-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add readme * Add OpenTofu example --------- Co-authored-by: Fedor Batonogov <[email protected]>
- Loading branch information
1 parent
d6e1b85
commit 873478b
Showing
8 changed files
with
269 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# Created by https://www.toptal.com/developers/gitignore/api/terraform | ||
# Edit at https://www.toptal.com/developers/gitignore?templates=terraform | ||
|
||
### Terraform ### | ||
# Local .terraform directories | ||
**/.terraform/* | ||
|
||
# .tfstate files | ||
*.tfstate | ||
*.tfstate.* | ||
|
||
# Crash log files | ||
crash.log | ||
crash.*.log | ||
|
||
# Exclude all .tfvars files, which are likely to contain sensitive data, such as | ||
# password, private keys, and other secrets. These should not be part of version | ||
# control as they are data points which are potentially sensitive and subject | ||
# to change depending on the environment. | ||
*.tfvars | ||
*.tfvars.json | ||
|
||
# Ignore override files as they are usually used to override resources locally and so | ||
# are not checked in | ||
override.tf | ||
override.tf.json | ||
*_override.tf | ||
*_override.tf.json | ||
|
||
# Include override files you do wish to add to version control using negated pattern | ||
# !example_override.tf | ||
|
||
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan | ||
# example: *tfplan* | ||
|
||
# Ignore CLI configuration files | ||
.terraformrc | ||
terraform.rc | ||
|
||
# End of https://www.toptal.com/developers/gitignore/api/terraform | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
# **Infrastructure as Code** и системы управления конфигурацией | ||
|
||
Для развёртывания инфраструктуры согласно подходу **Infrastructure as Code**, используя **OpenTofu/Terraform** и создания необходимых ресурсов необходимо выполнить следующие шаги. | ||
|
||
--- | ||
|
||
Официальный сайт проекта [OpenTofu](https://opentofu.org/). | ||
Репозиторий провайдера [bpg/terraform-provider-proxmox](https://github.com/bpg/terraform-provider-proxmox). | ||
|
||
--- | ||
|
||
## Подготовка Proxmox | ||
|
||
### Создание шаблона Ubuntu 22.04 | ||
|
||
На узле Promox создаем шаблон **Cloud Init** **Ubuntu 22.04** | ||
|
||
```sh | ||
export PROXMOX_STORAGE=proxmox-data-01 | ||
apt update && apt install libguestfs-tools -y && \ | ||
wget --backups=1 https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img && \ | ||
virt-customize -a jammy-server-cloudimg-amd64.img --install qemu-guest-agent && \ | ||
qm create 9000 --name "ubuntu-22.04-cloudinit-template" --cores 2 --memory 2048 --net0 virtio,bridge=vmbr0 --scsihw virtio-scsi-pci && \ | ||
qm set 9000 --virtio0 ${PROXMOX_STORAGE}:0,import-from=/root/jammy-server-cloudimg-amd64.img && \ | ||
qm set 9000 --ide2 ${PROXMOX_STORAGE}:cloudinit && \ | ||
qm set 9000 --boot order=virtio0 && \ | ||
qm set 9000 --serial0 socket --vga serial0 && \ | ||
qm template 9000 | ||
``` | ||
|
||
--- | ||
|
||
## Последовательность действий при работе с OpenTofu | ||
|
||
### Инициализируем рабочий каталог, содержащий файлы конфигурации OpenTofu/Terraform | ||
|
||
Команда **tofu init** инициализирует рабочий каталог, содержащий файлы конфигурации **OpenTofu**. Это первая команда, которую следует выполнить после записи новой конфигурации **OpenTofu** или клонирования существующей из системы управления версиями. Эту команду безопасно запускать несколько раз. | ||
|
||
```bash | ||
tofu init | ||
``` | ||
|
||
### Проверяем файлы конфигурации в каталоге | ||
|
||
Команда **tofu validate** проверяет файлы конфигурации в каталоге, ссылаясь только на конфигурацию и не обращаясь к каким-либо удаленным службам, таким как удаленное состояние, API-интерфейсы провайдеров и т.д. | ||
|
||
```bash | ||
tofu validate | ||
``` | ||
|
||
### Создаем план | ||
|
||
Команда **tofu plan** позволяет предварительно просмотреть действия, которые **OpenTofu** предпримет для изменения вашей инфраструктуры, или сохранить предполагаемый план, который вы сможете применить позже. | ||
|
||
```bash | ||
tofu plan | ||
``` | ||
|
||
### Выполняем изменения, определенные конфигурацией **OpenTofu** | ||
|
||
Команда **tofu apply** является более распространенным рабочим процессом вне автоматизации. Если вы не передадите сохраненный план команде применения, она выполнит все функции плана и предложит вам утвердить его перед внесением изменений. | ||
|
||
```bash | ||
tofu apply | ||
``` | ||
|
||
### Удаляем ресурсы | ||
|
||
Команда **tofu destroy** создает план выполнения для удаления всех ресурсов, управляемых в этом проекте. | ||
|
||
```bash | ||
tofu destroy | ||
``` | ||
|
||
--- | ||
|
||
## Как задавать переменные | ||
|
||
Значения переменных можно задать несколькими способами: | ||
|
||
1. Через файл с расширением **.tfvars** (пачками) | ||
|
||
```bash | ||
instance_zone=ru-central-b | ||
``` | ||
|
||
По умолчанию загружаем значения из **terraform.tfvars**, но можно явно обозначить файл для загрузки: | ||
|
||
```bash | ||
tofu apply -var-file="testing.tfvars" | ||
``` | ||
|
||
2. Через переменные окружения. Переменная должна начинаться с **TF*VAR***, а дальше уже имя переменной | ||
|
||
### Для простого типа | ||
|
||
```bash | ||
export TF_VAR_instance_zone=ru-central-d | ||
``` | ||
|
||
### Для составного типа | ||
|
||
```bash | ||
export TF_VAR_instance_zone='["ru-central-a","ru-central-b"]' | ||
``` |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
output "ip_address_vm_01" { | ||
description = "IP адрес vm-01" | ||
value = proxmox_virtual_environment_vm.vm-01.ipv4_addresses[1] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
terraform { | ||
required_providers { | ||
proxmox = { | ||
source = "bpg/proxmox" | ||
version = ">= 0.53.1" | ||
} | ||
} | ||
} | ||
|
||
provider "proxmox" { | ||
endpoint = var.virtual_environment_endpoint | ||
api_token = var.virtual_environment_api_token | ||
insecure = true | ||
ssh { | ||
agent = false | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
virtual_environment_api_token = "root@pam!for-terraform-provider=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" | ||
virtual_environment_endpoint = "https://x.x.x.x:8006/" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
variable "virtual_environment_endpoint" { | ||
type = string | ||
description = "The endpoint for the Proxmox Virtual Environment API (example: https://host:port)" | ||
} | ||
|
||
variable "virtual_environment_api_token" { | ||
type = string | ||
description = "The api roken the Proxmox Virtual Environment API (example: root@pam!for-terraform-provider=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
# Машинка | ||
resource "proxmox_virtual_environment_vm" "vm-01" { | ||
name = "vm-01" | ||
description = "Managed by OpenTofu" | ||
tags = ["opentofu", "test"] | ||
on_boot = true | ||
|
||
# Указываем целевой узел, на котором будет запущена ВМ | ||
node_name = "pve-01" | ||
|
||
# Шоблон из которого будет создавать ВМ | ||
clone { | ||
vm_id = "9000" | ||
node_name = "pve-01" | ||
retries = 2 | ||
} | ||
|
||
# Активируем QEMU для этов ВМ | ||
agent { | ||
enabled = true | ||
} | ||
|
||
operating_system { | ||
type = "l26" | ||
} | ||
|
||
cpu { | ||
cores = 4 | ||
type = "host" | ||
numa = true | ||
} | ||
|
||
memory { | ||
dedicated = 4096 | ||
} | ||
|
||
disk { | ||
size = "40" | ||
interface = "virtio0" | ||
datastore_id = "proxmox-data-02" | ||
file_format = "raw" | ||
} | ||
|
||
network_device { | ||
bridge = "vmbr0" | ||
model = "virtio" | ||
} | ||
|
||
initialization { | ||
datastore_id = "proxmox-data-02" | ||
ip_config { | ||
ipv4 { | ||
address = "dhcp" | ||
} | ||
} | ||
dns { | ||
servers = ["77.88.8.8"] | ||
} | ||
user_account { | ||
username = "infra" | ||
keys = [ | ||
"ssh-rsa..." | ||
] | ||
} | ||
} | ||
} |