Terraform + GitLab实现云上基础设施CICD

[evanash1222]

解决方案

部署GitLab服务

参照文档部署GitLab服务 https://about.gitlab.com/install/#centos-7

部署GitLab Runner

参照文档部署GitLab Runner https://docs.gitlab.com/runner/install/linux-repository.html 注意事项：

1. GitLab Runner需要部署在同 GitLab 服务不同的服务器节点
2. 如果 GitLab Runner 使用 Docker executor，那么请确保 GitLab Runner所在的服务器部署了 Docker 环境
3. Docker 默认镜像为 hashicorp/terraform
4. 建议服务器开通在海外，可以加速拉取Terraform provider

   编写.gitlab-ci.yml文件

   建议使用官方默认的terraform yaml文件来定义pipeline的步骤，熟练了gitlab cicd语言后可以自行定义。

   
   include:
   # To fetch the latest template, use:
   - template: Terraform.latest.gitlab-ci.yml

variables: TF_STATE_NAME: default TF_CACHE_KEY: default TF_ROOT: Terraform

![image.png](https://cdn.nlark.com/yuque/0/2022/png/12832404/1660186598702-760b4dd0-c5c0-4f3c-8d56-00e97c2a639c.png#clientId=u8613a6df-5f86-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=736&id=u1f4bbca0&margin=%5Bobject%20Object%5D&name=image.png&originHeight=1472&originWidth=2110&originalType=binary&ratio=1&rotation=0&showTitle=false&size=227117&status=done&style=none&taskId=u1596fae3-06e2-4634-949c-2311fab52ab&title=&width=1055)
## 验证步骤

1. 将repository Clone至本地
1. 修改Terraform/main.tf, 对云上基础设施进行增删改查。例如我在已有的VPC内新增一个vswitch

![image.png](https://cdn.nlark.com/yuque/0/2022/png/12832404/1660186598621-de06fd38-07a9-49f3-ab65-5321ca7b13ca.png#clientId=u8613a6df-5f86-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=137&id=u7824d0c7&margin=%5Bobject%20Object%5D&name=image.png&originHeight=274&originWidth=1114&originalType=binary&ratio=1&rotation=0&showTitle=false&size=71852&status=done&style=none&taskId=u46150c57-51a4-4093-961b-dce3b9105f6&title=&width=557)

3. Commit 代码并自动触发pipeline

![image.png](https://cdn.nlark.com/yuque/0/2022/png/12832404/1660186598836-289a3ca0-f68d-4e3e-b153-8ae81071da90.png#clientId=u8613a6df-5f86-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=427&id=u9dd82074&margin=%5Bobject%20Object%5D&name=image.png&originHeight=854&originWidth=1972&originalType=binary&ratio=1&rotation=0&showTitle=false&size=178153&status=done&style=none&taskId=u751f31ba-f452-4d27-a2b9-8691d7e50ba&title=&width=986)

4. 在第三步build阶段会执行Terraform plan输出执行计划供负责人review。负责人确认变动合理后，手动触发deploy步骤执行Terraform apply

![image.png](https://cdn.nlark.com/yuque/0/2022/png/12832404/1660186598482-9914cb0e-c2a0-43f4-9261-24d8f529c4d7.png#clientId=u8613a6df-5f86-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=322&id=u102b39e0&margin=%5Bobject%20Object%5D&name=image.png&originHeight=644&originWidth=1090&originalType=binary&ratio=1&rotation=0&showTitle=false&size=116828&status=done&style=none&taskId=u8531812a-1609-483f-ba58-ea6de2eae70&title=&width=545)
![image.png](https://cdn.nlark.com/yuque/0/2022/png/12832404/1660186598331-177ca6d3-267a-42a7-8e7c-76566133ecec.png#clientId=u8613a6df-5f86-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=115&id=u9264a120&margin=%5Bobject%20Object%5D&name=image.png&originHeight=230&originWidth=1714&originalType=binary&ratio=1&rotation=0&showTitle=false&size=67768&status=done&style=none&taskId=uea51c731-61c9-4d63-a04c-598342d87c1&title=&width=857)