Terraform or OpenTofu

From docwiki
Jump to: navigation, search

Example how to configure a simple network in Google via Terraform/OpenTofu

Basics of Terraform / OpenTofu

In terraform you declare how your environment should look like instead of giving a procedure on how to generate it. You have infrastructure as code. Thus you should keep your code in a source code repository like git.

The init prepeares your terraform environment. You can run the init multiple times without deleting your existing environments.

The plan tells you what would change.

The apply makes the actual modifications to your environment.

tofu init
tofu plan
tofu apply

To know you your environment looked before terraform keeps a state file. You can keep it locally but if more people work together you should keept it in a central place. E.g. a cloud bucket.

Creating a Network

main.tf

 terraform {
 }
 provider "google" {
  project = "linux-lv-test"
  region  = "europe-west1"
  zone    = "europe-west1-d"
 }

network.tf

resource "google_compute_network" "lv_vpc" {
  project                 = "linux-lv-test"
  name                    = "linux-lv-vpc"
  auto_create_subnetworks = false
  mtu                     = 1460
}
resource "google_compute_subnetwork" "lv_vpc_west1" {
  name          = "mywest1"
  ip_cidr_range = "10.20.0.0/16"
  region        = "europe-west1"
  network       = google_compute_network.lv_vpc.id
  secondary_ip_range {
    range_name    = "lv-secondary-range"
    ip_cidr_range = "10.120.0.0/24"
  }
}
resource "google_compute_firewall" "lvfw" {
  name    = "lv-fw"
  network = google_compute_network.lv_vpc.id
  allow {
    protocol = "icmp"
  }
  allow {
    protocol = "tcp"
    ports    = ["22", "80", "443","10000-20000"]
  }
  #source_tags = ["linux-lv"]
  source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_router" "lvrouter" {
  name    = "lv-router"
  region  = google_compute_subnetwork.lv_vpc_west1.region
  network = google_compute_network.lv_vpc.id
}
resource "google_compute_router_nat" "lvnat" {
  name   = "lv-router-nat"
  router = google_compute_router.lvrouter.name
  region = google_compute_router.lvrouter.region
  nat_ip_allocate_option = "AUTO_ONLY"
  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
}

Creating a VM and Adding a DNS Entry

If this is in a different project we can read out the network specifics via "data" blocks.

terraform {
}

provider "google" {
  project = "linux-lv-test"
  region  = "europe-west1"
  zone    = "europe-west1-d"
}


resource "google_compute_instance" "lv_testsrv" {
  name         = "lvsrv"
  #machine_type = "f1-micro"
  machine_type = "e2-micro"
  zone        = "europe-west1-b"

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-12"
    }
  }
  metadata_startup_script = "sudo apt-get update; sudo apt-get upgrade -yq ; apt-get install -yq joe bind9-host tmux vim"

  metadata = {
    ssh-keys = "mond:${file("mond.pub")}"
  }
  network_interface {
     subnetwork = data.google_compute_subnetwork.lv_vpc_west1.id
     access_config {
    }
  }
  tags=["linux-lv"]

}
resource "google_dns_record_set" "lvsrv" {
  name         = "lvsrv.g.mond.at."
  managed_zone = data.google_dns_managed_zone.gmond.managed_zone_id
  type         = "A"
  ttl          = 600
  rrdatas      = [local.pubip_lvsrv]
  project = "arctic-sign-343718"
}

data "google_dns_managed_zone" "gmond" {
  name     = "g-mond"
  project = "arctic-sign-343718"
  #dns_name = "g.mond.at."
}

data "google_compute_network" "lv_vpc" {
  project                 = "linux-lv-test"
  name                    = "linux-lv-vpc"
}

data "google_compute_subnetwork" "lv_vpc_west1" {
  name          = "west1"
}