updated terraform examples

2022-04-08 11:43:01 +02:00
parent 48fc259af9
commit d82c5b6447
19 changed files with 1253 additions and 3 deletions
--- a/terraform/lab4-scale-out-lb/demo4-scale-out-lb.tf
+++ b/terraform/lab4-scale-out-lb/demo4-scale-out-lb.tf
@ -0,0 +1,353 @@
+# Define CloudComp group number
+variable "group_number" {
+  type = string
+  default = "30"
+}
+
+# Define OpenStack credentials, project config etc.
+locals {
+  auth_url      = "https://private-cloud.informatik.hs-fulda.de:5000/v3"
+  user_name     = "CloudComp${var.group_number}"
+  user_password = "demo"
+  tenant_name   = "CloudComp${var.group_number}"
+  network_name  = "CloudComp${var.group_number}-net"
+  image_name    = "Ubuntu 18.04 - Bionic Beaver - 64-bit - Cloud Based Image"
+  flavor_name   = "m1.small"
+  region_name   = "RegionOne"
+}
+
+# Define OpenStack provider
+terraform {
+required_version = ">= 0.14.0"
+  required_providers {
+    openstack = {
+      source  = "terraform-provider-openstack/openstack"
+      version = ">= 1.40.0"
+    }
+  }
+}
+
+# Configure the OpenStack Provider
+provider "openstack" {
+  user_name   = local.user_name
+  tenant_name = local.tenant_name
+  password    = local.user_password
+  auth_url    = local.auth_url
+  region      = local.region_name
+  use_octavia = true
+}
+
+# import keypair
+resource "openstack_compute_keypair_v2" "terraform-keypair" {
+  name       = "my-terraform-pubkey"
+  #public_key = file("~/.ssh/id_rsa.pub")
+}
+
+# create api security group
+resource "openstack_networking_secgroup_v2" "terraform-secgroup-api" {
+  name        = "my-terraform-secgroup-api"
+  description = "for API services only"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-api-rule-http" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 80
+  port_range_max    = 80
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-api.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-api-rule-ssh" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-api.id
+}
+
+# create worker security group
+resource "openstack_networking_secgroup_v2" "terraform-secgroup-worker" {
+  name        = "my-terraform-secgroup-worker"
+  description = "for services that run on a worker node"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-worker-rule-ssh" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-worker.id
+}
+
+resource "openstack_networking_secgroup_v2" "terraform-secgroup-control" {
+  name        = "my-terraform-secgroup-control"
+  description = "for services that run on a control node"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-control-rule-ssh" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-control.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-control-rule-http" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 80
+  port_range_max    = 80
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-control.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-control-rule-rabbitmq" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 5672
+  port_range_max    = 5672
+  remote_group_id   = openstack_networking_secgroup_v2.terraform-secgroup-worker.id
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-control.id
+}
+
+# create services security group
+resource "openstack_networking_secgroup_v2" "terraform-secgroup-services" {
+  name        = "my-terraform-secgroup-services"
+  description = "for DB and AMQP services only"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-services-rule-ssh" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-services.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-services-rule-http" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 80
+  port_range_max    = 80
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-services.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-services-rule-mysql-api" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 3306
+  port_range_max    = 3306
+  remote_group_id   = openstack_networking_secgroup_v2.terraform-secgroup-api.id
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-services.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-services-rule-rabbitmq-worker" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 5672
+  port_range_max    = 5672
+  remote_group_id   = openstack_networking_secgroup_v2.terraform-secgroup-worker.id
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-services.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-services-rule-rabbitmq-api" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 5672
+  port_range_max    = 5672
+  remote_group_id   = openstack_networking_secgroup_v2.terraform-secgroup-api.id
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-services.id
+}
+
+
+###########################################################################
+#
+# create app-services instance
+#
+###########################################################################
+resource "openstack_compute_instance_v2" "terraform-instance-app-services" {
+  name              = "my-terraform-app-services"
+  image_name        = local.image_name
+  flavor_name       = local.flavor_name
+  key_pair          = openstack_compute_keypair_v2.terraform-keypair.name
+  security_groups   = [openstack_networking_secgroup_v2.terraform-secgroup-services.name]
+
+  network {
+    name = local.network_name
+  }
+
+  user_data = <<-EOF
+    #!/usr/bin/env bash
+    curl -L -s https://gogs.informatik.hs-fulda.de/srieger/cloud-computing-msc-ai-examples/raw/master/faafo/contrib/install.sh | bash -s -- \
+      -i database -i messaging
+    rabbitmqctl add_user faafo guest
+    rabbitmqctl set_user_tags faafo administrator
+    rabbitmqctl set_permissions -p / faafo ".*" ".*" ".*"
+  EOF
+}
+
+###########################################################################
+#
+# create app-api instances
+#
+###########################################################################
+resource "openstack_compute_instance_v2" "terraform-instance-app-api-1" {
+  name              = "my-terraform-app-api-1"
+  image_name        = local.image_name
+  flavor_name       = local.flavor_name
+  key_pair          = openstack_compute_keypair_v2.terraform-keypair.name
+  security_groups   = [openstack_networking_secgroup_v2.terraform-secgroup-api.name]
+
+  network {
+    name = local.network_name
+  }
+
+  user_data = <<-EOF
+    #!/usr/bin/env bash
+    curl -L -s https://gogs.informatik.hs-fulda.de/srieger/cloud-computing-msc-ai-examples/raw/master/faafo/contrib/install.sh | bash -s -- \
+        -i faafo -r api -m 'amqp://faafo:guest@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:5672/' \
+        -d 'mysql+pymysql://faafo:password@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:3306/faafo'
+  EOF
+}
+
+resource "openstack_compute_instance_v2" "terraform-instance-app-api-2" {
+  name            = "my-terraform-app-api-2"
+  image_name      = local.image_name
+  flavor_name     = local.flavor_name
+  key_pair        = openstack_compute_keypair_v2.terraform-keypair.name
+  security_groups = [openstack_networking_secgroup_v2.terraform-secgroup-api.id]
+
+  network {
+    name = local.network_name
+  }
+
+  user_data = <<-EOF
+    #!/usr/bin/env bash
+    curl -L -s https://gogs.informatik.hs-fulda.de/srieger/cloud-computing-msc-ai-examples/raw/master/faafo/contrib/install.sh | bash -s -- \
+        -i faafo -r api -m 'amqp://faafo:guest@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:5672/' \
+        -d 'mysql+pymysql://faafo:password@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:3306/faafo'
+  EOF
+}
+
+###########################################################################
+#
+# create worker instances
+#
+###########################################################################
+resource "openstack_compute_instance_v2" "terraform-instance-app-worker-1" {
+  name            = "my-terraform-app-worker-1"
+  image_name      = local.image_name
+  flavor_name     = local.flavor_name
+  key_pair        = openstack_compute_keypair_v2.terraform-keypair.name
+  security_groups = [openstack_networking_secgroup_v2.terraform-secgroup-worker.id]
+
+  network {
+    name = local.network_name
+  }
+
+  user_data = <<-EOF
+    #!/usr/bin/env bash
+    curl -L -s https://gogs.informatik.hs-fulda.de/srieger/cloud-computing-msc-ai-examples/raw/master/faafo/contrib/install.sh | bash -s -- \
+        -i faafo -r worker -e 'http://${openstack_compute_instance_v2.terraform-instance-app-api-1.access_ip_v4}' -m 'amqp://faafo:guest@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:5672/'
+  EOF
+}
+
+resource "openstack_compute_instance_v2" "terraform-instance-app-worker-2" {
+  name            = "my-terraform-app-worker-2"
+  image_name      = local.image_name
+  flavor_name     = local.flavor_name
+  key_pair        = openstack_compute_keypair_v2.terraform-keypair.name
+  security_groups = [openstack_networking_secgroup_v2.terraform-secgroup-worker.id]
+
+  network {
+    name = local.network_name
+  }
+
+  user_data = <<-EOF
+    #!/usr/bin/env bash
+    curl -L -s https://gogs.informatik.hs-fulda.de/srieger/cloud-computing-msc-ai-examples/raw/master/faafo/contrib/install.sh | bash -s -- \
+        -i faafo -r worker -e 'http://${openstack_compute_instance_v2.terraform-instance-app-api-1.access_ip_v4}' -m 'amqp://faafo:guest@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:5672/'
+  EOF
+}
+
+###########################################################################
+#
+# create load balancer
+#
+###########################################################################
+data "openstack_networking_network_v2" "network_1" {
+  name = local.network_name
+}
+
+resource "openstack_lb_loadbalancer_v2" "lb_1" {
+  vip_subnet_id = data.openstack_networking_network_v2.network_1.subnets[0]
+}
+
+resource "openstack_lb_listener_v2" "listener_1" {
+  protocol        = "HTTP"
+  protocol_port   = 80
+  loadbalancer_id = openstack_lb_loadbalancer_v2.lb_1.id
+  connection_limit = 1024
+}
+
+resource "openstack_lb_pool_v2" "pool_1" {
+  protocol    = "HTTP"
+  lb_method   = "ROUND_ROBIN"
+  listener_id = openstack_lb_listener_v2.listener_1.id
+}
+
+resource "openstack_lb_members_v2" "members_1" {
+  pool_id = openstack_lb_pool_v2.pool_1.id
+
+  member {
+    address       = openstack_compute_instance_v2.terraform-instance-app-api-1.access_ip_v4
+    protocol_port = 80
+  }
+
+  member {
+    address       = openstack_compute_instance_v2.terraform-instance-app-api-2.access_ip_v4
+    protocol_port = 80
+  }
+}
+
+resource "openstack_lb_monitor_v2" "monitor_1" {
+  pool_id        = openstack_lb_pool_v2.pool_1.id
+  type           = "HTTP"
+  delay          = 5
+  timeout        = 5
+  max_retries    = 3
+  http_method    = "GET"
+  url_path       = "/"
+  expected_codes = 200
+}
+
+###########################################################################
+#
+# assign floating ip to load balancer
+#
+###########################################################################
+resource "openstack_networking_floatingip_v2" "fip_1" {
+  pool    = "public1"
+  port_id = openstack_lb_loadbalancer_v2.lb_1.vip_port_id
+}
+
+output "loadbalancer_vip_addr" {
+  value = openstack_networking_floatingip_v2.fip_1
+}
--- a/terraform/lab4-scale-out-lb/get-terraform.sh
+++ b/terraform/lab4-scale-out-lb/get-terraform.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+wget https://releases.hashicorp.com/terraform/1.1.3/terraform_1.1.3_linux_amd64.zip -O terraform_1.1.3_linux_amd64.zip
+unzip -o terraform_1.1.3_linux_amd64.zip
--- a/terraform/lab4-scale-out-lb/lab4.tf
+++ b/terraform/lab4-scale-out-lb/lab4.tf
@ -0,0 +1,259 @@
+# Define CloudComp group number
+variable "group_number" {
+  type = string
+  default = "20"
+}
+
+## OpenStack credentials can be used in a more secure way by using
+## cloud.yaml from https://private-cloud.informatik.hs-fulda.de/project/api_access/clouds.yaml/
+
+# or by using env vars exported from openrc here,
+# e.g., using 'export TF_VAR_os_password=$OS_PASSWORD'
+
+# Define OpenStack credentials, project config etc.
+locals {
+  auth_url      = "https://private-cloud.informatik.hs-fulda.de:5000/v3"
+  user_name     = "CloudComp${var.group_number}"
+  user_password = "<password of your group here, private-cloud is only reachable via vpn>"
+  tenant_name   = "CloudComp${var.group_number}"
+  #network_name  = "CloudComp${var.group_number}-net"
+  router_name   = "CloudComp${var.group_number}-router"
+  image_name    = "Ubuntu 20.04 - Focal Fossa - 64-bit - Cloud Based Image"
+  flavor_name   = "m1.small"
+  region_name   = "RegionOne"
+}
+
+# Define OpenStack provider
+terraform {
+required_version = ">= 0.14.0"
+  required_providers {
+    openstack = {
+      source  = "terraform-provider-openstack/openstack"
+      version = ">= 1.46.0"
+    }
+  }
+}
+
+# Configure the OpenStack Provider
+provider "openstack" {
+  user_name   = local.user_name
+  tenant_name = local.tenant_name
+  password    = local.user_password
+  auth_url    = local.auth_url
+  region      = local.region_name
+  use_octavia = true
+}
+
+
+
+###########################################################################
+#
+# create keypair
+#
+###########################################################################
+
+# import keypair, if public_key is not specified, create new keypair to use
+resource "openstack_compute_keypair_v2" "terraform-keypair" {
+  name       = "my-terraform-pubkey"
+  #public_key = file("~/.ssh/id_rsa.pub")
+}
+
+
+
+###########################################################################
+#
+# create security group
+#
+###########################################################################
+
+resource "openstack_networking_secgroup_v2" "terraform-secgroup" {
+  name        = "my-terraform-secgroup"
+  description = "for terraform instances"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-rule-http" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 80
+  port_range_max    = 80
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-rule-ssh" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup.id
+}
+
+
+###########################################################################
+#
+# create network
+#
+###########################################################################
+
+resource "openstack_networking_network_v2" "terraform-network-1" {
+  name           = "my-terraform-network-1"
+  admin_state_up = "true"
+}
+
+resource "openstack_networking_subnet_v2" "terraform-subnet-1" {
+  name       = "my-terraform-subnet-1"
+  network_id = openstack_networking_network_v2.terraform-network-1.id
+  cidr       = "192.168.255.0/24"
+  ip_version = 4
+}
+
+data "openstack_networking_router_v2" "router-1" {
+  name = local.router_name
+}
+
+resource "openstack_networking_router_interface_v2" "router_interface_1" {
+  router_id = data.openstack_networking_router_v2.router-1.id
+  subnet_id = openstack_networking_subnet_v2.terraform-subnet-1.id
+}
+
+
+
+###########################################################################
+#
+# create instances
+#
+###########################################################################
+
+resource "openstack_compute_instance_v2" "terraform-instance-1" {
+  name              = "my-terraform-instance-1"
+  image_name        = local.image_name
+  flavor_name       = local.flavor_name
+  key_pair          = openstack_compute_keypair_v2.terraform-keypair.name
+  security_groups   = [openstack_networking_secgroup_v2.terraform-secgroup.name]
+
+  depends_on = [openstack_networking_subnet_v2.terraform-subnet-1]
+
+  network {
+    uuid = openstack_networking_network_v2.terraform-network-1.id
+  }
+
+  user_data = <<-EOF
+    #!/bin/bash
+    apt-get update
+    apt-get -y install apache2
+    rm /var/www/html/index.html
+    cat > /var/www/html/index.html << INNEREOF
+    <!DOCTYPE html>
+    <html>
+      <body>
+        <h1>It works!</h1>
+        <p>hostname</p>
+      </body>
+    </html>
+    INNEREOF
+    sed -i "s/hostname/terraform-instance-1/" /var/www/html/index.html
+    sed -i "1s/$/ terraform-instance-1/" /etc/hosts
+  EOF
+}
+
+resource "openstack_compute_instance_v2" "terraform-instance-2" {
+  name            = "my-terraform-instance-2"
+  image_name      = local.image_name
+  flavor_name     = local.flavor_name
+  key_pair        = openstack_compute_keypair_v2.terraform-keypair.name
+  security_groups = [openstack_networking_secgroup_v2.terraform-secgroup.id]
+
+  depends_on = [openstack_networking_subnet_v2.terraform-subnet-1]
+
+  network {
+    uuid = openstack_networking_network_v2.terraform-network-1.id
+  }
+
+  user_data = <<-EOF
+    #!/bin/bash
+    apt-get update
+    apt-get -y install apache2
+    rm /var/www/html/index.html
+    cat > /var/www/html/index.html << INNEREOF
+    <!DOCTYPE html>
+    <html>
+      <body>
+        <h1>It works!</h1>
+        <p>hostname</p>
+      </body>
+    </html>
+    INNEREOF
+    sed -i "s/hostname/terraform-instance-2/" /var/www/html/index.html
+    sed -i "1s/$/ terraform-instance-2/" /etc/hosts
+  EOF
+}
+
+
+
+###########################################################################
+#
+# create load balancer
+#
+###########################################################################
+resource "openstack_lb_loadbalancer_v2" "lb_1" {
+  vip_subnet_id = openstack_networking_subnet_v2.terraform-subnet-1.id
+}
+
+resource "openstack_lb_listener_v2" "listener_1" {
+  protocol        = "HTTP"
+  protocol_port   = 80
+  loadbalancer_id = openstack_lb_loadbalancer_v2.lb_1.id
+  connection_limit = 1024
+}
+
+resource "openstack_lb_pool_v2" "pool_1" {
+  protocol    = "HTTP"
+  lb_method   = "ROUND_ROBIN"
+  listener_id = openstack_lb_listener_v2.listener_1.id
+}
+
+resource "openstack_lb_members_v2" "members_1" {
+  pool_id = openstack_lb_pool_v2.pool_1.id
+
+  member {
+    address       = openstack_compute_instance_v2.terraform-instance-1.access_ip_v4
+    protocol_port = 80
+  }
+
+  member {
+    address       = openstack_compute_instance_v2.terraform-instance-2.access_ip_v4
+    protocol_port = 80
+  }
+}
+
+resource "openstack_lb_monitor_v2" "monitor_1" {
+  pool_id        = openstack_lb_pool_v2.pool_1.id
+  type           = "HTTP"
+  delay          = 5
+  timeout        = 5
+  max_retries    = 3
+  http_method    = "GET"
+  url_path       = "/"
+  expected_codes = 200
+
+  depends_on = [openstack_lb_loadbalancer_v2.lb_1, openstack_lb_listener_v2.listener_1, openstack_lb_pool_v2.pool_1, openstack_lb_members_v2.members_1 ]
+}
+
+
+
+###########################################################################
+#
+# assign floating ip to load balancer
+#
+###########################################################################
+resource "openstack_networking_floatingip_v2" "fip_1" {
+  pool    = "public1"
+  port_id = openstack_lb_loadbalancer_v2.lb_1.vip_port_id
+}
+
+output "loadbalancer_vip_addr" {
+  value = openstack_networking_floatingip_v2.fip_1
+}
--- a/terraform/lab4-scale-out-lb/run-terraform.sh
+++ b/terraform/lab4-scale-out-lb/run-terraform.sh
@ -0,0 +1,23 @@
+#!/bin/bash
+
+# initialization of terraform state and download openstack plugin/dependencies
+./terraform init
+
+# show what will done
+./terraform plan
+
+# let terraform create the resources specified in .tf file in same directory
+./terraform apply
+
+# you can also use "terraform apply -auto-approve" to prevent terraform from asking back whether it should proceed
+
+# among the benefits of terraform, is that is deploys the resources rather quick. It identifies dependencies and
+# deploys independent resources in parallel.
+# "terraform graph" creates a dependency graph of the resource specified in the .tf file
+# another benefit of terraform is, that it does the heavy lifting to support the APIs of multiple cloud
+# providers and supports way more features and cloud services than, e.g., libcloud, hence it's quite popular
+#
+# among the drawbacks however is, that it comes with its own definition language and does not offer the full
+# flexibility of a programming language. In this regard, libcloud, boto3, openstack-sdk etc. are way more flexible
+#
+# we discuss different cloud service deployment solutions and their pros/cons in the course
--- a/terraform/lab4-scale-out-lb/stop-terraform.sh
+++ b/terraform/lab4-scale-out-lb/stop-terraform.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+
+# let terraform remove the resources specified in .tf file in same directory
+./terraform destroy
+
+# you can also use "terraform destroy -auto-approve" to prevent terraform from asking back whether it should proceed