miroir de
https://github.com/PAPAMICA/Wiki-Tech.io.git
synchronisé 2024-12-25 17:10:33 +01:00
docs: update projects/boss-final
Cette révision appartient à :
Parent
81d50a2a1a
révision
85957d1740
1 fichiers modifiés avec 130 ajouts et 2 suppressions
|
@ -2,7 +2,7 @@
|
|||
title: Boss final
|
||||
description:
|
||||
published: true
|
||||
date: 2023-06-20T18:58:38.645Z
|
||||
date: 2023-06-20T19:21:21.801Z
|
||||
tags:
|
||||
editor: markdown
|
||||
dateCreated: 2023-06-20T16:05:23.769Z
|
||||
|
@ -32,4 +32,132 @@ dateCreated: 2023-06-20T16:05:23.769Z
|
|||
1. Création d'un projet OpenStack sur le Public Cloud d'infomaniak
|
||||
2. Récupération des identifiants
|
||||
3. Connecter Terraform à OpenStack
|
||||
4. Création d'une première instance
|
||||
```json
|
||||
# Define required providers
|
||||
terraform {
|
||||
required_providers {
|
||||
openstack = {
|
||||
source = "terraform-provider-openstack/openstack"
|
||||
version = "1.44.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Configure the OpenStack Provider
|
||||
provider "openstack" {
|
||||
auth_url = "https://api.pub1.infomaniak.cloud/identity"
|
||||
region = "dc3-a"
|
||||
user_name = "<USERNAME>"
|
||||
password = "<PASSWORD>"
|
||||
user_domain_name = "Default"
|
||||
project_domain_id = "default"
|
||||
tenant_id = "<PROJECT_ID>"
|
||||
tenant_name = "<PROJECT_NAME>"
|
||||
}
|
||||
```
|
||||
4. Ajouter sa Yubikey
|
||||
```json
|
||||
# Upload public key
|
||||
resource "openstack_compute_keypair_v2" "yubikey" {
|
||||
name = "yubikey"
|
||||
public_key = "<PUBLIC_KEY>"
|
||||
}
|
||||
```
|
||||
5. Création des security group
|
||||
```json
|
||||
# Define the security group
|
||||
resource "openstack_compute_secgroup_v2" "ICMP" {
|
||||
name = "ICMP"
|
||||
description = "Allow Ping"
|
||||
|
||||
rule {
|
||||
from_port = -1
|
||||
to_port = -1
|
||||
ip_protocol = "icmp"
|
||||
cidr = "0.0.0.0/0"
|
||||
}
|
||||
}
|
||||
|
||||
# Create security group
|
||||
resource "openstack_compute_secgroup_v2" "ALL-LOCAL" {
|
||||
name = "ALL-LOCAL"
|
||||
description = "All access on 10.99.0.0/24"
|
||||
|
||||
# Rule for all traffic
|
||||
rule {
|
||||
from_port = 1
|
||||
to_port = 65535
|
||||
ip_protocol = "tcp"
|
||||
cidr = "10.99.0.0/24"
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
resource "openstack_compute_secgroup_v2" "SSH-EXTERNE" {
|
||||
name = "SSH-EXTERNE"
|
||||
description = "SSH from anywhere"
|
||||
|
||||
rule {
|
||||
from_port = 22
|
||||
to_port = 22
|
||||
ip_protocol = "tcp"
|
||||
cidr = "0.0.0.0/0"
|
||||
}
|
||||
}
|
||||
|
||||
resource "openstack_compute_secgroup_v2" "HTTP-HTTPS" {
|
||||
name = "HTTP-HTTPS"
|
||||
description = "Web"
|
||||
|
||||
rule {
|
||||
from_port = 80
|
||||
to_port = 80
|
||||
ip_protocol = "tcp"
|
||||
cidr = "0.0.0.0/0"
|
||||
}
|
||||
|
||||
rule {
|
||||
from_port = 443
|
||||
to_port = 443
|
||||
ip_protocol = "tcp"
|
||||
cidr = "0.0.0.0/0"
|
||||
}
|
||||
}
|
||||
```
|
||||
6. Création du réseau privé
|
||||
```json
|
||||
resource "openstack_networking_network_v2" "private_network" {
|
||||
name = "private_network"
|
||||
admin_state_up = true
|
||||
}
|
||||
|
||||
resource "openstack_networking_subnet_v2" "private_subnet" {
|
||||
name = "private_subnet"
|
||||
network_id = openstack_networking_network_v2.private_network.id
|
||||
cidr = "10.99.0.0/24"
|
||||
ip_version = 4
|
||||
dns_nameservers = ["1.1.1.1"]
|
||||
}
|
||||
```
|
||||
7. Création du controller
|
||||
```json
|
||||
resource "openstack_compute_instance_v2" "controller" {
|
||||
name = "controller"
|
||||
image_id = "a220f306-1488-4788-9dcc-b94ed1338662"
|
||||
flavor_name = "a1-ram2-disk80-perf1"
|
||||
key_pair = "yubikey"
|
||||
security_groups = ["ALL-LOCAL", "SSH-EXTERNE", "HTTP-HTTPS", "ICMP"]
|
||||
|
||||
metadata = {
|
||||
application = "controller"
|
||||
}
|
||||
network {
|
||||
name = "ext-net1"
|
||||
}
|
||||
network {
|
||||
name = openstack_networking_network_v2.private_network.name
|
||||
fixed_ip_v4 = "10.99.0.10"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
|
Chargement…
Référencer dans un nouveau ticket