Difference between revisions of "Terraform or OpenTofu"
(→Creating a Network) |
(→Creating a Network) |
||
| Line 59: | Line 59: | ||
nat_ip_allocate_option = "AUTO_ONLY" |
nat_ip_allocate_option = "AUTO_ONLY" |
||
source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES" |
source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES" |
||
| + | } |
||
| + | </code> |
||
| + | |||
| + | === Creating a VM and Adding a DNS Entry === |
||
| + | |||
| + | If this is in a different project we can read out the network |
||
| + | specifics via "data" blocks. |
||
| + | |||
| + | <code> |
||
| + | terraform { |
||
| + | } |
||
| + | |||
| + | provider "google" { |
||
| + | project = "linux-lv-test" |
||
| + | region = "europe-west1" |
||
| + | zone = "europe-west1-d" |
||
| + | } |
||
| + | |||
| + | |||
| + | resource "google_compute_instance" "lv_testsrv" { |
||
| + | name = "lvsrv" |
||
| + | #machine_type = "f1-micro" |
||
| + | machine_type = "e2-micro" |
||
| + | zone = "europe-west1-b" |
||
| + | |||
| + | boot_disk { |
||
| + | initialize_params { |
||
| + | image = "debian-cloud/debian-12" |
||
| + | } |
||
| + | } |
||
| + | metadata_startup_script = "sudo apt-get update; sudo apt-get upgrade -yq ; apt-get install -yq joe bind9-host tmux vim" |
||
| + | |||
| + | metadata = { |
||
| + | ssh-keys = "mond:${file("mond.pub")}" |
||
| + | } |
||
| + | network_interface { |
||
| + | subnetwork = data.google_compute_subnetwork.lv_vpc_west1.id |
||
| + | access_config { |
||
| + | } |
||
| + | } |
||
| + | tags=["linux-lv"] |
||
| + | |||
| + | } |
||
| + | resource "google_dns_record_set" "lvsrv" { |
||
| + | name = "lvsrv.g.mond.at." |
||
| + | managed_zone = data.google_dns_managed_zone.gmond.managed_zone_id |
||
| + | type = "A" |
||
| + | ttl = 600 |
||
| + | rrdatas = [local.pubip_lvsrv] |
||
| + | project = "arctic-sign-343718" |
||
| + | } |
||
| + | |||
| + | data "google_dns_managed_zone" "gmond" { |
||
| + | name = "g-mond" |
||
| + | project = "arctic-sign-343718" |
||
| + | #dns_name = "g.mond.at." |
||
| + | } |
||
| + | |||
| + | data "google_compute_network" "lv_vpc" { |
||
| + | project = "linux-lv-test" |
||
| + | name = "linux-lv-vpc" |
||
| + | } |
||
| + | |||
| + | data "google_compute_subnetwork" "lv_vpc_west1" { |
||
| + | name = "west1" |
||
} |
} |
||
</code> |
</code> |
||
Revision as of 07:13, 19 April 2024
Example how to configure a simple network in Google via Terraform/OpenTofu
Creating a Network
main.tf
terraform {
}
provider "google" {
project = "linux-lv-test"
region = "europe-west1"
zone = "europe-west1-d"
}
network.tf
resource "google_compute_network" "lv_vpc" {
project = "linux-lv-test"
name = "linux-lv-vpc"
auto_create_subnetworks = false
mtu = 1460
}
resource "google_compute_subnetwork" "lv_vpc_west1" {
name = "mywest1"
ip_cidr_range = "10.20.0.0/16"
region = "europe-west1"
network = google_compute_network.lv_vpc.id
secondary_ip_range {
range_name = "lv-secondary-range"
ip_cidr_range = "10.120.0.0/24"
}
}
resource "google_compute_firewall" "lvfw" {
name = "lv-fw"
network = google_compute_network.lv_vpc.id
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["22", "80", "443","10000-20000"]
}
#source_tags = ["linux-lv"]
source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_router" "lvrouter" {
name = "lv-router"
region = google_compute_subnetwork.lv_vpc_west1.region
network = google_compute_network.lv_vpc.id
}
resource "google_compute_router_nat" "lvnat" {
name = "lv-router-nat"
router = google_compute_router.lvrouter.name
region = google_compute_router.lvrouter.region
nat_ip_allocate_option = "AUTO_ONLY"
source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
}
Creating a VM and Adding a DNS Entry
If this is in a different project we can read out the network specifics via "data" blocks.
terraform {
}
provider "google" {
project = "linux-lv-test"
region = "europe-west1"
zone = "europe-west1-d"
}
resource "google_compute_instance" "lv_testsrv" {
name = "lvsrv"
#machine_type = "f1-micro"
machine_type = "e2-micro"
zone = "europe-west1-b"
boot_disk {
initialize_params {
image = "debian-cloud/debian-12"
}
}
metadata_startup_script = "sudo apt-get update; sudo apt-get upgrade -yq ; apt-get install -yq joe bind9-host tmux vim"
metadata = {
ssh-keys = "mond:${file("mond.pub")}"
}
network_interface {
subnetwork = data.google_compute_subnetwork.lv_vpc_west1.id
access_config {
}
}
tags=["linux-lv"]
}
resource "google_dns_record_set" "lvsrv" {
name = "lvsrv.g.mond.at."
managed_zone = data.google_dns_managed_zone.gmond.managed_zone_id
type = "A"
ttl = 600
rrdatas = [local.pubip_lvsrv]
project = "arctic-sign-343718"
}
data "google_dns_managed_zone" "gmond" {
name = "g-mond"
project = "arctic-sign-343718"
#dns_name = "g.mond.at."
}
data "google_compute_network" "lv_vpc" {
project = "linux-lv-test"
name = "linux-lv-vpc"
}
data "google_compute_subnetwork" "lv_vpc_west1" {
name = "west1"
}
