使用 Terraform 管理 TrueNAS

有时，结合不同的开源项目会带来好处。将 Terraform 与 TrueNAS 结合使用的协同效应就是一个完美的例子。

TrueNAS 是一个基于 FreeBSD 的操作系统，提供网络附加存储 (NAS) 和网络服务。它的主要优势之一是利用 ZFS 文件系统，该系统以企业级可靠性和容错能力而闻名。Terraform 是一种配置和部署工具，体现了基础设施即代码的概念。

TrueNAS

TrueNAS 为其管理提供了一个非常好的 Web 用户界面 (UI) 和一个应用程序编程接口 (API)。Terraform 可以与 API 集成，以提供 NAS 的配置管理，我将在下面演示。

首先，我使用虚拟机管理器配置了一个虚拟机，然后安装了最新版本 TrueNAS 13.0。唯一必要的输入是输入 root 密码。重启后，将出现主菜单。您还将看到 HTTP 管理地址。您可以从本地 Web 浏览器访问此地址。

图片来源：

(Alan Formy-Duval, CC BY-SA 4.0)

Terraform

Terraform 需要安装在可以访问 TrueNAS 管理 URL 的位置。我正在利用 tfenv，这是一个用于管理 Terraform 版本的工具。

$ tfenv list-remote
$ tfenv install 1.2.0
$ tfenv use 1.2.0
$ terraform -version
Terraform v1.2.0
on linux_amd64

接下来，创建一个工作目录，例如 ~/code/terraform/truenas，以包含与您的 TrueNAS 实例关联的配置文件。

$ mkdir ~/code/terraform/truenas
$ cd ~/code/terraform/truenas

创建初始 Terraform 配置文件，并添加必要的指令以定义 TrueNAS 提供程序。

$ vi main.tf

提供程序将如下所示，其中需要正确指定您的 TrueNAS 实例的地址和 API 密钥。

$ cat main.tf


terraform {
  required_providers {
    truenas = {
      source = "dariusbakunas/truenas"
      version = "0.9.0"
    }
  }
}

provider "truenas" {
  api_key = "1-61pQpp3WyfYwg4dHToTHcOt7QQzVrMtZnkJAe9mmA0Z2w5MJsDB7Bng5ofZ3bbyn"
  base_url = "http://192.168.122.139/api/v2.0"
}

TrueNAS API 密钥在 Web UI 中创建。登录并单击右上角的小齿轮。

图片来源：

(Alan Formy-Duval, CC BY-SA 4.0)

此 UI 部分使您可以创建 API 密钥。生成后，将其复制到 main.tf 文件。

初始化

在您的 TrueNAS Terraform 目录中，您有 main.tf 文件。第一步是使用命令 terraform init 进行初始化，这将生成以下结果

Initializing the backend...

Initializing provider plugins...
- Finding dariusbakunas/truenas versions matching "0.9.0"...
- Installing dariusbakunas/truenas v0.9.0...
- Installed dariusbakunas/truenas v0.9.0 (self-signed, key ID E44AF1CA58555E96)

Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.

成功初始化意味着您已准备好开始添加资源。任何 TrueNAS 项目，例如存储池、网络文件系统 (NFS) 共享或 cron 作业，都是资源。

添加 ZFS 数据集

以下示例资源指令定义了一个 ZFS 数据集。对于我的示例，我将其添加到 main.tf 文件。

resource "truenas_dataset" "pictures" {
  pool = "storage-pool"
  name = "pictures"
  comments = "Terraform created dataset for Pictures"
 }

运行命令 terraform validate 以检查配置。

Success! The configuration is valid.

运行 terraform plan 将描述 Terraform 将执行的操作。现在，使用 terraform apply 添加新的数据集。

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # truenas_dataset.pictures will be created
  + resource "truenas_dataset" "pictures" {
      + acl_mode             = (known after apply)
      + acl_type             = (known after apply)
      + atime                = (known after apply)
      + case_sensitivity     = (known after apply)
      + comments             = "Terraform created dataset for Pictures"
      + compression          = (known after apply)
      + copies               = (known after apply)
      + dataset_id           = (known after apply)
      + deduplication        = (known after apply)
      + encrypted            = (known after apply)
      + encryption_algorithm = (known after apply)
      + encryption_key       = (sensitive value)
      + exec                 = (known after apply)
      + generate_key         = (known after apply)
      + id                   = (known after apply)
      + managed_by           = (known after apply)
      + mount_point          = (known after apply)
      + name                 = "pictures"
      + pbkdf2iters          = (known after apply)
      + pool                 = "storage-pool"
      + quota_bytes          = (known after apply)
      + quota_critical       = (known after apply)
      + quota_warning        = (known after apply)
      + readonly             = (known after apply)
      + record_size          = (known after apply)
      + ref_quota_bytes      = (known after apply)
      + ref_quota_critical   = (known after apply)
      + ref_quota_warning    = (known after apply)
      + share_type           = (known after apply)
      + snap_dir             = (known after apply)
      + sync                 = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value:

键入 yes 以确认并按 Enter 键。

truenas_dataset.pictures: Creating...
truenas_dataset.pictures: Creation complete after 0s [id=storage-pool/pictures]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

就是这样。您可以在 TrueNAS Web UI 中检查这个新的数据集。

图片来源：

(Alan Formy-Duval, CC BY-SA 4.0)

使用 TrueNAS 和 Terraform 做更多事情

用于 Terraform 的 TrueNAS 提供程序允许您管理 TrueNAS 设备的更多方面。例如，您可以将这个新的数据集共享为 NFS 或服务器消息块 (SMB) 共享。您还可以创建其他数据集、cron 作业和 zvols。