Skip to content

Instantly share code, notes, and snippets.

@hany

hany/cloudstack.tf

Created August 31, 2015 14:38
Show Gist options
  • Save hany/46b62155b89dcc3bfc5f to your computer and use it in GitHub Desktop.
Save hany/46b62155b89dcc3bfc5f to your computer and use it in GitHub Desktop.
Download ZIP
Updated Terraform files
Raw
cloudstack.tf
provider "cloudstack" {
api_url = "${var.api_url}"
api_key = "${var.api_key}"
secret_key = "${var.secret_key}"
}
Raw
main.tf
# resource "cloudstack_ssh_keypair" "hany" {
# name = "hany"
# public_key = "/Users/hany/.ssh/hany.key.pub"
# project = "${var.project}"
# }
resource "cloudstack_vpc" "staging" {
name = "staging"
cidr = "10.164.240.0/22"
vpc_offering = "Default VPC offering"
zone = "${var.zone}"
project = "${var.project}"
}
resource "cloudstack_network_acl" "allow_all_main" {
name = "allow_all"
vpc = "${cloudstack_vpc.staging.id}"
}
resource "cloudstack_network_acl_rule" "allow_all_main" {
aclid = "${cloudstack_network_acl.allow_all_main.id}"
rule {
action = "allow"
source_cidr = "0.0.0.0/0"
protocol = "all"
traffic_type = "ingress"
}
rule {
action = "allow"
source_cidr = "0.0.0.0/0"
protocol = "all"
traffic_type = "egress"
}
}
resource "cloudstack_vpn_gateway" "test" {
vpc = "${cloudstack_vpc.staging.id}"
}
resource "cloudstack_network" "proxy" {
name = "proxy"
cidr = "10.164.240.0/24"
network_offering = "VPC without Load Balancing"
vpc = "${cloudstack_vpc.staging.id}"
zone = "${var.zone}"
aclid = "${cloudstack_network_acl.allow_all_main.id}"
project = "${var.project}"
}
resource "cloudstack_network" "app" {
name = "app"
cidr = "10.164.241.0/24"
network_offering = "VPC without Load Balancing"
vpc = "${cloudstack_vpc.staging.id}"
zone = "${var.zone}"
aclid = "${cloudstack_network_acl.allow_all_main.id}"
project = "${var.project}"
}
resource "cloudstack_network" "db" {
name = "db"
cidr = "10.164.242.0/24"
network_offering = "VPC without Load Balancing"
vpc = "${cloudstack_vpc.staging.id}"
zone = "${var.zone}"
aclid = "${cloudstack_network_acl.allow_all_main.id}"
project = "${var.project}"
}
resource "cloudstack_network" "util" {
name = "util"
cidr = "10.164.243.0/24"
network_offering = "VPC without Load Balancing"
vpc = "${cloudstack_vpc.staging.id}"
zone = "${var.zone}"
aclid = "${cloudstack_network_acl.allow_all_main.id}"
project = "${var.project}"
}
resource "cloudstack_instance" "prod-proxy01" {
name = "prod-proxy01"
service_offering= "1vCPU.2GB"
network = "${cloudstack_network.proxy.id}"
template = "CentOS 6.6 base (64bit)"
zone = "${var.zone}"
project = "${var.project}"
user_data = "${file(\"user_data.sh\")}"
expunge = true
# keypair = "hany"
}
resource "cloudstack_instance" "prod-app01" {
name = "prod-app01"
service_offering= "1vCPU.2GB"
network = "${cloudstack_network.app.id}"
template = "CentOS 6.6 base (64bit)"
zone = "${var.zone}"
project = "${var.project}"
user_data = "${file(\"user_data.sh\")}"
expunge = true
depends_on = ["cloudstack_instance.prod-proxy01"]
}
resource "cloudstack_instance" "prod-app02" {
name = "prod-app02"
service_offering= "1vCPU.2GB"
network = "${cloudstack_network.app.id}"
template = "CentOS 6.6 base (64bit)"
zone = "${var.zone}"
project = "${var.project}"
user_data = "${file(\"user_data.sh\")}"
expunge = true
depends_on = ["cloudstack_instance.prod-app01"]
}
resource "cloudstack_instance" "prod-db01" {
name = "prod-db01"
service_offering= "1vCPU.2GB"
network = "${cloudstack_network.db.id}"
template = "CentOS 6.6 base (64bit)"
zone = "${var.zone}"
project = "${var.project}"
user_data = "${file(\"user_data.sh\")}"
expunge = true
depends_on = ["cloudstack_instance.prod-app02"]
}
resource "cloudstack_instance" "prod-queue01" {
name = "prod-queue01"
service_offering= "1vCPU.2GB"
network = "${cloudstack_network.util.id}"
template = "CentOS 6.6 base (64bit)"
zone = "${var.zone}"
project = "${var.project}"
user_data = "${file(\"user_data.sh\")}"
expunge = true
depends_on = ["cloudstack_instance.prod-db01"]
}
resource "cloudstack_instance" "prod-wrkr01" {
name = "prod-wrkr01"
service_offering= "1vCPU.2GB"
network = "${cloudstack_network.util.id}"
template = "CentOS 6.6 base (64bit)"
zone = "${var.zone}"
project = "${var.project}"
user_data = "${file(\"user_data.sh\")}"
expunge = true
depends_on = ["cloudstack_instance.prod-queue01"]
}
# resource "cloudstack_disk" "prod-db01-data" {
# name = "prod-db01_data"
# attach = "true"
# disk_offering = "100GB - 100 IOPS Min."
# virtual_machine = "${cloudstack_instance.prod-db01.id}"
# zone = "${var.zone}"
# project = "${var.project}"
# }
resource "cloudstack_ipaddress" "prod-proxy-tier-ip" {
vpc = "${cloudstack_vpc.staging.id}"
project = "${var.project}"
}
resource "cloudstack_ipaddress" "prod-app-tier-ip" {
vpc = "${cloudstack_vpc.staging.id}"
project = "${var.project}"
}
resource "cloudstack_ipaddress" "prod-db-tier-ip" {
vpc = "${cloudstack_vpc.staging.id}"
project = "${var.project}"
}
resource "cloudstack_ipaddress" "prod-util-tier-ip" {
vpc = "${cloudstack_vpc.staging.id}"
project = "${var.project}"
}
resource "cloudstack_port_forward" "prod-proxy-ssh-map" {
ipaddress = "${cloudstack_ipaddress.prod-proxy-tier-ip.id}"
depends_on = ["cloudstack_instance.prod-proxy01", "cloudstack_network.proxy"]
# managed = "true"
forward {
protocol = "tcp"
private_port = 22
public_port = 2222
virtual_machine = "${cloudstack_instance.prod-proxy01.id}"
}
}
resource "cloudstack_port_forward" "prod-app-ssh-map" {
ipaddress = "${cloudstack_ipaddress.prod-app-tier-ip.id}"
depends_on = ["cloudstack_instance.prod-app01", "cloudstack_instance.prod-app01", "cloudstack_network.app"]
# managed = "true"
forward {
protocol = "tcp"
private_port = 22
public_port = 2222
virtual_machine = "${cloudstack_instance.prod-app01.id}"
}
forward {
protocol = "tcp"
private_port = 22
public_port = 2223
virtual_machine = "${cloudstack_instance.prod-app02.id}"
}
}
resource "cloudstack_port_forward" "prod-db-ssh-map" {
ipaddress = "${cloudstack_ipaddress.prod-db-tier-ip.id}"
depends_on = ["cloudstack_instance.prod-db01", "cloudstack_network.db"]
# managed = "true"
forward {
protocol = "tcp"
private_port = 22
public_port = 2222
virtual_machine = "${cloudstack_instance.prod-db01.id}"
}
}
resource "cloudstack_port_forward" "prod-util-ssh-map" {
ipaddress = "${cloudstack_ipaddress.prod-util-tier-ip.id}"
depends_on = ["cloudstack_instance.prod-queue01", "cloudstack_instance.prod-wrkr01", "cloudstack_network.util"]
# managed = "true"
forward {
protocol = "tcp"
private_port = 22
public_port = 2222
virtual_machine = "${cloudstack_instance.prod-queue01.id}"
}
forward {
protocol = "tcp"
private_port = 22
public_port = 2223
virtual_machine = "${cloudstack_instance.prod-wrkr01.id}"
}
}
output "proxy-ip" {
value = "${cloudstack_ipaddress.prod-proxy-tier-ip.ipaddress}"
}
output "app-ip" {
value = "${cloudstack_ipaddress.prod-app-tier-ip.ipaddress}"
}
output "db-ip" {
value = "${cloudstack_ipaddress.prod-db-tier-ip.ipaddress}"
}
output "util-ip" {
value = "${cloudstack_ipaddress.prod-util-tier-ip.ipaddress}"
}
Raw
puppet.tf
# resource "cloudstack_ssh_keypair" "hany" {
# name = "hany"
# public_key = "/Users/hany/.ssh/hany.key.pub"
# project = "${var.project_puppet}"
# }
resource "cloudstack_vpc" "staging_puppet" {
name = "staging"
cidr = "10.164.240.0/22"
vpc_offering = "Default VPC offering"
zone = "${var.zone}"
project = "${var.project_puppet}"
}
resource "cloudstack_network_acl" "allow_all_puppet" {
name = "allow_all"
vpc = "${cloudstack_vpc.staging_puppet.id}"
}
resource "cloudstack_network_acl_rule" "allow_all_puppet" {
aclid = "${cloudstack_network_acl.allow_all_puppet.id}"
rule {
action = "allow"
source_cidr = "0.0.0.0/0"
protocol = "tcp"
ports = ["8140"]
traffic_type = "ingress"
}
rule {
action = "allow"
source_cidr = "0.0.0.0/0"
protocol = "tcp"
ports = ["22"]
traffic_type = "ingress"
}
rule {
action = "deny"
source_cidr = "0.0.0.0/0"
protocol = "all"
traffic_type = "ingress"
}
rule {
action = "allow"
source_cidr = "0.0.0.0/0"
protocol = "all"
traffic_type = "egress"
}
}
resource "cloudstack_network" "puppet_app" {
name = "app"
cidr = "10.164.240.0/24"
network_offering = "VPC without Load Balancing"
vpc = "${cloudstack_vpc.staging_puppet.id}"
zone = "${var.zone}"
aclid = "${cloudstack_network_acl.allow_all_puppet.id}"
project = "${var.project_puppet}"
}
resource "cloudstack_network" "puppet_data" {
name = "data"
cidr = "10.164.241.0/24"
network_offering = "VPC without Load Balancing"
vpc = "${cloudstack_vpc.staging_puppet.id}"
zone = "${var.zone}"
aclid = "${cloudstack_network_acl.allow_all_puppet.id}"
project = "${var.project_puppet}"
}
resource "cloudstack_instance" "stage-core-puppetmaster01" {
name = "stage-core-puppetmaster01"
service_offering= "1vCPU.4GB"
network = "${cloudstack_network.puppet_app.id}"
template = "CentOS 6.6 base (64bit)"
zone = "${var.zone}"
project = "${var.project_puppet}"
user_data = "${file(\"puppetmaster.sh\")}"
expunge = true
}
resource "cloudstack_ipaddress" "puppet_mgmt" {
vpc = "${cloudstack_vpc.staging_puppet.id}"
project = "${var.project_puppet}"
}
resource "cloudstack_ipaddress" "puppet_service" {
vpc = "${cloudstack_vpc.staging_puppet.id}"
project = "${var.project_puppet}"
}
resource "cloudstack_port_forward" "puppet_mgmt" {
ipaddress = "${cloudstack_ipaddress.puppet_mgmt.id}"
# managed = "true"
forward {
protocol = "tcp"
private_port = 22
public_port = 2222
virtual_machine = "${cloudstack_instance.stage-core-puppetmaster01.id}"
}
}
resource "cloudstack_port_forward" "service_puppet" {
ipaddress = "${cloudstack_ipaddress.puppet_service.id}"
# managed = "true"
forward {
protocol = "tcp"
private_port = 8140
public_port = 8140
virtual_machine = "${cloudstack_instance.stage-core-puppetmaster01.id}"
}
}
output "Puppet MGMT IP" {
value = "${cloudstack_ipaddress.puppet_mgmt.ipaddress}"
}
output "Puppet Service IP" {
value = "${cloudstack_ipaddress.puppet_service.ipaddress}"
}
Raw
puppetmaster.sh
#!/bin/bash
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwkdSIYUv1U8TsouMVujqyr8QqmFVIMoDdj3+9pWlNJP8MnNYUrPvu67q1HbgemccerhumK7lrGXQrQ2dtUyfXZmoUlXOq+X4+qgNQCy/l3TEkeFJBhrXD5rqKA+mOYuUZWwF6BTyxOQ6eGmsyw3jRS9stJEgl0KMaD9HfQag4SG+AGBSWnpfUU9oKAgG9rYGjLra4zLPZfswiTTpKXN864R1hkfmFib6qsJSV2tYXZdK6UBVGjNxlGpdD2PZz7h+8dxMW5feOSzFAbzj2Kf0jxdNFcdObjmUvtHFWC0Ib7Sp0I96LioWJbfsPxKR6zjPZXivMfrHRzByrhLP4pHh5w== hany@mbp' > ~cca-user/.ssh/authorized_keys
chmod 0600 ~cca-user/.ssh/authorized_keys
chown cca-user ~cca-user/.ssh/authorized_keys
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-6.noarch.rpm
yum install -y puppetserver
Raw
terraform.tfvars
# domain admin API keys
api_key = "<KEY GOES HERE>"
secret_key = "<SECRET GOES HERE>"
project = "<PROJECT 1 GOES HERE>"
project_puppet = "<PROJECT 2 GOES HERE>"
Raw
user_data.sh
#!/bin/bash
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwkdSIYUv1U8TsouMVujqyr8QqmFVIMoDdj3+9pWlNJP8MnNYUrPvu67q1HbgemccerhumK7lrGXQrQ2dtUyfXZmoUlXOq+X4+qgNQCy/l3TEkeFJBhrXD5rqKA+mOYuUZWwF6BTyxOQ6eGmsyw3jRS9stJEgl0KMaD9HfQag4SG+AGBSWnpfUU9oKAgG9rYGjLra4zLPZfswiTTpKXN864R1hkfmFib6qsJSV2tYXZdK6UBVGjNxlGpdD2PZz7h+8dxMW5feOSzFAbzj2Kf0jxdNFcdObjmUvtHFWC0Ib7Sp0I96LioWJbfsPxKR6zjPZXivMfrHRzByrhLP4pHh5w== hany@mbp' > ~cca-user/.ssh/authorized_keys
chmod 0600 ~cca-user/.ssh/authorized_keys
chown cca-user ~cca-user/.ssh/authorized_keys
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-6.noarch.rpm
yum install -y puppet-agent
Raw
variables.tf
variable "api_url" {
default = "https://compute-east.cloud.ca/client/api"
}
variable "api_key" {}
variable "secret_key" {}
variable "zone" {
default = "QC-1"
}
variable "project" {}
variable "project_puppet" {}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment