vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
vyos-documentation/docs/automation/vyos-terraform.rst
mkorobeinikov ac4f69bed7 the article about Terraform 
the article about Terraform+AWS+Azure+Ansible+VMware
2024-01-25 08:06:13 +03:00

1037 lines
23 KiB
ReStructuredText
Raw Blame History

:lastproofread: 2024-01-11
.. _vyos-terraform:
Terraform
=========
VyOS supports develop infrastructia via Terraform and provisioning via ansible.
Need to install ``Terraform``
Structure of files
.. code-block:: none
.
├── main.tf
├── version.tf
├── variables.tf
└── terraform.tfvars
Run Terraform
-------------
.. code-block:: none
#cd /your folder
#terraform init
#terraform plan
#terraform apply
#yes
Deploying vyos in the AWS cloud
-------------------------------
With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the AWS cloud. If necessary, the infrastructure can be removed using terraform.
Also we will make provisioning using Ansible.
Structure of files Terrafom
.. code-block:: none
.
├── vyos.tf
└── var.tf
File contents
-------------
vyos.tf
.. code-block:: none
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
provider "aws" {
access_key = var.access
secret_key = var.secret
region = var.region
}
variable "region" {
default = "us-east-1"
description = "AWS Region"
}
variable "ami" {
default = "ami-**************" # ami image please enter your details
description = "Amazon Machine Image ID for VyOS"
}
variable "type" {
default = "t2.micro"
description = "Size of VM"
}
# my resource for VyOS
resource "aws_instance" "myVyOSec2" {
ami = var.ami
key_name = "mykeyname" # Please enter your details
security_groups = ["my_sg"] # Please enter your details
instance_type = var.type
tags = {
name = "VyOS System"
}
}
output "my_IP"{
value = aws_instance.myVyOSec2.public_ip
}
#IP of aws instance copied to a file ip.txt in local system Terraform
resource "local_file" "ip" {
content = aws_instance.myVyOSec2.public_ip
filename = "ip.txt"
}
#connecting to the Ansible control node using SSH connection
resource "null_resource" "SSHconnection1" {
depends_on = [aws_instance.myVyOSec2]
connection {
type = "ssh"
user = "root"
password = var.password
host = var.host
}
#copying the ip.txt file to the Ansible control node from local system
provisioner "file" {
source = "ip.txt"
destination = "/root/aws/ip.txt" # The folder of your Ansible project
}
}
resource "null_resource" "SSHconnection2" {
depends_on = [aws_instance.myVyOSec2]
connection {
type = "ssh"
user = "root"
password = var.password
host = var.host
}
#command to run Ansible playbook on remote Linux OS
provisioner "remote-exec" {
inline = [
"cd /root/aws/",
"ansible-playbook instance.yml"
]
}
}
var.tf
.. code-block:: none
variable "password" {
description = "pass for Ansible"
type = string
sensitive = true
}
variable "host"{
description = "The IP of my Ansible"
}
variable "access" {
description = "my access_key for AWS"
type = string
sensitive = true
}
variable "secret" {
description = "my secret_key for AWS"
type = string
sensitive = true
}
Structure of files Ansible
.. code-block:: none
.
├── group_vars
└── all
├── ansible.cfg
├── mykey.pem
└── instance.yml
File contents
-------------
ansible.cfg
.. code-block:: none
[defaults]
inventory = /root/aws/ip.txt
host_key_checking= False
private_key_file = /root/aws/mykey.pem
remote_user=vyos
mykey.pem
.. code-block:: none
-----BEGIN OPENSSH PRIVATE KEY-----
Copy your key.pem from AWS
-----END OPENSSH PRIVATE KEY-----
instance.yml
.. code-block:: none
- name: integration of terraform and ansible
hosts: all
gather_facts: 'no'
tasks:
- name: "Wait 300 seconds, but only start checking after 60 seconds"
wait_for_connection:
delay: 60
timeout: 300
- name: "Configure general settings for the vyos hosts group"
vyos_config:
lines:
- set system name-server 8.8.8.8
save:
true
all
.. code-block:: none
ansible_connection: ansible.netcommon.network_cli
ansible_network_os: vyos.vyos.vyos
ansible_user: vyos
AWS_terraform_ansible_single_vyos_instance
------------------------------------------
How to create a single instance and install your configuration using Terraform+Ansible+AWS
Step by step:
AWS
---
1.1 Create an account with AWS and get your "access_key", "secret key"
1.2 Create a key pair and download your .pem key
1.3 Create a security group for the new VyOS instance
Terraform
---------
2.1 Create a UNIX or Windows instance
2.2 Download and install Terraform
2.3 Create the folder for example ../awsvyos/
2.4 Copy all files into your Terraform project (vyos.tf, var.tf)
2.4.1 Please type the information into the strings 22, 35, 36 of file "vyos.tf"
2.5 Type the commands :
#cd /your folder
#terraform init
Ansible
-------
3.1 Create a UNIX instance
3.2 Download and install Ansible
3.3 Create the folder for example /root/aws/
3.4 Copy all files from my folder /Ansible into your Ansible project (ansible.cfg, instance.yml, mykey.pem)
mykey.pem you have to get using step 1.2
Start
-----
4.1 Type the commands on your Terrafom instance:
#cd /your folder
#terraform plan
#terraform apply
#yes
.. image:: /_static/images/aws.png
:width: 80%
:align: center
:alt: Network Topology Diagram
Deploying vyos in the Azure cloud
---------------------------------
With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the Azure cloud. If necessary, the infrastructure can be removed using terraform.
Structure of files Terrafom
.. code-block:: none
.
├── main.tf
└── variables.tf
File contents
-------------
main.tf
.. code-block:: none
##############################################################################
# HashiCorp Guide to Using Terraform on Azure
# This Terraform configuration will create the following:
# Resource group with a virtual network and subnet
# An VyOS server without ssh key (only login+password)
##############################################################################
# Chouse a provider
provider "azurerm" {
features {}
}
# Create a resource group. In Azure every resource belongs to a
# resource group.
resource "azurerm_resource_group" "azure_vyos" {
name = "${var.resource_group}"
location = "${var.location}"
}
# The next resource is a Virtual Network.
resource "azurerm_virtual_network" "vnet" {
name = "${var.virtual_network_name}"
location = "${var.location}"
address_space = ["${var.address_space}"]
resource_group_name = "${var.resource_group}"
}
# Build a subnet to run our VMs in.
resource "azurerm_subnet" "subnet" {
name = "${var.prefix}subnet"
virtual_network_name = "${azurerm_virtual_network.vnet.name}"
resource_group_name = "${var.resource_group}"
address_prefixes = ["${var.subnet_prefix}"]
}
##############################################################################
# Build an VyOS VM from the Marketplace
# To finde nessesery image use the command:
#
# az vm image list --offer vyos --all
#
# Now that we have a network, we'll deploy an VyOS server.
# An Azure Virtual Machine has several components. In this example we'll build
# a security group, a network interface, a public ip address, a storage
# account and finally the VM itself. Terraform handles all the dependencies
# automatically, and each resource is named with user-defined variables.
##############################################################################
# Security group to allow inbound access on port 22 (ssh)
resource "azurerm_network_security_group" "vyos-sg" {
name = "${var.prefix}-sg"
location = "${var.location}"
resource_group_name = "${var.resource_group}"
security_rule {
name = "SSH"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "${var.source_network}"
destination_address_prefix = "*"
}
}
# A network interface.
resource "azurerm_network_interface" "vyos-nic" {
name = "${var.prefix}vyos-nic"
location = "${var.location}"
resource_group_name = "${var.resource_group}"
ip_configuration {
name = "${var.prefix}ipconfig"
subnet_id = "${azurerm_subnet.subnet.id}"
private_ip_address_allocation = "Dynamic"
public_ip_address_id = "${azurerm_public_ip.vyos-pip.id}"
}
}
# Add a public IP address.
resource "azurerm_public_ip" "vyos-pip" {
name = "${var.prefix}-ip"
location = "${var.location}"
resource_group_name = "${var.resource_group}"
allocation_method = "Dynamic"
}
# Build a virtual machine. This is a standard VyOS instance from Marketplace.
resource "azurerm_virtual_machine" "vyos" {
name = "${var.hostname}-vyos"
location = "${var.location}"
resource_group_name = "${var.resource_group}"
vm_size = "${var.vm_size}"
network_interface_ids = ["${azurerm_network_interface.vyos-nic.id}"]
delete_os_disk_on_termination = "true"
# To finde an information about the plan use the command:
# az vm image list --offer vyos --all
plan {
publisher = "sentriumsl"
name = "vyos-1-3"
product = "vyos-1-2-lts-on-azure"
}
storage_image_reference {
publisher = "${var.image_publisher}"
offer = "${var.image_offer}"
sku = "${var.image_sku}"
version = "${var.image_version}"
}
storage_os_disk {
name = "${var.hostname}-osdisk"
managed_disk_type = "Standard_LRS"
caching = "ReadWrite"
create_option = "FromImage"
}
os_profile {
computer_name = "${var.hostname}"
admin_username = "${var.admin_username}"
admin_password = "${var.admin_password}"
}
os_profile_linux_config {
disable_password_authentication = false
}
}
data "azurerm_public_ip" "example" {
depends_on = ["azurerm_virtual_machine.vyos"]
name = "vyos-ip"
resource_group_name = "${var.resource_group}"
}
output "public_ip_address" {
value = data.azurerm_public_ip.example.ip_address
}
# IP of AZ instance copied to a file ip.txt in local system
resource "local_file" "ip" {
content = data.azurerm_public_ip.example.ip_address
filename = "ip.txt"
}
#Connecting to the Ansible control node using SSH connection
resource "null_resource" "nullremote1" {
depends_on = ["azurerm_virtual_machine.vyos"]
connection {
type = "ssh"
user = "root"
password = var.password
host = var.host
}
# Copying the ip.txt file to the Ansible control node from local system
provisioner "file" {
source = "ip.txt"
destination = "/root/az/ip.txt"
}
}
resource "null_resource" "nullremote2" {
depends_on = ["azurerm_virtual_machine.vyos"]
connection {
type = "ssh"
user = "root"
password = var.password
host = var.host
}
# Command to run ansible playbook on remote Linux OS
provisioner "remote-exec" {
inline = [
"cd /root/az/",
"ansible-playbook instance.yml"
]
}
}
variables.tf
.. code-block:: none
##############################################################################
# Variables File
#
# Here is where we store the default values for all the variables used in our
# Terraform code.
##############################################################################
variable "resource_group" {
description = "The name of your Azure Resource Group."
default = "my_resource_group"
}
variable "prefix" {
description = "This prefix will be included in the name of some resources."
default = "vyos"
}
variable "hostname" {
description = "Virtual machine hostname. Used for local hostname, DNS, and storage-related names."
default = "vyos_terraform"
}
variable "location" {
description = "The region where the virtual network is created."
default = "centralus"
}
variable "virtual_network_name" {
description = "The name for your virtual network."
default = "vnet"
}
variable "address_space" {
description = "The address space that is used by the virtual network. You can supply more than one address space. Changing this forces a new resource to be created."
default = "10.0.0.0/16"
}
variable "subnet_prefix" {
description = "The address prefix to use for the subnet."
default = "10.0.10.0/24"
}
variable "storage_account_tier" {
description = "Defines the storage tier. Valid options are Standard and Premium."
default = "Standard"
}
variable "storage_replication_type" {
description = "Defines the replication type to use for this storage account. Valid options include LRS, GRS etc."
default = "LRS"
}
# The most chippers size
variable "vm_size" {
description = "Specifies the size of the virtual machine."
default = "Standard_B1s"
}
variable "image_publisher" {
description = "Name of the publisher of the image (az vm image list)"
default = "sentriumsl"
}
variable "image_offer" {
description = "Name of the offer (az vm image list)"
default = "vyos-1-2-lts-on-azure"
}
variable "image_sku" {
description = "Image SKU to apply (az vm image list)"
default = "vyos-1-3"
}
variable "image_version" {
description = "Version of the image to apply (az vm image list)"
default = "1.3.3"
}
variable "admin_username" {
description = "Administrator user name"
default = "vyos"
}
variable "admin_password" {
description = "Administrator password"
default = "Vyos0!"
}
variable "source_network" {
description = "Allow access from this network prefix. Defaults to '*'."
default = "*"
}
variable "password" {
description = "pass for Ansible"
type = string
sensitive = true
}
variable "host"{
description = "IP of my Ansible"
}
Structure of files Ansible
.. code-block:: none
.
├── group_vars
└── all
├── ansible.cfg
└── instance.yml
File contents
-------------
ansible.cfg
.. code-block:: none
[defaults]
inventory = /root/az/ip.txt
host_key_checking= False
remote_user=vyos
instance.yml
.. code-block:: none
- name: integration of terraform and ansible
hosts: all
gather_facts: 'no'
tasks:
- name: "Wait 300 seconds, but only start checking after 60 seconds"
wait_for_connection:
delay: 60
timeout: 300
- name: "Configure general settings for the vyos hosts group"
vyos_config:
lines:
- set system name-server 8.8.8.8
save:
true
all
.. code-block:: none
ansible_connection: ansible.netcommon.network_cli
ansible_network_os: vyos.vyos.vyos
# user and password gets from terraform variables "admin_username" and "admin_password"
ansible_user: vyos
ansible_ssh_pass: Vyos0!
Azure_terraform_ansible_single_vyos_instance
--------------------------------------------
How to create a single instance and install your configuration using Terraform+Ansible+Azure
Step by step:
Azure
-----
1.1 Create an account with Azure
Terraform
---------
2.1 Create a UNIX or Windows instance
2.2 Download and install Terraform
2.3 Create the folder for example ../azvyos/
2.4 Copy all files from my folder /Terraform into your Terraform project (main.tf, variables.tf)
2.5 Login with Azure using the command
#az login
2.6 Type the commands :
#cd /your folder
#terraform init
Ansible
-------
3.1 Create a UNIX instance
3.2 Download and install Ansible
3.3 Create the folder for example /root/az/
3.4 Copy all files from my folder /Ansible into your Ansible project (ansible.cfg, instance.yml and /group_vars)
Start
-----
4.1 Type the commands on your Terrafom instance:
#cd /your folder
#terraform plan
#terraform apply
#yes
Deploying vyos in the Vsphere infrastructia
-------------------------------------------
With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the vSphere.
Structure of files Terrafom
.. code-block:: none
.
├── main.tf
├── versions.tf
├── variables.tf
└── terraform.tfvars
File contents
-------------
main.tf
.. code-block:: none
provider "vsphere" {
user = var.vsphere_user
password = var.vsphere_password
vsphere_server = var.vsphere_server
allow_unverified_ssl = true
}
data "vsphere_datacenter" "datacenter" {
name = var.datacenter
}
data "vsphere_datastore" "datastore" {
name = var.datastore
datacenter_id = data.vsphere_datacenter.datacenter.id
}
data "vsphere_compute_cluster" "cluster" {
name = var.cluster
datacenter_id = data.vsphere_datacenter.datacenter.id
}
data "vsphere_resource_pool" "default" {
name = format("%s%s", data.vsphere_compute_cluster.cluster.name, "/Resources/terraform") # set as you need
datacenter_id = data.vsphere_datacenter.datacenter.id
}
data "vsphere_host" "host" {
name = var.host
datacenter_id = data.vsphere_datacenter.datacenter.id
}
data "vsphere_network" "network" {
name = var.network_name
datacenter_id = data.vsphere_datacenter.datacenter.id
}
## Deployment of VM from Remote OVF
resource "vsphere_virtual_machine" "vmFromRemoteOvf" {
name = var.remotename
datacenter_id = data.vsphere_datacenter.datacenter.id
datastore_id = data.vsphere_datastore.datastore.id
host_system_id = data.vsphere_host.host.id
resource_pool_id = data.vsphere_resource_pool.default.id
network_interface {
network_id = data.vsphere_network.network.id
}
wait_for_guest_net_timeout = 2
wait_for_guest_ip_timeout = 2
ovf_deploy {
allow_unverified_ssl_cert = true
remote_ovf_url = var.url_ova
disk_provisioning = "thin"
ip_protocol = "IPv4"
ip_allocation_policy = "dhcpPolicy"
ovf_network_map = {
"Network 1" = data.vsphere_network.network.id
"Network 2" = data.vsphere_network.network.id
}
}
vapp {
properties = {
"password" = "12345678",
"local-hostname" = "terraform_vyos"
}
}
}
output "ip" {
description = "default ip address of the deployed VM"
value = vsphere_virtual_machine.vmFromRemoteOvf.default_ip_address
}
# IP of AZ instance copied to a file ip.txt in local system
resource "local_file" "ip" {
content = vsphere_virtual_machine.vmFromRemoteOvf.default_ip_address
filename = "ip.txt"
}
#Connecting to the Ansible control node using SSH connection
resource "null_resource" "nullremote1" {
depends_on = ["vsphere_virtual_machine.vmFromRemoteOvf"]
connection {
type = "ssh"
user = "root"
password = var.ansiblepassword
host = var.ansiblehost
}
# Copying the ip.txt file to the Ansible control node from local system
provisioner "file" {
source = "ip.txt"
destination = "/root/vsphere/ip.txt"
}
}
resource "null_resource" "nullremote2" {
depends_on = ["vsphere_virtual_machine.vmFromRemoteOvf"]
connection {
type = "ssh"
user = "root"
password = var.ansiblepassword
host = var.ansiblehost
}
# Command to run ansible playbook on remote Linux OS
provisioner "remote-exec" {
inline = [
"cd /root/vsphere/",
"ansible-playbook instance.yml"
]
}
}
versions.tf
.. code-block:: none
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
terraform {
required_providers {
vsphere = {
source = "hashicorp/vsphere"
version = "2.4.0"
}
}
}
variables.tf
.. code-block:: none
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
variable "vsphere_server" {
description = "vSphere server"
type = string
}
variable "vsphere_user" {
description = "vSphere username"
type = string
}
variable "vsphere_password" {
description = "vSphere password"
type = string
sensitive = true
}
variable "datacenter" {
description = "vSphere data center"
type = string
}
variable "cluster" {
description = "vSphere cluster"
type = string
}
variable "datastore" {
description = "vSphere datastore"
type = string
}
variable "network_name" {
description = "vSphere network name"
type = string
}
variable "host" {
description = "name if yor host"
type = string
}
variable "remotename" {
description = "the name of you VM"
type = string
}
variable "url_ova" {
description = "the URL to .OVA file or cloude store"
type = string
}
variable "ansiblepassword" {
description = "Ansible password"
type = string
}
variable "ansiblehost" {
description = "Ansible host name or IP"
type = string
}
terraform.tfvars
.. code-block:: none
vsphere_user = ""
vsphere_password = ""
vsphere_server = ""
datacenter = ""
datastore = ""
cluster = ""
network_name = ""
host = ""
url_ova = ""
ansiblepassword = ""
ansiblehost = ""
remotename = ""
Azure_terraform_ansible_single_vyos_instance
--------------------------------------------
How to create a single instance and install your configuration using Terraform+Ansible+Vsphere
Step by step:
Vsphere
-------
1.1 Collect all data in to file "terraform.tfvars" and create resources fo example "terraform"
Terraform
---------
2.1 Create a UNIX or Windows instance
2.2 Download and install Terraform
2.3 Create the folder for example ../vsphere/
2.4 Copy all files from my folder /Terraform into your Terraform project
2.5 Type the commands :
#cd /your folder
#terraform init
Ansible
-------
3.1 Create a UNIX instance
3.2 Download and install Ansible
3.3 Create the folder for example /root/vsphere/
3.4 Copy all files from my folder /Ansible into your Ansible project (ansible.cfg, instance.yml and /group_vars)
Start
-----
4.1 Type the commands on your Terrafom instance:
#cd /your folder
#terraform plan
#terraform apply
#yes
Reference in New Issue View Git Blame Copy Permalink