睡睡念
由於前人弄向Let’s encrypt 申請的ssl憑證,偶爾會出問題,
步驟繁瑣,常常改了這個,忘記要重啓那個,那就重新做一套吧。
為了我想偷懶…(__)
但在那之前,先生個機器來測試看看。
正文
第一次用terraform部署vm機器,
這邊要注意的是 backend “gcs”,
我直接將tfstate傳到gcs上面了,可以參考上一篇[[148. Terraform的基本概念]]。
底下的metadata_startup_script,
指令很長,導致我不想放在同一行,
跑去問了下chatGPT,能使用
<<-EOT
EOT
這種方式將程式碼包在一起,就比較方便閱讀了
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "4.63.1"
}
}
backend "gcs" {
}
}
provider "google" {
project = "abc"
}
resource "google_compute_instance" "certificate-vm" {
name = "ca-service"
machine_type = "f1-micro"
zone = "asia-east1-b"
tags = ["allow-admin-ip"]
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
# Install Docker
metadata_startup_script = <<-EOT
sudo apt-get update; sudo apt-get install ca-certificates curl gnupg;
sudo install -m 0755 -d /etc/apt/keyrings;
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg;
sudo chmod a+r /etc/apt/keyrings/docker.gpg;
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null ;
sudo apt-get update;
sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin;
EOT
network_interface {
# subnetwork = google_compute_subnetwork.default.id
subnetwork = "default"
access_config {
# Include this section to give the VM an external IP address
}
}
}
troubleshooting
如果執行了startup-script,但沒跑,該怎麼除錯?
到vm裡面執行下面指令,就可以查log了
sudo journalctl -u google-startup-scripts.service
0 意見:
張貼留言