1
0
Bifurcation 0
miroir de https://github.com/PAPAMICA/Wiki-Tech.io.git synchronisé 2024-12-25 17:10:33 +01:00

docs: update projects/boss-final

Cette révision appartient à :
Mickael Asseline 2023-06-20 19:21:31 +00:00 révisé par Mickael Asseline
Parent 81d50a2a1a
révision 85957d1740

Voir le fichier

@ -2,7 +2,7 @@
title: Boss final
description:
published: true
date: 2023-06-20T18:58:38.645Z
date: 2023-06-20T19:21:21.801Z
tags:
editor: markdown
dateCreated: 2023-06-20T16:05:23.769Z
@ -32,4 +32,132 @@ dateCreated: 2023-06-20T16:05:23.769Z
1. Création d'un projet OpenStack sur le Public Cloud d'infomaniak
2. Récupération des identifiants
3. Connecter Terraform à OpenStack
4. Création d'une première instance
```json
# Define required providers
terraform {
required_providers {
openstack = {
source = "terraform-provider-openstack/openstack"
version = "1.44.0"
}
}
}
# Configure the OpenStack Provider
provider "openstack" {
auth_url = "https://api.pub1.infomaniak.cloud/identity"
region = "dc3-a"
user_name = "<USERNAME>"
password = "<PASSWORD>"
user_domain_name = "Default"
project_domain_id = "default"
tenant_id = "<PROJECT_ID>"
tenant_name = "<PROJECT_NAME>"
}
```
4. Ajouter sa Yubikey
```json
# Upload public key
resource "openstack_compute_keypair_v2" "yubikey" {
name = "yubikey"
public_key = "<PUBLIC_KEY>"
}
```
5. Création des security group
```json
# Define the security group
resource "openstack_compute_secgroup_v2" "ICMP" {
name = "ICMP"
description = "Allow Ping"
rule {
from_port = -1
to_port = -1
ip_protocol = "icmp"
cidr = "0.0.0.0/0"
}
}
# Create security group
resource "openstack_compute_secgroup_v2" "ALL-LOCAL" {
name = "ALL-LOCAL"
description = "All access on 10.99.0.0/24"
# Rule for all traffic
rule {
from_port = 1
to_port = 65535
ip_protocol = "tcp"
cidr = "10.99.0.0/24"
}
}
resource "openstack_compute_secgroup_v2" "SSH-EXTERNE" {
name = "SSH-EXTERNE"
description = "SSH from anywhere"
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
}
resource "openstack_compute_secgroup_v2" "HTTP-HTTPS" {
name = "HTTP-HTTPS"
description = "Web"
rule {
from_port = 80
to_port = 80
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
rule {
from_port = 443
to_port = 443
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
}
```
6. Création du réseau privé
```json
resource "openstack_networking_network_v2" "private_network" {
name = "private_network"
admin_state_up = true
}
resource "openstack_networking_subnet_v2" "private_subnet" {
name = "private_subnet"
network_id = openstack_networking_network_v2.private_network.id
cidr = "10.99.0.0/24"
ip_version = 4
dns_nameservers = ["1.1.1.1"]
}
```
7. Création du controller
```json
resource "openstack_compute_instance_v2" "controller" {
name = "controller"
image_id = "a220f306-1488-4788-9dcc-b94ed1338662"
flavor_name = "a1-ram2-disk80-perf1"
key_pair = "yubikey"
security_groups = ["ALL-LOCAL", "SSH-EXTERNE", "HTTP-HTTPS", "ICMP"]
metadata = {
application = "controller"
}
network {
name = "ext-net1"
}
network {
name = openstack_networking_network_v2.private_network.name
fixed_ip_v4 = "10.99.0.10"
}
}
```