3. 主なコマンドのご利用方法¶
3.1. 作業ディレクトリの作成¶
Terraformでは、基本的にカレントディレクトリのtfファイルを基にクラウドサービスなどの環境を操作します。
そのため、Terraformを利用いただく際は、まず作業用のディレクトリを作成しそこにtfファイルを配置いただくこととなります。
% mkdir work
% cd work
% cat sample.tf
provider "fic" {
auth_url = "https://api.ntt.com/keystone/v3/"
user_name = "[API鍵]"
password = "[API秘密鍵]"
tenant_id = "[テナントID]"
user_domain_id = "default"
project_domain_id = "default"
}
resource "fic_eri_port_v1" "port_1" {
name = "terraform_port_1"
switch_name = "[Switch名]"
port_type = "10G"
number_of_vlans = 16
is_activated = false
}
3.2. 主なコマンド¶
Terraform を使用するうえでの主要コマンドを以下に記載します。
3.2.1. terraform init¶
作業用ディレクトリを初期化します。
% terraform init
Initializing the backend...
Initializing provider plugins...
- Finding nttcom/fic versions matching "0.5.3"...
- Installing nttcom/fic v0.5.3...
- Installed nttcom/fic v0.5.3 (signed by a HashiCorp partner, key ID ****************)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
3.2.2. terraform apply¶
作業用ディレクトリのtfファイルを利用し、Flexible InterConnect をはじめとした各種クラウドサービスなどにリソースの作成を行います。
% terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# fic_eri_port_v1.port_1 will be created
+ resource "fic_eri_port_v1" "port_1" {
+ area = (known after apply)
+ id = (known after apply)
+ is_activated = true
+ location = (known after apply)
+ name = "terraform_port_1"
+ number_of_vlans = 16
+ port_type = "1G"
+ switch_name = "[Switch名]"
+ tenant_id = (known after apply)
+ vlans = (known after apply)
+ vlan_ranges {
+ end = (known after apply)
+ start = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value:
本コマンドの実行により、作業用ディレクトリに terraform.tfstate というファイルが作成されています。
作成されたリソースの情報はこのファイルに保存されています。
なお、 terraform apply コマンドは同時に編集/削除のコマンドとしても動作します。
3.2.2.1. terraform applyによる作成済みリソースの編集¶
ひとたび terraform apply を実行後、作業用ディレクトリのresourceセクションを一部編集し、再度 terraform apply を実行した場合、 作成済みリソースに対する編集として動作します。
たとえば以下の例では2回 terraform apply コマンドを実行していますが、
- 1回目の実行で、Flexible InterConnect FIC-Portを作成。ただしActivateしない
- 2回目の実行で、作成済みFIC-PortをActivate
という操作が行われます。
% cat sample.tf
provider "fic" {
auth_url = "https://api.ntt.com/keystone/v3/"
user_name = "[API鍵]"
password = "[API秘密鍵]"
tenant_id = "[テナントID]"
user_domain_id = "default"
project_domain_id = "default"
}
resource "fic_eri_port_v1" "port_1" {
name = "terraform_port_1"
switch_name = "[Switch名]"
port_type = "10G"
number_of_vlans = 16
is_activated = false <-- create 時は is_activated を false にしている
}
% terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create <-- 初回のterraform applyなので作成扱いとなる
Terraform will perform the following actions:
# fic_eri_port_v1.port_1 will be created
+ resource "fic_eri_port_v1" "port_1" {
+ area = (known after apply)
+ id = (known after apply)
+ is_activated = false
+ location = (known after apply)
+ name = "terraform_port_1"
+ number_of_vlans = 16
+ port_type = "10G"
+ switch_name = "[Switch名]"
+ tenant_id = (known after apply)
+ vlans = (known after apply)
+ vlan_ranges {
+ end = (known after apply)
+ start = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
fic_eri_port_v1.port_1: Creating...
fic_eri_port_v1.port_1: Still creating... [10s elapsed]
fic_eri_port_v1.port_1: Still creating... [20s elapsed]
fic_eri_port_v1.port_1: Still creating... [30s elapsed]
fic_eri_port_v1.port_1: Still creating... [40s elapsed]
fic_eri_port_v1.port_1: Still creating... [50s elapsed]
fic_eri_port_v1.port_1: Still creating... [1m0s elapsed]
fic_eri_port_v1.port_1: Still creating... [1m10s elapsed]
fic_eri_port_v1.port_1: Still creating... [1m20s elapsed]
fic_eri_port_v1.port_1: Creation complete after 1m27s [id=F012000000313]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
一旦tfファイルを以下のように編集する
provider "fic" {
auth_url = "https://api.ntt.com/keystone/v3/"
user_name = "[API鍵]"
password = "[API秘密鍵]"
tenant_id = "[テナントID]"
user_domain_id = "default"
project_domain_id = "default"
}
resource "fic_eri_port_v1" "port_1" {
name = "terraform_port_1"
switch_name = "[Switch名]"
port_type = "10G"
number_of_vlans = 16
is_activated = true <-- is_activated を true に変更
}
% terraform apply
fic_eri_port_v1.port_1: Refreshing state... [id=F012000000314]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# fic_eri_port_v1.port_1 will be updated in-place
~ resource "fic_eri_port_v1" "port_1" {
area = "JPEAST"
id = "F012000000314"
~ is_activated = false -> true <-- 同じ terraform apply コマンドだが、差分が検出され is_activated の変更が行われる
location = "NTTComOsaka(Dojima#1)"
name = "terraform_port_1"
number_of_vlans = 16
port_type = "10G"
switch_name = "[Switch名]"
tenant_id = "75ece6039bfd4d2f88c8b8d790482886"
vlans = [
{
status = "unused"
vid = 257
},
{
status = "unused"
vid = 258
},
{
status = "unused"
vid = 259
},
{
status = "unused"
vid = 260
},
{
status = "unused"
vid = 261
},
{
status = "unused"
vid = 262
},
{
status = "unused"
vid = 263
},
{
status = "unused"
vid = 264
},
{
status = "unused"
vid = 265
},
{
status = "unused"
vid = 266
},
{
status = "unused"
vid = 267
},
{
status = "unused"
vid = 268
},
{
status = "unused"
vid = 269
},
{
status = "unused"
vid = 270
},
{
status = "unused"
vid = 271
},
{
status = "unused"
vid = 272
},
]
}
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
fic_eri_port_v1.port_1: Modifying... [id=F012000000314]
fic_eri_port_v1.port_1: Still modifying... [id=F012000000314, 10s elapsed]
fic_eri_port_v1.port_1: Still modifying... [id=F012000000314, 20s elapsed]
fic_eri_port_v1.port_1: Still modifying... [id=F012000000314, 30s elapsed]
fic_eri_port_v1.port_1: Modifications complete after 33s [id=F012000000314]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
3.2.2.2. terraform applyによる作成済みリソースの削除¶
ひとたび terraform apply を実行後、作業用ディレクトリのtfファイル内から、特定のresourceをセクションを削除し、再度 terraform apply を実行すると、 これは作成済みリソースに対する削除として動作します。
たとえば以下の例では2回 terraform apply コマンドを実行していますが、
- 1回目の実行で、Flexible InterConnect FIC-Portを作成
- 2回目の実行で、作成済みFIC-Portを削除
という操作が行われます。
% cat sample.tf
provider "fic" {
auth_url = "https://api.ntt.com/keystone/v3/"
user_name = "[API鍵]"
password = "[API秘密鍵]"
tenant_id = "[テナントID]"
user_domain_id = "default"
project_domain_id = "default"
}
resource "fic_eri_port_v1" "port_1" {
name = "terraform_port_1"
switch_name = "[Switch名]"
port_type = "10G"
number_of_vlans = 16
is_activated = false
}
% terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create <-- 初回のterraform applyなので作成扱いとなる
Terraform will perform the following actions:
# fic_eri_port_v1.port_1 will be created
+ resource "fic_eri_port_v1" "port_1" {
+ area = (known after apply)
+ id = (known after apply)
+ is_activated = true
+ location = (known after apply)
+ name = "terraform_port_1"
+ number_of_vlans = 16
+ port_type = "10G"
+ switch_name = "[Switch名]"
+ tenant_id = (known after apply)
+ vlans = (known after apply)
+ vlan_ranges {
+ end = (known after apply)
+ start = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
fic_eri_port_v1.port_1: Creating...
fic_eri_port_v1.port_1: Still creating... [10s elapsed]
fic_eri_port_v1.port_1: Still creating... [20s elapsed]
fic_eri_port_v1.port_1: Still creating... [30s elapsed]
fic_eri_port_v1.port_1: Still creating... [40s elapsed]
fic_eri_port_v1.port_1: Still creating... [50s elapsed]
fic_eri_port_v1.port_1: Still creating... [1m0s elapsed]
fic_eri_port_v1.port_1: Still creating... [1m10s elapsed]
fic_eri_port_v1.port_1: Creation complete after 1m17s [id=F012000000315]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
一旦tfファイルから、resourceブロック "fic_eri_port_v1" をすべて削除する。
% cat sample.tf
provider "fic" {
auth_url = "https://api.ntt.com/keystone/v3/"
user_name = "[API鍵]"
password = "[API秘密鍵]"
tenant_id = "[テナントID]"
user_domain_id = "default"
project_domain_id = "default"
}
% terraform apply
fic_eri_port_v1.port_1: Refreshing state... [id=F012000000315]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
- destroy <-- リソースの定義が消えたので、該当リソースの削除として扱われる
Terraform will perform the following actions:
# fic_eri_port_v1.port_1 will be destroyed
- resource "fic_eri_port_v1" "port_1" {
- area = "JPEAST" -> null
- id = "F012000000315" -> null
- is_activated = true -> null
- location = "NTTComOsaka(Dojima#1)" -> null
- name = "terraform_port_1" -> null
- number_of_vlans = 16 -> null
- port_type = "10G" -> null
- switch_name = "[Switch名]" -> null
- tenant_id = "75ece6039bfd4d2f88c8b8d790482886" -> null
- vlans = [
- {
- status = "unused"
- vid = 257
},
- {
- status = "unused"
- vid = 258
},
- {
- status = "unused"
- vid = 259
},
- {
- status = "unused"
- vid = 260
},
- {
- status = "unused"
- vid = 261
},
- {
- status = "unused"
- vid = 262
},
- {
- status = "unused"
- vid = 263
},
- {
- status = "unused"
- vid = 264
},
- {
- status = "unused"
- vid = 265
},
- {
- status = "unused"
- vid = 266
},
- {
- status = "unused"
- vid = 267
},
- {
- status = "unused"
- vid = 268
},
- {
- status = "unused"
- vid = 269
},
- {
- status = "unused"
- vid = 270
},
- {
- status = "unused"
- vid = 271
},
- {
- status = "unused"
- vid = 272
},
] -> null
}
Plan: 0 to add, 0 to change, 1 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
fic_eri_port_v1.port_1: Destroying... [id=F012000000315]
fic_eri_port_v1.port_1: Still destroying... [id=F012000000315, 10s elapsed]
fic_eri_port_v1.port_1: Still destroying... [id=F012000000315, 20s elapsed]
fic_eri_port_v1.port_1: Still destroying... [id=F012000000315, 30s elapsed]
fic_eri_port_v1.port_1: Still destroying... [id=F012000000315, 40s elapsed]
fic_eri_port_v1.port_1: Destruction complete after 43s
Apply complete! Resources: 0 added, 0 changed, 1 destroyed.
3.2.3. terraform plan¶
実際のリソースは作成することなく、Terraformの実行計画だけを表示するコマンドとなります。
以下の例では、実行計画上1つのリソースが新規作成される旨が表示されますが、実際のリソース作成は行われません。
% terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# fic_eri_port_v1.port_1 will be created
+ resource "fic_eri_port_v1" "port_1" {
+ area = (known after apply)
+ id = (known after apply)
+ is_activated = true
+ location = (known after apply)
+ name = "terraform_port_1"
+ number_of_vlans = 16
+ port_type = "10G"
+ switch_name = "[Switch名]"
+ tenant_id = (known after apply)
+ vlans = (known after apply)
+ vlan_ranges {
+ end = (known after apply)
+ start = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
3.2.4. terraform destroy¶
現在の作業ディレクトリにおいて情報を保有しているリソースを全て削除します。 terraform apply コマンドによるリソース削除とは、以下の点が異なります。
- terraform apply によりリソースを削除する場合、当該リソースに関するresourceセクションをtfファイルから削除しなくてはいけません
- terraform destroy の場合、tfファイル上のresourceセクションを削除せずとも、現在の作業ディレクトリにおいてTerraform管轄下にあるリソースが全て削除されます
以下の例では、Terraformにより作成したFIC-Portが削除されています。
% terraform destroy
fic_eri_port_v1.port_1: Refreshing state... [id=F012000000316]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# fic_eri_port_v1.port_1 will be destroyed
- resource "fic_eri_port_v1" "port_1" {
- area = "JPEAST" -> null
- id = "F012000000316" -> null
- is_activated = true -> null
- location = "NTTComOsaka(Dojima#1)" -> null
- name = "terraform_port_1" -> null
- number_of_vlans = 16 -> null
- port_type = "10G" -> null
- switch_name = "[Switch名]" -> null
- tenant_id = "75ece6039bfd4d2f88c8b8d790482886" -> null
- vlans = [
- {
- status = "unused"
- vid = 257
},
- {
- status = "unused"
- vid = 258
},
- {
- status = "unused"
- vid = 259
},
- {
- status = "unused"
- vid = 260
},
- {
- status = "unused"
- vid = 261
},
- {
- status = "unused"
- vid = 262
},
- {
- status = "unused"
- vid = 263
},
- {
- status = "unused"
- vid = 264
},
- {
- status = "unused"
- vid = 265
},
- {
- status = "unused"
- vid = 266
},
- {
- status = "unused"
- vid = 267
},
- {
- status = "unused"
- vid = 268
},
- {
- status = "unused"
- vid = 269
},
- {
- status = "unused"
- vid = 270
},
- {
- status = "unused"
- vid = 271
},
- {
- status = "unused"
- vid = 272
},
] -> null
}
Plan: 0 to add, 0 to change, 1 to destroy.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
fic_eri_port_v1.port_1: Destroying... [id=F012000000316]
fic_eri_port_v1.port_1: Still destroying... [id=F012000000316, 10s elapsed]
fic_eri_port_v1.port_1: Still destroying... [id=F012000000316, 20s elapsed]
fic_eri_port_v1.port_1: Still destroying... [id=F012000000316, 30s elapsed]
fic_eri_port_v1.port_1: Still destroying... [id=F012000000316, 40s elapsed]
fic_eri_port_v1.port_1: Destruction complete after 43s
Destroy complete! Resources: 1 destroyed.
3.3. 作業用ディレクトリ、各種コマンドの関係性¶
以上の内容を図にしたのが以下となります。
- terraform init で作業用ディレクトリを初期化します
- terraform apply コマンドで作業用ディレクトリのtfファイルに従い、リソースの作成/編集/削除を行います
- terraform destroy コマンドで作成されたリソースの削除が行われます
注釈
上記にてご紹介した以外にも、さまざまなコマンドがあります。
詳細は terraform コマンド(オプション無し)を実行いただくことで確認ができます。
% terraform
Usage: terraform [-version] [-help] <command> [args]
The available commands for execution are listed below.
The most common, useful commands are shown first, followed by
less common or more advanced commands. If you're just getting
started with Terraform, stick with the common commands. For the
other commands, please read the help and docs before usage.
Common commands:
apply Builds or changes infrastructure
console Interactive console for Terraform interpolations
destroy Destroy Terraform-managed infrastructure
env Workspace management
fmt Rewrites config files to canonical format
get Download and install modules for the configuration
graph Create a visual graph of Terraform resources
import Import existing infrastructure into Terraform
init Initialize a Terraform working directory
output Read an output from a state file
plan Generate and show an execution plan
providers Prints a tree of the providers used in the configuration
refresh Update local state file against real resources
show Inspect Terraform state or plan
taint Manually mark a resource for recreation
untaint Manually unmark a resource as tainted
validate Validates the Terraform files
version Prints the Terraform version
workspace Workspace management
All other commands:
0.12upgrade Rewrites pre-0.12 module source code for v0.12
debug Debug output management (experimental)
force-unlock Manually unlock the terraform state
push Obsolete command for Terraform Enterprise legacy (v1)
state Advanced state management