + name = var.network_name + } + + provisioner "local-exec" { + command = "echo '创建网络: ${var.network_name}'" + } +} \ No newline at end of file diff --git a/modules/network/outputs.tf b/modules/network/outputs.tf new file mode 100644 index 0000000..9fe9dba --- /dev/null +++ b/modules/network/outputs.tf @@ -0,0 +1,9 @@ +output "network_name" { + description = "网络名称" + value = var.network_name +} + +output "cidr_block" { + description = "CIDR 地址块" + value = var.cidr_block +} \ No newline at end of file diff --git a/modules/network/variables.tf b/modules/network/variables.tf new file mode 100644 index 0000000..61bbe78 --- /dev/null +++ b/modules/network/variables.tf @@ -0,0 +1,17 @@ +variable "network_name" { + description = "网络名称" + type = string + default = "my-network" +} + +variable "cidr_block" { + description = "CIDR 地址块" + type = string + default = "10.0.0.0/16" +} + +variable "tags" { + description = "资源标签" + type = map(string) + default = {} +} \ No newline at end of file diff --git a/oracle/README.md b/oracle/README.md new file mode 100644 index 0000000..8a4d6e9 --- /dev/null +++ b/oracle/README.md @@ -0,0 +1,73 @@ +# Oracle Cloud (OCI) Terraform 配置 + +## 项目结构 + +``` +oracle/ +├── main.tf # 根配置(Provider 定义) +├── modules/ # 共享模块 +│ ├── vcn/ # 虚拟云网络模块 +│ │ ├── main.tf +│ │ ├── variables.tf +│ │ └── outputs.tf +│ └── compute/ # 计算实例模块 +│ ├── main.tf +│ └── variables.tf +└── environments/ # 环境特定配置 + ├── dev/ # 开发环境 + │ ├── main.tf + │ └── variables.tf + └── prod/ # 生产环境 + ├── main.tf + └── variables.tf +``` + +## 配置说明 + +### 1. ~/.oci 配置 +您的 OCI 配置已经位于 `~/.oci/` 目录中,包含: +- `config` - OCI 配置文件 +- `oci_api_key.pem` - 私钥文件 + +Terraform OCI Provider 会自动读取这些配置,无需在代码中硬编码凭证。 + +### 2. 如何使用 + +**开发环境**: +```bash +cd environments/dev +terraform init +terraform plan +terraform apply +``` + +**生产环境**: +```bash +cd environments/prod +terraform init +terraform plan +terraform apply +``` + +### 3. 模块使用 +模块位于 `modules/` 目录,可以在不同环境中重复使用: +```hcl +module "vcn" { + source = "../../modules/vcn" + + compartment_id = var.compartment_id + vcn_name = "my-vcn" + cidr_block = "10.0.0.0/16" +} +``` + +## 优势 +1. **环境隔离**:dev 和 prod 环境完全分离 +2. **代码复用**:模块可在不同环境中共享 +3. **配置安全**:敏感信息存储在 `~/.oci`,不在代码中 +4. **易于扩展**:可添加 staging、test 等环境 + +## 注意事项 +1. 每个环境有独立的 Terraform 状态文件 +2. 建议使用不同的 Compartment 或 Tenancy 隔离环境 +3. 生产环境的 CIDR 和规格应与开发环境不同 \ No newline at end of file diff --git a/oracle/environments/dev/main.tf b/oracle/environments/dev/main.tf new file mode 100644 index 0000000..81d56a0 --- /dev/null +++ b/oracle/environments/dev/main.tf @@ -0,0 +1,38 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = ">= 4.0.0" + } + } +} + +provider "oci" { + # 使用 ~/.oci/config 中的配置 + # 如果 ~/.oci/config 已正确配置,以下参数可以省略 + + # 或者显式指定配置(可选) + # tenancy_ocid = "your-tenancy-ocid" + # user_ocid = "your-user-ocid" + # fingerprint = "your-fingerprint" + # private_key_path = "~/.oci/oci_api_key.pem" + # region = "us-phoenix-1" +} + +module "vcn" { + source = "../../modules/vcn" + + compartment_id = var.compartment_id + vcn_name = "${var.environment}-vcn" + cidr_block = "10.0.0.0/16" + dns_label = "devvcn" +} + +module "compute" { + source = "../../modules/compute" + + compartment_id = var.compartment_id + instance_name = "${var.environment}-instance" + shape = "VM.Standard2.1" + subnet_id = "ocid1.subnet.oc1..example" # 这里应该使用实际的子网 OCID +} \ No newline at end of file diff --git a/oracle/environments/dev/variables.tf b/oracle/environments/dev/variables.tf new file mode 100644 index 0000000..0308057 --- /dev/null +++ b/oracle/environments/dev/variables.tf @@ -0,0 +1,11 @@ +variable "compartment_id" { + description = "开发环境的 Compartment OCID" + type = string + default = "ocid1.compartment.oc1..example" +} + +variable "environment" { + description = "环境名称" + type = string + default = "dev" +} \ No newline at end of file diff --git a/oracle/environments/prod/main.tf b/oracle/environments/prod/main.tf new file mode 100644 index 0000000..9cc934c --- /dev/null +++ b/oracle/environments/prod/main.tf @@ -0,0 +1,38 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = ">= 4.0.0" + } + } +} + +provider "oci" { + # 使用 ~/.oci/config 中的配置 + # 如果 ~/.oci/config 已正确配置,以下参数可以省略 + + # 或者显式指定配置(可选) + # tenancy_ocid = "your-tenancy-ocid" + # user_ocid = "your-user-ocid" + # fingerprint = "your-fingerprint" + # private_key_path = "~/.oci/oci_api_key.pem" + # region = "us-phoenix-1" +} + +module "vcn" { + source = "../../modules/vcn" + + compartment_id = var.compartment_id + vcn_name = "${var.environment}-vcn" + cidr_block = "10.1.0.0/16" # 生产环境使用不同的 CIDR + dns_label = "prodvcn" +} + +module "compute" { + source = "../../modules/compute" + + compartment_id = var.compartment_id + instance_name = "${var.environment}-instance" + shape = "VM.Standard4.2" # 生产环境使用更高的规格 + subnet_id = "ocid1.subnet.oc1..example" # 这里应该使用实际的子网 OCID +} \ No newline at end of file diff --git a/oracle/environments/prod/variables.tf b/oracle/environments/prod/variables.tf new file mode 100644 index 0000000..c9d2943 --- /dev/null +++ b/oracle/environments/prod/variables.tf @@ -0,0 +1,11 @@ +variable "compartment_id" { + description = "生产环境的 Compartment OCID" + type = string + default = "ocid1.compartment.oc1..example" +} + +variable "environment" { + description = "环境名称" + type = string + default = "prod" +} \ No newline at end of file diff --git a/oracle/kr/README.md b/oracle/kr/README.md new file mode 100644 index 0000000..d46adf4 --- /dev/null +++ b/oracle/kr/README.md @@ -0,0 +1,26 @@ +# Oracle Cloud 韩国账号配置 + +## 配置说明 +此目录包含韩国 Oracle Cloud 账号的 Terraform 配置。配置使用 `~/.oci/config` 文件中的 `[korea]` profile。 + +## 账号信息 +- **区域**: ap-chuncheon-1(韩国春川) +- **Profile**: korea +- **密钥文件**: ~/.oci/oci_api_key_kr.pem + +## 使用方法 +```bash +cd /home/ben/terraform/oracle/kr +terraform init +terraform plan +terraform apply +``` + +## 区域特性 +- **韩国春川区域** (ap-chuncheon-1): 位于韩国江原道,提供低延迟访问韩国本地市场 +- 韩国区域的合规要求和服务可用性可能与美国区域不同 + +## 注意事项 +- 确保 `~/.oci/config` 中的 [korea] 配置正确 +- 韩国区域的资源命名可能需要遵守本地化规范 +- 考虑网络延迟和本地合规要求 \ No newline at end of file diff --git a/oracle/kr/main.tf b/oracle/kr/main.tf new file mode 100644 index 0000000..ce4d298 --- /dev/null +++ b/oracle/kr/main.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = ">= 4.0.0" + } + } +} + +provider "oci" { + # 韩国账号配置 - 使用 ~/.oci/config 中的 [korea] profile + config_file_profile = "korea" + + # 或者,如果需要覆盖某些配置,可以显式指定: + # tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaawfv2wd54ly75ppfjgdgap7rtd3vhtziz25dwx23xo4rbkxnxlapq" + # user_ocid = "ocid1.user.oc1..aaaaaaaaqoa2my3fwh3jbayachyylqyneiveydrjliu2qz65ijlc57ehplha" + # fingerprint = "13:bd:ef:e3:bd:b8:5a:35:1a:b4:2d:82:4b:93:ff:19" + # private_key_path = "~/.oci/oci_api_key_kr.pem" + # region = "ap-chuncheon-1" +} \ No newline at end of file diff --git a/oracle/main.tf b/oracle/main.tf new file mode 100644 index 0000000..3b5fd5f --- /dev/null +++ b/oracle/main.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = ">= 4.0.0" + } + } +} + +provider "oci" { + # 使用 ~/.oci/config 中的配置 + # 如果 ~/.oci/config 已正确配置,以下参数可以省略 + + # 或者显式指定配置(可选) + # tenancy_ocid = "your-tenancy-ocid" + # user_ocid = "your-user-ocid" + # fingerprint = "your-fingerprint" + # private_key_path = "~/.oci/oci_api_key.pem" + # region = "us-phoenix-1" +} \ No newline at end of file diff --git a/oracle/modules/compute/main.tf b/oracle/modules/compute/main.tf new file mode 100644 index 0000000..7c49303 --- /dev/null +++ b/oracle/modules/compute/main.tf @@ -0,0 +1,14 @@ +# Oracle 计算实例模块示例 +# 这是一个示例,实际使用时需要替换为真实的 OCI 资源 + +resource "null_resource" "compute_example" { + triggers = { + compartment_id = var.compartment_id + instance_name = var.instance_name + shape = var.shape + } + + provisioner "local-exec" { + command = "echo '创建计算实例: ${var.instance_name},规格: ${var.shape},在 Compartment: ${var.compartment_id}'" + } +} \ No newline at end of file diff --git a/oracle/modules/compute/variables.tf b/oracle/modules/compute/variables.tf new file mode 100644 index 0000000..35a3a9c --- /dev/null +++ b/oracle/modules/compute/variables.tf @@ -0,0 +1,21 @@ +variable "compartment_id" { + description = "Compartment OCID" + type = string +} + +variable "instance_name" { + description = "计算实例名称" + type = string + default = "my-instance" +} + +variable "shape" { + description = "实例规格" + type = string + default = "VM.Standard2.1" +} + +variable "subnet_id" { + description = "子网 OCID" + type = string +} \ No newline at end of file diff --git a/oracle/modules/vcn/main.tf b/oracle/modules/vcn/main.tf new file mode 100644 index 0000000..dcf6323 --- /dev/null +++ b/oracle/modules/vcn/main.tf @@ -0,0 +1,13 @@ +# Oracle VCN 模块示例 +# 这是一个示例,实际使用时需要替换为真实的 OCI 资源 + +resource "null_resource" "vcn_example" { + triggers = { + compartment_id = var.compartment_id + vcn_name = var.vcn_name + } + + provisioner "local-exec" { + command = "echo '创建 VCN: ${var.vcn_name},CIDR: ${var.cidr_block},在 Compartment: ${var.compartment_id}'" + } +} \ No newline at end of file diff --git a/oracle/modules/vcn/outputs.tf b/oracle/modules/vcn/outputs.tf new file mode 100644 index 0000000..0f71536 --- /dev/null +++ b/oracle/modules/vcn/outputs.tf @@ -0,0 +1,9 @@ +output "vcn_name" { + description = "VCN 名称" + value = var.vcn_name +} + +output "cidr_block" { + description = "CIDR 地址块" + value = var.cidr_block +} \ No newline at end of file diff --git a/oracle/modules/vcn/variables.tf b/oracle/modules/vcn/variables.tf new file mode 100644 index 0000000..6a62e6a --- /dev/null +++ b/oracle/modules/vcn/variables.tf @@ -0,0 +1,22 @@ +variable "compartment_id" { + description = "Compartment OCID where the VCN will be created" + type = string +} + +variable "vcn_name" { + description = "Name of the VCN" + type = string + default = "my-vcn" +} + +variable "cidr_block" { + description = "CIDR block for the VCN" + type = string + default = "10.0.0.0/16" +} + +variable "dns_label" { + description = "DNS label for the VCN" + type = string + default = "vcn" +} \ No newline at end of file diff --git a/oracle/us/README.md b/oracle/us/README.md new file mode 100644 index 0000000..3292ec6 --- /dev/null +++ b/oracle/us/README.md @@ -0,0 +1,26 @@ +# Oracle Cloud 美国账号配置 + +## 配置说明 +此目录包含美国 Oracle Cloud 账号的 Terraform 配置。配置使用 `~/.oci/config` 文件中的 `[DEFAULT]` profile。 + +## 账号信息 +- **区域**: us-ashburn-1(弗吉尼亚) +- **Profile**: DEFAULT +- **密钥文件**: ~/.oci/oci_api_key.pem + +## 使用方法 +```bash +cd /home/ben/terraform/oracle/us +terraform init +terraform plan +terraform apply +``` + +## 环境配置 +如果需要多环境(dev/prod),可以考虑: +1. 在此目录下创建 `environments/` 子目录 +2. 或者使用根目录的共享 `environments/` 和 `modules/` 目录 + +## 注意事项 +- 确保 `~/.oci/config` 中的 [DEFAULT] 配置正确 +- 美国区域的资源命名和合规要求可能与其他区域不同 \ No newline at end of file diff --git a/oracle/us/main.tf b/oracle/us/main.tf new file mode 100644 index 0000000..80d7bbe --- /dev/null +++ b/oracle/us/main.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = ">= 4.0.0" + } + } +} + +provider "oci" { + # 美国账号配置 - 使用 ~/.oci/config 中的 [DEFAULT] profile + # config_file_profile = "DEFAULT" # 可选,DEFAULT 是默认值 + + # 或者,如果需要覆盖某些配置,可以显式指定: + # tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaayyhuf6swf2ho4s5acdpee6zssst6j7nkiri4kyfdusxzn3e7p32q" + # user_ocid = "ocid1.user.oc1..aaaaaaaappc7zxue4dlrsjljg4fwl6wcc5smetreuvpqn72heiyvjeeqanqq" + # fingerprint = "36:2f:3e:19:fa:9e:bb:81:30:26:f2:d7:52:d4:1d:88" + # private_key_path = "~/.oci/oci_api_key.pem" + # region = "us-ashburn-1" +} \ No newline at end of file diff --git a/registry.terraform.io/volcengine/volcengine/0.0.186/linux_amd64/terraform-provider-volcengine_v0.0.186 b/registry.terraform.io/volcengine/volcengine/0.0.186/linux_amd64/terraform-provider-volcengine_v0.0.186 new file mode 100755 index 0000000..7a55a89 Binary files /dev/null and b/registry.terraform.io/volcengine/volcengine/0.0.186/linux_amd64/terraform-provider-volcengine_v0.0.186 differ diff --git a/ssh_keys/GITEA_SSH_SETUP.md b/ssh_keys/GITEA_SSH_SETUP.md new file mode 100644 index 0000000..4cd5a07 --- /dev/null +++ b/ssh_keys/GITEA_SSH_SETUP.md @@ -0,0 +1,68 @@ +# Gitea 部署密钥配置指南 + +## 密钥信息 + +我们创建了使用 Ed25519 算法的 SSH 密钥对,这是目前最安全的 SSH 密钥算法之一。 + +## 密钥文件 + +- **私钥**: `gitea_deploy_key_ed25519` +- **公钥**: `gitea_deploy_key_ed25519.pub` + +## 在 Gitea 中配置部署密钥 + +### 1. 添加部署密钥到 Gitea 仓库 + +1. 登录到你的 Gitea 实例 +2. 导航到你的私有仓库 +3. 点击 "Settings"(设置) +4. 在左侧菜单中选择 "Deploy Keys"(部署密钥) +5. 点击 "Add Key"(添加密钥) +6. 输入密钥标题,例如 "Deployment Key" +7. 将以下公钥内容粘贴到密钥字段中: + +``` +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB1Eiqridn8nvb0nzwX5qfkN7Z4U94vKtvCBf0pbDHvz gitea-deploy-key@private +``` + +8. 选择适当的权限(通常选择 "Read" 权限用于部署) +9. 点击 "Add Key"(添加密钥) + +### 2. 配置服务器使用私钥 + +将私钥 `gitea_deploy_key_ed25519` 安装到你的部署服务器上: + +1. 将私钥复制到服务器上的 `~/.ssh/` 目录 +2. 设置正确的权限: + ```bash + chmod 600 ~/.ssh/gitea_deploy_key_ed25519 + ``` +3. 配置 SSH 客户端使用此密钥(在 `~/.ssh/config` 中): + ``` + Host your-gitea-host.com + IdentityFile ~/.ssh/gitea_deploy_key_ed25519 + User git + ``` + +### 3. 在 CI/CD 中使用 + +如果你在 CI/CD 系统中使用此密钥: + +1. 将私钥内容作为密钥存储在 CI/CD 系统中 +2. 在构建脚本中创建临时 SSH 配置: + ```bash + mkdir -p ~/.ssh + echo "$GITEA_DEPLOY_KEY" > ~/.ssh/gitea_deploy_key_ed25519 + chmod 600 ~/.ssh/gitea_deploy_key_ed25519 + ``` + +## 安全注意事项 + +- 保护好私钥文件,不要将其提交到代码仓库 +- 定期轮换部署密钥(建议每6-12个月) +- 使用最小权限原则,只为密钥分配必要的访问权限 +- 监控密钥的使用情况 + +## 备用密钥 + +我们也保留了 ECDSA 密钥作为备用选项,但建议优先使用 Ed25519 密钥。 \ No newline at end of file diff --git a/ssh_keys/USAGE_INSTRUCTIONS.md b/ssh_keys/USAGE_INSTRUCTIONS.md new file mode 100644 index 0000000..67b28cc --- /dev/null +++ b/ssh_keys/USAGE_INSTRUCTIONS.md @@ -0,0 +1,69 @@ +# SSH 密钥使用说明 + +## 默认 SSH 密钥配置 + +我们已创建了 Ed25519 加密的 SSH 密钥对,作为你的默认 SSH 密钥。 + +### 密钥文件位置 + +- **私钥**: `/home/ben/terraform/ssh_keys/gitea_deploy_key_ed25519` +- **公钥**: `/home/ben/terraform/ssh_keys/gitea_deploy_key_ed25519.pub` +- **SSH 配置**: `/home/ben/terraform/ssh_keys/config` + +### 如何使用(推荐方法) + +由于安全限制,我们不能直接修改你的主目录下的 `.ssh` 文件夹。请按以下步骤使用这些密钥: + +#### 方法 1: 复制配置文件 +```bash +# 备份现有配置(如有) +cp ~/.ssh/config ~/.ssh/config.backup 2>/dev/null || true + +# 复制新的配置 +cp /home/ben/terraform/ssh_keys/config ~/.ssh/config + +# 设置正确的权限 +chmod 600 ~/.ssh/config +``` + +#### 方法 2: 手动添加到现有配置 +如果已有 SSH 配置,可将以下内容追加到 `~/.ssh/config`: + +``` +# 默认使用 Ed25519 密钥 +Host * + IdentityFile /home/ben/terraform/ssh_keys/gitea_deploy_key_ed25519 + IdentitiesOnly yes +``` + +### 验证密钥 + +要验证 SSH 密钥是否正常工作: + +```bash +# 测试 SSH 连接 +ssh -T -i /home/ben/terraform/ssh_keys/gitea_deploy_key_ed25519 git@your-gitea-server.com +``` + +### 权限设置 + +确保密钥文件有正确的权限: + +```bash +chmod 600 /home/ben/terraform/ssh_keys/gitea_deploy_key_ed25519 +chmod 644 /home/ben/terraform/ssh_keys/gitea_deploy_key_ed25519.pub +``` + +### 在 Gitea 中使用 + +1. 将公钥内容添加到 Gitea 的部署密钥中 +2. 公钥内容可通过以下命令查看: + ```bash + cat /home/ben/terraform/ssh_keys/gitea_deploy_key_ed25519.pub + ``` + +### 安全提示 + +- 保护好私钥文件,不要分享给他人 +- 定期更换密钥(建议每6-12个月) +- 使用 `IdentitiesOnly yes` 可防止 SSH 代理泄露 \ No newline at end of file diff --git a/ssh_keys/config b/ssh_keys/config new file mode 100644 index 0000000..e427b49 --- /dev/null +++ b/ssh_keys/config @@ -0,0 +1,18 @@ +# SSH Config for Default Key Usage + +# 默认使用 Ed25519 密钥 +Host * + IdentityFile /home/ben/terraform/ssh_keys/gitea_deploy_key_ed25519 + IdentitiesOnly yes + +# Gitea 专用配置 +Host gitea.* + IdentityFile /home/ben/terraform/ssh_keys/gitea_deploy_key_ed25519 + User git + IdentitiesOnly yes + +# 火山引擎相关配置 +Host *.volces.com + IdentityFile /home/ben/terraform/ssh_keys/gitea_deploy_key_ed25519 + User git + IdentitiesOnly yes \ No newline at end of file diff --git a/volcengine/.gitignore b/volcengine/.gitignore new file mode 100644 index 0000000..6fce632 --- /dev/null +++ b/volcengine/.gitignore @@ -0,0 +1,29 @@ +# Terraform files +*.tfstate +*.tfstate.* +*.tfvars +*.tfvars.json +*.tmp + +# Terraform directories +.terraform/ +.terraform.lock.hcl + +# Terragrunt files +.terragrunt-cache/ + +# Other common files +crash.log +crash.*.log +*.pid +*.backup + +# Sensitive files +*.key +*.pem +*.crt +*.cert + +# Local environment files +.env +.local \ No newline at end of file diff --git a/volcengine/CROSS_ARCHITECTURE.md b/volcengine/CROSS_ARCHITECTURE.md new file mode 100644 index 0000000..b215a68 --- /dev/null +++ b/volcengine/CROSS_ARCHITECTURE.md @@ -0,0 +1,95 @@ +# 跨架构运行说明 + +## 支持的架构 + +此 Terraform 配置支持以下架构: +- Linux AMD64 (x86_64) +- Linux ARM64 +- macOS AMD64 +- macOS ARM64 (Apple Silicon) + +## 本地部署(当前配置) + +当前配置使用本地预下载的 provider,仅支持 Linux AMD64 架构。如需在其他架构上运行,请按以下步骤操作: + +### 1. 删除本地 provider 配置 + +```bash +# 进入相应目录 +cd /path/to/volcengine/personal +# 或 +cd /path/to/volcengine/company + +# 删除本地 provider 配置 +rm -rf .terraform .terraformrc +``` + +### 2. 下载对应架构的 provider + +根据不同架构下载对应的 provider: + +- AMD64: `terraform-provider-volcengine_v0.0.186_linux_amd64.zip` +- ARM64: `terraform-provider-volcengine_v0.0.186_linux_arm64.zip` + +### 3. 配置 provider 路径 + +创建相应的目录结构并放置 provider 文件: + +```bash +mkdir -p ~/.terraform.d/plugins/registry.terraform.io/volcengine/volcengine/0.0.186/_/ +``` + +### 4. 使用网络下载(推荐) + +最简单的方式是允许 Terraform 自动下载适合当前架构的 provider: + +```bash +# 删除本地配置 +rm .terraformrc + +# 运行初始化 +terraform init +``` + +Terraform 会自动下载适合当前架构的 provider。 + +## GitHub Actions 部署示例 + +```yaml +name: Deploy to VolcEngine +on: + push: + branches: [ main ] + +jobs: + deploy: + runs-on: ubuntu-latest # 或 ubuntu-22.04-arm + + strategy: + matrix: + arch: [amd64, arm64] + + steps: + - uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: 1.5.0 + + - name: Initialize Terraform + run: terraform init + + - name: Plan + run: terraform plan + + - name: Apply + run: terraform apply -auto-approve +``` + +## 注意事项 + +1. **认证信息** - 确保在不同环境中正确配置了访问密钥 +2. **网络连接** - 确保可以访问火山引擎 API +3. **权限** - 确保有足够的权限创建所需的资源 +4. **配额** - 检查目标区域的资源配额 \ No newline at end of file diff --git a/volcengine/GIT_EXCLUDES.md b/volcengine/GIT_EXCLUDES.md new file mode 100644 index 0000000..3dcf550 --- /dev/null +++ b/volcengine/GIT_EXCLUDES.md @@ -0,0 +1,89 @@ +# Terraform 代码仓库最佳实践 + +## 应该提交到仓库的文件 + +1. **配置文件**: + - `main.tf` - 主配置文件 + - `variables.tf` - 变量定义 + - `outputs.tf` - 输出定义 + - `providers.tf` - Provider 配置 + - `versions.tf` - 版本约束 + +2. **文档文件**: + - `README.md` - 项目说明 + - `CHANGELOG.md` - 变更日志 + - `LICENSE` - 许可证 + +3. **配置文件**: + - `.gitignore` - Git 忽略规则 + - `terraform.tfvars.example` - 变量示例文件 + +## 不应该提交到仓库的文件 + +### 1. 状态文件 (.tfstate) +- **原因**: 包含敏感信息和当前基础设施状态 +- **风险**: 泄露基础设施详情,可能导致安全问题 +- **位置**: `terraform.tfstate`, `terraform.tfstate.backup` + +### 2. 本地配置文件 (terraform.tfvars) +- **原因**: 包含敏感的访问密钥和配置 +- **替代方案**: 提交 `terraform.tfvars.example` 作为模板 + +### 3. Provider 目录 (.terraform/) +- **原因**: + - 包含下载的 provider 二进制文件 + - 文件体积大,不适合存入 Git + - 二进制文件在不同架构上不同 +- **说明**: 每个用户应通过 `terraform init` 下载 + +### 4. 锁定文件 (.terraform.lock.hcl) +- **原因**: 包含特定于本地系统的 provider 校验和 +- **例外**: 如果团队使用相同架构,可选择提交 + +### 5. 临时和日志文件 +- **原因**: 临时文件,不应进入版本控制 +- **包括**: 日志文件、备份文件、临时文件 + +## 推荐的 .gitignore 模式 + +``` +# Terraform +*.tfstate +*.tfstate.* +.terraform/ +.terraform.lock.hcl + +# Sensitive files +terraform.tfvars + +# Logs +*.log +*.backup +``` + +## 安全注意事项 + +1. **绝不要提交敏感信息**: + - 访问密钥 (Access Keys) + - 私钥 (Private Keys) + - 密码 (Passwords) + - 其他认证信息 + +2. **使用环境变量或外部密钥管理**: + - AWS Secrets Manager + - HashiCorp Vault + - 环境变量 + +3. **定期审查**: + - 检查是否有敏感信息被意外提交 + - 使用 `git-secrets` 等工具扫描 + +## 工作流程 + +1. 开发者克隆仓库 +2. 创建 `terraform.tfvars` 文件 (不提交) +3. 运行 `terraform init` 下载 providers +4. 运行 `terraform plan` 和 `terraform apply` +5. 状态文件仅保存在本地或远程后端 + +这样可以确保代码库的安全性和可移植性。 \ No newline at end of file diff --git a/volcengine/README.md b/volcengine/README.md new file mode 100644 index 0000000..9c61588 --- /dev/null +++ b/volcengine/README.md @@ -0,0 +1,72 @@ +# 火山引擎 Terraform 配置 + +此目录包含火山引擎的 Terraform 配置文件,分为个人账号和企业账号两个环境。 + +## 目录结构 + +``` +volcengine/ +├── personal/ # 个人账号配置 +│ ├── main.tf +│ ├── variables.tf +│ ├── terraform.tfvars +│ └── README.md +└── company/ # 企业账号配置 + ├── main.tf + ├── variables.tf + ├── terraform.tfvars + └── README.md +``` + +## 使用说明 + +### 个人账号 + +1. 进入个人账号目录: +```bash +cd /home/ben/terraform/volcengine/personal +``` + +2. 初始化 Terraform: +```bash +terraform init +``` + +3. 查看计划: +```bash +terraform plan +``` + +4. 应用配置: +```bash +terraform apply +``` + +### 企业账号 + +1. 进入企业账号目录: +```bash +cd /home/ben/terraform/volcengine/company +``` + +2. 初始化 Terraform: +```bash +terraform init +``` + +3. 查看计划: +```bash +terraform plan +``` + +4. 应用配置: +```bash +terraform apply +``` + +## 注意事项 + +- 请确保已安装火山引擎的 Terraform Provider +- 敏感信息已存储在 terraform.tfvars 文件中 +- 在生产环境中使用前请仔细检查所有配置 +- 可以根据需要修改 variables.tf 中的默认值 \ No newline at end of file diff --git a/volcengine/common/main.tf b/volcengine/common/main.tf new file mode 100644 index 0000000..92361e6 --- /dev/null +++ b/volcengine/common/main.tf @@ -0,0 +1,41 @@ +# 火山引擎 Terraform 配置 - 支持多架构 +# 适用于 x86_64 和 ARM64 架构 + +# 提供商要求 +terraform { + required_providers { + volcengine = { + source = "volcengine/volcengine" + version = "0.0.186" + } + } +} + +# 提供商配置 +provider "volcengine" { + region = var.region + access_key = var.access_key_id + secret_key = var.secret_access_key +} + +# 示例资源 - VPC +resource "volcengine_vpc" "example_vpc" { + vpc_name = var.vpc_name + cidr_block = var.cidr_block +} + +# 输出信息 +output "vpc_id" { + description = "VPC ID" + value = volcengine_vpc.example_vpc.id +} + +output "vpc_name" { + description = "VPC Name" + value = volcengine_vpc.example_vpc.vpc_name +} + +output "region" { + description = "Region" + value = var.region +} \ No newline at end of file diff --git a/volcengine/company/.gitignore b/volcengine/company/.gitignore new file mode 100644 index 0000000..c4798a8 --- /dev/null +++ b/volcengine/company/.gitignore @@ -0,0 +1,15 @@ +# Terraform files +*.tfstate +*.tfstate.* +.terraform/ +.terraform.lock.hcl + +# Sensitive files +terraform.tfvars + +# Local temporary files +*.tmp +*.backup + +# Terragrunt +.terragrunt-cache/ \ No newline at end of file diff --git a/volcengine/company/.terraformrc b/volcengine/company/.terraformrc new file mode 100644 index 0000000..00cc2d8 --- /dev/null +++ b/volcengine/company/.terraformrc @@ -0,0 +1,9 @@ +provider_installation { + filesystem_mirror { + path = "/home/ben/terraform" + include = ["volcengine/*"] + } + direct { + exclude = ["volcengine/*"] + } +} \ No newline at end of file diff --git a/volcengine/company/config b/volcengine/company/config new file mode 100644 index 0000000..1f909a8 --- /dev/null +++ b/volcengine/company/config @@ -0,0 +1,5 @@ +# 火山引擎企业账号配置 +[company] +access_key_id = AKLTZTc2N2VhMDkyMThlNDFlMmIxYjU1ZDBiNmJmNmM4OWM +secret_access_key = TVRJeU16aGtNekk1TWpjM05ETTRZams1TURnNU1HUTVNMlZtWTJOalltUQ== +region = cn-beijing \ No newline at end of file diff --git a/volcengine/company/main.tf b/volcengine/company/main.tf new file mode 100644 index 0000000..dbf61f5 --- /dev/null +++ b/volcengine/company/main.tf @@ -0,0 +1,32 @@ +# 火山引擎 Terraform 配置 - 企业账号 + +terraform { + required_providers { + volcengine = { + source = "volcengine/volcengine" + version = "0.0.186" # 使用最新可用版本 + } + } +} + +# 示例资源 - VPC +resource "volcengine_vpc" "company_vpc" { + vpc_name = var.vpc_name + cidr_block = var.cidr_block +} + +# 输出信息 +output "vpc_id" { + description = "Company VPC ID" + value = volcengine_vpc.company_vpc.id +} + +output "vpc_name" { + description = "Company VPC Name" + value = volcengine_vpc.company_vpc.vpc_name +} + +output "region" { + description = "Region" + value = var.region +} \ No newline at end of file diff --git a/volcengine/company/providers.tf b/volcengine/company/providers.tf new file mode 100644 index 0000000..9bc0ffb --- /dev/null +++ b/volcengine/company/providers.tf @@ -0,0 +1,6 @@ +# 配置本地 provider +provider "volcengine" { + region = var.region + access_key = var.access_key_id + secret_key = var.secret_access_key +} \ No newline at end of file diff --git a/volcengine/company/variables.tf b/volcengine/company/variables.tf new file mode 100644 index 0000000..e28d7e0 --- /dev/null +++ b/volcengine/company/variables.tf @@ -0,0 +1,30 @@ +# 火山引擎 Terraform 变量定义 + +variable "region" { + description = "目标区域" + type = string + default = "cn-beijing" +} + +variable "access_key_id" { + description = "访问密钥ID" + type = string +} + +variable "secret_access_key" { + description = "秘密访问密钥" + type = string + sensitive = true +} + +variable "vpc_name" { + description = "VPC名称" + type = string + default = "terraform-vpc" +} + +variable "cidr_block" { + description = "VPC CIDR块" + type = string + default = "10.0.0.0/16" +} \ No newline at end of file diff --git a/volcengine/main.tf b/volcengine/main.tf new file mode 100644 index 0000000..4e71028 --- /dev/null +++ b/volcengine/main.tf @@ -0,0 +1,15 @@ +terraform { + required_providers { + volcengine = { + source = "volcengine/volcengine" + version = "0.0.129" + } + } +} + +provider "volcengine" { + # 这里需要配置访问凭证 + # access_key = "your-access-key" + # secret_key = "your-secret-key" + # region = "cn-beijing" +} \ No newline at end of file diff --git a/volcengine/personal/.gitignore b/volcengine/personal/.gitignore new file mode 100644 index 0000000..c4798a8 --- /dev/null +++ b/volcengine/personal/.gitignore @@ -0,0 +1,15 @@ +# Terraform files +*.tfstate +*.tfstate.* +.terraform/ +.terraform.lock.hcl + +# Sensitive files +terraform.tfvars + +# Local temporary files +*.tmp +*.backup + +# Terragrunt +.terragrunt-cache/ \ No newline at end of file diff --git a/volcengine/personal/.terraformrc b/volcengine/personal/.terraformrc new file mode 100644 index 0000000..00cc2d8 --- /dev/null +++ b/volcengine/personal/.terraformrc @@ -0,0 +1,9 @@ +provider_installation { + filesystem_mirror { + path = "/home/ben/terraform" + include = ["volcengine/*"] + } + direct { + exclude = ["volcengine/*"] + } +} \ No newline at end of file diff --git a/volcengine/personal/config b/volcengine/personal/config new file mode 100644 index 0000000..32bea71 --- /dev/null +++ b/volcengine/personal/config @@ -0,0 +1,5 @@ +# 火山引擎个人账号配置 +[personal] +access_key_id = AKLTYWQwMjgyNWM1ZmIzNDk3MTljYzNmNTgyMjQ2NzU2ZGY +secret_access_key = T0RGak9UY3dZV05qT1RCbU5HVXpabUkwTXpSaVpEQmlNbVF3WWpObU0yTQ== +region = cn-beijing \ No newline at end of file diff --git a/volcengine/personal/main.tf b/volcengine/personal/main.tf new file mode 100644 index 0000000..bfd3da5 --- /dev/null +++ b/volcengine/personal/main.tf @@ -0,0 +1,32 @@ +# 火山引擎 Terraform 配置 - 个人账号 + +terraform { + required_providers { + volcengine = { + source = "volcengine/volcengine" + version = "0.0.186" # 使用最新可用版本 + } + } +} + +# 示例资源 - VPC +resource "volcengine_vpc" "personal_vpc" { + vpc_name = var.vpc_name + cidr_block = var.cidr_block +} + +# 输出信息 +output "vpc_id" { + description = "Personal VPC ID" + value = volcengine_vpc.personal_vpc.id +} + +output "vpc_name" { + description = "Personal VPC Name" + value = volcengine_vpc.personal_vpc.vpc_name +} + +output "region" { + description = "Region" + value = var.region +} \ No newline at end of file diff --git a/volcengine/personal/providers.tf b/volcengine/personal/providers.tf new file mode 100644 index 0000000..9bc0ffb --- /dev/null +++ b/volcengine/personal/providers.tf @@ -0,0 +1,6 @@ +# 配置本地 provider +provider "volcengine" { + region = var.region + access_key = var.access_key_id + secret_key = var.secret_access_key +} \ No newline at end of file diff --git a/volcengine/personal/variables.tf b/volcengine/personal/variables.tf new file mode 100644 index 0000000..7a65f82 --- /dev/null +++ b/volcengine/personal/variables.tf @@ -0,0 +1,30 @@ +# 火山引擎 Terraform 变量定义 + +variable "region" { + description = "目标区域" + type = string + default = "cn-beijing" +} + +variable "access_key_id" { + description = "访问密钥ID" + type = string +} + +variable "secret_access_key" { + description = "秘密访问密钥" + type = string + sensitive = true +} + +variable "vpc_name" { + description = "VPC名称" + type = string + default = "terraform-vpc" +} + +variable "cidr_block" { + description = "VPC CIDR块" + type = string + default = "172.16.0.0/16" +} \ No newline at end of file diff --git a/volcengine/provider-config.hcl b/volcengine/provider-config.hcl new file mode 100644 index 0000000..3810101 --- /dev/null +++ b/volcengine/provider-config.hcl @@ -0,0 +1,21 @@ +# 配置多架构支持 +provider_installation { + filesystem_mirror { + path = "${getenv("HOME")}/.terraform.d/plugins" + include = ["volcengine/*"] + } + direct { + exclude = ["volcengine/*"] + } +} + +# 或者允许从网络下载 +provider_installation { + network_mirror { + url = "https://releases.hashicorp.com" + include = ["*/*"] + } + direct { + exclude = [] + } +} \ No newline at end of file