Terraform l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 Infrastructure as Code (IaC) cho ph\u00e9p b\u1ea1n vi\u1ebft m\u00e3 khai b\u00e1o \u0111\u1ec3 qu\u1ea3n l\u00fd c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng c\u1ee7a m\u00ecnh. \u0110\u1ec3 tri\u1ec3n khai IaC v\u1edbi Terraform, c\u1ea7n ph\u1ea3i cung c\u1ea5p c\u00e1c b\u00ed m\u1eadt, ch\u1eb3ng h\u1ea1n nh\u01b0 m\u1eadt kh\u1ea9u m\u00e1y ch\u1ee7 v\u00e0 m\u00e3 th\u00f4ng b\u00e1o API, trong m\u00e3. H\u01b0\u1edbng d\u1eabn n\u00e0y th\u1ea3o lu\u1eadn v\u1ec1 c\u00e1c ph\u01b0\u01a1ng ph\u00e1p b\u1ea3o m\u1eadt c\u00e1c b\u00ed m\u1eadt \u0111\u00f3 trong Terraform.<\/p>\n
Ghi ch\u00fa: Linode Provider c\u1ee7a Terraform<\/a> \u0111\u00e3 \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt v\u00e0 hi\u1ec7n y\u00eau c\u1ea7u Terraform phi\u00ean b\u1ea3n 0.12 tr\u1edf l\u00ean. \u0110\u1ec3 bi\u1ebft c\u00e1ch n\u00e2ng c\u1ea5p an to\u00e0n l\u00ean Terraform phi\u00ean b\u1ea3n 0.12 tr\u1edf l\u00ean, h\u00e3y xem t\u00e0i li\u1ec7u ch\u00ednh th\u1ee9c c\u1ee7a Terraform<\/a> . Xem nh\u1eadt k\u00fd thay \u0111\u1ed5i c\u1ee7a Terraform v0.12<\/a> \u0111\u1ec3 bi\u1ebft danh s\u00e1ch \u0111\u1ea7y \u0111\u1ee7 c\u00e1c t\u00ednh n\u0103ng m\u1edbi v\u00e0 ghi ch\u00fa v\u1ec1 s\u1ef1 kh\u00f4ng t\u01b0\u01a1ng th\u00edch c\u1ee7a phi\u00ean b\u1ea3n.C\u00e1c v\u00ed d\u1ee5 trong h\u01b0\u1edbng d\u1eabn n\u00e0y \u0111\u01b0\u1ee3c vi\u1ebft \u0111\u1ec3 t\u01b0\u01a1ng th\u00edch v\u1edbi Terraform phi\u00ean b\u1ea3n 0.11<\/a> .<\/p>\n Trong Terraform, C\u1ea5u h\u00ecnh Terraform trong V\u00ed d\u1ee5, b\u1ea1n c\u00f3 th\u1ec3 c\u00f3 m\u1ed9t \u0110\u1ecbnh ngh\u0129a bi\u1ebfn \u0111\u01b0\u1ee3c vi\u1ebft trong Ghi ch\u00fa<\/p>\n \u0110\u1ecbnh ngh\u0129a bi\u1ebfn c\u1ee7a b\u1ea1n c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c g\u00e1n gi\u00e1 tr\u1ecb m\u1eb7c \u0111\u1ecbnh. Sau \u0111\u00e2y l\u00e0 v\u00ed d\u1ee5 m\u00e3 h\u00f3a trung t\u00e2m d\u1eef li\u1ec7u Newark c\u1ee7a Linode l\u00e0m gi\u00e1 tr\u1ecb m\u1eb7c \u0111\u1ecbnh cho m\u1ed9t Sau n\u00e0y b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng bi\u1ebfn n\u00e0y khi khai b\u00e1o phi\u00ean b\u1ea3n Linode c\u1ee7a m\u00ecnh.<\/p>\n C\u00e1c gi\u00e1 tr\u1ecb \u0111\u01b0\u1ee3c g\u00e1n cho bi\u1ebfn c\u1ee7a b\u1ea1n ngo\u00e0i c\u00e1c gi\u00e1 tr\u1ecb m\u1eb7c \u0111\u1ecbnh kh\u00f4ng \u0111\u01b0\u1ee3c bao g\u1ed3m trong \u0111\u1ecbnh ngh\u0129a bi\u1ebfn trong Sau \u0111\u00e2y l\u00e0 m\u1ed9t v\u00ed d\u1ee5 Sau \u0111\u00f3, b\u1ea1n c\u00f3 th\u1ec3 th\u00eam \u0110\u1ec3 d\u1ec5 s\u1eed d\u1ee5ng v\u1edbi Ghi ch\u00fa<\/p>\n C\u00e1c t\u1ec7p gi\u00e1 tr\u1ecb bi\u1ebfn c\u00f3 t\u00ean kh\u00f4ng kh\u1edbp Cung c\u1ea5p nhi\u1ec1u t\u1ec7p Cho \u0111\u1ebfn nay b\u1ea1n \u0111\u00e3 \u0111\u1ecbnh ngh\u0129a c\u00e1c bi\u1ebfn theo \u0111\u1ecbnh d\u1ea1ng sau:<\/p>\n Vi\u1ec7c \u0111\u1ecbnh ngh\u0129a m\u1ed9t bi\u1ebfn theo \u0111\u1ecbnh d\u1ea1ng n\u00e0y c\u0169ng g\u00e2y ra v\u1ea5n \u0111\u1ec1 l\u00e0 m\u1ed9t s\u1ed1 bi\u1ebfn m\u00e0 b\u1ea1n kh\u00f4ng mu\u1ed1n ghi v\u00e0o nh\u1eadt k\u00fd v\u1eabn \u0111\u01b0\u1ee3c ghi l\u1ea1i.<\/p>\n Nh\u01b0ng v\u1edbi t\u00f9y ch\u1ecdn \u0111\u00e1nh d\u1ea5u bi\u1ebfn l\u00e0 nh\u1ea1y c\u1ea3m, b\u1ea5t k\u1ef3 bi\u1ebfn n\u00e0o b\u1ea1n \u0111\u00e1nh d\u1ea5u l\u00e0 nh\u1ea1y c\u1ea3m s\u1ebd t\u1ef1 \u0111\u1ed9ng b\u1ecb lo\u1ea1i kh\u1ecfi nh\u1eadt k\u00fd. Th\u00eam X\u00e1c \u0111\u1ecbnh m\u1ed9t bi\u1ebfn kh\u00e1c t\u1ea1i \u0111\u00e2y c\u00f3 t\u00ean Terraform cho ph\u00e9p b\u1ea1n gi\u1eef c\u00e1c gi\u00e1 tr\u1ecb bi\u1ebfn \u0111\u1ea7u v\u00e0o trong c\u00e1c bi\u1ebfn m\u00f4i tr\u01b0\u1eddng. C\u00e1c bi\u1ebfn n\u00e0y c\u00f3 ti\u1ec1n t\u1ed1 B\u1ea1n c\u0169ng c\u00f3 th\u1ec3 bao g\u1ed3m bi\u1ebfn tr\u00ean c\u00f9ng m\u1ed9t d\u00f2ng khi ch\u1ea1y Quan tr\u1ecdng: Ph\u01b0\u01a1ng ph\u00e1p n\u00e0y s\u1ebd ghi l\u1ea1i bi\u1ebfn m\u00f4i tr\u01b0\u1eddng v\u00e0o l\u1ecbch s\u1eed shell c\u1ee7a b\u1ea1n, v\u00ec v\u1eady h\u00e3y c\u1ea9n th\u1eadn khi s\u1eed d\u1ee5ng ph\u01b0\u01a1ng ph\u00e1p n\u00e0y.<\/p>\n Gi\u00e1 tr\u1ecb bi\u1ebfn c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp b\u1eb1ng Quan tr\u1ecdng: Ph\u01b0\u01a1ng ph\u00e1p n\u00e0y ghi l\u1ea1i bi\u1ebfn d\u00f2ng l\u1ec7nh v\u00e0o l\u1ecbch s\u1eed shell c\u1ee7a b\u1ea1n v\u00e0 hi\u1ec3n th\u1ecb n\u00f3 cho nh\u1eefng ng\u01b0\u1eddi d\u00f9ng kh\u00e1c tr\u00ean h\u1ec7 th\u1ed1ng \u0111ang ch\u1ea1y N\u1ebfu Terraform kh\u00f4ng t\u00ecm th\u1ea5y gi\u00e1 tr\u1ecb m\u1eb7c \u0111\u1ecbnh cho m\u1ed9t bi\u1ebfn \u0111\u00e3 x\u00e1c \u0111\u1ecbnh, gi\u00e1 tr\u1ecb t\u1eeb t\u1ec7p Ph\u01b0\u01a1ng ph\u00e1p n\u00e0y d\u1ec5 s\u1eed d\u1ee5ng h\u01a1n m\u1ed9t ch\u00fat so v\u1edbi vi\u1ec7c cung c\u1ea5p c\u00e1c bi\u1ebfn m\u00f4i tr\u01b0\u1eddng. N\u00f3 c\u0169ng hi\u1ec3n th\u1ecb m\u00f4 t\u1ea3 b\u1ea1n thi\u1ebft l\u1eadp khi x\u00e1c \u0111\u1ecbnh bi\u1ebfn c\u1ee7a m\u00ecnh.<\/p>\n T\u01b0\u01a1ng \u0111\u1ed1i d\u1ec5 \u0111\u1ec3 gi\u1eef b\u00ed m\u1eadt kh\u1ecfi T\u1ec7p tr\u1ea1ng th\u00e1i<\/em> n\u00e0y ch\u1ee9a m\u1ed9t \u0111\u1ed1i t\u01b0\u1ee3ng JSON l\u01b0u gi\u1eef tr\u1ea1ng th\u00e1i hi\u1ec7n t\u1ea1i c\u1ee7a c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd c\u1ee7a b\u1ea1n. Tr\u1ea1ng th\u00e1i n\u00e0y l\u00e0 \u1ea3nh ch\u1ee5p nhanh c\u00e1c thu\u1ed9c t\u00ednh kh\u00e1c nhau c\u1ee7a c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng c\u1ee7a b\u1ea1n khi n\u00f3 \u0111\u01b0\u1ee3c s\u1eeda \u0111\u1ed5i l\u1ea7n cu\u1ed1i. N\u00f3 \u0111\u01b0\u1ee3c t\u1ea1o ra T\u1ea1i th\u1eddi \u0111i\u1ec3m vi\u1ebft h\u01b0\u1edbng d\u1eabn n\u00e0y, th\u00f4ng tin nh\u1ea1y c\u1ea3m \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 t\u1ea1o tr\u1ea1ng th\u00e1i Terraform c\u1ee7a b\u1ea1n c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef d\u01b0\u1edbi d\u1ea1ng v\u0103n b\u1ea3n thu\u1ea7n t\u00fay trong C\u00e1c backend<\/em><\/a> Terraform cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng l\u01b0u tr\u1eef an to\u00e0n tr\u1ea1ng th\u00e1i c\u1ee7a h\u1ecd \u1edf m\u1ed9t v\u1ecb tr\u00ed t\u1eeb xa. V\u00ed d\u1ee5, m\u1ed9t kho l\u01b0u tr\u1eef kh\u00f3a\/gi\u00e1 tr\u1ecb nh\u01b0 Consul<\/a> ho\u1eb7c m\u1ed9t kho l\u01b0u tr\u1eef bucket t\u01b0\u01a1ng th\u00edch v\u1edbi S3 nh\u01b0 Minio<\/a> . \u0110i\u1ec1u n\u00e0y cho ph\u00e9p \u0111\u1ecdc tr\u1ea1ng th\u00e1i Terraform t\u1eeb kho l\u01b0u tr\u1eef t\u1eeb xa. V\u00ec tr\u1ea1ng th\u00e1i ch\u1ec9 t\u1ed3n t\u1ea1i c\u1ee5c b\u1ed9 trong b\u1ed9 nh\u1edb n\u00ean kh\u00f4ng c\u1ea7n lo l\u1eafng v\u1ec1 vi\u1ec7c l\u01b0u tr\u1eef b\u00ed m\u1eadt d\u01b0\u1edbi d\u1ea1ng v\u0103n b\u1ea3n thu\u1ea7n t\u00fay.<\/p>\n M\u1ed9t s\u1ed1 backend, nh\u01b0 Consul, c\u0169ng cho ph\u00e9p kh\u00f3a tr\u1ea1ng th\u00e1i. N\u1ebfu m\u1ed9t ng\u01b0\u1eddi d\u00f9ng \u0111ang \u00e1p d\u1ee5ng tr\u1ea1ng th\u00e1i, ng\u01b0\u1eddi d\u00f9ng kh\u00e1c kh\u00f4ng th\u1ec3 th\u1ef1c hi\u1ec7n b\u1ea5t k\u1ef3 thay \u0111\u1ed5i n\u00e0o.<\/p>\n S\u1eed d\u1ee5ng ch\u01b0\u01a1ng tr\u00ecnh ph\u1ee5 tr\u1ee3 Terraform l\u00e0 c\u00e1ch t\u1ed1t nh\u1ea5t \u0111\u1ec3 chia s\u1ebb t\u1ec7p tr\u1ea1ng th\u00e1i Terraform.<\/p>\n C\u00f3 c\u00e1c c\u00f4ng c\u1ee5 c\u1ee7a b\u00ean th\u1ee9 ba cho ph\u00e9p b\u1ea1n m\u00e3 h\u00f3a b\u00ed m\u1eadt c\u1ee7a m\u00ecnh. N\u1ebfu b\u1ea1n m\u00e3 h\u00f3a b\u00ed m\u1eadt trong t\u1ec7p c\u1ee7a m\u00ecnh C\u00f3 th\u1ec3 cung c\u1ea5p m\u1eadt kh\u1ea9u gi\u1ea3 cho Terraform v\u00e0 sau \u0111\u00f3 \u0111\u1ed5i th\u00e0nh m\u1eadt kh\u1ea9u an to\u00e0n h\u01a1n. V\u00ed d\u1ee5, n\u1ebfu b\u1ea1n t\u1ea1o m\u1ed9t phi\u00ean b\u1ea3n Linode v\u1edbi m\u1eadt kh\u1ea9u root gi\u1ea3, sau \u0111\u00f3 b\u1ea1n c\u00f3 th\u1ec3 \u0111\u1ed5i m\u1eadt kh\u1ea9u \u0111\u00f3 t\u1eeb d\u00f2ng l\u1ec7nh ho\u1eb7c trong Linode Manager.Ghi ch\u00faB\u1ea5t k\u1ef3 n\u1ed7 l\u1ef1c n\u00e0o nh\u1eb1m thay \u0111\u1ed5i m\u1eadt kh\u1ea9u trong <\/p>\n N\u1ebfu b\u1ea1n kh\u00f4ng th\u1ec3 s\u1eed d\u1ee5ng c\u00e1c t\u00f9y ch\u1ecdn tr\u00ean \u0111\u1ec3 qu\u1ea3n l\u00fd t\u1ec7p tr\u1ea1ng th\u00e1i v\u00e0 kh\u00f4ng th\u1ec3 s\u1eed d\u1ee5ng n\u1ec1n t\u1ea3ng nh\u01b0 GitHub ho\u1eb7c GitLab \u0111\u1ec3 chia s\u1ebb t\u1ec7p tr\u1ea1ng th\u00e1i c\u1ee7a m\u00ecnh, th\u00ec \u00edt nh\u1ea5t kho l\u01b0u tr\u1eef ph\u1ea3i \u1edf ch\u1ebf \u0111\u1ed9 ri\u00eang t\u01b0.<\/p>\n Sau khi b\u1ea1n \u0111\u00e3 \u0111\u1ecbnh ngh\u0129a \u0111\u00fang b\u00ed m\u1eadt c\u1ee7a m\u00ecnh trong m\u1ed9t bi\u1ebfn, b\u1ea1n c\u00f3 th\u1ec3 truy\u1ec1n c\u00e1c bi\u1ebfn n\u00e0y v\u00e0o t\u00e0i nguy\u00ean Terraform c\u1ee7a m\u00ecnh.<\/p>\n B\u1ea1n c\u0169ng c\u00f3 th\u1ec3 thi\u1ebft l\u1eadp c\u00e1c b\u00ed m\u1eadt tr\u1ef1c ti\u1ebfp trong c\u00e1c bi\u1ebfn m\u00f4i tr\u01b0\u1eddng c\u1ee7a m\u00ecnh. V\u00e0 b\u1ea1n c\u00f3 th\u1ec3 \u0111\u1ecbnh ngh\u0129a c\u00e1c bi\u1ebfn m\u00f4i tr\u01b0\u1eddng \u0111\u01b0\u1ee3c t\u1ef1 \u0111\u1ed9ng ch\u1ecdn m\u1ed7i khi b\u1ea1n ch\u1ea1y Terraform.<\/p>\n \u0110\u1ec3 l\u00e0m nh\u01b0 v\u1eady, tr\u01b0\u1edbc ti\u00ean b\u1ea1n c\u1ea7n \u0111\u1eb7t nh\u1eefng b\u00ed m\u1eadt n\u00e0y l\u00e0m bi\u1ebfn m\u00f4i tr\u01b0\u1eddng. B\u1ea1n c\u00f3 th\u1ec3 l\u00e0m \u0111i\u1ec1u \u0111\u00f3 b\u1eb1ng c\u00e1ch:<\/p>\n Ghi ch\u00fa: Sau khi c\u00e1c bi\u1ebfn \u0111\u01b0\u1ee3c x\u00e1c \u0111\u1ecbnh \u0111\u00fang, l\u1ea7n ti\u1ebfp theo b\u1ea1n ch\u1ea1y Terraform, n\u00f3 s\u1ebd t\u1ef1 \u0111\u1ed9ng ch\u1ecdn c\u00e1c b\u00ed m\u1eadt terraform apply<\/p>\n N\u1ebfu m\u00e1y c\u1ee7a b\u1ea1n ch\u01b0a Sau khi Nh\u1eadp m\u1eadt kh\u1ea9u cho Nh\u1eadp m\u1eadt kh\u1ea9u cho B\u00e2y gi\u1edd h\u00e3y ch\u1ea1y l\u1ec7nh sau: \u0110i\u1ec1u n\u00e0y gi\u00fap qu\u1ea3n l\u00fd b\u00ed m\u1eadt trong Terraform d\u1ec5 d\u00e0ng h\u01a1n v\u00e0 gi\u1ea3m kh\u1ea3 n\u0103ng b\u1ea3o tr\u00ec c\u01a1 s\u1edf m\u00e3 c\u1ee7a b\u1ea1n. B\u1edfi v\u00ec qu\u1ea3n l\u00fd b\u00ed m\u1eadt \u0111\u01b0\u1ee3c \u0111\u1ecbnh ngh\u0129a b\u00ean ngo\u00e0i m\u00e3 c\u1ee7a Terraform.<\/p>\n B\u1ea1n c\u0169ng c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng kho l\u01b0u tr\u1eef b\u00ed m\u1eadt \u0111\u1ec3 qu\u1ea3n l\u00fd b\u00ed m\u1eadt Terraform. S\u1eed d\u1ee5ng kho l\u01b0u tr\u1eef b\u00ed m\u1eadt ngu\u1ed3n m\u1edf v\u00e0 \u0111a n\u1ec1n t\u1ea3ng nh\u01b0 HashiCorp Vault gi\u00fap l\u01b0u tr\u1eef d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m v\u00e0 h\u1ea1n ch\u1ebf ng\u01b0\u1eddi c\u00f3 th\u1ec3 truy c\u1eadp d\u1eef li\u1ec7u \u0111\u00f3.<\/p>\n HashiCorp vault s\u1eed d\u1ee5ng m\u1ed9t m\u00e3 th\u00f4ng b\u00e1o \u0111\u1ec3 x\u00e1c th\u1ef1c quy\u1ec1n truy c\u1eadp, m\u1ed9t ch\u00ednh s\u00e1ch x\u00e1c \u0111\u1ecbnh nh\u1eefng h\u00e0nh \u0111\u1ed9ng n\u00e0o c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n. N\u00f3 c\u0169ng s\u1eed d\u1ee5ng c\u00e1c \u0111\u01b0\u1eddng d\u1eabn cho ph\u00e9p m\u1ed9t c\u00f4ng c\u1ee5 b\u00ed m\u1eadt ph\u1ee5c v\u1ee5 b\u00ed m\u1eadt cho HashiCorp Vault.<\/p>\n Terraform Ghi ch\u00fa<\/p>\n Trong v\u00ed d\u1ee5 n\u00e0y, trong Vault c\u00f3 m\u1ed9t kh\u00f3a \u0111\u01b0\u1ee3c \u0111\u1eb7t t\u00ean Trong c\u00e1ch s\u1eed d\u1ee5ng chung, h\u00e3y thay th\u1ebf Gi\u1eef b\u00ed m\u1eadt kh\u1ecfi c\u00e1c t\u1eadp tin .tf<\/a><\/h2>\n
.tf<\/code>c\u00e1c t\u1ec7p ch\u1ee9a m\u00e3 khai b\u00e1o \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 t\u1ea1o, qu\u1ea3n l\u00fd v\u00e0 h\u1ee7y c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng. M\u00e3 n\u00e0y th\u01b0\u1eddng \u0111\u01b0\u1ee3c cam k\u1ebft v\u1edbi h\u1ec7 th\u1ed1ng ki\u1ec3m so\u00e1t phi\u00ean b\u1ea3n nh\u01b0 Git, s\u1eed d\u1ee5ng n\u1ec1n t\u1ea3ng nh\u01b0 GitHub v\u00e0 \u0111\u01b0\u1ee3c chia s\u1ebb trong nh\u00f3m. V\u00ec th\u00f4ng tin n\u00e0y d\u1ec5 d\u00e0ng \u0111\u01b0\u1ee3c c\u00f4ng khai, n\u00ean \u0111i\u1ec1u quan tr\u1ecdng l\u00e0 b\u1ea1n ph\u1ea3i \u0111\u1ea3m b\u1ea3o m\u00e3 \u0111\u00e3 cam k\u1ebft c\u1ee7a m\u00ecnh kh\u00f4ng c\u00f3 b\u00ed m\u1eadt.<\/p>\nBi\u1ebfn \u0111\u1ea7u v\u00e0o<\/a><\/h3>\n
.tf<\/code>t\u1ec7p c\u00f3 th\u1ec3 ch\u1ea5p nh\u1eadn gi\u00e1 tr\u1ecb t\u1eeb c\u00e1c bi\u1ebfn \u0111\u1ea7u v\u00e0o<\/em><\/a> . C\u00e1c bi\u1ebfn n\u00e0y \u0111\u01b0\u1ee3c bao g\u1ed3m trong c\u1ea5u h\u00ecnh c\u1ee7a b\u1ea1n b\u1eb1ng c\u00fa ph\u00e1p n\u1ed9i suy<\/a> c\u1ee7a Terraform .<\/p>\nlinode-infrastructure.tf<\/code>t\u1ec7p trong kh\u1ed1i nh\u00e0 cung c\u1ea5p y\u00eau c\u1ea7u m\u00e3 th\u00f4ng b\u00e1o truy c\u1eadp API. token<\/code>\u0110\u1ecbnh ngh\u0129a bi\u1ebfn \u0111\u01b0\u1ee3c khai b\u00e1o b\u00ean trong .tf<\/code>t\u1ec7p v\u00e0 sau \u0111\u00f3 \u0111\u01b0\u1ee3c n\u1ed9i suy b\u00ean trong khai b\u00e1o nh\u00e0 cung c\u1ea5p v\u1edbi \"${var.token}\"<\/code>c\u00fa ph\u00e1p:<\/p>\nvariable \"token\" {\n description = \"Your API access token\"\n}\n\nprovider \"linode\" {\n token = var.token\n}<\/code><\/pre>\n.tf<\/code>t\u1ec7p. Trong v\u00ed d\u1ee5 n\u00e0y, \u0111\u00f3 l\u00e0 c\u00f9ng m\u1ed9t t\u1ec7p v\u1edbi c\u1ea5u h\u00ecnh nh\u00e0 cung c\u1ea5p c\u1ee7a b\u1ea1n, nh\u01b0ng \u0111\u1ecbnh ngh\u0129a .tf<\/code>c\u0169ng c\u00f3 th\u1ec3 n\u1eb1m trong m\u1ed9t t\u1ec7p ri\u00eang.<\/p>\nregion<\/code>bi\u1ebfn:<\/p>\nvariable \"region\" {\n description = \"The region to deploy Linode instances in\"\n default = \"us-east\"\n}<\/code><\/pre>\nG\u00e1n gi\u00e1 tr\u1ecb bi\u1ebfn trong m\u1ed9t t\u1ec7p<\/a><\/h3>\n
.tf<\/code>c\u00e1c t\u1ec7p. Thay v\u00e0o \u0111\u00f3, c\u00e1c gi\u00e1 tr\u1ecb \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef trong c\u00e1c t\u1ec7p ri\u00eang bi\u1ec7t c\u00f3 .tfvars<\/code>ph\u1ea7n m\u1edf r\u1ed9ng. Khi Terraform ch\u1ea1y l\u1ec7nh nh\u01b0 plan<\/code>ho\u1eb7c apply<\/code>, n\u00f3 t\u1ef1 \u0111\u1ed9ng t\u00ecm ki\u1ebfm t\u1ec7p c\u00f3 t\u00ean terraform.tfvars<\/code>, ho\u1eb7c c\u00e1c t\u1ec7p c\u00f3 .auto.tfvars<\/code>ph\u1ea7n m\u1edf r\u1ed9ng trong th\u01b0 m\u1ee5c l\u00e0m vi\u1ec7c.<\/p>\nterraform.tfvars<\/code>cung c\u1ea5p gi\u00e1 tr\u1ecb cho token<\/code>bi\u1ebfn t\u1eeb v\u00ed d\u1ee5 tr\u01b0\u1edbc:<\/p>\ntoken = 'your-token-value'<\/code><\/pre>\nterraform.tfvars<\/code>t\u1ec7p v\u00e0o .gitignore<\/code>t\u1ec7p v\u00e0 gi\u1eef t\u1ec7p ngo\u00e0i t\u1ea7m ki\u1ec3m so\u00e1t phi\u00ean b\u1ea3n. Chi\u1ebfn l\u01b0\u1ee3c n\u00e0y cho ph\u00e9p b\u1ea1n cam k\u1ebft t\u1ec7p m\u1ed9t c\u00e1ch an to\u00e0n linode-infrastructure.tf<\/code>.<\/p>\nterraform.tfvars<\/code>c\u00e1c t\u1ec7p l\u1edbn, c\u00f3 th\u1ec3 h\u1eefu \u00edch khi \u0111\u01b0a m\u1ed9t v\u00ed d\u1ee5 terraform.tfvars.example<\/code>v\u00e0o kho l\u01b0u tr\u1eef Git c\u1ee7a b\u1ea1n. T\u00ean bi\u1ebfn c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c ghi l\u1ea1i, nh\u01b0ng kh\u00f4ng c\u1ea7n nh\u1eadp b\u1ea5t k\u1ef3 gi\u00e1 tr\u1ecb n\u00e0o. Sau \u0111\u00f3, c\u00e1c th\u00e0nh vi\u00ean trong nh\u00f3m c\u00f3 th\u1ec3 sao ch\u00e9p v\u00ed d\u1ee5 n\u00e0y v\u00e0o kho l\u01b0u tr\u1eef c\u1ee5c b\u1ed9 c\u1ee7a h\u1ecd terraform.tfvars<\/code>v\u00e0 nh\u1eadp c\u00e1c gi\u00e1 tr\u1ecb ph\u00f9 h\u1ee3p.<\/p>\nterraform.tfvars<\/code>ho\u1eb7c *.auto.tfvars<\/code>c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c ch\u1ec9 \u0111\u1ecbnh b\u1eb1ng -var-file<\/code>t\u00f9y ch\u1ecdn:<\/p>\nterraform apply -var-file=myvars.tfvars\n<\/code><\/pre>\n.tfvars<\/code>l\u00e0 m\u1ed9t c\u00e1ch kh\u00e1c \u0111\u1ec3 ph\u00e2n t\u00e1ch c\u00e1c bi\u1ebfn b\u00ed m\u1eadt v\u00e0 bi\u1ebfn kh\u00f4ng b\u00ed m\u1eadt; v\u00ed d\u1ee5:<\/p>\nterraform apply \\\n-var-file=non-secret-variables.tfvars \\\n-var-file=secret-variables.tfvars<\/code><\/pre>\n\u0110\u00e1nh d\u1ea5u c\u00e1c bi\u1ebfn l\u00e0 nh\u1ea1y c\u1ea3m<\/a><\/h4>\n
variable \"database_username\" {\n description = \"Username of database administrator\"\n type = string\n}<\/code><\/pre>\nsensitive = true<\/code>gi\u00fap b\u1ea1n \u0111\u00e1nh d\u1ea5u bi\u1ebfn l\u00e0 nh\u1ea1y c\u1ea3m. B\u00e2y gi\u1edd, \u0111\u00e1nh d\u1ea5u database_username<\/code>l\u00e0 bi\u1ebfn nh\u1ea1y c\u1ea3m b\u1eb1ng c\u00e1ch ch\u1ec9nh s\u1eeda \u0111\u1ecbnh ngh\u0129a bi\u1ebfn th\u00e0nh nh\u01b0 sau:<\/p>\nvariable \"database_username\" {\n description = \"Username of database administrator\"\n type = string\n sensitive = true\n}<\/code><\/pre>\ndata_password<\/code>m\u00e0 b\u1ea1n \u0111\u1ecbnh s\u1eed d\u1ee5ng sau trong h\u01b0\u1edbng d\u1eabn n\u00e0y.<\/p>\nvariable \"database_password\" {\n description = \"Password of database administrator\"\n type = string\n sensitive = true\n}<\/code><\/pre>\nG\u00e1n gi\u00e1 tr\u1ecb trong bi\u1ebfn m\u00f4i tr\u01b0\u1eddng<\/a><\/h3>\n
TF_VAR_<\/code>v\u00e0 \u0111\u01b0\u1ee3c cung c\u1ea5p t\u1ea1i d\u00f2ng l\u1ec7nh. S\u1eed d\u1ee5ng v\u00ed d\u1ee5 tr\u00ean v\u1ec1 m\u00e3 th\u00f4ng b\u00e1o truy c\u1eadp API, b\u1ea1n c\u00f3 th\u1ec3 xu\u1ea5t bi\u1ebfn v\u00e0 s\u1eed d\u1ee5ng nh\u01b0 sau:<\/p>\nexport TF_VAR_token=your-token-value\nterraform apply\n<\/code><\/pre>\nterraform plan<\/code>ho\u1eb7c terraform apply<\/code>:<\/p>\nTF_VAR_token=your-token-value terraform apply<\/code><\/pre>\nG\u00e1n gi\u00e1 tr\u1ecb trong c\u1edd d\u00f2ng l\u1ec7nh<\/a><\/h3>\n
-var<\/code>t\u00f9y ch\u1ecdn:<\/p>\nterraform apply -var 'token=your-token-value'<\/code><\/pre>\nps<\/code>.<\/p>\nCung c\u1ea5p c\u00e1c bi\u1ebfn t\u1ea1i Prompt<\/a><\/h3>\n
.tfvars<\/code>, bi\u1ebfn m\u00f4i tr\u01b0\u1eddng ho\u1eb7c c\u1edd CLI, n\u00f3 s\u1ebd nh\u1eafc b\u1ea1n nh\u1eadp gi\u00e1 tr\u1ecb:<\/p>\n$ terraform plan\nvar.token\n Your API access token\n\n Enter a value:<\/code><\/pre>\nC\u00e1ch qu\u1ea3n l\u00fd h\u1ed3 s\u01a1 ti\u1ec3u bang c\u1ee7a b\u1ea1n<\/a><\/h2>\n
.tf<\/code>c\u00e1c t\u1ec7p b\u1eb1ng b\u1ea5t k\u1ef3 ph\u01b0\u01a1ng ph\u00e1p n\u00e0o \u1edf tr\u00ean. Tuy nhi\u00ean, b\u1ea1n c\u0169ng c\u1ea7n ph\u1ea3i bi\u1ebft v\u1ec1 terraform.tfstate<\/code>t\u1ec7p \u0111\u1ec3 qu\u1ea3n l\u00fd b\u00ed m\u1eadt.<\/p>\nterraform apply<\/code>v\u00e0 l\u00e0 m\u1ed9t ph\u1ea7n c\u1ea7n thi\u1ebft c\u1ee7a quy tr\u00ecnh Terraform. B\u1edfi v\u00ec n\u00f3 \u00e1nh x\u1ea1 m\u00e3 khai b\u00e1o c\u1ee7a .tf<\/code>c\u00e1c t\u1ec7p c\u1ee7a b\u1ea1n v\u1edbi c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng th\u1ebf gi\u1edbi th\u1ef1c c\u1ee7a b\u1ea1n.<\/p>\nterraform.tfstate<\/code>t\u1ec7p<\/strong> . V\u00ed d\u1ee5: n\u1ebfu b\u1ea1n \u0111ang l\u00e0m vi\u1ec7c v\u1edbi nh\u00e0 cung c\u1ea5p Linode v\u00e0 \u0111\u00e3 cung c\u1ea5p m\u1eadt kh\u1ea9u g\u1ed1c cho phi\u00ean b\u1ea3n Linode c\u1ee7a m\u00ecnh. M\u1eadt kh\u1ea9u g\u1ed1c n\u00e0y \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef d\u01b0\u1edbi d\u1ea1ng v\u0103n b\u1ea3n thu\u1ea7n t\u00fay trong t\u1ec7p tr\u1ea1ng th\u00e1i. Tr\u00e1nh ki\u1ec3m tra terraform.tfstate<\/code>t\u1ec7p c\u1ee7a b\u1ea1n trong kho l\u01b0u tr\u1eef ki\u1ec3m so\u00e1t phi\u00ean b\u1ea3n<\/strong> . Thay v\u00e0o \u0111\u00f3, sau \u0111\u00e2y l\u00e0 m\u1ed9t s\u1ed1 chi\u1ebfn l\u01b0\u1ee3c \u0111\u1ec3 l\u01b0u tr\u1eef v\u00e0 chia s\u1ebb t\u1ec7p tr\u1ea1ng th\u00e1i c\u1ee7a b\u1ea1n.<\/p>\nBackend t\u1eeb xa<\/a><\/h3>\n
M\u00e3 h\u00f3a b\u00ed m\u1eadt<\/a><\/h3>\n
terraform.tfstate<\/code>, .tfvars<\/code>b\u1ea1n c\u00f3 th\u1ec3 ki\u1ec3m tra ch\u00fang trong ki\u1ec3m so\u00e1t phi\u00ean b\u1ea3n m\u1ed9t c\u00e1ch an to\u00e0n:<\/p>\n\n
terraform.tfvars<\/code>t\u1ec7p.<\/li>\n<\/ul>\nS\u1eed d\u1ee5ng m\u1eadt kh\u1ea9u gi\u1ea3<\/a><\/h3>\n
.tf<\/code>t\u1ec7p \u0111\u1ec1u d\u1eabn \u0111\u1ebfn vi\u1ec7c t\u1ea1o ra c\u00e1c t\u00e0i nguy\u00ean m\u1edbi tr\u00ean <\/p>\nterraform apply<\/code>.<\/p>\nKi\u1ec3m so\u00e1t phi\u00ean b\u1ea3n ri\u00eang t\u01b0<\/a><\/h3>\n
S\u1eed d\u1ee5ng
pass<\/code>\u0111\u1ec3 qu\u1ea3n l\u00fd b\u00ed m\u1eadt v\u1edbi Terraform<\/a><\/h2>\n# Configure the Linode provider\nprovider \"linode\" {\n token = \"$LINODE_TOKEN\"\n}\n\nresource \"linode_instance_1\" \"linode\" {\n type = \"simple\"\n domain = \"linode.example\"\n soa_email = \"linode@linode.example\"\n tags = [\"tag1\", \"tag2\"]\n\n #Here we set secrets from the variables\n username = var.database_username\n password = var.database_password\n}\n\nresource \"linode_instance_2\" \"linode_2\" {\n domain_id = \"${linode_domain.linode_2.id}\"\n name = \"www\"\n record_type = \"CNAME\"\n target = \"linode_2.example\"\n}<\/code><\/pre>\nexport TF_VAR_database_username=(\"Username of database administrator\")\nexport TF_VAR_database_password=(\"Password of database administrator\")<\/code><\/pre>\nC\u00e0i \u0111\u1eb7t
pass<\/code><\/a><\/h3>\npass<\/code>c\u00e0i \u0111\u1eb7t, h\u00e3y ch\u1ea1y l\u1ec7nh sau \u0111\u1ec3 c\u00e0i \u0111\u1eb7t:<\/p>\n sudo apt install pass\n<\/code><\/pre>\npass<\/code>c\u00e0i \u0111\u1eb7t, b\u1ea1n c\u00f3 th\u1ec3 l\u01b0u tr\u1eef b\u00ed m\u1eadt c\u1ee7a m\u00ecnh b\u1eb1ng c\u00e1ch ch\u1ea1y pass insert<\/code>t\u1ea5t c\u1ea3 b\u00ed m\u1eadt c\u1ee7a m\u00ecnh. Trong h\u00ecnh minh h\u1ecda n\u00e0y, h\u00e3y ch\u1ea1y pass insert<\/code>tr\u00ean b\u00ed m\u1eadt database_username<\/code>v\u00e0 database_password<\/code>.<\/p>\n pass insert database_username\n<\/code><\/pre>\ndatabase_username<\/code>: admin<\/p>\n pass insert database_password\n<\/code><\/pre>\ndatabase_password<\/code>: m\u1eadt kh\u1ea9u<\/p>\npass <your secret><\/code><\/p>\nQu\u1ea3n l\u00fd b\u00ed m\u1eadt b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng k\u00e9t s\u1eaft<\/a><\/h2>\n
valut_generic_secret<\/code>cho ph\u00e9p ch\u00fang ta \u0111\u1ecdc b\u00ed m\u1eadt b\u1eb1ng HashiCorp Vault.<\/p>\ndata \"vault_generic_secret\" \"linode_auth\" {\n path = \"secret\/linode_auth\"\n}<\/code><\/pre>\nauth_token<\/code>v\u00e0 gi\u00e1 tr\u1ecb l\u00e0 m\u00e3 th\u00f4ng b\u00e1o m\u00e0 ch\u00fang ta c\u1ea7n gi\u1eef b\u00ed m\u1eadt.<\/p>\nauth_token<\/code>b\u1eb1ng kh\u00f3a m\u00e0 b\u1ea1n mu\u1ed1n tr\u00edch xu\u1ea5t t\u1eeb \u200b\u200bVault.<\/p>\n