kazu634
/
blog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request 'Terraformerの記事を追加' (#78) from terraformer into master 

Reviewed-on: #78
This commit is contained in:
Kazuhiro MUSASHI 2021-11-27 22:22:29 +09:00
parent 55218289e1 d861141e86
commit 7de8a4bcd4
1 changed files with 269 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

269
content/posts/2021/2021-11-27-terraformer-converts-infra-to-terraform-codes.md Normal file
View File

@ -0,0 +1,269 @@
+++
title = "terraformerを試しに使ってみましたよ"
date = 2021-11-27T22:13:43+09:00
description = "必要に迫られて[terraformer](https://github.com/GoogleCloudPlatform/terraformer)を使ってみました。`terraform import`をお手軽簡単にできるものみたいです。"
tags = ["terraform"]
categories = ["インフラ", "HashiCorp"]
author = "kazu634"
+++
必要に迫られて[terraformer](https://github.com/GoogleCloudPlatform/terraformer)を使ってみました。`terraform import`をお手軽簡単にできるものみたいです。
## terraformerとは
各種クラウドサービスなどから、`Terraform`のコードを生成してくれるツールです。インフラからソースコードを生成します。
## 事前準備
[terraformer](https://github.com/GoogleCloudPlatform/terraformer)を利用する前の準備作業を説明します。
### AWSのIAMユーザー作成
今回はAWSからコードを生成するので、AWSから情報を取得するIAMユーザーを作成します。ポリシーは`ReadOnlyAccess`を割り当ててみました:
<a data-flickr-embed="true" href="https://www.flickr.com/photos/42332031@N02/51708608624/in/dateposted-public/" title="IAM Management C"><img src="https://live.staticflickr.com/65535/51708608624_6881a50569_z.jpg" width="640" height="491" alt="IAM Management C"></a><script async src="//embedr.flickr.com/assets/client-code.js" charset="utf-8"></script>
### AWS認証情報を設定ファイルに格納
`~/.aws/credentials`に先ほど作成したIAMユーザーのアクセスキー・シークレットキーの情報、あとはリージョン情報を格納します:
```ini
[default]
aws_access_key_id=<ここにアクセスキー>
aws_secret_access_key=<ここにシークレットキー>
region=ap-northeast-1
```
## terraformerのインストール
それではインストールしていきます:
```bash
kazu634@bastion2004% export PROVIDER=all
kazu634@bastion2004% curl -LO https://github.com/GoogleCloudPlatform/terraformer/releases/download/$(curl -s https://api.github.com/repos/GoogleCloudPlatform/terraformer/releases/latest | grep tag_name | cut -d '"' -f 4)/terraformer-${PROVIDER}-linux-amd64
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 666 100 666 0 0 2466 0 --:--:-- --:--:-- --:--:-- 2475
100 358M 100 358M 0 0 21.0M 0 0:00:17 0:00:17 --:--:-- 26.9M
kazu634@bastion2004% chmod +x terraformer-${PROVIDER}-linux-amd64
kazu634@bastion2004% sudo mv terraformer-${PROVIDER}-linux-amd64 /usr/local/bin/terraformer
[sudo] password for kazu634:
```
## terraformerを使ってみる
まずはAWSの情報を取得するということを宣言するようで、`init.tf`に`provider “aws” {}`を書き込み、`terraform init`を実行します:
```bash
kazu634@bastion2004% echo 'provider "aws" {}' > init.tf
kazu634@bastion2004% terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/aws...
- Installing hashicorp/aws v3.67.0...
- Installed hashicorp/aws v3.67.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
```
`Route53`の情報を取得する場合は、次のようにします:
```bash
kazu634@bastion2004% terraformer import aws --resources=route53
2021/11/27 21:25:49 aws importing default region
2021/11/27 21:25:51 aws importing... route53
2021/11/27 21:25:52 aws done importing route53
2021/11/27 21:25:52 Number of resources for service route53: 16
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_NS_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_blog-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_pocket-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_minio-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_openvpn-002E-kazu634-002E-com-002E-_CNAME_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_git-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_SOA_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_blog-002E-kazu634-002E-com-002E-_CAA_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_grafana-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_gitea-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_test-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_g-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_faktory-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com
2021/11/27 21:25:54 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_drone-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:55 Filtered number of resources for service route53: 16
2021/11/27 21:25:55 aws Connecting....
2021/11/27 21:25:55 aws save route53
2021/11/27 21:25:55 aws save tfstate for route53
```
すると`generated`というディレクトリーが作成され、その中に`terraform`のソースコードが格納されます:
```bash
kazu634@bastion2004% ll
total 28K
drwxrwxr-x 4 kazu634 kazu634 4.0K Nov 27 21:25 .
drwxr-xr-x 13 kazu634 kazu634 4.0K Nov 26 23:51 ..
drwxrwxr-x 3 kazu634 kazu634 4.0K Nov 27 21:25 generated
-rw-rw-r-- 1 kazu634 kazu634 18 Nov 27 00:54 init.tf
drwxr-xr-x 3 kazu634 kazu634 4.0K Nov 27 00:54 .terraform
-rw-r--r-- 1 kazu634 kazu634 1.1K Nov 27 00:54 .terraform.lock.hcl
```
`generated`の中身はこのようになっています:
```bash
kazu634@bastion2004% pwd
/home/kazu634/works/mnt/others/terraformer/generated
aws
└── route53
├── outputs.tf
├── provider.tf
├── route53_record.tf
├── route53_zone.tf
└── terraform.tfstate
2 directories, 5 files
```
たとえば`route53_record.tf`の中身はこのようになっています:
```bash
kazu634@bastion2004% cat route53_record.tf
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_blog-002E-kazu634-002E-com-002E-_A_" {
name = "blog.kazu634.com"
records = ["52.193.98.253"]
ttl = "86400"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_blog-002E-kazu634-002E-com-002E-_CAA_" {
name = "blog.kazu634.com"
records = ["0 issue \"letsencrypt.org\""]
ttl = "86400"
type = "CAA"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_drone-002E-kazu634-002E-com-002E-_A_" {
name = "drone.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_faktory-002E-kazu634-002E-com-002E-_A_" {
name = "faktory.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_g-002E-kazu634-002E-com-002E-_A_" {
name = "g.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_git-002E-kazu634-002E-com-002E-_A_" {
name = "git.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_gitea-002E-kazu634-002E-com-002E-_A_" {
name = "gitea.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_grafana-002E-kazu634-002E-com-002E-_A_" {
name = "grafana.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_A_" {
name = "kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_NS_" {
name = "kazu634.com"
records = ["ns-1111.awsdns-10.org.", "ns-469.awsdns-58.com.", "ns-720.awsdns-26.net.", "ns-1844.awsdns-38.co.uk."]
ttl = "172800"
type = "NS"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_SOA_" {
name = "kazu634.com"
records = ["ns-720.awsdns-26.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400"]
ttl = "900"
type = "SOA"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_minio-002E-kazu634-002E-com-002E-_A_" {
name = "minio.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_openvpn-002E-kazu634-002E-com-002E-_CNAME_" {
name = "openvpn.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "CNAME"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_pocket-002E-kazu634-002E-com-002E-_A_" {
name = "pocket.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_test-002E-kazu634-002E-com-002E-_A_" {
name = "test.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
```
## まとめ
`terraform import`コマンドを使うと、AWSリソースのIDをいちいち調べて指定して、一つずつインポートするという苦行をしていたのですが、[terraformer](https://github.com/GoogleCloudPlatform/terraformer)を利用するとコマンド一発で`terraform`のコードに落とし込んでもらえるので、だいぶ楽になるということがわかりました。はまるとすると、IAMとかポリシーの部分ですかね。
## 参考
- [Terraformerを使ってTerraformに既存インフラのリソースをインポートする \| 株式会社ビヨンド](https://beyondjapan.com/blog/2020/05/terraformer-import-existing-infrastructure/?utm_source=pocket_mylist)
- [terraformerをmaster accountからassume roleでアクセスMFA必須なAWS環境で使う \- Qiita](https://qiita.com/nntsugu/items/c34fc5183e0b5ffdf88e?utm_source=pocket_mylist)
- [設定ファイルと認証情報ファイルの設定](https://docs.aws.amazon.com/ja_jp/cli/latest/userguide/cli-configure-files.html)
- [ubuntuでtreeコマンドを使う方法 magazine off](https://off.tokyo/blog/ubuntu-tree/)