Difference between revisions of "Terraform or OpenTofu"
(→Creating a VM and Adding a DNS Entry) |
|||
| Line 1: | Line 1: | ||
Example how to configure a simple network in Google via Terraform/OpenTofu |
Example how to configure a simple network in Google via Terraform/OpenTofu |
||
| + | |||
| + | == Basics of Terraform / OpenTofu == |
||
| + | |||
| + | In terraform you '''declare''' how your environment should look like instead of giving a procedure on how to generate it. |
||
| + | |||
| + | The init prepeares your terraform environment. You can run the init multiple times without deleting your existing environments. |
||
| + | |||
| + | The plan tells you what would change. |
||
| + | |||
| + | The apply makes the actual modifications to your environment. |
||
| + | |||
| + | <pre> |
||
| + | tofu init |
||
| + | tofu plan |
||
| + | tofu apply |
||
| + | </pre> |
||
| + | |||
== Creating a Network == |
== Creating a Network == |
||
Revision as of 07:17, 19 April 2024
Example how to configure a simple network in Google via Terraform/OpenTofu
Contents
Basics of Terraform / OpenTofu
In terraform you declare how your environment should look like instead of giving a procedure on how to generate it.
The init prepeares your terraform environment. You can run the init multiple times without deleting your existing environments.
The plan tells you what would change.
The apply makes the actual modifications to your environment.
tofu init tofu plan tofu apply
Creating a Network
main.tf
terraform {
}
provider "google" {
project = "linux-lv-test"
region = "europe-west1"
zone = "europe-west1-d"
}
network.tf
resource "google_compute_network" "lv_vpc" {
project = "linux-lv-test"
name = "linux-lv-vpc"
auto_create_subnetworks = false
mtu = 1460
}
resource "google_compute_subnetwork" "lv_vpc_west1" {
name = "mywest1"
ip_cidr_range = "10.20.0.0/16"
region = "europe-west1"
network = google_compute_network.lv_vpc.id
secondary_ip_range {
range_name = "lv-secondary-range"
ip_cidr_range = "10.120.0.0/24"
}
}
resource "google_compute_firewall" "lvfw" {
name = "lv-fw"
network = google_compute_network.lv_vpc.id
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["22", "80", "443","10000-20000"]
}
#source_tags = ["linux-lv"]
source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_router" "lvrouter" {
name = "lv-router"
region = google_compute_subnetwork.lv_vpc_west1.region
network = google_compute_network.lv_vpc.id
}
resource "google_compute_router_nat" "lvnat" {
name = "lv-router-nat"
router = google_compute_router.lvrouter.name
region = google_compute_router.lvrouter.region
nat_ip_allocate_option = "AUTO_ONLY"
source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
}
Creating a VM and Adding a DNS Entry
If this is in a different project we can read out the network specifics via "data" blocks.
terraform {
}
provider "google" {
project = "linux-lv-test"
region = "europe-west1"
zone = "europe-west1-d"
}
resource "google_compute_instance" "lv_testsrv" {
name = "lvsrv"
#machine_type = "f1-micro"
machine_type = "e2-micro"
zone = "europe-west1-b"
boot_disk {
initialize_params {
image = "debian-cloud/debian-12"
}
}
metadata_startup_script = "sudo apt-get update; sudo apt-get upgrade -yq ; apt-get install -yq joe bind9-host tmux vim"
metadata = {
ssh-keys = "mond:${file("mond.pub")}"
}
network_interface {
subnetwork = data.google_compute_subnetwork.lv_vpc_west1.id
access_config {
}
}
tags=["linux-lv"]
}
resource "google_dns_record_set" "lvsrv" {
name = "lvsrv.g.mond.at."
managed_zone = data.google_dns_managed_zone.gmond.managed_zone_id
type = "A"
ttl = 600
rrdatas = [local.pubip_lvsrv]
project = "arctic-sign-343718"
}
data "google_dns_managed_zone" "gmond" {
name = "g-mond"
project = "arctic-sign-343718"
#dns_name = "g.mond.at."
}
data "google_compute_network" "lv_vpc" {
project = "linux-lv-test"
name = "linux-lv-vpc"
}
data "google_compute_subnetwork" "lv_vpc_west1" {
name = "west1"
}
