1
0
Bifurcation 0
miroir de https://github.com/PAPAMICA/Wiki-Tech.io.git synchronisé 2024-12-25 17:10:33 +01:00

docs: update projects/boss-final

Cette révision appartient à :
Mickael Asseline 2023-06-20 19:21:31 +00:00 révisé par Mickael Asseline
Parent 81d50a2a1a
révision 85957d1740

Voir le fichier

@ -2,7 +2,7 @@
title: Boss final title: Boss final
description: description:
published: true published: true
date: 2023-06-20T18:58:38.645Z date: 2023-06-20T19:21:21.801Z
tags: tags:
editor: markdown editor: markdown
dateCreated: 2023-06-20T16:05:23.769Z dateCreated: 2023-06-20T16:05:23.769Z
@ -32,4 +32,132 @@ dateCreated: 2023-06-20T16:05:23.769Z
1. Création d'un projet OpenStack sur le Public Cloud d'infomaniak 1. Création d'un projet OpenStack sur le Public Cloud d'infomaniak
2. Récupération des identifiants 2. Récupération des identifiants
3. Connecter Terraform à OpenStack 3. Connecter Terraform à OpenStack
4. Création d'une première instance ```json
# Define required providers
terraform {
required_providers {
openstack = {
source = "terraform-provider-openstack/openstack"
version = "1.44.0"
}
}
}
# Configure the OpenStack Provider
provider "openstack" {
auth_url = "https://api.pub1.infomaniak.cloud/identity"
region = "dc3-a"
user_name = "<USERNAME>"
password = "<PASSWORD>"
user_domain_name = "Default"
project_domain_id = "default"
tenant_id = "<PROJECT_ID>"
tenant_name = "<PROJECT_NAME>"
}
```
4. Ajouter sa Yubikey
```json
# Upload public key
resource "openstack_compute_keypair_v2" "yubikey" {
name = "yubikey"
public_key = "<PUBLIC_KEY>"
}
```
5. Création des security group
```json
# Define the security group
resource "openstack_compute_secgroup_v2" "ICMP" {
name = "ICMP"
description = "Allow Ping"
rule {
from_port = -1
to_port = -1
ip_protocol = "icmp"
cidr = "0.0.0.0/0"
}
}
# Create security group
resource "openstack_compute_secgroup_v2" "ALL-LOCAL" {
name = "ALL-LOCAL"
description = "All access on 10.99.0.0/24"
# Rule for all traffic
rule {
from_port = 1
to_port = 65535
ip_protocol = "tcp"
cidr = "10.99.0.0/24"
}
}
resource "openstack_compute_secgroup_v2" "SSH-EXTERNE" {
name = "SSH-EXTERNE"
description = "SSH from anywhere"
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
}
resource "openstack_compute_secgroup_v2" "HTTP-HTTPS" {
name = "HTTP-HTTPS"
description = "Web"
rule {
from_port = 80
to_port = 80
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
rule {
from_port = 443
to_port = 443
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
}
```
6. Création du réseau privé
```json
resource "openstack_networking_network_v2" "private_network" {
name = "private_network"
admin_state_up = true
}
resource "openstack_networking_subnet_v2" "private_subnet" {
name = "private_subnet"
network_id = openstack_networking_network_v2.private_network.id
cidr = "10.99.0.0/24"
ip_version = 4
dns_nameservers = ["1.1.1.1"]
}
```
7. Création du controller
```json
resource "openstack_compute_instance_v2" "controller" {
name = "controller"
image_id = "a220f306-1488-4788-9dcc-b94ed1338662"
flavor_name = "a1-ram2-disk80-perf1"
key_pair = "yubikey"
security_groups = ["ALL-LOCAL", "SSH-EXTERNE", "HTTP-HTTPS", "ICMP"]
metadata = {
application = "controller"
}
network {
name = "ext-net1"
}
network {
name = openstack_networking_network_v2.private_network.name
fixed_ip_v4 = "10.99.0.10"
}
}
```