summaryrefslogtreecommitdiff
path: root/docs/automation/terraform
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2024-03-16 12:32:43 +0100
committerGitHub <noreply@github.com>2024-03-16 12:32:43 +0100
commit74996ba978b37d61d1bfd262babcf7af45f170cb (patch)
tree4cdaa35cfd4e96383676cb6091185ee36adf7ef6 /docs/automation/terraform
parentb41f22b4fbb3152352a6692c7776b9eea6bac2ec (diff)
parent0be919e33b3b144f7331dff51c312d80e537ecac (diff)
downloadvyos-documentation-74996ba978b37d61d1bfd262babcf7af45f170cb.tar.gz
vyos-documentation-74996ba978b37d61d1bfd262babcf7af45f170cb.zip
Merge pull request #1323 from mkorobeinikov/sagitta
Update article about terraform in saggita
Diffstat (limited to 'docs/automation/terraform')
-rw-r--r--docs/automation/terraform/index.rst14
-rw-r--r--docs/automation/terraform/terraformAWS.rst547
-rw-r--r--docs/automation/terraform/terraformAZ.rst488
-rw-r--r--docs/automation/terraform/terraformGoogle.rst0
-rw-r--r--docs/automation/terraform/terraformvSphere.rst400
-rw-r--r--docs/automation/terraform/terraformvyos.rst39
6 files changed, 1488 insertions, 0 deletions
diff --git a/docs/automation/terraform/index.rst b/docs/automation/terraform/index.rst
new file mode 100644
index 00000000..42af58bd
--- /dev/null
+++ b/docs/automation/terraform/index.rst
@@ -0,0 +1,14 @@
+##############
+VyOS Terraform
+##############
+
+.. toctree::
+ :maxdepth: 1
+ :caption: Content
+
+ terraformvyos
+ terraformAWS
+ terraformAZ
+ terraformvSphere
+ terraformGoogle
+
diff --git a/docs/automation/terraform/terraformAWS.rst b/docs/automation/terraform/terraformAWS.rst
new file mode 100644
index 00000000..c705d55e
--- /dev/null
+++ b/docs/automation/terraform/terraformAWS.rst
@@ -0,0 +1,547 @@
+:lastproofread: 2024-01-11
+
+.. _terraformAWS:
+
+Deploying VyOS in the AWS cloud
+===============================
+
+With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the AWS cloud. If necessary, the infrastructure can be removed using terraform.
+Also we will make provisioning using Ansible.
+
+
+.. image:: /_static/images/aws.png
+ :width: 50%
+ :align: center
+ :alt: Network Topology Diagram
+
+In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible.
+
+
+Preparation steps for deploying VyOS on AWS
+-------------------------------------------
+
+How to create a single instance and install your configuration using Terraform+Ansible+AWS
+Step by step:
+
+AWS
+
+
+ 1 Create an account with AWS and get your "access_key", "secret key"
+
+ 2 Create a key pair_ and download your .pem key
+
+.. image:: /_static/images/keypairs.png
+ :width: 50%
+ :align: center
+ :alt: Network Topology Diagram
+
+ 3 Create a security group_ for the new VyOS instance and open all traffic
+
+.. image:: /_static/images/sg.png
+ :width: 50%
+ :align: center
+ :alt: Network Topology Diagram
+
+
+.. image:: /_static/images/traffic.png
+ :width: 50%
+ :align: center
+ :alt: Network Topology Diagram
+
+Terraform
+
+
+ 1 Create an UNIX or Windows instance
+
+ 2 Download and install Terraform
+
+ 3 Create the folder for example /root/awsterraform
+
+.. code-block:: none
+
+ mkdir /root/awsterraform
+
+ 4 Copy all files into your Terraform project "/root/awsterraform" (vyos.tf, var.tf, terraform.tfvars,version.tf), more detailed see `Structure of files Terrafom for AWS`_
+
+ 5 Type the commands :
+
+.. code-block:: none
+
+ cd /<your folder>
+ terraform init
+
+
+Ansible
+
+
+ 1 Create an UNIX instance whenever you want (local, cloud, and so on)
+
+ 2 Download and install Ansible
+
+ 3 Create the folder for example /root/aws/
+
+ 4 Copy all files into your Ansible project "/root/aws/" (ansible.cfg, instance.yml, mykey.pem and "all"), more detailed see `Structure of files Ansible for AWS`_
+
+mykey.pem you have to get using step 1.2
+
+
+Start
+
+
+Type the commands on your Terrafom instance:
+
+.. code-block:: none
+
+ cd /<your folder>
+ terraform plan
+ terraform apply
+ yes
+
+
+Start creating an AWS instance and check the result
+---------------------------------------------------
+
+.. code-block:: none
+
+ root@localhost:~/awsterraform# terraform apply
+
+ Terraform used the selected providers to generate the following execution plan.
+ Resource actions are indicated with the following symbols:
+ + create
+
+ Terraform will perform the following actions:
+
+ # aws_instance.myVyOSec2 will be created
+ + resource "aws_instance" "myVyOSec2" {
+ + ami = "ami-************62c2d"
+ + arn = (known after apply)
+ + associate_public_ip_address = (known after apply)
+ + availability_zone = (known after apply)
+ + cpu_core_count = (known after apply)
+ + cpu_threads_per_core = (known after apply)
+ + disable_api_stop = (known after apply)
+ + disable_api_termination = (known after apply)
+ + ebs_optimized = (known after apply)
+ + get_password_data = false
+ + host_id = (known after apply)
+ + host_resource_group_arn = (known after apply)
+ + iam_instance_profile = (known after apply)
+ + id = (known after apply)
+ + instance_initiated_shutdown_behavior = (known after apply)
+ + instance_lifecycle = (known after apply)
+ + instance_state = (known after apply)
+ + instance_type = "t2.micro"
+ + ipv6_address_count = (known after apply)
+ + ipv6_addresses = (known after apply)
+ + key_name = "awsterraform"
+ + monitoring = (known after apply)
+ + outpost_arn = (known after apply)
+ + password_data = (known after apply)
+ + placement_group = (known after apply)
+ + placement_partition_number = (known after apply)
+ + primary_network_interface_id = (known after apply)
+ + private_dns = (known after apply)
+ + private_ip = (known after apply)
+ + public_dns = (known after apply)
+ + public_ip = (known after apply)
+ + secondary_private_ips = (known after apply)
+ + security_groups = [
+ + "awsterraformsg",
+ ]
+ + source_dest_check = true
+ + spot_instance_request_id = (known after apply)
+ + subnet_id = (known after apply)
+ + tags = {
+ + "name" = "VyOS System"
+ }
+ + tags_all = {
+ + "name" = "VyOS System"
+ }
+ + tenancy = (known after apply)
+ + user_data = (known after apply)
+ + user_data_base64 = (known after apply)
+ + user_data_replace_on_change = false
+ + vpc_security_group_ids = (known after apply)
+ }
+
+ # local_file.ip will be created
+ + resource "local_file" "ip" {
+ + content = (known after apply)
+ + content_base64sha256 = (known after apply)
+ + content_base64sha512 = (known after apply)
+ + content_md5 = (known after apply)
+ + content_sha1 = (known after apply)
+ + content_sha256 = (known after apply)
+ + content_sha512 = (known after apply)
+ + directory_permission = "0777"
+ + file_permission = "0777"
+ + filename = "ip.txt"
+ + id = (known after apply)
+ }
+
+ # null_resource.SSHconnection1 will be created
+ + resource "null_resource" "SSHconnection1" {
+ + id = (known after apply)
+ }
+
+ # null_resource.SSHconnection2 will be created
+ + resource "null_resource" "SSHconnection2" {
+ + id = (known after apply)
+ }
+
+ Plan: 4 to add, 0 to change, 0 to destroy.
+
+ Changes to Outputs:
+ + my_IP = (known after apply)
+
+ Do you want to perform these actions?
+ Terraform will perform the actions described above.
+ Only 'yes' will be accepted to approve.
+
+ Enter a value: yes
+
+ aws_instance.myVyOSec2: Creating...
+ aws_instance.myVyOSec2: Still creating... [10s elapsed]
+ aws_instance.myVyOSec2: Still creating... [20s elapsed]
+ aws_instance.myVyOSec2: Still creating... [30s elapsed]
+ aws_instance.myVyOSec2: Still creating... [40s elapsed]
+ aws_instance.myVyOSec2: Creation complete after 44s [id=i-09edfca15aac2fe0a]
+ null_resource.SSHconnection1: Creating...
+ null_resource.SSHconnection2: Creating...
+ null_resource.SSHconnection1: Provisioning with 'file'...
+ null_resource.SSHconnection2: Provisioning with 'remote-exec'...
+ null_resource.SSHconnection2 (remote-exec): Connecting to remote host via SSH...
+ null_resource.SSHconnection2 (remote-exec): Host: 10.217.80.104
+ null_resource.SSHconnection2 (remote-exec): User: root
+ null_resource.SSHconnection2 (remote-exec): Password: true
+ null_resource.SSHconnection2 (remote-exec): Private key: false
+ null_resource.SSHconnection2 (remote-exec): Certificate: false
+ null_resource.SSHconnection2 (remote-exec): SSH Agent: false
+ null_resource.SSHconnection2 (remote-exec): Checking Host Key: false
+ null_resource.SSHconnection2 (remote-exec): Target Platform: unix
+ local_file.ip: Creating...
+ local_file.ip: Creation complete after 0s [id=e8e91f2e24579cd28b92e2d152c0c24c3bf4b52c]
+ null_resource.SSHconnection2 (remote-exec): Connected!
+ null_resource.SSHconnection1: Creation complete after 0s [id=7070868940858935600]
+
+ null_resource.SSHconnection2 (remote-exec): PLAY [integration of terraform and ansible] ************************************
+
+ null_resource.SSHconnection2 (remote-exec): TASK [Wait 300 seconds, but only start checking after 60 seconds] **************
+ null_resource.SSHconnection2: Still creating... [10s elapsed]
+ null_resource.SSHconnection2: Still creating... [20s elapsed]
+ null_resource.SSHconnection2: Still creating... [30s elapsed]
+ null_resource.SSHconnection2: Still creating... [40s elapsed]
+ null_resource.SSHconnection2: Still creating... [50s elapsed]
+ null_resource.SSHconnection2: Still creating... [1m0s elapsed]
+ null_resource.SSHconnection2 (remote-exec): ok: [54.xxx.xxx.xxx]
+
+ null_resource.SSHconnection2 (remote-exec): TASK [Configure general settings for the vyos hosts group] *********************
+ null_resource.SSHconnection2: Still creating... [1m10s elapsed]
+ null_resource.SSHconnection2 (remote-exec): changed: [54.xxx.xxx.xxx]
+
+ null_resource.SSHconnection2 (remote-exec): PLAY RECAP *********************************************************************
+ null_resource.SSHconnection2 (remote-exec): 54.xxx.xxx.xxx : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
+
+ null_resource.SSHconnection2: Creation complete after 1m16s [id=4902256962410024771]
+
+ Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
+
+ Outputs:
+
+ my_IP = "54.xxx.xxx.xxx"
+
+
+
+After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition.
+If you need to delete the instance please type the command:
+
+.. code-block:: none
+
+ terraform destroy
+
+
+Troubleshooting
+---------------
+
+ 1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/.
+Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location).
+Make sure that you have opened access to the instance in the security group.
+
+ 2 Terraform doesn't connect via SSH to your Ansible instance: you have to check the correct login and password in the part of the file VyOS. tf
+
+.. code-block:: none
+
+ connection {
+ type = "ssh"
+ user = "root" # open root access using login and password on your Ansible
+ password = var.password # check password in the file terraform.tfvars isn't empty
+ host = var.host # check the correct IP address of your Ansible host
+ }
+
+
+Make sure that Ansible is pinging from Terrafom.
+
+Structure of files Terrafom for AWS
+-----------------------------------
+
+.. code-block:: none
+
+ .
+ ├── vyos.tf # The main script
+ ├── var.tf # The file of all variables in "vyos.tf"
+ ├── versions.tf # File for the changing version of Terraform.
+ └── terraform.tfvars # The value of all variables (passwords, login, ip adresses and so on)
+
+
+
+File contents of Terrafom for AWS
+---------------------------------
+
+vyos.tf
+
+.. code-block:: none
+
+
+ ##############################################################################
+ # Build an VyOS VM from the Marketplace
+ # To finde nessesery AMI image_ in AWS
+ #
+ # In the script vyos.tf we'll use default values (you can chang it as you need)
+ # AWS Region = "us-east-1"
+ # AMI = "standard AMI of VyOS from AWS Marketplace"
+ # Size of VM = "t2.micro"
+ # AWS Region = "us-east-1"
+ # After deploying the AWS instance and getting an IP address, the IP address is copied into the file
+ #"ip.txt" and copied to the Ansible node for provisioning.
+ ##############################################################################
+
+ provider "aws" {
+ access_key = var.access
+ secret_key = var.secret
+ region = var.region
+ }
+
+ variable "region" {
+ default = "us-east-1"
+ description = "AWS Region"
+ }
+
+ variable "ami" {
+ default = "ami-**************3b3" # ami image please enter your details
+ description = "Amazon Machine Image ID for VyOS"
+ }
+
+ variable "type" {
+ default = "t2.micro"
+ description = "Size of VM"
+ }
+
+ # my resource for VyOS
+
+ resource "aws_instance" "myVyOSec2" {
+ ami = var.ami
+ key_name = "awsterraform" # Please enter your details from 1.2 of Preparation steps for deploying VyOS on AWS
+ security_groups = ["awsterraformsg"] # Please enter your details from 1.3 of Preparation steps for deploying VyOS on AWS
+ instance_type = var.type
+ tags = {
+ name = "VyOS System"
+ }
+ }
+
+ ##############################################################################
+ # specific variable (to getting type "terraform plan"):
+ # aws_instance.myVyOSec2.public_ip - the information about public IP address
+ # of our instance, needs for provisioning and ssh connection from Ansible
+ ##############################################################################
+
+ output "my_IP"{
+ value = aws_instance.myVyOSec2.public_ip
+ }
+
+ ##############################################################################
+ #
+ # IP of aws instance copied to a file ip.txt in local system Terraform
+ # ip.txt looks like:
+ # cat ./ip.txt
+ # ххх.ххх.ххх.ххх
+ ##############################################################################
+
+ resource "local_file" "ip" {
+ content = aws_instance.myVyOSec2.public_ip
+ filename = "ip.txt"
+ }
+
+ #connecting to the Ansible control node using SSH connection
+
+ ##############################################################################
+ # Steps "SSHconnection1" and "SSHconnection2" need to get file ip.txt from the terraform node and start remotely the playbook of Ansible.
+ ##############################################################################
+
+ resource "null_resource" "SSHconnection1" {
+ depends_on = [aws_instance.myVyOSec2]
+ connection {
+ type = "ssh"
+ user = "root"
+ password = var.password
+ host = var.host
+ }
+
+ #copying the ip.txt file to the Ansible control node from local system
+
+ provisioner "file" {
+ source = "ip.txt"
+ destination = "/root/aws/ip.txt" # The folder of your Ansible project
+ }
+ }
+
+ resource "null_resource" "SSHconnection2" {
+ depends_on = [aws_instance.myVyOSec2]
+ connection {
+ type = "ssh"
+ user = "root"
+ password = var.password
+ host = var.host
+ }
+ #command to run Ansible playbook on remote Linux OS
+ provisioner "remote-exec" {
+ inline = [
+ "cd /root/aws/",
+ "ansible-playbook instance.yml" # more detailed in "File contents of Ansible for AWS"
+ ]
+ }
+ }
+
+
+var.tf
+
+.. code-block:: none
+
+ variable "password" {
+ description = "pass for Ansible"
+ type = string
+ sensitive = true
+ }
+ variable "host"{
+ description = "The IP of my Ansible"
+ type = string
+ }
+ variable "access" {
+ description = "my access_key for AWS"
+ type = string
+ sensitive = true
+ }
+ variable "secret" {
+ description = "my secret_key for AWS"
+ type = string
+ sensitive = true
+ }
+
+versions.tf
+
+.. code-block:: none
+
+ terraform {
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 5.0"
+ }
+ }
+ }
+
+terraform.tfvars
+
+.. code-block:: none
+
+ password = "" # password for Ansible SSH
+ host = "" # IP of my Ansible
+ access = "" # access_key for AWS
+ secret = "" # secret_key for AWS
+
+
+Structure of files Ansible for AWS
+----------------------------------
+
+.. code-block:: none
+
+ .
+ ├── group_vars
+ └── all
+ ├── ansible.cfg
+ ├── mykey.pem
+ └── instance.yml
+
+
+File contents of Ansible for AWS
+--------------------------------
+
+ansible.cfg
+
+.. code-block:: none
+
+ [defaults]
+ inventory = /root/aws/ip.txt
+ host_key_checking= False
+ private_key_file = /root/aws/awsterraform.pem # check the name
+ remote_user=vyos
+
+mykey.pem
+
+.. code-block:: none
+
+ Copy your key.pem from AWS
+
+
+instance.yml
+
+
+
+.. code-block:: none
+
+ ##############################################################################
+ # About tasks:
+ # "Wait 300 seconds, but only start checking after 60 seconds" - try to make ssh connection every 60 seconds until 300 seconds
+ # "Configure general settings for the VyOS hosts group" - make provisioning into AWS VyOS node
+ # You have to add all necessary cammans of VyOS under the block "lines:"
+ ##############################################################################
+
+
+ - name: integration of terraform and ansible
+ hosts: all
+ gather_facts: 'no'
+
+ tasks:
+
+ - name: "Wait 300 seconds, but only start checking after 60 seconds"
+ wait_for_connection:
+ delay: 60
+ timeout: 300
+
+ - name: "Configure general settings for the VyOS hosts group"
+ vyos_config:
+ lines:
+ - set system name-server xxx.xxx.xxx.xxx
+ save:
+ true
+
+
+group_vars/all
+
+.. code-block:: none
+
+ ansible_connection: ansible.netcommon.network_cli
+ ansible_network_os: vyos.vyos.vyos
+ ansible_user: vyos
+
+Sourse files for AWS from GIT
+-----------------------------
+
+All files about the article can be found here_
+
+
+.. _link: https://developer.hashicorp.com/terraform/intro
+.. _install: https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli
+.. _pair: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-key-pairs.html
+.. _group: https://docs.aws.amazon.com/cli/latest/userguide/cli-services-ec2-sg.html
+.. _image: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html
+.. _here: https://github.com/vyos/vyos-automation/tree/main/TerraformCloud/AWS_terraform_ansible_single_vyos_instance-main \ No newline at end of file
diff --git a/docs/automation/terraform/terraformAZ.rst b/docs/automation/terraform/terraformAZ.rst
new file mode 100644
index 00000000..a0fea023
--- /dev/null
+++ b/docs/automation/terraform/terraformAZ.rst
@@ -0,0 +1,488 @@
+:lastproofread: 2024-03-03
+
+.. _terraformAZ:
+
+Deploying VyOS in the Azure cloud
+=================================
+
+With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Azure cloud. If necessary, the infrastructure can be removed using terraform.
+Also we will make provisioning using Ansible.
+
+In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the Azure cloud and make provisioning using Ansible.
+
+Preparation steps for deploying VyOS on Azure
+---------------------------------------------
+
+How to create a single instance and install your configuration using Terraform+Ansible+Azure
+Step by step:
+
+Azure
+
+ 1 Create an account with Azure
+
+Terraform
+
+
+ 1 Create an UNIX or Windows instance
+
+ 2 Download and install Terraform
+
+ 3 Create the folder for example /root/azvyos/
+
+.. code-block:: none
+
+ mkdir /root/azvyos
+
+ 4 Copy all files into your Terraform project "/root/azvyos" (vyos.tf, var.tf, terraform.tfvars), more detailed see `Structure of files Terrafom for Azure`_
+
+ 5 Login with Azure using the command
+
+.. code-block:: none
+
+ az login
+
+2.6 Type the commands :
+
+.. code-block:: none
+
+ cd /<your folder>
+ terraform init
+
+Ansible
+
+
+ 1 Create an UNIX instance whenever you want (local, cloud, and so on)
+
+ 2 Download and install Ansible
+
+ 3 Create the folder for example /root/az/
+
+ 4 Copy all files into your Ansible project "/root/az/" (ansible.cfg, instance.yml,"all"), more detailed see `Structure of files Ansible for Azure`_
+
+
+Start
+
+
+Type the commands on your Terrafom instance:
+
+.. code-block:: none
+
+ cd /<your folder>
+ terraform plan
+ terraform apply
+ yes
+
+After executing all the commands you will have your VyOS instance on the Azure cloud with your configuration, it's a very convenient desition.
+If you need to delete the instance please type the command:
+
+.. code-block:: none
+
+ terraform destroy
+
+Structure of files Terrafom for Azure
+-------------------------------------
+
+.. code-block:: none
+
+ .
+ ├── vyos.tf # The main script
+ ├── var.tf # File for the changing version of Terraform.
+ └── terraform.tfvars # The value of all variables (passwords, login, ip adresses and so on)
+
+File contents of Terrafom for Azure
+-----------------------------------
+
+vyos.tf
+
+.. code-block:: none
+
+
+ ##############################################################################
+ # HashiCorp Guide to Using Terraform on Azure
+ # This Terraform configuration will create the following:
+ # Resource group with a virtual network and subnet
+ # An VyOS server without ssh key (only login+password)
+ ##############################################################################
+
+ # Chouse a provider
+
+ provider "azurerm" {
+ features {}
+ }
+
+ # Create a resource group. In Azure every resource belongs to a
+ # resource group.
+
+ resource "azurerm_resource_group" "azure_vyos" {
+ name = "${var.resource_group}"
+ location = "${var.location}"
+ }
+
+ # The next resource is a Virtual Network.
+
+ resource "azurerm_virtual_network" "vnet" {
+ name = "${var.virtual_network_name}"
+ location = "${var.location}"
+ address_space = ["${var.address_space}"]
+ resource_group_name = "${var.resource_group}"
+ }
+
+ # Build a subnet to run our VMs in.
+
+ resource "azurerm_subnet" "subnet" {
+ name = "${var.prefix}subnet"
+ virtual_network_name = "${azurerm_virtual_network.vnet.name}"
+ resource_group_name = "${var.resource_group}"
+ address_prefixes = ["${var.subnet_prefix}"]
+ }
+
+ ##############################################################################
+ # Build an VyOS VM from the Marketplace
+ # To finde nessesery image use the command:
+ #
+ # az vm image list --offer vyos --all
+ #
+ # Now that we have a network, we'll deploy an VyOS server.
+ # An Azure Virtual Machine has several components. In this example we'll build
+ # a security group, a network interface, a public ip address, a storage
+ # account and finally the VM itself. Terraform handles all the dependencies
+ # automatically, and each resource is named with user-defined variables.
+ ##############################################################################
+
+
+ # Security group to allow inbound access on port 22 (ssh)
+
+ resource "azurerm_network_security_group" "vyos-sg" {
+ name = "${var.prefix}-sg"
+ location = "${var.location}"
+ resource_group_name = "${var.resource_group}"
+
+ security_rule {
+ name = "SSH"
+ priority = 100
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_range = "*"
+ destination_port_range = "22"
+ source_address_prefix = "${var.source_network}"
+ destination_address_prefix = "*"
+ }
+ }
+
+ # A network interface.
+
+ resource "azurerm_network_interface" "vyos-nic" {
+ name = "${var.prefix}vyos-nic"
+ location = "${var.location}"
+ resource_group_name = "${var.resource_group}"
+
+ ip_configuration {
+ name = "${var.prefix}ipconfig"
+ subnet_id = "${azurerm_subnet.subnet.id}"
+ private_ip_address_allocation = "Dynamic"
+ public_ip_address_id = "${azurerm_public_ip.vyos-pip.id}"
+ }
+ }
+
+ # Add a public IP address.
+
+ resource "azurerm_public_ip" "vyos-pip" {
+ name = "${var.prefix}-ip"
+ location = "${var.location}"
+ resource_group_name = "${var.resource_group}"
+ allocation_method = "Dynamic"
+ }
+
+ # Build a virtual machine. This is a standard VyOS instance from Marketplace.
+
+ resource "azurerm_virtual_machine" "vyos" {
+ name = "${var.hostname}-vyos"
+ location = "${var.location}"
+ resource_group_name = "${var.resource_group}"
+ vm_size = "${var.vm_size}"
+
+ network_interface_ids = ["${azurerm_network_interface.vyos-nic.id}"]
+ delete_os_disk_on_termination = "true"
+
+ # To finde an information about the plan use the command:
+ # az vm image list --offer vyos --all
+
+ plan {
+ publisher = "sentriumsl"
+ name = "vyos-1-3"
+ product = "vyos-1-2-lts-on-azure"
+ }
+
+ storage_image_reference {
+ publisher = "${var.image_publisher}"
+ offer = "${var.image_offer}"
+ sku = "${var.image_sku}"
+ version = "${var.image_version}"
+ }
+
+ storage_os_disk {
+ name = "${var.hostname}-osdisk"
+ managed_disk_type = "Standard_LRS"
+ caching = "ReadWrite"
+ create_option = "FromImage"
+ }
+
+ os_profile {
+ computer_name = "${var.hostname}"
+ admin_username = "${var.admin_username}"
+ admin_password = "${var.admin_password}"
+ }
+
+ os_profile_linux_config {
+ disable_password_authentication = false
+ }
+ }
+
+ data "azurerm_public_ip" "example" {
+ depends_on = ["azurerm_virtual_machine.vyos"]
+ name = "vyos-ip"
+ resource_group_name = "${var.resource_group}"
+ }
+ output "public_ip_address" {
+ value = data.azurerm_public_ip.example.ip_address
+ }
+
+ # IP of AZ instance copied to a file ip.txt in local system
+
+ resource "local_file" "ip" {
+ content = data.azurerm_public_ip.example.ip_address
+ filename = "ip.txt"
+ }
+
+ #Connecting to the Ansible control node using SSH connection
+
+ resource "null_resource" "nullremote1" {
+ depends_on = ["azurerm_virtual_machine.vyos"]
+ connection {
+ type = "ssh"
+ user = "root"
+ password = var.password
+ host = var.host
+ }
+
+ # Copying the ip.txt file to the Ansible control node from local system
+
+ provisioner "file" {
+ source = "ip.txt"
+ destination = "/root/az/ip.txt"
+ }
+ }
+
+ resource "null_resource" "nullremote2" {
+ depends_on = ["azurerm_virtual_machine.vyos"]
+ connection {
+ type = "ssh"
+ user = "root"
+ password = var.password
+ host = var.host
+ }
+
+ # Command to run ansible playbook on remote Linux OS
+
+ provisioner "remote-exec" {
+
+ inline = [
+ "cd /root/az/",
+ "ansible-playbook instance.yml"
+ ]
+ }
+ }
+
+
+var.tf
+
+.. code-block:: none
+
+ ##############################################################################
+ # Variables File
+ #
+ # Here is where we store the default values for all the variables used in our
+ # Terraform code.
+ ##############################################################################
+
+ variable "resource_group" {
+ description = "The name of your Azure Resource Group."
+ default = "my_resource_group"
+ }
+
+ variable "prefix" {
+ description = "This prefix will be included in the name of some resources."
+ default = "vyos"
+ }
+
+ variable "hostname" {
+ description = "Virtual machine hostname. Used for local hostname, DNS, and storage-related names."
+ default = "vyos_terraform"
+ }
+
+ variable "location" {
+ description = "The region where the virtual network is created."
+ default = "centralus"
+ }
+
+ variable "virtual_network_name" {
+ description = "The name for your virtual network."
+ default = "vnet"
+ }
+
+ variable "address_space" {
+ description = "The address space that is used by the virtual network. You can supply more than one address space. Changing this forces a new resource to be created."
+ default = "10.0.0.0/16"
+ }
+
+ variable "subnet_prefix" {
+ description = "The address prefix to use for the subnet."
+ default = "10.0.10.0/24"
+ }
+
+ variable "storage_account_tier" {
+ description = "Defines the storage tier. Valid options are Standard and Premium."
+ default = "Standard"
+ }
+
+ variable "storage_replication_type" {
+ description = "Defines the replication type to use for this storage account. Valid options include LRS, GRS etc."
+ default = "LRS"
+ }
+
+ # The most chippers size
+
+ variable "vm_size" {
+ description = "Specifies the size of the virtual machine."
+ default = "Standard_B1s"
+ }
+
+ variable "image_publisher" {
+ description = "Name of the publisher of the image (az vm image list)"
+ default = "sentriumsl"
+ }
+
+ variable "image_offer" {
+ description = "Name of the offer (az vm image list)"
+ default = "vyos-1-2-lts-on-azure"
+ }
+
+ variable "image_sku" {
+ description = "Image SKU to apply (az vm image list)"
+ default = "vyos-1-3"
+ }
+
+ variable "image_version" {
+ description = "Version of the image to apply (az vm image list)"
+ default = "1.3.3"
+ }
+
+ variable "admin_username" {
+ description = "Administrator user name"
+ default = "vyos"
+ }
+
+ variable "admin_password" {
+ description = "Administrator password"
+ default = "Vyos0!"
+ }
+
+ variable "source_network" {
+ description = "Allow access from this network prefix. Defaults to '*'."
+ default = "*"
+ }
+
+ variable "password" {
+ description = "pass for Ansible"
+ type = string
+ sensitive = true
+ }
+ variable "host"{
+ description = "IP of my Ansible"
+ }
+
+terraform.tfvars
+
+.. code-block:: none
+
+ password = "" # password for Ansible SSH
+ host = "" # IP of my Ansible
+
+
+Structure of files Ansible for Azure
+------------------------------------
+
+.. code-block:: none
+
+ .
+ ├── group_vars
+ └── all
+ ├── ansible.cfg
+ └── instance.yml
+
+
+File contents of Ansible for Azure
+----------------------------------
+
+ansible.cfg
+
+.. code-block:: none
+
+ [defaults]
+ inventory = /root/az/ip.txt
+ host_key_checking= False
+ remote_user=vyos
+
+
+instance.yml
+
+
+.. code-block:: none
+
+ ##############################################################################
+ # About tasks:
+ # "Wait 300 seconds, but only start checking after 60 seconds" - try to make ssh connection every 60 seconds until 300 seconds
+ # "Configure general settings for the VyOS hosts group" - make provisioning into Azure VyOS node
+ # You have to add all necessary cammans of VyOS under the block "lines:"
+ ##############################################################################
+
+
+ - name: integration of terraform and ansible
+ hosts: all
+ gather_facts: 'no'
+
+ tasks:
+
+ - name: "Wait 300 seconds, but only start checking after 60 seconds"
+ wait_for_connection:
+ delay: 60
+ timeout: 300
+
+ - name: "Configure general settings for the VyOS hosts group"
+ vyos_config:
+ lines:
+ - set system name-server xxx.xxx.xxx.xxx
+ save:
+ true
+
+
+group_vars/all
+
+.. code-block:: none
+
+ ansible_connection: ansible.netcommon.network_cli
+ ansible_network_os: vyos.vyos.vyos
+
+ # user and password gets from terraform variables "admin_username" and "admin_password" in the file /root/azvyos/var.tf
+ ansible_user: vyos
+ ansible_ssh_pass: Vyos0!
+
+Sourse files for Azure from GIT
+-------------------------------
+
+All files about the article can be found here_
+
+.. _here: https://github.com/vyos/vyos-automation/tree/main/TerraformCloud/Azure_terraform_ansible_single_vyos_instance-main
+
+
diff --git a/docs/automation/terraform/terraformGoogle.rst b/docs/automation/terraform/terraformGoogle.rst
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/docs/automation/terraform/terraformGoogle.rst
diff --git a/docs/automation/terraform/terraformvSphere.rst b/docs/automation/terraform/terraformvSphere.rst
new file mode 100644
index 00000000..5d39261b
--- /dev/null
+++ b/docs/automation/terraform/terraformvSphere.rst
@@ -0,0 +1,400 @@
+:lastproofread: 2024-03-03
+
+.. _terraformvSphere:
+
+Deploying VyOS in the vSphere infrastructure
+============================================
+
+With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the vSphere.
+Also we will make provisioning using Ansible.
+
+In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the vSphere cloud and make provisioning using Ansible.
+
+Preparation steps for deploying VyOS on vSphere
+-----------------------------------------------
+
+How to create a single instance and install your configuration using Terraform+Ansible+vSphere
+Step by step:
+
+
+vSphere
+
+
+ 1 Collect all data in to file "terraform.tfvars" and create resources for example "terraform"
+
+
+Terraform
+
+
+ 1 Create an UNIX or Windows instance
+
+ 2 Download and install Terraform
+
+ 3 Create the folder for example /root/vsphereterraform
+
+.. code-block:: none
+
+ mkdir /root/vsphereterraform
+
+
+ 4 Copy all files into your Terraform project "/root/vsphereterraform" (vyos.tf, var.tf, terraform.tfvars,version.tf), more detailed see `Structure of files Terrafom for vSphere`_
+
+ 5 Type the commands :
+
+.. code-block:: none
+
+ cd /<your folder>
+ terraform init
+
+
+Ansible
+
+
+ 1 Create an UNIX instance whenever you want (local, cloud, and so on)
+
+ 2 Download and install Ansible
+
+ 3 Create the folder for example /root/vsphereterraform/
+
+ 4 Copy all files into your Ansible project "/root/vsphereterraform/" (ansible.cfg, instance.yml,"all"), more detailed see `Structure of files Ansible for vSphere`_
+
+
+Start
+
+
+Type the commands on your Terrafom instance:
+
+.. code-block:: none
+
+ cd /<your folder>
+ terraform plan
+ terraform apply
+ yes
+
+
+After executing all the commands you will have your VyOS instance on the vSphere with your configuration, it's a very convenient desition.
+If you need to delete the instance please type the command:
+
+.. code-block:: none
+
+ terraform destroy
+
+
+Structure of files Terrafom for vSphere
+---------------------------------------
+
+.. code-block:: none
+
+ .
+ ├── vyos.tf # The main script
+ ├── versions.tf # File for the changing version of Terraform.
+ ├── var.tf # File for the changing version of Terraform.
+ └── terraform.tfvars # The value of all variables (passwords, login, ip adresses and so on)
+
+
+File contents of Terrafom for vSphere
+-------------------------------------
+
+vyos.tf
+
+.. code-block:: none
+
+ provider "vsphere" {
+ user = var.vsphere_user
+ password = var.vsphere_password
+ vsphere_server = var.vsphere_server
+ allow_unverified_ssl = true
+ }
+
+ data "vsphere_datacenter" "datacenter" {
+ name = var.datacenter
+ }
+
+ data "vsphere_datastore" "datastore" {
+ name = var.datastore
+ datacenter_id = data.vsphere_datacenter.datacenter.id
+ }
+
+ data "vsphere_compute_cluster" "cluster" {
+ name = var.cluster
+ datacenter_id = data.vsphere_datacenter.datacenter.id
+ }
+
+ data "vsphere_resource_pool" "default" {
+ name = format("%s%s", data.vsphere_compute_cluster.cluster.name, "/Resources/terraform") # set as you need
+ datacenter_id = data.vsphere_datacenter.datacenter.id
+ }
+
+ data "vsphere_host" "host" {
+ name = var.host
+ datacenter_id = data.vsphere_datacenter.datacenter.id
+ }
+
+ data "vsphere_network" "network" {
+ name = var.network_name
+ datacenter_id = data.vsphere_datacenter.datacenter.id
+ }
+
+ # Deployment of VM from Remote OVF
+ resource "vsphere_virtual_machine" "vmFromRemoteOvf" {
+ name = var.remotename
+ datacenter_id = data.vsphere_datacenter.datacenter.id
+ datastore_id = data.vsphere_datastore.datastore.id
+ host_system_id = data.vsphere_host.host.id
+ resource_pool_id = data.vsphere_resource_pool.default.id
+ network_interface {
+ network_id = data.vsphere_network.network.id
+ }
+ wait_for_guest_net_timeout = 2
+ wait_for_guest_ip_timeout = 2
+
+ ovf_deploy {
+ allow_unverified_ssl_cert = true
+ remote_ovf_url = var.url_ova
+ disk_provisioning = "thin"
+ ip_protocol = "IPv4"
+ ip_allocation_policy = "dhcpPolicy"
+ ovf_network_map = {
+ "Network 1" = data.vsphere_network.network.id
+ "Network 2" = data.vsphere_network.network.id
+ }
+ }
+ vapp {
+ properties = {
+ "password" = "12345678",
+ "local-hostname" = "terraform_vyos"
+ }
+ }
+ }
+
+ output "ip" {
+ description = "default ip address of the deployed VM"
+ value = vsphere_virtual_machine.vmFromRemoteOvf.default_ip_address
+ }
+
+ # IP of vSphere instance copied to a file ip.txt in local system
+
+ resource "local_file" "ip" {
+ content = vsphere_virtual_machine.vmFromRemoteOvf.default_ip_address
+ filename = "ip.txt"
+ }
+
+ #Connecting to the Ansible control node using SSH connection
+
+ resource "null_resource" "nullremote1" {
+ depends_on = ["vsphere_virtual_machine.vmFromRemoteOvf"]
+ connection {
+ type = "ssh"
+ user = "root"
+ password = var.ansiblepassword
+ host = var.ansiblehost
+
+ }
+
+ # Copying the ip.txt file to the Ansible control node from local system
+
+ provisioner "file" {
+ source = "ip.txt"
+ destination = "/root/vsphere/ip.txt"
+ }
+ }
+
+ resource "null_resource" "nullremote2" {
+ depends_on = ["vsphere_virtual_machine.vmFromRemoteOvf"]
+ connection {
+ type = "ssh"
+ user = "root"
+ password = var.ansiblepassword
+ host = var.ansiblehost
+ }
+
+ # Command to run ansible playbook on remote Linux OS
+
+ provisioner "remote-exec" {
+
+ inline = [
+ "cd /root/vsphere/",
+ "ansible-playbook instance.yml"
+ ]
+ }
+ }
+
+
+versions.tf
+
+.. code-block:: none
+
+ # Copyright (c) HashiCorp, Inc.
+ # SPDX-License-Identifier: MPL-2.0
+
+ terraform {
+ required_providers {
+ vsphere = {
+ source = "hashicorp/vsphere"
+ version = "2.4.0"
+ }
+ }
+ }
+
+var.tf
+
+.. code-block:: none
+
+ # Copyright (c) HashiCorp, Inc.
+ # SPDX-License-Identifier: MPL-2.0
+
+ variable "vsphere_server" {
+ description = "vSphere server"
+ type = string
+ }
+
+ variable "vsphere_user" {
+ description = "vSphere username"
+ type = string
+ }
+
+ variable "vsphere_password" {
+ description = "vSphere password"
+ type = string
+ sensitive = true
+ }
+
+ variable "datacenter" {
+ description = "vSphere data center"
+ type = string
+ }
+
+ variable "cluster" {
+ description = "vSphere cluster"
+ type = string
+ }
+
+ variable "datastore" {
+ description = "vSphere datastore"
+ type = string
+ }
+
+ variable "network_name" {
+ description = "vSphere network name"
+ type = string
+ }
+
+ variable "host" {
+ description = "name if yor host"
+ type = string
+ }
+
+ variable "remotename" {
+ description = "the name of you VM"
+ type = string
+ }
+
+ variable "url_ova" {
+ description = "the URL to .OVA file or cloude store"
+ type = string
+ }
+
+ variable "ansiblepassword" {
+ description = "Ansible password"
+ type = string
+ }
+
+ variable "ansiblehost" {
+ description = "Ansible host name or IP"
+ type = string
+ }
+
+terraform.tfvars
+
+.. code-block:: none
+
+ vsphere_user = ""
+ vsphere_password = ""
+ vsphere_server = ""
+ datacenter = ""
+ datastore = ""
+ cluster = ""
+ network_name = ""
+ host = ""
+ url_ova = ""
+ ansiblepassword = ""
+ ansiblehost = ""
+ remotename = ""
+
+
+Structure of files Ansible for vSphere
+--------------------------------------
+
+.. code-block:: none
+
+ .
+ ├── group_vars
+ └── all
+ ├── ansible.cfg
+ └── instance.yml
+
+
+File contents of Ansible for vSphere
+------------------------------------
+
+ansible.cfg
+
+.. code-block:: none
+
+ [defaults]
+ inventory = /root/vsphere/ip.txt
+ host_key_checking= False
+ remote_user=vyos
+
+
+instance.yml
+
+.. code-block:: none
+
+ ##############################################################################
+ # About tasks:
+ # "Wait 300 seconds, but only start checking after 60 seconds" - try to make ssh connection every 60 seconds until 300 seconds
+ # "Configure general settings for the VyOS hosts group" - make provisioning into vSphere VyOS node
+ # You have to add all necessary cammans of VyOS under the block "lines:"
+ ##############################################################################
+
+
+ - name: integration of terraform and ansible
+ hosts: all
+ gather_facts: 'no'
+
+ tasks:
+
+ - name: "Wait 300 seconds, but only start checking after 60 seconds"
+ wait_for_connection:
+ delay: 60
+ timeout: 300
+
+ - name: "Configure general settings for the VyOS hosts group"
+ vyos_config:
+ lines:
+ - set system name-server 8.8.8.8
+ save:
+ true
+
+
+group_vars/all
+
+.. code-block:: none
+
+ ansible_connection: ansible.netcommon.network_cli
+ ansible_network_os: vyos.vyos.vyos
+
+ # user and password gets from terraform variables "admin_username" and "admin_password"
+ ansible_user: vyos
+ # get from vyos.tf "vapp"
+ ansible_ssh_pass: 12345678
+
+
+Sourse files for vSphere from GIT
+---------------------------------
+
+All files about the article can be found here_
+
+.. _here: https://github.com/vyos/vyos-automation/tree/main/TerraformCloud/Vsphere_terraform_ansible_single_vyos_instance-main
+
diff --git a/docs/automation/terraform/terraformvyos.rst b/docs/automation/terraform/terraformvyos.rst
new file mode 100644
index 00000000..42dc7492
--- /dev/null
+++ b/docs/automation/terraform/terraformvyos.rst
@@ -0,0 +1,39 @@
+:lastproofread: 2024-03-03
+
+.. _terraformvyos:
+
+Terraform for VyOS
+==================
+
+VyOS supports development infrastructure via Terraform and provisioning via Ansible.
+Terraform allows you to automate the process of deploying instances on many cloud and virtual platforms.
+In this article, we will look at using terraforms to deploy VyOS on platforms - AWS, Azure, and vSphere.
+For more details about Terraform please have a look here link_.
+
+Need to install_ Terraform
+
+Structure of files in the standard Terraform project:
+
+.. code-block:: none
+
+ .
+ ├── main.tf # The main script
+ ├── version.tf # File for the changing version of Terraform.
+ ├── variables.tf # The file of all variables in "main.tf"
+ └── terraform.tfvars # The value of all variables (passwords, login, ip adresses and so on)
+
+
+General commands that we will use for running Terraform scripts
+
+
+.. code-block:: none
+
+ cd /<your folder> # go to the Terrafom project
+ terraform init # install all addons and provider (aws az and so on)
+ terraform plan # show what is changing
+ terraform apply # run script
+ yes # apply running
+
+
+.. _link: https://developer.hashicorp.com/terraform/intro
+.. _install: https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli \ No newline at end of file