Created
August 31, 2015 14:38
-
-
Save hany/46b62155b89dcc3bfc5f to your computer and use it in GitHub Desktop.
Updated Terraform files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
provider "cloudstack" { | |
api_url = "${var.api_url}" | |
api_key = "${var.api_key}" | |
secret_key = "${var.secret_key}" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# resource "cloudstack_ssh_keypair" "hany" { | |
# name = "hany" | |
# public_key = "/Users/hany/.ssh/hany.key.pub" | |
# project = "${var.project}" | |
# } | |
resource "cloudstack_vpc" "staging" { | |
name = "staging" | |
cidr = "10.164.240.0/22" | |
vpc_offering = "Default VPC offering" | |
zone = "${var.zone}" | |
project = "${var.project}" | |
} | |
resource "cloudstack_network_acl" "allow_all_main" { | |
name = "allow_all" | |
vpc = "${cloudstack_vpc.staging.id}" | |
} | |
resource "cloudstack_network_acl_rule" "allow_all_main" { | |
aclid = "${cloudstack_network_acl.allow_all_main.id}" | |
rule { | |
action = "allow" | |
source_cidr = "0.0.0.0/0" | |
protocol = "all" | |
traffic_type = "ingress" | |
} | |
rule { | |
action = "allow" | |
source_cidr = "0.0.0.0/0" | |
protocol = "all" | |
traffic_type = "egress" | |
} | |
} | |
resource "cloudstack_vpn_gateway" "test" { | |
vpc = "${cloudstack_vpc.staging.id}" | |
} | |
resource "cloudstack_network" "proxy" { | |
name = "proxy" | |
cidr = "10.164.240.0/24" | |
network_offering = "VPC without Load Balancing" | |
vpc = "${cloudstack_vpc.staging.id}" | |
zone = "${var.zone}" | |
aclid = "${cloudstack_network_acl.allow_all_main.id}" | |
project = "${var.project}" | |
} | |
resource "cloudstack_network" "app" { | |
name = "app" | |
cidr = "10.164.241.0/24" | |
network_offering = "VPC without Load Balancing" | |
vpc = "${cloudstack_vpc.staging.id}" | |
zone = "${var.zone}" | |
aclid = "${cloudstack_network_acl.allow_all_main.id}" | |
project = "${var.project}" | |
} | |
resource "cloudstack_network" "db" { | |
name = "db" | |
cidr = "10.164.242.0/24" | |
network_offering = "VPC without Load Balancing" | |
vpc = "${cloudstack_vpc.staging.id}" | |
zone = "${var.zone}" | |
aclid = "${cloudstack_network_acl.allow_all_main.id}" | |
project = "${var.project}" | |
} | |
resource "cloudstack_network" "util" { | |
name = "util" | |
cidr = "10.164.243.0/24" | |
network_offering = "VPC without Load Balancing" | |
vpc = "${cloudstack_vpc.staging.id}" | |
zone = "${var.zone}" | |
aclid = "${cloudstack_network_acl.allow_all_main.id}" | |
project = "${var.project}" | |
} | |
resource "cloudstack_instance" "prod-proxy01" { | |
name = "prod-proxy01" | |
service_offering= "1vCPU.2GB" | |
network = "${cloudstack_network.proxy.id}" | |
template = "CentOS 6.6 base (64bit)" | |
zone = "${var.zone}" | |
project = "${var.project}" | |
user_data = "${file(\"user_data.sh\")}" | |
expunge = true | |
# keypair = "hany" | |
} | |
resource "cloudstack_instance" "prod-app01" { | |
name = "prod-app01" | |
service_offering= "1vCPU.2GB" | |
network = "${cloudstack_network.app.id}" | |
template = "CentOS 6.6 base (64bit)" | |
zone = "${var.zone}" | |
project = "${var.project}" | |
user_data = "${file(\"user_data.sh\")}" | |
expunge = true | |
depends_on = ["cloudstack_instance.prod-proxy01"] | |
} | |
resource "cloudstack_instance" "prod-app02" { | |
name = "prod-app02" | |
service_offering= "1vCPU.2GB" | |
network = "${cloudstack_network.app.id}" | |
template = "CentOS 6.6 base (64bit)" | |
zone = "${var.zone}" | |
project = "${var.project}" | |
user_data = "${file(\"user_data.sh\")}" | |
expunge = true | |
depends_on = ["cloudstack_instance.prod-app01"] | |
} | |
resource "cloudstack_instance" "prod-db01" { | |
name = "prod-db01" | |
service_offering= "1vCPU.2GB" | |
network = "${cloudstack_network.db.id}" | |
template = "CentOS 6.6 base (64bit)" | |
zone = "${var.zone}" | |
project = "${var.project}" | |
user_data = "${file(\"user_data.sh\")}" | |
expunge = true | |
depends_on = ["cloudstack_instance.prod-app02"] | |
} | |
resource "cloudstack_instance" "prod-queue01" { | |
name = "prod-queue01" | |
service_offering= "1vCPU.2GB" | |
network = "${cloudstack_network.util.id}" | |
template = "CentOS 6.6 base (64bit)" | |
zone = "${var.zone}" | |
project = "${var.project}" | |
user_data = "${file(\"user_data.sh\")}" | |
expunge = true | |
depends_on = ["cloudstack_instance.prod-db01"] | |
} | |
resource "cloudstack_instance" "prod-wrkr01" { | |
name = "prod-wrkr01" | |
service_offering= "1vCPU.2GB" | |
network = "${cloudstack_network.util.id}" | |
template = "CentOS 6.6 base (64bit)" | |
zone = "${var.zone}" | |
project = "${var.project}" | |
user_data = "${file(\"user_data.sh\")}" | |
expunge = true | |
depends_on = ["cloudstack_instance.prod-queue01"] | |
} | |
# resource "cloudstack_disk" "prod-db01-data" { | |
# name = "prod-db01_data" | |
# attach = "true" | |
# disk_offering = "100GB - 100 IOPS Min." | |
# virtual_machine = "${cloudstack_instance.prod-db01.id}" | |
# zone = "${var.zone}" | |
# project = "${var.project}" | |
# } | |
resource "cloudstack_ipaddress" "prod-proxy-tier-ip" { | |
vpc = "${cloudstack_vpc.staging.id}" | |
project = "${var.project}" | |
} | |
resource "cloudstack_ipaddress" "prod-app-tier-ip" { | |
vpc = "${cloudstack_vpc.staging.id}" | |
project = "${var.project}" | |
} | |
resource "cloudstack_ipaddress" "prod-db-tier-ip" { | |
vpc = "${cloudstack_vpc.staging.id}" | |
project = "${var.project}" | |
} | |
resource "cloudstack_ipaddress" "prod-util-tier-ip" { | |
vpc = "${cloudstack_vpc.staging.id}" | |
project = "${var.project}" | |
} | |
resource "cloudstack_port_forward" "prod-proxy-ssh-map" { | |
ipaddress = "${cloudstack_ipaddress.prod-proxy-tier-ip.id}" | |
depends_on = ["cloudstack_instance.prod-proxy01", "cloudstack_network.proxy"] | |
# managed = "true" | |
forward { | |
protocol = "tcp" | |
private_port = 22 | |
public_port = 2222 | |
virtual_machine = "${cloudstack_instance.prod-proxy01.id}" | |
} | |
} | |
resource "cloudstack_port_forward" "prod-app-ssh-map" { | |
ipaddress = "${cloudstack_ipaddress.prod-app-tier-ip.id}" | |
depends_on = ["cloudstack_instance.prod-app01", "cloudstack_instance.prod-app01", "cloudstack_network.app"] | |
# managed = "true" | |
forward { | |
protocol = "tcp" | |
private_port = 22 | |
public_port = 2222 | |
virtual_machine = "${cloudstack_instance.prod-app01.id}" | |
} | |
forward { | |
protocol = "tcp" | |
private_port = 22 | |
public_port = 2223 | |
virtual_machine = "${cloudstack_instance.prod-app02.id}" | |
} | |
} | |
resource "cloudstack_port_forward" "prod-db-ssh-map" { | |
ipaddress = "${cloudstack_ipaddress.prod-db-tier-ip.id}" | |
depends_on = ["cloudstack_instance.prod-db01", "cloudstack_network.db"] | |
# managed = "true" | |
forward { | |
protocol = "tcp" | |
private_port = 22 | |
public_port = 2222 | |
virtual_machine = "${cloudstack_instance.prod-db01.id}" | |
} | |
} | |
resource "cloudstack_port_forward" "prod-util-ssh-map" { | |
ipaddress = "${cloudstack_ipaddress.prod-util-tier-ip.id}" | |
depends_on = ["cloudstack_instance.prod-queue01", "cloudstack_instance.prod-wrkr01", "cloudstack_network.util"] | |
# managed = "true" | |
forward { | |
protocol = "tcp" | |
private_port = 22 | |
public_port = 2222 | |
virtual_machine = "${cloudstack_instance.prod-queue01.id}" | |
} | |
forward { | |
protocol = "tcp" | |
private_port = 22 | |
public_port = 2223 | |
virtual_machine = "${cloudstack_instance.prod-wrkr01.id}" | |
} | |
} | |
output "proxy-ip" { | |
value = "${cloudstack_ipaddress.prod-proxy-tier-ip.ipaddress}" | |
} | |
output "app-ip" { | |
value = "${cloudstack_ipaddress.prod-app-tier-ip.ipaddress}" | |
} | |
output "db-ip" { | |
value = "${cloudstack_ipaddress.prod-db-tier-ip.ipaddress}" | |
} | |
output "util-ip" { | |
value = "${cloudstack_ipaddress.prod-util-tier-ip.ipaddress}" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# resource "cloudstack_ssh_keypair" "hany" { | |
# name = "hany" | |
# public_key = "/Users/hany/.ssh/hany.key.pub" | |
# project = "${var.project_puppet}" | |
# } | |
resource "cloudstack_vpc" "staging_puppet" { | |
name = "staging" | |
cidr = "10.164.240.0/22" | |
vpc_offering = "Default VPC offering" | |
zone = "${var.zone}" | |
project = "${var.project_puppet}" | |
} | |
resource "cloudstack_network_acl" "allow_all_puppet" { | |
name = "allow_all" | |
vpc = "${cloudstack_vpc.staging_puppet.id}" | |
} | |
resource "cloudstack_network_acl_rule" "allow_all_puppet" { | |
aclid = "${cloudstack_network_acl.allow_all_puppet.id}" | |
rule { | |
action = "allow" | |
source_cidr = "0.0.0.0/0" | |
protocol = "tcp" | |
ports = ["8140"] | |
traffic_type = "ingress" | |
} | |
rule { | |
action = "allow" | |
source_cidr = "0.0.0.0/0" | |
protocol = "tcp" | |
ports = ["22"] | |
traffic_type = "ingress" | |
} | |
rule { | |
action = "deny" | |
source_cidr = "0.0.0.0/0" | |
protocol = "all" | |
traffic_type = "ingress" | |
} | |
rule { | |
action = "allow" | |
source_cidr = "0.0.0.0/0" | |
protocol = "all" | |
traffic_type = "egress" | |
} | |
} | |
resource "cloudstack_network" "puppet_app" { | |
name = "app" | |
cidr = "10.164.240.0/24" | |
network_offering = "VPC without Load Balancing" | |
vpc = "${cloudstack_vpc.staging_puppet.id}" | |
zone = "${var.zone}" | |
aclid = "${cloudstack_network_acl.allow_all_puppet.id}" | |
project = "${var.project_puppet}" | |
} | |
resource "cloudstack_network" "puppet_data" { | |
name = "data" | |
cidr = "10.164.241.0/24" | |
network_offering = "VPC without Load Balancing" | |
vpc = "${cloudstack_vpc.staging_puppet.id}" | |
zone = "${var.zone}" | |
aclid = "${cloudstack_network_acl.allow_all_puppet.id}" | |
project = "${var.project_puppet}" | |
} | |
resource "cloudstack_instance" "stage-core-puppetmaster01" { | |
name = "stage-core-puppetmaster01" | |
service_offering= "1vCPU.4GB" | |
network = "${cloudstack_network.puppet_app.id}" | |
template = "CentOS 6.6 base (64bit)" | |
zone = "${var.zone}" | |
project = "${var.project_puppet}" | |
user_data = "${file(\"puppetmaster.sh\")}" | |
expunge = true | |
} | |
resource "cloudstack_ipaddress" "puppet_mgmt" { | |
vpc = "${cloudstack_vpc.staging_puppet.id}" | |
project = "${var.project_puppet}" | |
} | |
resource "cloudstack_ipaddress" "puppet_service" { | |
vpc = "${cloudstack_vpc.staging_puppet.id}" | |
project = "${var.project_puppet}" | |
} | |
resource "cloudstack_port_forward" "puppet_mgmt" { | |
ipaddress = "${cloudstack_ipaddress.puppet_mgmt.id}" | |
# managed = "true" | |
forward { | |
protocol = "tcp" | |
private_port = 22 | |
public_port = 2222 | |
virtual_machine = "${cloudstack_instance.stage-core-puppetmaster01.id}" | |
} | |
} | |
resource "cloudstack_port_forward" "service_puppet" { | |
ipaddress = "${cloudstack_ipaddress.puppet_service.id}" | |
# managed = "true" | |
forward { | |
protocol = "tcp" | |
private_port = 8140 | |
public_port = 8140 | |
virtual_machine = "${cloudstack_instance.stage-core-puppetmaster01.id}" | |
} | |
} | |
output "Puppet MGMT IP" { | |
value = "${cloudstack_ipaddress.puppet_mgmt.ipaddress}" | |
} | |
output "Puppet Service IP" { | |
value = "${cloudstack_ipaddress.puppet_service.ipaddress}" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwkdSIYUv1U8TsouMVujqyr8QqmFVIMoDdj3+9pWlNJP8MnNYUrPvu67q1HbgemccerhumK7lrGXQrQ2dtUyfXZmoUlXOq+X4+qgNQCy/l3TEkeFJBhrXD5rqKA+mOYuUZWwF6BTyxOQ6eGmsyw3jRS9stJEgl0KMaD9HfQag4SG+AGBSWnpfUU9oKAgG9rYGjLra4zLPZfswiTTpKXN864R1hkfmFib6qsJSV2tYXZdK6UBVGjNxlGpdD2PZz7h+8dxMW5feOSzFAbzj2Kf0jxdNFcdObjmUvtHFWC0Ib7Sp0I96LioWJbfsPxKR6zjPZXivMfrHRzByrhLP4pHh5w== hany@mbp' > ~cca-user/.ssh/authorized_keys | |
chmod 0600 ~cca-user/.ssh/authorized_keys | |
chown cca-user ~cca-user/.ssh/authorized_keys | |
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-6.noarch.rpm | |
yum install -y puppetserver |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# domain admin API keys | |
api_key = "<KEY GOES HERE>" | |
secret_key = "<SECRET GOES HERE>" | |
project = "<PROJECT 1 GOES HERE>" | |
project_puppet = "<PROJECT 2 GOES HERE>" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwkdSIYUv1U8TsouMVujqyr8QqmFVIMoDdj3+9pWlNJP8MnNYUrPvu67q1HbgemccerhumK7lrGXQrQ2dtUyfXZmoUlXOq+X4+qgNQCy/l3TEkeFJBhrXD5rqKA+mOYuUZWwF6BTyxOQ6eGmsyw3jRS9stJEgl0KMaD9HfQag4SG+AGBSWnpfUU9oKAgG9rYGjLra4zLPZfswiTTpKXN864R1hkfmFib6qsJSV2tYXZdK6UBVGjNxlGpdD2PZz7h+8dxMW5feOSzFAbzj2Kf0jxdNFcdObjmUvtHFWC0Ib7Sp0I96LioWJbfsPxKR6zjPZXivMfrHRzByrhLP4pHh5w== hany@mbp' > ~cca-user/.ssh/authorized_keys | |
chmod 0600 ~cca-user/.ssh/authorized_keys | |
chown cca-user ~cca-user/.ssh/authorized_keys | |
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-6.noarch.rpm | |
yum install -y puppet-agent |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
variable "api_url" { | |
default = "https://compute-east.cloud.ca/client/api" | |
} | |
variable "api_key" {} | |
variable "secret_key" {} | |
variable "zone" { | |
default = "QC-1" | |
} | |
variable "project" {} | |
variable "project_puppet" {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment