Terraform을 활용한 NCP 인프라 생성
Published in
76 min readJun 27, 2022
IAC (Infrastructure as a Code)란?
코드형 인프라(Infrastructure as Code, IaC)는 수동 프로세스가 아닌 코드를 통해 인프라를 관리하고 프로비저닝하는 것을 말합니다. 인프라가 코드를 통해 정의되므로 인프라와 서버를 표준화된 패턴을 사용하여 배포하고, 최신 패치와 버전으로 업데이트하거나, 다양한 플랫폼 및 환경에 동일한 인프라 구성 매칭이 가능합니다.
Terraform이란?
Terraform은 Hashicorp에서 오픈소스로 개발중인 클라우드 인프라스트럭처 자동화를 지향하는 코드로서의 인프라스트럭처Infrastructure as Code, IaC 도구입니다. IaC는 코드로 인프라스트럭처를 관리한다는 개념으로 테라폼에서는 하시코프 설정 언어 Hashicorp Configuration Language을 사용해 클라우드 리소스를 선언합니다.
AWS, GCP, Azure, NCP 등 주요 클라우드 서비스를 비롯한 다양한 클라우드 서비스들을 프로바이더 방식으로 제공하고 있습니다. 이를 통해 테라폼만으로 멀티 클라우드의 리소스를 선언하고 코드로 관리하는 것도 가능합니다.
저는 이번 테스트를 local 환경에서 진행하지 않고 NCP에서 리눅스 서버를 생성하여 진행하였습니다.
Terraform을 이용한 NCP Architecture
이번 테스트에서는 Terraform을 이용하여 VPC ,Public Subnet ,Private Subnet을 만들고 Web에 접속 가능한 Bastion Server 그리고 Web Server 2대를 생성합니다. 그리고 Load Balancer를 생성해서 두 대의 서버를 라운드로빈 해주는 과정까지 진행합니다.
진행순서
- Navercloud Platform 인증키 생성 확인
- NCP에서 Terraform을 실행해줄 리눅스 서버 생성
- Terraform 다운로드
- HCL(HashiCorp Configuration Language)를 사용하여 tf파일 작성
- 초기화 및 플러그인들 다운 및 리소스 변경 내역 확인
- apply를 통해 실제 인프라에 적용
- 인프라 리소스 생성 확인
- 인프라 리소스 삭제
1. Navercloud Platform 인증키 생성 확인
NCP 로그인 후 [마이페이지] -> [인증키 관리] -> [현재 비밀번호 입력] -> [API 인증키 관리] 에서 Access Key ID와 Secret Key를 확인합니다.
기존 사용하던 API 인증키가 없을 경우, [신규 인증키 생성] 버튼을 눌러 API 인증키를 생성해줍니다.
2. NCP에서 Terraform을 실행해줄 리눅스 서버 생성 및 접속
NCP의 Server에서 centos-7.8–64 이미지로 서버를 생성하였습니다. 생성한 서버에 접속을 진행해줍니다.
3. Terraform 다운로드
해당 서버에 Terraform을 다운로드 해줍니다.
$ sudo yum install -y yum-utils$ sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo$ sudo yum -y install terraform$ mv terraform /usr/bin/$ terraform version
4. HCL(HashiCorp Configuration Language)를 사용하여 tf파일 작성
main.tf variables.tf versions.tf 3개의 파일을 작성했습니다.
다음 코드를 이용해 아래와 같은 리소스를 생성합니다.
- VPC
- Public Subnet, Private Subnet, LoadBalancer Subnet
- Network ACL
- Login key
- Server
- NAT Gateway
- Public ip
- Init script
- Route Table
- ACG
- LB Target Group, LB
main.tf
main.tf에서는 provider 설정과 VPC를 포함한 대부분의 인프라 코드를 포함하고있습니다.
variables.tf
variables.tf 파일은 테라폼 코드 내에서 자주 쓰이는 값들을 변수로 설정할 수 있습니다.
리소스 이름을 쉽게 설정하기 위해 name_terra로 설정합니다.
SSH 접속 시 Network ACL 설정을 위한 client_ip 을 입력합니다. 그리고 포탈에서 인증키 정보를 access_key, secret_key에 입력합니다. 그 외에 login key나 server image product code, region 등 자주 쓰이는 값들을 변수로 설정해줍니다.
아래 Server product code를 참조하여 원하는 OS 이미지로 바꾸어 사용하셔도 됩니다.
versions.tf
versions.tf에서는 네이버 클라우드 플랫폼 Provider의 버전을 설정합니다. 해당 테스트에서는 Terraform 0.13 버전 이상을 권장합니다.
5. 초기화 및 플러그인들 다운 및 리소스 변경 내역 확인
5.1 terraform init
terraform init은 Terraform 구성 파일이 들어있는 작업 디렉토리를 초기화하는 데 사용됩니다. 새 Terraform 구성을 작성하거나 기존 버전 구성을 버전 제어에서 복제 한 후에 실행해야 하는 첫 번째 명령입니다.
[root@yjro-terraform-svr-01 terraform-o]# terraform initInitializing the backend...Initializing provider plugins...
- Reusing previous version of navercloudplatform/ncloud from the dependency lock file
- Reusing previous version of hashicorp/local from the dependency lock file
- Using previously-installed navercloudplatform/ncloud v2.2.9
- Using previously-installed hashicorp/local v2.2.3Terraform has been successfully initialized!You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
5.2 terraform plan
terraform plan 명령은 실제 인프라에 대한 생성과 변경 전 변경되는 부분에 대해서 확인을 할 수가 있습니다.
Plan: 24 to add, 0 to change, 0 to destroy. -> 인프라에 대한 24건의 신규 생성이 있다는 것을 확인 가능.
[root@yjro-terraform-svr-01 terraform-o]# terraform planTerraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:+ createTerraform will perform the following actions:# local_file.ncp_pem will be created+ resource "local_file" "ncp_pem" {+ content = (sensitive)+ directory_permission = "0777"+ file_permission = "0777"+ filename = "yjro-tf-test2.pem"+ id = (known after apply)}# ncloud_access_control_group.acg_yj_01 will be created+ resource "ncloud_access_control_group" "acg_yj_01" {+ access_control_group_no = (known after apply)+ description = "test"+ id = (known after apply)+ is_default = (known after apply)+ name = "tf-yjro-acg01"+ vpc_no = (known after apply)}# ncloud_access_control_group.acg_yj_02 will be created+ resource "ncloud_access_control_group" "acg_yj_02" {+ access_control_group_no = (known after apply)+ description = "test"+ id = (known after apply)+ is_default = (known after apply)+ name = "tf-yjro-acg02"+ vpc_no = (known after apply)}# ncloud_access_control_group_rule.acg-rule_yj_01 will be created+ resource "ncloud_access_control_group_rule" "acg-rule_yj_01" {+ access_control_group_no = (known after apply)+ id = (known after apply)+ inbound = [+ {+ description = "accept 22 port"+ ip_block = "211.***.***.***/32"+ port_range = "22"+ protocol = "TCP"+ source_access_control_group_no = ""},]+ outbound = [+ {+ description = "accept 1-65535 port"+ ip_block = "0.0.0.0/0"+ port_range = "1-65535"+ protocol = "TCP"+ source_access_control_group_no = ""},]}# ncloud_access_control_group_rule.acg-rule_yj_02 will be created+ resource "ncloud_access_control_group_rule" "acg-rule_yj_02" {+ access_control_group_no = (known after apply)+ id = (known after apply)+ inbound = [+ {+ description = "accept 22 port"+ ip_block = "0.0.0.0/0"+ port_range = "22"+ protocol = "TCP"+ source_access_control_group_no = ""},+ {+ description = "accept 80 port"+ ip_block = "0.0.0.0/0"+ port_range = "80"+ protocol = "TCP"+ source_access_control_group_no = ""},]+ outbound = [+ {+ description = "accept 1-65535 port"+ ip_block = "0.0.0.0/0"+ port_range = "1-65535"+ protocol = "TCP"+ source_access_control_group_no = ""},]}# ncloud_init_script.init_yj_01 will be created+ resource "ncloud_init_script" "init_yj_01" {+ content = <<-EOT#!/bin/bashyum -y install httpdsystemctl enable --now httpdecho $HOSTNAME >> /var/www/html/index.htmlEOT+ description = (known after apply)+ id = (known after apply)+ init_script_no = (known after apply)+ name = "httpd-install"+ os_type = (known after apply)}# ncloud_lb.lb_yj_01 will be created+ resource "ncloud_lb" "lb_yj_01" {+ domain = (known after apply)+ id = (known after apply)+ idle_timeout = (known after apply)+ ip_list = (known after apply)+ listener_no_list = (known after apply)+ load_balancer_no = (known after apply)+ name = "tf-yjro-LB"+ network_type = "PUBLIC"+ subnet_no_list = (known after apply)+ throughput_type = (known after apply)+ type = "APPLICATION"+ vpc_no = (known after apply)}# ncloud_lb_listener.listener will be created+ resource "ncloud_lb_listener" "listener" {+ id = (known after apply)+ listener_no = (known after apply)+ load_balancer_no = (known after apply)+ port = 80+ protocol = "HTTP"+ rule_no_list = (known after apply)+ target_group_no = (known after apply)+ use_http2 = (known after apply)}# ncloud_lb_target_group.tg_yj_01 will be created+ resource "ncloud_lb_target_group" "tg_yj_01" {+ algorithm_type = "RR"+ description = "for test"+ id = (known after apply)+ load_balancer_instance_no = (known after apply)+ name = "tf-yjro-tg"+ port = 80+ protocol = "HTTP"+ target_group_no = (known after apply)+ target_no_list = (known after apply)+ target_type = "VSVR"+ use_proxy_protocol = (known after apply)+ use_sticky_session = (known after apply)+ vpc_no = (known after apply)+ health_check {+ cycle = 30+ down_threshold = 2+ http_method = "GET"+ port = 80+ protocol = "HTTP"+ up_threshold = 2+ url_path = "/"}}# ncloud_lb_target_group_attachment.att will be created+ resource "ncloud_lb_target_group_attachment" "att" {+ id = (known after apply)+ target_group_no = (known after apply)+ target_no_list = (known after apply)}# ncloud_login_key.key_yj_01 will be created+ resource "ncloud_login_key" "key_yj_01" {+ fingerprint = (known after apply)+ id = (known after apply)+ key_name = "yjro-tf-test2"+ private_key = (sensitive value)}# ncloud_nat_gateway.nat_gateway_yj_01 will be created+ resource "ncloud_nat_gateway" "nat_gateway_yj_01" {+ description = (known after apply)+ id = (known after apply)+ name = "tf-yjro"+ nat_gateway_no = (known after apply)+ public_ip = (known after apply)+ vpc_no = (known after apply)+ zone = "KR-2"}# ncloud_network_acl.network_acl_yj_01_private will be created+ resource "ncloud_network_acl" "network_acl_yj_01_private" {+ description = (known after apply)+ id = (known after apply)+ is_default = (known after apply)+ name = "tf-yjro-private"+ network_acl_no = (known after apply)+ vpc_no = (known after apply)}# ncloud_network_acl.network_acl_yj_01_private_lb will be created+ resource "ncloud_network_acl" "network_acl_yj_01_private_lb" {+ description = (known after apply)+ id = (known after apply)+ is_default = (known after apply)+ name = "tf-yjro-private-lb"+ network_acl_no = (known after apply)+ vpc_no = (known after apply)}# ncloud_network_acl.network_acl_yj_01_public will be created+ resource "ncloud_network_acl" "network_acl_yj_01_public" {+ description = (known after apply)+ id = (known after apply)+ is_default = (known after apply)+ name = "tf-yjro-public"+ network_acl_no = (known after apply)+ vpc_no = (known after apply)}# ncloud_public_ip.public_ip_yj_01 will be created+ resource "ncloud_public_ip" "public_ip_yj_01" {+ description = "for tf-yjro"+ id = (known after apply)+ instance_no = (known after apply)+ internet_line_type = (known after apply)+ kind_type = (known after apply)+ public_ip = (known after apply)+ public_ip_no = (known after apply)+ server_instance_no = (known after apply)+ zone = (known after apply)}# ncloud_route.route_yj_01_nat will be created+ resource "ncloud_route" "route_yj_01_nat" {+ destination_cidr_block = "0.0.0.0/0"+ id = (known after apply)+ is_default = (known after apply)+ route_table_no = (known after apply)+ target_name = "tf-yjro"+ target_no = (known after apply)+ target_type = "NATGW"+ vpc_no = (known after apply)}# ncloud_server.server_yj_01_private[0] will be created+ resource "ncloud_server" "server_yj_01_private" {+ base_block_storage_disk_detail_type = (known after apply)+ base_block_storage_disk_type = (known after apply)+ base_block_storage_size = (known after apply)+ cpu_count = (known after apply)+ description = (known after apply)+ id = (known after apply)+ init_script_no = (known after apply)+ instance_no = (known after apply)+ internet_line_type = (known after apply)+ is_encrypted_base_block_storage_volume = (known after apply)+ is_fee_charging_monitoring = (known after apply)+ is_protect_server_termination = (known after apply)+ login_key_name = "yjro-tf-test2"+ memory_size = (known after apply)+ name = "tf-yjro-1-private"+ placement_group_no = (known after apply)+ platform_type = (known after apply)+ port_forwarding_external_port = (known after apply)+ port_forwarding_internal_port = (known after apply)+ port_forwarding_public_ip = (known after apply)+ private_ip = (known after apply)+ public_ip = (known after apply)+ region = (known after apply)+ server_image_name = (known after apply)+ server_image_product_code = "SW.VSVR.OS.LNX64.CNTOS.0708.B050"+ server_product_code = "SVR.VSVR.HICPU.C002.M004.NET.HDD.B050.G002"+ subnet_no = (known after apply)+ vpc_no = (known after apply)+ zone = (known after apply)+ network_interface {+ network_interface_no = (known after apply)+ order = (known after apply)+ private_ip = (known after apply)+ subnet_no = (known after apply)}}# ncloud_server.server_yj_01_private[1] will be created+ resource "ncloud_server" "server_yj_01_private" {+ base_block_storage_disk_detail_type = (known after apply)+ base_block_storage_disk_type = (known after apply)+ base_block_storage_size = (known after apply)+ cpu_count = (known after apply)+ description = (known after apply)+ id = (known after apply)+ init_script_no = (known after apply)+ instance_no = (known after apply)+ internet_line_type = (known after apply)+ is_encrypted_base_block_storage_volume = (known after apply)+ is_fee_charging_monitoring = (known after apply)+ is_protect_server_termination = (known after apply)+ login_key_name = "yjro-tf-test2"+ memory_size = (known after apply)+ name = "tf-yjro-2-private"+ placement_group_no = (known after apply)+ platform_type = (known after apply)+ port_forwarding_external_port = (known after apply)+ port_forwarding_internal_port = (known after apply)+ port_forwarding_public_ip = (known after apply)+ private_ip = (known after apply)+ public_ip = (known after apply)+ region = (known after apply)+ server_image_name = (known after apply)+ server_image_product_code = "SW.VSVR.OS.LNX64.CNTOS.0708.B050"+ server_product_code = "SVR.VSVR.HICPU.C002.M004.NET.HDD.B050.G002"+ subnet_no = (known after apply)+ vpc_no = (known after apply)+ zone = (known after apply)+ network_interface {+ network_interface_no = (known after apply)+ order = (known after apply)+ private_ip = (known after apply)+ subnet_no = (known after apply)}}# ncloud_server.server_yj_01_public will be created+ resource "ncloud_server" "server_yj_01_public" {+ base_block_storage_disk_detail_type = (known after apply)+ base_block_storage_disk_type = (known after apply)+ base_block_storage_size = (known after apply)+ cpu_count = (known after apply)+ description = (known after apply)+ id = (known after apply)+ init_script_no = (known after apply)+ instance_no = (known after apply)+ internet_line_type = (known after apply)+ is_encrypted_base_block_storage_volume = (known after apply)+ is_fee_charging_monitoring = (known after apply)+ is_protect_server_termination = (known after apply)+ login_key_name = "yjro-tf-test2"+ memory_size = (known after apply)+ name = "tf-yjro-public"+ placement_group_no = (known after apply)+ platform_type = (known after apply)+ port_forwarding_external_port = (known after apply)+ port_forwarding_internal_port = (known after apply)+ port_forwarding_public_ip = (known after apply)+ private_ip = (known after apply)+ public_ip = (known after apply)+ region = (known after apply)+ server_image_name = (known after apply)+ server_image_product_code = "SW.VSVR.OS.LNX64.CNTOS.0708.B050"+ server_product_code = "SVR.VSVR.HICPU.C002.M004.NET.HDD.B050.G002"+ subnet_no = (known after apply)+ vpc_no = (known after apply)+ zone = (known after apply)+ network_interface {+ network_interface_no = (known after apply)+ order = (known after apply)+ private_ip = (known after apply)+ subnet_no = (known after apply)}}# ncloud_subnet.subnet_yj_01_lb will be created+ resource "ncloud_subnet" "subnet_yj_01_lb" {+ id = (known after apply)+ name = "tf-yjro-lb"+ network_acl_no = (known after apply)+ subnet = "10.0.2.0/24"+ subnet_no = (known after apply)+ subnet_type = "PRIVATE"+ usage_type = "LOADB"+ vpc_no = (known after apply)+ zone = "KR-2"}# ncloud_subnet.subnet_yj_01_private will be created+ resource "ncloud_subnet" "subnet_yj_01_private" {+ id = (known after apply)+ name = "tf-yjro-private"+ network_acl_no = (known after apply)+ subnet = "10.0.1.0/24"+ subnet_no = (known after apply)+ subnet_type = "PRIVATE"+ usage_type = (known after apply)+ vpc_no = (known after apply)+ zone = "KR-2"}# ncloud_subnet.subnet_yj_01_public will be created+ resource "ncloud_subnet" "subnet_yj_01_public" {+ id = (known after apply)+ name = "tf-yjro-public"+ network_acl_no = (known after apply)+ subnet = "10.0.0.0/24"+ subnet_no = (known after apply)+ subnet_type = "PUBLIC"+ usage_type = (known after apply)+ vpc_no = (known after apply)+ zone = "KR-2"}# ncloud_vpc.vpc_yj_01 will be created+ resource "ncloud_vpc" "vpc_yj_01" {+ default_access_control_group_no = (known after apply)+ default_network_acl_no = (known after apply)+ default_private_route_table_no = (known after apply)+ default_public_route_table_no = (known after apply)+ id = (known after apply)+ ipv4_cidr_block = "10.0.0.0/16"+ name = "tf-yjro-vpc"+ vpc_no = (known after apply)}Plan: 24 to add, 0 to change, 0 to destroy.───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
6.apply를 통해 실제 인프라에 적용 (terraform apply)
terraform plan으로 변경되는 인프라 리소스에 대해 확인을 한 후, 실제 인프라를 생성하기 위해 terraform apply를 실행해 줍니다.
[root@yjro-terraform-svr-01 terraform-o]# terraform applyTerraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ createTerraform will perform the following actions:# local_file.ncp_pem will be created
+ resource "local_file" "ncp_pem" {
+ content = (sensitive)
+ directory_permission = "0777"
+ file_permission = "0777"
+ filename = "yjro-tf-test2.pem"
+ id = (known after apply)
}# ncloud_access_control_group.acg_yj_01 will be created
+ resource "ncloud_access_control_group" "acg_yj_01" {
+ access_control_group_no = (known after apply)
+ description = "test"
+ id = (known after apply)
+ is_default = (known after apply)
+ name = "tf-yjro-acg01"
+ vpc_no = (known after apply)
}# ncloud_access_control_group.acg_yj_02 will be created
+ resource "ncloud_access_control_group" "acg_yj_02" {
+ access_control_group_no = (known after apply)
+ description = "test"
+ id = (known after apply)
+ is_default = (known after apply)
+ name = "tf-yjro-acg02"
+ vpc_no = (known after apply)
}# ncloud_access_control_group_rule.acg-rule_yj_01 will be created
+ resource "ncloud_access_control_group_rule" "acg-rule_yj_01" {
+ access_control_group_no = (known after apply)
+ id = (known after apply)
+ inbound = [
+ {
+ description = "accept 22 port"
+ ip_block = "211.***.***.**/32"
+ port_range = "22"
+ protocol = "TCP"
+ source_access_control_group_no = ""
},
]
+ outbound = [
+ {
+ description = "accept 1-65535 port"
+ ip_block = "0.0.0.0/0"
+ port_range = "1-65535"
+ protocol = "TCP"
+ source_access_control_group_no = ""
},
]
}# ncloud_access_control_group_rule.acg-rule_yj_02 will be created
+ resource "ncloud_access_control_group_rule" "acg-rule_yj_02" {
+ access_control_group_no = (known after apply)
+ id = (known after apply)
+ inbound = [
+ {
+ description = "accept 22 port"
+ ip_block = "0.0.0.0/0"
+ port_range = "22"
+ protocol = "TCP"
+ source_access_control_group_no = ""
},
+ {
+ description = "accept 80 port"
+ ip_block = "0.0.0.0/0"
+ port_range = "80"
+ protocol = "TCP"
+ source_access_control_group_no = ""
},
]
+ outbound = [
+ {
+ description = "accept 1-65535 port"
+ ip_block = "0.0.0.0/0"
+ port_range = "1-65535"
+ protocol = "TCP"
+ source_access_control_group_no = ""
},
]
}# ncloud_init_script.init_yj_01 will be created
+ resource "ncloud_init_script" "init_yj_01" {
+ content = <<-EOT
#!/bin/bash
yum -y install httpd
systemctl enable --now httpd
echo $HOSTNAME >> /var/www/html/index.html
EOT
+ description = (known after apply)
+ id = (known after apply)
+ init_script_no = (known after apply)
+ name = "httpd-install"
+ os_type = (known after apply)
}# ncloud_lb.lb_yj_01 will be created
+ resource "ncloud_lb" "lb_yj_01" {
+ domain = (known after apply)
+ id = (known after apply)
+ idle_timeout = (known after apply)
+ ip_list = (known after apply)
+ listener_no_list = (known after apply)
+ load_balancer_no = (known after apply)
+ name = "tf-yjro-LB"
+ network_type = "PUBLIC"
+ subnet_no_list = (known after apply)
+ throughput_type = (known after apply)
+ type = "APPLICATION"
+ vpc_no = (known after apply)
}# ncloud_lb_listener.listener will be created
+ resource "ncloud_lb_listener" "listener" {
+ id = (known after apply)
+ listener_no = (known after apply)
+ load_balancer_no = (known after apply)
+ port = 80
+ protocol = "HTTP"
+ rule_no_list = (known after apply)
+ target_group_no = (known after apply)
+ use_http2 = (known after apply)
}# ncloud_lb_target_group.tg_yj_01 will be created
+ resource "ncloud_lb_target_group" "tg_yj_01" {
+ algorithm_type = "RR"
+ description = "for test"
+ id = (known after apply)
+ load_balancer_instance_no = (known after apply)
+ name = "tf-yjro-tg"
+ port = 80
+ protocol = "HTTP"
+ target_group_no = (known after apply)
+ target_no_list = (known after apply)
+ target_type = "VSVR"
+ use_proxy_protocol = (known after apply)
+ use_sticky_session = (known after apply)
+ vpc_no = (known after apply)+ health_check {
+ cycle = 30
+ down_threshold = 2
+ http_method = "GET"
+ port = 80
+ protocol = "HTTP"
+ up_threshold = 2
+ url_path = "/"
}
}# ncloud_lb_target_group_attachment.att will be created
+ resource "ncloud_lb_target_group_attachment" "att" {
+ id = (known after apply)
+ target_group_no = (known after apply)
+ target_no_list = (known after apply)
}# ncloud_login_key.key_yj_01 will be created
+ resource "ncloud_login_key" "key_yj_01" {
+ fingerprint = (known after apply)
+ id = (known after apply)
+ key_name = "yjro-tf-test2"
+ private_key = (sensitive value)
}# ncloud_nat_gateway.nat_gateway_yj_01 will be created
+ resource "ncloud_nat_gateway" "nat_gateway_yj_01" {
+ description = (known after apply)
+ id = (known after apply)
+ name = "tf-yjro"
+ nat_gateway_no = (known after apply)
+ public_ip = (known after apply)
+ vpc_no = (known after apply)
+ zone = "KR-2"
}# ncloud_network_acl.network_acl_yj_01_private will be created
+ resource "ncloud_network_acl" "network_acl_yj_01_private" {
+ description = (known after apply)
+ id = (known after apply)
+ is_default = (known after apply)
+ name = "tf-yjro-private"
+ network_acl_no = (known after apply)
+ vpc_no = (known after apply)
}# ncloud_network_acl.network_acl_yj_01_private_lb will be created
+ resource "ncloud_network_acl" "network_acl_yj_01_private_lb" {
+ description = (known after apply)
+ id = (known after apply)
+ is_default = (known after apply)
+ name = "tf-yjro-private-lb"
+ network_acl_no = (known after apply)
+ vpc_no = (known after apply)
}# ncloud_network_acl.network_acl_yj_01_public will be created
+ resource "ncloud_network_acl" "network_acl_yj_01_public" {
+ description = (known after apply)
+ id = (known after apply)
+ is_default = (known after apply)
+ name = "tf-yjro-public"
+ network_acl_no = (known after apply)
+ vpc_no = (known after apply)
}# ncloud_public_ip.public_ip_yj_01 will be created
+ resource "ncloud_public_ip" "public_ip_yj_01" {
+ description = "for tf-yjro"
+ id = (known after apply)
+ instance_no = (known after apply)
+ internet_line_type = (known after apply)
+ kind_type = (known after apply)
+ public_ip = (known after apply)
+ public_ip_no = (known after apply)
+ server_instance_no = (known after apply)
+ zone = (known after apply)
}# ncloud_route.route_yj_01_nat will be created
+ resource "ncloud_route" "route_yj_01_nat" {
+ destination_cidr_block = "0.0.0.0/0"
+ id = (known after apply)
+ is_default = (known after apply)
+ route_table_no = (known after apply)
+ target_name = "tf-yjro"
+ target_no = (known after apply)
+ target_type = "NATGW"
+ vpc_no = (known after apply)
}# ncloud_server.server_yj_01_private[0] will be created
+ resource "ncloud_server" "server_yj_01_private" {
+ base_block_storage_disk_detail_type = (known after apply)
+ base_block_storage_disk_type = (known after apply)
+ base_block_storage_size = (known after apply)
+ cpu_count = (known after apply)
+ description = (known after apply)
+ id = (known after apply)
+ init_script_no = (known after apply)
+ instance_no = (known after apply)
+ internet_line_type = (known after apply)
+ is_encrypted_base_block_storage_volume = (known after apply)
+ is_fee_charging_monitoring = (known after apply)
+ is_protect_server_termination = (known after apply)
+ login_key_name = "yjro-tf-test2"
+ memory_size = (known after apply)
+ name = "tf-yjro-1-private"
+ placement_group_no = (known after apply)
+ platform_type = (known after apply)
+ port_forwarding_external_port = (known after apply)
+ port_forwarding_internal_port = (known after apply)
+ port_forwarding_public_ip = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ region = (known after apply)
+ server_image_name = (known after apply)
+ server_image_product_code = "SW.VSVR.OS.LNX64.CNTOS.0708.B050"
+ server_product_code = "SVR.VSVR.HICPU.C002.M004.NET.HDD.B050.G002"
+ subnet_no = (known after apply)
+ vpc_no = (known after apply)
+ zone = (known after apply)+ network_interface {
+ network_interface_no = (known after apply)
+ order = (known after apply)
+ private_ip = (known after apply)
+ subnet_no = (known after apply)
}
}# ncloud_server.server_yj_01_private[1] will be created
+ resource "ncloud_server" "server_yj_01_private" {
+ base_block_storage_disk_detail_type = (known after apply)
+ base_block_storage_disk_type = (known after apply)
+ base_block_storage_size = (known after apply)
+ cpu_count = (known after apply)
+ description = (known after apply)
+ id = (known after apply)
+ init_script_no = (known after apply)
+ instance_no = (known after apply)
+ internet_line_type = (known after apply)
+ is_encrypted_base_block_storage_volume = (known after apply)
+ is_fee_charging_monitoring = (known after apply)
+ is_protect_server_termination = (known after apply)
+ login_key_name = "yjro-tf-test2"
+ memory_size = (known after apply)
+ name = "tf-yjro-2-private"
+ placement_group_no = (known after apply)
+ platform_type = (known after apply)
+ port_forwarding_external_port = (known after apply)
+ port_forwarding_internal_port = (known after apply)
+ port_forwarding_public_ip = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ region = (known after apply)
+ server_image_name = (known after apply)
+ server_image_product_code = "SW.VSVR.OS.LNX64.CNTOS.0708.B050"
+ server_product_code = "SVR.VSVR.HICPU.C002.M004.NET.HDD.B050.G002"
+ subnet_no = (known after apply)
+ vpc_no = (known after apply)
+ zone = (known after apply)+ network_interface {
+ network_interface_no = (known after apply)
+ order = (known after apply)
+ private_ip = (known after apply)
+ subnet_no = (known after apply)
}
}# ncloud_server.server_yj_01_public will be created
+ resource "ncloud_server" "server_yj_01_public" {
+ base_block_storage_disk_detail_type = (known after apply)
+ base_block_storage_disk_type = (known after apply)
+ base_block_storage_size = (known after apply)
+ cpu_count = (known after apply)
+ description = (known after apply)
+ id = (known after apply)
+ init_script_no = (known after apply)
+ instance_no = (known after apply)
+ internet_line_type = (known after apply)
+ is_encrypted_base_block_storage_volume = (known after apply)
+ is_fee_charging_monitoring = (known after apply)
+ is_protect_server_termination = (known after apply)
+ login_key_name = "yjro-tf-test2"
+ memory_size = (known after apply)
+ name = "tf-yjro-public"
+ placement_group_no = (known after apply)
+ platform_type = (known after apply)
+ port_forwarding_external_port = (known after apply)
+ port_forwarding_internal_port = (known after apply)
+ port_forwarding_public_ip = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ region = (known after apply)
+ server_image_name = (known after apply)
+ server_image_product_code = "SW.VSVR.OS.LNX64.CNTOS.0708.B050"
+ server_product_code = "SVR.VSVR.HICPU.C002.M004.NET.HDD.B050.G002"
+ subnet_no = (known after apply)
+ vpc_no = (known after apply)
+ zone = (known after apply)+ network_interface {
+ network_interface_no = (known after apply)
+ order = (known after apply)
+ private_ip = (known after apply)
+ subnet_no = (known after apply)
}
}# ncloud_subnet.subnet_yj_01_lb will be created
+ resource "ncloud_subnet" "subnet_yj_01_lb" {
+ id = (known after apply)
+ name = "tf-yjro-lb"
+ network_acl_no = (known after apply)
+ subnet = "10.0.2.0/24"
+ subnet_no = (known after apply)
+ subnet_type = "PRIVATE"
+ usage_type = "LOADB"
+ vpc_no = (known after apply)
+ zone = "KR-2"
}# ncloud_subnet.subnet_yj_01_private will be created
+ resource "ncloud_subnet" "subnet_yj_01_private" {
+ id = (known after apply)
+ name = "tf-yjro-private"
+ network_acl_no = (known after apply)
+ subnet = "10.0.1.0/24"
+ subnet_no = (known after apply)
+ subnet_type = "PRIVATE"
+ usage_type = (known after apply)
+ vpc_no = (known after apply)
+ zone = "KR-2"
}# ncloud_subnet.subnet_yj_01_public will be created
+ resource "ncloud_subnet" "subnet_yj_01_public" {
+ id = (known after apply)
+ name = "tf-yjro-public"
+ network_acl_no = (known after apply)
+ subnet = "10.0.0.0/24"
+ subnet_no = (known after apply)
+ subnet_type = "PUBLIC"
+ usage_type = (known after apply)
+ vpc_no = (known after apply)
+ zone = "KR-2"
}# ncloud_vpc.vpc_yj_01 will be created
+ resource "ncloud_vpc" "vpc_yj_01" {
+ default_access_control_group_no = (known after apply)
+ default_network_acl_no = (known after apply)
+ default_private_route_table_no = (known after apply)
+ default_public_route_table_no = (known after apply)
+ id = (known after apply)
+ ipv4_cidr_block = "10.0.0.0/16"
+ name = "tf-yjro-vpc"
+ vpc_no = (known after apply)
}Plan: 24 to add, 0 to change, 0 to destroy.Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.Enter a value: yesncloud_login_key.key_yj_01: Creating...
ncloud_vpc.vpc_yj_01: Creating...
ncloud_init_script.init_yj_01: Creating...
ncloud_init_script.init_yj_01: Creation complete after 0s [id=17531]
ncloud_login_key.key_yj_01: Creation complete after 1s [id=yjro-tf-test2]
local_file.ncp_pem: Creating...
local_file.ncp_pem: Creation complete after 0s [id=2b4c09c54b32ed2f3d7b2aa4f38aba4d1fb3544c]
ncloud_vpc.vpc_yj_01: Creation complete after 6s [id=22108]
ncloud_access_control_group.acg_yj_02: Creating...
ncloud_network_acl.network_acl_yj_01_private_lb: Creating...
ncloud_access_control_group.acg_yj_01: Creating...
ncloud_network_acl.network_acl_yj_01_private: Creating...
ncloud_nat_gateway.nat_gateway_yj_01: Creating...
ncloud_lb_target_group.tg_yj_01: Creating...
ncloud_network_acl.network_acl_yj_01_public: Creating...
ncloud_access_control_group.acg_yj_01: Creation complete after 0s [id=52566]
ncloud_access_control_group_rule.acg-rule_yj_01: Creating...
ncloud_access_control_group.acg_yj_02: Creation complete after 0s [id=52567]
ncloud_access_control_group_rule.acg-rule_yj_02: Creating...
ncloud_lb_target_group.tg_yj_01: Creation complete after 0s [id=162885]
ncloud_network_acl.network_acl_yj_01_private: Creation complete after 2s [id=33473]
ncloud_subnet.subnet_yj_01_private: Creating...
ncloud_network_acl.network_acl_yj_01_private_lb: Creation complete after 2s [id=33475]
ncloud_subnet.subnet_yj_01_lb: Creating...
ncloud_network_acl.network_acl_yj_01_public: Creation complete after 2s [id=33474]
ncloud_subnet.subnet_yj_01_public: Creating...
ncloud_access_control_group_rule.acg-rule_yj_01: Creation complete after 5s [id=52566]
ncloud_access_control_group_rule.acg-rule_yj_02: Creation complete after 5s [id=52567]
ncloud_nat_gateway.nat_gateway_yj_01: Still creating... [10s elapsed]
ncloud_nat_gateway.nat_gateway_yj_01: Creation complete after 11s [id=11357913]
ncloud_route.route_yj_01_nat: Creating...
ncloud_subnet.subnet_yj_01_private: Still creating... [10s elapsed]
ncloud_subnet.subnet_yj_01_lb: Still creating... [10s elapsed]
ncloud_subnet.subnet_yj_01_public: Still creating... [10s elapsed]
ncloud_subnet.subnet_yj_01_private: Creation complete after 12s [id=46245]
ncloud_server.server_yj_01_private[1]: Creating...
ncloud_server.server_yj_01_private[0]: Creating...
ncloud_subnet.subnet_yj_01_lb: Creation complete after 12s [id=46246]
ncloud_lb.lb_yj_01: Creating...
ncloud_subnet.subnet_yj_01_public: Creation complete after 12s [id=46247]
ncloud_server.server_yj_01_public: Creating...
ncloud_route.route_yj_01_nat: Still creating... [10s elapsed]
ncloud_route.route_yj_01_nat: Creation complete after 12s [id=route-2842044606]
ncloud_server.server_yj_01_private[1]: Still creating... [10s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [10s elapsed]
ncloud_lb.lb_yj_01: Still creating... [10s elapsed]
ncloud_server.server_yj_01_public: Still creating... [10s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [20s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [20s elapsed]
ncloud_lb.lb_yj_01: Still creating... [20s elapsed]
ncloud_server.server_yj_01_public: Still creating... [20s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [30s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [30s elapsed]
ncloud_lb.lb_yj_01: Still creating... [30s elapsed]
ncloud_server.server_yj_01_public: Still creating... [30s elapsed]
ncloud_lb.lb_yj_01: Creation complete after 32s [id=11357914]
ncloud_lb_listener.listener: Creating...
ncloud_lb_listener.listener: Creation complete after 0s [id=38319]
ncloud_server.server_yj_01_private[1]: Still creating... [40s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [40s elapsed]
ncloud_server.server_yj_01_public: Still creating... [40s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [50s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [50s elapsed]
ncloud_server.server_yj_01_public: Still creating... [50s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [1m0s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [1m0s elapsed]
ncloud_server.server_yj_01_public: Still creating... [1m0s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [1m10s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [1m10s elapsed]
ncloud_server.server_yj_01_public: Still creating... [1m10s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [1m20s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [1m20s elapsed]
ncloud_server.server_yj_01_public: Still creating... [1m20s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [1m30s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [1m30s elapsed]
ncloud_server.server_yj_01_public: Still creating... [1m30s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [1m40s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [1m40s elapsed]
ncloud_server.server_yj_01_public: Still creating... [1m40s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [1m50s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [1m50s elapsed]
ncloud_server.server_yj_01_public: Still creating... [1m50s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [2m0s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [2m0s elapsed]
ncloud_server.server_yj_01_public: Still creating... [2m0s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [2m10s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [2m10s elapsed]
ncloud_server.server_yj_01_public: Still creating... [2m10s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [2m20s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [2m20s elapsed]
ncloud_server.server_yj_01_public: Still creating... [2m20s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [2m30s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [2m30s elapsed]
ncloud_server.server_yj_01_public: Still creating... [2m30s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [2m40s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [2m40s elapsed]
ncloud_server.server_yj_01_public: Still creating... [2m40s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [2m50s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [2m50s elapsed]
ncloud_server.server_yj_01_public: Still creating... [2m50s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [3m0s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [3m0s elapsed]
ncloud_server.server_yj_01_public: Still creating... [3m0s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [3m10s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [3m10s elapsed]
ncloud_server.server_yj_01_public: Still creating... [3m10s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [3m20s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [3m20s elapsed]
ncloud_server.server_yj_01_public: Still creating... [3m20s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [3m30s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [3m30s elapsed]
ncloud_server.server_yj_01_public: Still creating... [3m30s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [3m40s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [3m40s elapsed]
ncloud_server.server_yj_01_public: Still creating... [3m40s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [3m50s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [3m50s elapsed]
ncloud_server.server_yj_01_public: Still creating... [3m50s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [4m0s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [4m0s elapsed]
ncloud_server.server_yj_01_public: Still creating... [4m0s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [4m10s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [4m10s elapsed]
ncloud_server.server_yj_01_public: Still creating... [4m10s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [4m20s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [4m20s elapsed]
ncloud_server.server_yj_01_public: Still creating... [4m20s elapsed]
ncloud_server.server_yj_01_private[1]: Still creating... [4m30s elapsed]
ncloud_server.server_yj_01_private[0]: Still creating... [4m30s elapsed]
ncloud_server.server_yj_01_public: Still creating... [4m30s elapsed]
ncloud_server.server_yj_01_private[1]: Creation complete after 4m36s [id=11357915]
ncloud_server.server_yj_01_public: Creation complete after 4m36s [id=11357921]
ncloud_public_ip.public_ip_yj_01: Creating...
ncloud_public_ip.public_ip_yj_01: Creation complete after 3s [id=11357940]
ncloud_server.server_yj_01_private[0]: Still creating... [4m40s elapsed]
ncloud_server.server_yj_01_private[0]: Creation complete after 4m46s [id=11357918]
ncloud_lb_target_group_attachment.att: Creating...
ncloud_lb_target_group_attachment.att: Creation complete after 1s [id=2022-06-27 01:59:39.682539078 +0000 UTC]Apply complete! Resources: 24 added, 0 changed, 0 destroyed.
7. 인프라 리소스 생성 확인
terraform apply로 인프라가 올바르게 생성 되었는지 NCP 콘솔에 들어가서 확인해봅니다.
mzc01-yjro@MZC01-YJRO-2 ~ % scp root@175.45.192.84:/home/yjro/terraform-o/yjro-tf-test2.pem /Users/mzc01-yjro/Desktop/example/yjro-tf-test2.pemroot@175.45.192.84's password:yjro-tf-test2.pem 100% 1678 65.8KB/s 00:00
terraform을 설치한 NCP 리눅스 서버에 저장된 pem 키를 로컬 pc에 옮깁니다.이러한 인증키를 통해 콘솔에서 서버 관리자 비밀번호를 얻어 서버에 접속할 수 있습니다.
8. 인프라 리소스 삭제
terraform destroy 명령어를 입력하여 인프라를 삭제 시킵니다. 콘솔에서도 완벽하게 삭제되었는지 확인해봅니다.
[root@yjro-terraform-svr-01 terraform-o]# terraform destroyncloud_init_script.init_yj_01: Refreshing state... [id=17531]ncloud_vpc.vpc_yj_01: Refreshing state... [id=22108]ncloud_login_key.key_yj_01: Refreshing state... [id=yjro-tf-test2]local_file.ncp_pem: Refreshing state... [id=2b4c09c54b32ed2f3d7b2aa4f38aba4d1fb3544c]ncloud_nat_gateway.nat_gateway_yj_01: Refreshing state... [id=11357913]ncloud_access_control_group.acg_yj_02: Refreshing state... [id=52567]ncloud_lb_target_group.tg_yj_01: Refreshing state... [id=162885]ncloud_access_control_group.acg_yj_01: Refreshing state... [id=52566]ncloud_network_acl.network_acl_yj_01_public: Refreshing state... [id=33474]ncloud_network_acl.network_acl_yj_01_private_lb: Refreshing state... [id=33475]ncloud_network_acl.network_acl_yj_01_private: Refreshing state... [id=33473] ...ncloud_network_acl.network_acl_yj_01_public: Destruction complete after 2sncloud_login_key.key_yj_01: Destruction complete after 4sncloud_subnet.subnet_yj_01_private: Destruction complete after 5sncloud_network_acl.network_acl_yj_01_private: Destroying... [id=33473]ncloud_network_acl.network_acl_yj_01_private: Destruction complete after 2sncloud_vpc.vpc_yj_01: Destroying... [id=22108]ncloud_vpc.vpc_yj_01: Still destroying... [id=22108, 10s elapsed]ncloud_vpc.vpc_yj_01: Destruction complete after 12sDestroy complete! Resources: 24 destroyed.
이렇게 NaverCloud Platform에서 terraform을 이용하여 인프라를 생성해보았습니다.
긴 글 읽어주셔서 감사합니다☺
참고
메가존클라우드 K-Cloud Team
NCP, KT Cloud, Kakao Cloud를 주로 다루는 메가존클라우드 K-Cloud Team이 궁금하다면 다음 링크를 확인해 주세요!
