Adding Terraform basics

This commit is contained in:
Philippe Caseiro 2021-03-22 19:52:11 +01:00
parent 02e13dfb00
commit 740a8de4a2
17 changed files with 597 additions and 2 deletions

View File

@ -0,0 +1,17 @@
location /factory/ {
alias /srv/factory/images/;
autoindex on;
allow 192.168.10.0/24;
allow 192.168.5.0/24;
deny all;
}
location /factory/images/cadoles/ {
alias /srv/factory/images/cadoles/;
autoindex on;
allow 192.168.5.10;
allow 192.168.5.11;
allow 192.168.5.12;
allow 192.168.5.13;
allow 192.168.10.177/24;
deny all;
}

11
fabrica
View File

@ -2,7 +2,6 @@
WORKDIR="./terraform" WORKDIR="./terraform"
TERRA="terraform" TERRA="terraform"
VAR_FILE="main.tfvars"
PACKER_ROOT="./packer" PACKER_ROOT="./packer"
# FIXME # FIXME
@ -23,7 +22,15 @@ function trun()
echo "--> Git pull needed !" echo "--> Git pull needed !"
return 1 return 1
fi fi
${TERRA} ${1} -var-file ${VAR_FILE}
VAR_FILES=$(ls *.tfvars)
OPTS=""
for fl in ${VAR_FILES}
do
OPTS="${OPTS} -var-file ${fl}"
done
${TERRA} ${1} ${OPTS}
res=${?} res=${?}
cd - cd -

12
terraform/01-main.tfvars Normal file
View File

@ -0,0 +1,12 @@
one_endpoint = "https://myhapy.fabrica.local/RPC2"
one_user = "terra"
one_pass = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
one_vswitch = "vswitch"
one_prod_ds = "101"
image_builder_ip = "192.168.1.108"
dns_server = "192.168.5.53"
dns_domain = "fabrica.local."
cluster_id = 0
dns_key_name = "terraform.key."
dns_key_secret = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

View File

@ -0,0 +1,22 @@
dns_zones = [
{
domain = "cadoles.com",
a_records = {
hapy = [ "192.168.1.108" ],
amon = [ "192.168.1.1"]
},
cname_records = {
hapy = "virt.cadoles.com."
}
},
{
domain = "cadol.es",
a_records = {
hapy = [ "192.168.1.108" ],
amon = [ "192.168.1.1"]
},
cname_records = {
hapy = "virt.cadol.es."
}
}
]

View File

@ -0,0 +1,24 @@
virtual_networks = {
internet = {
vlan_id = "4",
adress_range = {
ar_type = "IP4",
size = "10",
ip4 = "192.168.1.28"
},
dns = "192.168.5.53",
gateway = "192.168.1.1",
clusters = [ "0" ]
},
office = {
vlan_id = "10",
adress_range = {
ar_type = "IP4",
size = "30",
ip4 = "192.168.10.100"
},
dns = "192.168.5.53",
gateway = "192.168.10.254",
clusters = [ "0" ]
}
}

View File

@ -0,0 +1,45 @@
virtual_machines = {
amon = {
fqdn = "amon.fabrica.local",
domain = "fabrica.local",
create_dns_a_record = "no",
cpu = "0.4",
vcpu = "4",
memory = "4096",
network_interfaces = [
{ network_name = "internet", ip = "192.168.1.3" },
{ network_name = "office", ip = "192.168.10.254" }
],
labels = "Production, Amon, Infra, Backup, EOLE",
disks = {
system = {
name = "prod-amon-static",
source = "http://localhost/fabrica/infra/production/amon.fabrica.local/system/amon.fabrica.local"
}
}
depends = [ "internet" ]
},
scribe = {
fqdn = "scribe.fabrica.local",
domain = "fabrica.local",
create_dns_a_record = "no",
cpu = "0.4",
vcpu = "4",
memory = "4096",
network_interfaces = [
{ network_name = "office", ip = "192.168.10.200" }
],
labels = "Production, Scribe, Infra, Backup, EOLE",
disks = {
system = {
name = "prod-scribe-static",
source = "http://localhost/fabrica/infra/production/scribe.fabrica.local/system/scribe.fabrica.local"
}
}
depends = [ "internet" ]
}
}

89
terraform/main.tf Normal file
View File

@ -0,0 +1,89 @@
provider "opennebula" {
endpoint = var.one_endpoint
username = var.one_user
password = var.one_pass
}
provider "dns" {
update {
server = var.dns_server
port = "53530"
key_name = var.dns_key_name
key_algorithm = var.dns_key_algo
key_secret = var.dns_key_secret
retries = 10
timeout = 300
}
}
// Production
/*
* Virtual networks
*/
resource "opennebula_virtual_network" "vnet"{
for_each = var.virtual_networks
name = each.key
vlan_id = each.value.vlan_id
permissions = "660"
bridge = var.one_vswitch
type = "ovswitch"
mtu = 1500
ar {
ar_type = each.value.adress_range.ar_type
size = each.value.adress_range.size
ip4 = each.value.adress_range.ip4
}
dns = each.value.dns
gateway = each.value.gateway
clusters = each.value.clusters
}
/*
* VIRTUAL MACHINES
*/
// Production
module "vms" {
source = "./modules/virtualMachine"
one_user = var.one_user
one_prod_ds = var.one_prod_ds
for_each = var.virtual_machines
vm_shortname = each.key
vm_fqdn = each.value.fqdn
vm_domain = var.dns_domain
dns_a_record = each.value.create_dns_a_record
cpu = each.value.cpu
vcpu = each.value.vcpu
ram = each.value.memory
vnets = opennebula_virtual_network.vnet
network_interfaces = each.value.network_interfaces
tag_labels = each.value.labels
system_image_name = each.value.disks.system.name
data_image_name = ""
system_image_source = each.value.disks.system.source
data_image_source = ""
depends = [
opennebula_virtual_network.vnet[each.value.depends[0]].id
]
}
/* Additionnal DNS Entry
module "ber_asso_fr" {
source = "./modules/cadolesDNS"
dns_domain = "cadoles.com."
dns_a_records = var.dns_a_records
dns_cname_records = var.dns_cname_records
depends = [ module.dns.virtual_machine_shortname ]
}
*/

View File

@ -0,0 +1,29 @@
// Dependencies management
resource "null_resource" "depends_on" {
triggers = {
depends_on = join("", var.depends)
}
}
resource "dns_a_record_set" "a_records" {
for_each = var.dns_a_records
zone = var.dns_domain
name = each.key
ttl = 300
addresses = each.value
depends_on = [ null_resource.depends_on ]
}
resource "dns_cname_record" "cname_records" {
for_each = var.dns_cname_records
zone = var.dns_domain
name = each.key
cname = each.value
ttl = 300
depends_on = [ null_resource.depends_on ]
}

View File

View File

@ -0,0 +1,23 @@
variable "dns_domain" {
description = "DNS Domain name (FQDN)"
type = string
default = "cadoles.com."
}
variable "dns_a_records" {
description = "List of dns A records to create"
type = map
default = {}
}
variable "dns_cname_records" {
description = "List of CNAME entires"
type = map
default = {}
}
variable "depends" {
description = "List of output_variables for dependences management"
type = list
default = []
}

View File

@ -0,0 +1,115 @@
// Dependencies management
resource "null_resource" "depends_on" {
triggers = {
depends_on = join("", var.depends)
}
}
// OpenNebula disk image !
resource "opennebula_image" "system" {
name = var.system_image_name
description = "System disk image"
datastore_id = var.one_prod_ds
//persistent = false
persistent = true
//lock = "MANAGE"
path = var.system_image_source
dev_prefix = "vd"
driver = "qcow2"
format = "qcow2"
permissions = "660"
group = "production"
}
resource "opennebula_image" "data" {
name = var.data_image_name
description = "Data disk image"
datastore_id = var.one_prod_ds
persistent = true
//lock = "MANAGE"
path = var.data_image_source
dev_prefix = "vd"
driver = "qcow2"
format = "qcow2"
permissions = "660"
group = "production"
count = var.data_image_name != "" ? 1 : 0
}
// OpenNebula (VM) Template definition
resource "opennebula_template" "vm_template" {
name = var.vm_shortname
cpu = var.cpu
vcpu = var.vcpu
memory = var.ram
graphics {
keymap = "fr"
listen = "0.0.0.0"
type = "VNC"
}
context = {
DNS_HOSTNAME = "yes"
NETWORK = "YES"
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]"
USERNAME = "root"
}
disk {
image_id = opennebula_image.system.id
}
dynamic "disk" {
for_each = opennebula_image.data
content {
image_id = disk.id
}
}
//labels = var.tag_labels
dynamic "nic" {
for_each = var.network_interfaces
content {
network_id = var.vnets[nic.value.network_name].id
model = "virtio"
ip = nic.value.ip
}
}
permissions = "600"
group = "production"
depends_on = [ opennebula_image.system,
opennebula_image.data ]
}
// OpenNebula Virtual Machine
resource "opennebula_virtual_machine" "vm" {
name = var.vm_fqdn
group = "production"
timeout = 10
template_id = opennebula_template.vm_template.id
depends_on = [ opennebula_template.vm_template,
null_resource.depends_on ]
}
resource "dns_a_record_set" "vm_dns_a_record" {
count = var.dns_a_record == "yes" ? 1 : 0
zone = var.vm_domain
name = var.vm_shortname
ttl = 300
addresses = [ var.network_interfaces[0].ip ]
depends_on = [ opennebula_virtual_machine.vm ]
}
resource "dns_cname_record" "vm_dns_cname_record" {
for_each = var.dns_cname_record
zone = var.vm_domain
name = each.value
cname = "${var.vm_fqdn}."
ttl = 300
depends_on = [ opennebula_virtual_machine.vm ]
}

View File

@ -0,0 +1,7 @@
output "virtual_machine_shortname" {
value = opennebula_virtual_machine.vm.name
}
output "network_interfaces" {
value = var.network_interfaces
}

View File

@ -0,0 +1,93 @@
variable "one_user" {
description = "OpenNebula user"
type = string
}
variable "one_prod_ds" {
description = "ID du Datastore de production"
type = string
}
variable "vm_fqdn" {
description = "Virtual Machine FQDN Name"
type = string
}
variable "vm_shortname" {
description = "Virtual machine short name"
type = string
}
variable "vm_domain" {
description = "Full qualified dns domain name"
type = string
}
variable "system_image_name" {
description = "System image disk name"
type = string
}
variable "system_image_source" {
description = "Virtual Machine system image source"
type = string
}
variable "data_image_name" {
description = "Data image disk name"
type = string
}
variable "data_image_source" {
description = "Virtual Machine data disk image source"
type = string
}
variable "tag_labels" {
description = "Labels"
type = string
}
variable "network_interfaces" {
description = "Network interfaces"
type = list
}
variable "cpu" {
description = "VM CPU"
type = string
}
variable "vcpu" {
description = "VM vCPU"
type = string
}
variable "ram" {
description = "VM RAM"
type = string
}
variable "depends" {
description = "List of output_variables for dependences management"
type = list
default = []
}
variable "dns_a_record" {
description = "Create a dns A record (yes/no)"
type = string
default = "no"
}
variable "dns_cname_record" {
description = "List of CNAME for A entry"
type = map(string)
default = {}
}
variable "vnets" {
description = "OpenNebula virtual network resource"
type = map
default = {}
}

View File

@ -0,0 +1,15 @@
terraform {
required_providers {
dns = {
source = "hashicorp/dns"
}
null = {
source = "hashicorp/null"
}
opennebula = {
source = "OpenNebula/opennebula"
version = "0.3.0"
}
}
required_version = ">= 0.13"
}

View File

@ -0,0 +1,4 @@
SUNSTONE = [
DEFAULT_VIEW = "${group_default_view}",
VIEWS = "group_views"
]

82
terraform/variables.tf Normal file
View File

@ -0,0 +1,82 @@
/*
* Variables
*/
variable "one_endpoint" {
description = "OpenNebula endpoint"
type = string
}
variable "one_user" {
description = "OpenNebula user"
type = string
}
variable "one_pass" {
description = "OpenNebula password"
type = string
}
variable "one_vswitch" {
description = "OpenvSwitch bridge name"
type = string
}
variable "dns_server" {
description = "DNS Server IP"
type = string
}
variable "cluster_id" {
description = "Cadoles ONE cluster ID"
type = string
}
variable "one_prod_ds" {
description = "ID du Datastore de production"
type = string
}
variable "dns_domain" {
description = "DNS Full qualified domain"
type = string
}
variable "dns_key_name" {
description = "DDNS Key name"
type = string
}
variable "dns_key_algo" {
description = "DDNS Key algorithm"
type = string
default = "hmac-sha256"
}
variable "dns_key_secret" {
description = "DDNS Key secret"
type = string
}
variable "dns_zones" {
description = "DNS Zone description"
type = list
default = []
}
variable "image_builder_ip" {
description = "Image builder IP"
type = string
default = "192.168.5.251"
}
variable "virtual_networks" {
description = "OpenNebula virtual networks definition"
type = map
default = {}
}
variable "virtual_machines" {
description = "OpenNebula virtual machines definition"
type = map
default = {}
}

11
terraform/version.tf Normal file
View File

@ -0,0 +1,11 @@
terraform {
required_providers {
dns = {
source = "hashicorp/dns"
}
opennebula = {
source = "opennebula/opennebula"
}
}
required_version = ">= 0.13"
}