srieger
/
cloud-computing-msc-ai-examples
1
2
Fork 1
Code Issues Pull Requests 1 Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
124 Commits
2 Branches
0 Tags
1.5 MiB
Tree: 7c8feecf25
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7c8feecf25'
${ noResults }
cloud-computing-msc-ai-exam.../terraform/rancher-terraform/main.tf

500 lines
16 KiB
Raw Normal View History

initial version of counter
2 years ago
updated terraform examples
3 years ago
initial version of counter
2 years ago
updated terraform examples
3 years ago
initial version of counter
2 years ago
updated terraform examples
3 years ago
initial version of counter
2 years ago
updated terraform examples
3 years ago
initial version of counter
2 years ago
updated terraform examples
3 years ago
initial version of counter
2 years ago
updated terraform examples
3 years ago
  1. # Define CloudComp group number
  2. # TODO: change to use OS env vars etc.
  3. variable "group_number" {
  4. type = string
  5. default = "22"
  6. }
  8. ## OpenStack credentials can be used in a more secure way by using
  9. ## cloud.yaml from https://private-cloud.informatik.hs-fulda.de/project/api_access/clouds.yaml/
  11. # Define OpenStack credentials, project config etc.
  12. locals {
  13. auth_url = "https://private-cloud.informatik.hs-fulda.de:5000/v3"
  14. user_name = "CloudComp${var.group_number}"
  15. user_password = "<password of your group here, private-cloud is only reachable via vpn>"
  16. tenant_name = "CloudComp${var.group_number}"
  17. #network_name = "CloudComp${var.group_number}-net"
  18. router_name = "CloudComp${var.group_number}-router"
  19. image_name = "Ubuntu 20.04 - Focal Fossa - 64-bit - Cloud Based Image"
  20. flavor_name = "m1.medium"
  21. region_name = "RegionOne"
  22. rke_flavor_name = "m1.medium"
  23. availability_zone = "nova"
  24. domain_name = "Default"
  25. # possibly set floating_ip_pool = "" to avoid assigning floating ips to
  26. # every created node and use only load balancer as frontend, however needed
  27. # for node port forwarding etc. using kube proxy
  28. floating_ip_pool = "public1"
  29. ssh_user = "ubuntu"
  30. }
  32. # Define OpenStack provider
  33. terraform {
  34. required_version = ">= 0.14.0"
  35. required_providers {
  36. openstack = {
  37. source = "terraform-provider-openstack/openstack"
  38. version = ">= 1.47.0"
  39. }
  40. rancher2 = {
  41. source = "rancher/rancher2"
  42. version = ">= 1.24.0"
  43. }
  44. }
  45. }
  47. # Configure the OpenStack Provider
  48. provider "openstack" {
  49. user_name = local.user_name
  50. tenant_name = local.tenant_name
  51. password = local.user_password
  52. auth_url = local.auth_url
  53. region = local.region_name
  54. use_octavia = true
  55. }
  59. ###########################################################################
  60. #
  61. # create keypair
  62. #
  63. ###########################################################################
  65. # import keypair, if public_key is not specified, create new keypair to use
  66. resource "openstack_compute_keypair_v2" "terraform-rancher-keypair" {
  67. name = "my-terraform-rancher-pubkey"
  68. # public_key = file("~/srieger_rsa.pub")
  69. }
  73. ###########################################################################
  74. #
  75. # create security group
  76. #
  77. ###########################################################################
  79. resource "openstack_networking_secgroup_v2" "terraform-rancher-secgroup" {
  80. name = "my-terraform-rancher-secgroup"
  81. description = "for terraform rancher instances"
  82. }
  84. # TODO: possibly cleanup unnecessary ports?
  86. resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-rule-ssh" {
  87. direction = "ingress"
  88. ethertype = "IPv4"
  89. protocol = "tcp"
  90. port_range_min = 22
  91. port_range_max = 22
  92. #remote_ip_prefix = "0.0.0.0/0"
  93. security_group_id = openstack_networking_secgroup_v2.terraform-rancher-secgroup.id
  94. }
  96. resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-rule-http" {
  97. direction = "ingress"
  98. ethertype = "IPv4"
  99. protocol = "tcp"
  100. port_range_min = 80
  101. port_range_max = 80
  102. #remote_ip_prefix = "0.0.0.0/0"
  103. security_group_id = openstack_networking_secgroup_v2.terraform-rancher-secgroup.id
  104. }
  106. resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-rule-https" {
  107. direction = "ingress"
  108. ethertype = "IPv4"
  109. protocol = "tcp"
  110. port_range_min = 443
  111. port_range_max = 443
  112. #remote_ip_prefix = "0.0.0.0/0"
  113. security_group_id = openstack_networking_secgroup_v2.terraform-rancher-secgroup.id
  114. }
  116. resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-rule-2376" {
  117. direction = "ingress"
  118. ethertype = "IPv4"
  119. protocol = "tcp"
  120. port_range_min = 2376
  121. port_range_max = 2376
  122. #remote_ip_prefix = "0.0.0.0/0"
  123. security_group_id = openstack_networking_secgroup_v2.terraform-rancher-secgroup.id
  124. }
  126. resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-rule-2379" {
  127. direction = "ingress"
  128. ethertype = "IPv4"
  129. protocol = "tcp"
  130. port_range_min = 2379
  131. port_range_max = 2379
  132. #remote_ip_prefix = "0.0.0.0/0"
  133. security_group_id = openstack_networking_secgroup_v2.terraform-rancher-secgroup.id
  134. }
  136. resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-rule-2380" {
  137. direction = "ingress"
  138. ethertype = "IPv4"
  139. protocol = "tcp"
  140. port_range_min = 2380
  141. port_range_max = 2380
  142. #remote_ip_prefix = "0.0.0.0/0"
  143. security_group_id = openstack_networking_secgroup_v2.terraform-rancher-secgroup.id
  144. }
  146. resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-rule-6443" {
  147. direction = "ingress"
  148. ethertype = "IPv4"
  149. protocol = "tcp"
  150. port_range_min = 6443
  151. port_range_max = 6443
  152. #remote_ip_prefix = "0.0.0.0/0"
  153. security_group_id = openstack_networking_secgroup_v2.terraform-rancher-secgroup.id
  154. }
  156. resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-rule-9099" {
  157. direction = "ingress"
  158. ethertype = "IPv4"
  159. protocol = "tcp"
  160. port_range_min = 9099
  161. port_range_max = 9099
  162. #remote_ip_prefix = "0.0.0.0/0"
  163. security_group_id = openstack_networking_secgroup_v2.terraform-rancher-secgroup.id
  164. }
  166. resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-rule-10250" {
  167. direction = "ingress"
  168. ethertype = "IPv4"
  169. protocol = "tcp"
  170. port_range_min = 10250
  171. port_range_max = 10250
  172. #remote_ip_prefix = "0.0.0.0/0"
  173. security_group_id = openstack_networking_secgroup_v2.terraform-rancher-secgroup.id
  174. }
  176. resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-rule-10254" {
  177. direction = "ingress"
  178. ethertype = "IPv4"
  179. protocol = "tcp"
  180. port_range_min = 10254
  181. port_range_max = 10254
  182. #remote_ip_prefix = "0.0.0.0/0"
  183. security_group_id = openstack_networking_secgroup_v2.terraform-rancher-secgroup.id
  184. }
  186. resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-rule-8472" {
  187. direction = "ingress"
  188. ethertype = "IPv4"
  189. protocol = "udp"
  190. port_range_min = 8472
  191. port_range_max = 8472
  192. #remote_ip_prefix = "0.0.0.0/0"
  193. security_group_id = openstack_networking_secgroup_v2.terraform-rancher-secgroup.id
  194. }
  199. ###########################################################################
  200. #
  201. # create network
  202. #
  203. ###########################################################################
  205. resource "openstack_networking_network_v2" "terraform-rancher-network-1" {
  206. name = "my-terraform-rancher-network-1"
  207. admin_state_up = "true"
  208. }
  210. resource "openstack_networking_subnet_v2" "terraform-rancher-subnet-1" {
  211. name = "my-terraform-rancher-subnet-1"
  212. network_id = openstack_networking_network_v2.terraform-rancher-network-1.id
  213. cidr = "192.168.254.0/24"
  214. dns_nameservers = [ "192.168.76.253" ]
  215. ip_version = 4
  216. }
  218. data "openstack_networking_router_v2" "router-1" {
  219. name = local.router_name
  220. }
  222. resource "openstack_networking_router_interface_v2" "router_interface_1" {
  223. router_id = data.openstack_networking_router_v2.router-1.id
  224. subnet_id = openstack_networking_subnet_v2.terraform-rancher-subnet-1.id
  225. }
  229. ###########################################################################
  230. #
  231. # create instances
  232. #
  233. ###########################################################################
  235. resource "openstack_compute_instance_v2" "terraform-rancher-instance-1" {
  236. name = "my-terraform-rancher-instance-1"
  237. image_name = local.image_name
  238. flavor_name = local.flavor_name
  239. key_pair = openstack_compute_keypair_v2.terraform-rancher-keypair.name
  240. security_groups = [openstack_networking_secgroup_v2.terraform-rancher-secgroup.name]
  242. network {
  243. uuid = openstack_networking_network_v2.terraform-rancher-network-1.id
  244. }
  246. user_data = <<-EOF
  247. #!/bin/bash
  248. apt-get update
  249. apt-get -y upgrade
  250. curl https://releases.rancher.com/install-docker/20.10.sh | sh
  251. sudo docker run --privileged -d --restart=unless-stopped -p 80:80 -p 443:443 --env CATTLE_BOOTSTRAP_PASSWORD=this-is-not-a-secure-bootstrap-pw rancher/rancher
  252. #sudo docker ps
  253. #sudo docker logs $(sudo docker ps | grep rancher | cut -d " " -f 1) 2>&1 | grep "Bootstrap Password:"
  254. EOF
  256. depends_on = [
  257. openstack_networking_subnet_v2.terraform-rancher-subnet-1
  258. ]
  259. }
  263. ###########################################################################
  264. #
  265. # assign floating ip to rancher instance
  266. #
  267. ###########################################################################
  268. resource "openstack_networking_floatingip_v2" "fip_1" {
  269. pool = "public1"
  270. }
  272. resource "openstack_compute_floatingip_associate_v2" "fip_1" {
  273. floating_ip = "${openstack_networking_floatingip_v2.fip_1.address}"
  274. instance_id = "${openstack_compute_instance_v2.terraform-rancher-instance-1.id}"
  275. }
  277. output "floating_ip" {
  278. value = openstack_networking_floatingip_v2.fip_1
  279. }
  281. ###########################################################################
  282. #
  283. # bootstrap rancher
  284. #
  285. ###########################################################################
  287. # Provider bootstrap config
  288. provider "rancher2" {
  289. alias = "bootstrap"
  291. api_url = "https://${openstack_networking_floatingip_v2.fip_1.address}"
  292. bootstrap = true
  293. insecure = true
  294. # takes roughly ~7 minutes currently
  295. timeout = "600s"
  296. }
  298. # Create a new rancher2_bootstrap for Rancher v2.6.0 and above
  299. resource "rancher2_bootstrap" "admin" {
  300. provider = rancher2.bootstrap
  301. initial_password = "this-is-not-a-secure-bootstrap-pw"
  302. password = "this-is-not-a-secure-admin-pw"
  303. telemetry = true
  304. token_update=true
  305. }
  307. # Rancher2 administration provider
  308. provider "rancher2" {
  309. alias = "admin"
  311. api_url = "https://${openstack_networking_floatingip_v2.fip_1.address}"
  312. insecure = true
  313. # ca_certs = data.kubernetes_secret.rancher_cert.data["ca.crt"]
  314. token_key = rancher2_bootstrap.admin.token
  315. }
  317. ###########################################################################
  318. #
  319. # enable rancher node driver openstack
  320. #
  321. ###########################################################################
  323. #data "rancher2_node_driver" "OpenStack" {
  324. # provider = rancher2.admin
  325. # name = "openstack"
  326. #}
  328. # Create a new rancher2 Node Driver
  329. # TODO: creates a new builtin driver, maybe better to change existing one
  330. resource "rancher2_node_driver" "OpenStack" {
  331. provider = rancher2.admin
  332. name = "openstack"
  333. active = true
  334. builtin = true
  335. url = "local://"
  336. # external_id = data.rancher2_node_driver.OpenStack
  337. }
  341. ###########################################################################
  342. #
  343. # create rancher node template for hsfd openstack
  344. #
  345. ###########################################################################
  347. resource "rancher2_node_template" "hsfd-rancher-openstack" {
  348. provider = rancher2.admin
  349. name = "hsfd-rancher-openstack"
  350. driver_id = rancher2_node_driver.OpenStack.id
  351. openstack_config {
  352. auth_url = local.auth_url
  353. availability_zone = local.availability_zone
  354. region = local.region_name
  355. username = local.user_name
  356. # TODO: (Optional/Sensitive) OpenStack password. Mandatory on Rancher v2.0.x and v2.1.x. Use rancher2_cloud_credential from Rancher v2.2.x (string)
  357. password = local.user_password
  358. active_timeout = "200"
  359. domain_name = local.domain_name
  360. boot_from_volume = false
  361. flavor_name = local.rke_flavor_name
  362. floating_ip_pool = local.floating_ip_pool
  363. image_name = local.image_name
  364. ip_version = "4"
  365. keypair_name = openstack_compute_keypair_v2.terraform-rancher-keypair.name
  366. net_id = openstack_networking_network_v2.terraform-rancher-network-1.id
  367. sec_groups = openstack_networking_secgroup_v2.terraform-rancher-secgroup.name
  368. ssh_user = local.ssh_user
  369. private_key_file = openstack_compute_keypair_v2.terraform-rancher-keypair.private_key
  370. tenant_name = local.tenant_name
  371. }
  372. # TODO: get latest recommended string possible?
  373. engine_install_url = "https://releases.rancher.com/install-docker/20.10.sh"
  374. }
  378. ###########################################################################
  379. #
  380. # create rke template for hsfd openstack
  381. #
  382. ###########################################################################
  384. data "openstack_identity_project_v3" "my-project" {
  385. name = local.tenant_name
  386. }
  388. data "openstack_networking_network_v2" "public1" {
  389. name = local.floating_ip_pool
  390. }
  392. # Create a new rancher2 Cluster Template
  393. resource "rancher2_cluster_template" "hsfd-rke-openstack" {
  394. provider = rancher2.admin
  395. name = "hsfd-rke-openstack"
  396. template_revisions {
  397. name = "V1"
  398. cluster_config {
  399. rke_config {
  400. cloud_provider {
  401. name = "openstack"
  402. openstack_cloud_provider {
  403. block_storage {
  404. ignore_volume_az = true
  405. trust_device_path = false
  406. }
  407. global {
  408. auth_url = local.auth_url
  409. domain_name = local.domain_name
  410. tenant_id = data.openstack_identity_project_v3.my-project.id
  411. username = local.user_name
  412. password = local.user_password
  413. }
  414. load_balancer {
  415. create_monitor = false
  416. floating_network_id = data.openstack_networking_network_v2.public1.id
  417. lb_version = "v2"
  418. manage_security_groups = true
  419. monitor_max_retries = 0
  420. subnet_id = openstack_networking_subnet_v2.terraform-rancher-subnet-1.id
  421. use_octavia = true
  422. }
  423. metadata {
  424. request_timeout = 0
  425. }
  426. route {
  427. router_id = data.openstack_networking_router_v2.router-1.id
  428. }
  429. }
  430. }
  431. }
  432. }
  433. default = true
  434. }
  435. description = "Terraform RKE template for HSFD OpenStack"
  436. }
  440. ###########################################################################
  441. #
  442. # create rke demo cluster
  443. #
  444. ###########################################################################
  446. resource "rancher2_cluster" "hsfd-rke-demo" {
  447. provider = rancher2.admin
  448. name = "hsfd-rke-demo"
  449. cluster_template_id = rancher2_cluster_template.hsfd-rke-openstack.id
  450. cluster_template_revision_id = rancher2_cluster_template.hsfd-rke-openstack.template_revisions.0.id
  452. # if instance is gone before deleting the cluster, we'll not be able to
  453. # reach rke anymore
  454. depends_on = [
  455. openstack_compute_instance_v2.terraform-rancher-instance-1,
  456. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-ssh,
  457. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-http,
  458. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-https,
  459. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-2376,
  460. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-2379,
  461. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-2380,
  462. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-6443,
  463. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-9099,
  464. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-10250,
  465. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-10254,
  466. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-8472,
  467. openstack_compute_floatingip_associate_v2.fip_1
  468. ]
  469. }
  471. # Create a new rancher2 Node Pool
  472. resource "rancher2_node_pool" "pool1" {
  473. provider = rancher2.admin
  474. cluster_id = rancher2_cluster.hsfd-rke-demo.id
  475. name = "ctrl-etcd-work"
  476. hostname_prefix = "ctrl-etcd-work"
  477. node_template_id = rancher2_node_template.hsfd-rancher-openstack.id
  478. quantity = 1
  479. control_plane = true
  480. etcd = true
  481. worker = true
  483. # if instance is gone before deleting the cluster, we'll not be able to
  484. # reach rke anymore
  485. depends_on = [
  486. openstack_compute_instance_v2.terraform-rancher-instance-1,
  487. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-ssh,
  488. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-http,
  489. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-https,
  490. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-2376,
  491. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-2379,
  492. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-2380,
  493. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-6443,
  494. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-9099,
  495. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-10250,
  496. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-10254,
  497. openstack_networking_secgroup_rule_v2.terraform-secgroup-rule-8472,
  498. openstack_compute_floatingip_associate_v2.fip_1
  499. ]
  500. }