diff options
author | Daniil Baturin <daniil@vyos.io> | 2024-03-03 10:18:29 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-03 10:18:29 +0100 |
commit | 408951688bdc9888c162d43f62e036aed50b119a (patch) | |
tree | d3eefb08a3c8da4c550d1fc273cc80c74bb84469 /docs | |
parent | 62b36a812a922ad6fc17f636bba029e463f35d49 (diff) | |
parent | 9493803d36df789c508df9d199f502cc6945282e (diff) | |
download | vyos-documentation-408951688bdc9888c162d43f62e036aed50b119a.tar.gz vyos-documentation-408951688bdc9888c162d43f62e036aed50b119a.zip |
Merge pull request #1295 from mkorobeinikov/master
Update the article
Diffstat (limited to 'docs')
-rw-r--r-- | docs/_static/images/keypairs.png | bin | 0 -> 49718 bytes | |||
-rw-r--r-- | docs/_static/images/sg.png | bin | 0 -> 31817 bytes | |||
-rw-r--r-- | docs/_static/images/traffic.png | bin | 0 -> 36786 bytes | |||
-rw-r--r-- | docs/automation/index.rst | 4 | ||||
-rw-r--r-- | docs/automation/terraform/index.rst | 18 | ||||
-rw-r--r-- | docs/automation/terraform/terraformAWS.rst | 579 | ||||
-rw-r--r-- | docs/automation/vyos-terraform.rst | 1036 |
7 files changed, 599 insertions, 1038 deletions
diff --git a/docs/_static/images/keypairs.png b/docs/_static/images/keypairs.png Binary files differnew file mode 100644 index 00000000..7e772ae9 --- /dev/null +++ b/docs/_static/images/keypairs.png diff --git a/docs/_static/images/sg.png b/docs/_static/images/sg.png Binary files differnew file mode 100644 index 00000000..8be51e1f --- /dev/null +++ b/docs/_static/images/sg.png diff --git a/docs/_static/images/traffic.png b/docs/_static/images/traffic.png Binary files differnew file mode 100644 index 00000000..74002b16 --- /dev/null +++ b/docs/_static/images/traffic.png diff --git a/docs/automation/index.rst b/docs/automation/index.rst index ecabff7a..48e83a96 100644 --- a/docs/automation/index.rst +++ b/docs/automation/index.rst @@ -8,11 +8,11 @@ VyOS Automation .. toctree:: - :maxdepth: 1 + :maxdepth: 2 vyos-api vyos-ansible - vyos-terraform + terraform/index vyos-napalm vyos-netmiko vyos-salt diff --git a/docs/automation/terraform/index.rst b/docs/automation/terraform/index.rst new file mode 100644 index 00000000..9a51df91 --- /dev/null +++ b/docs/automation/terraform/index.rst @@ -0,0 +1,18 @@ +############## +VyOS Terraform +############## + + + * Nornir + * startup scripts + + +.. toctree:: + :maxdepth: 1 + :caption: Content + + terraformAWS +# terraformAZ +# terraformvSphere +# terraformGoogle + diff --git a/docs/automation/terraform/terraformAWS.rst b/docs/automation/terraform/terraformAWS.rst new file mode 100644 index 00000000..c81fe906 --- /dev/null +++ b/docs/automation/terraform/terraformAWS.rst @@ -0,0 +1,579 @@ +:lastproofread: 2024-01-11 + +.. _vyos-terraform: + +Terraform for VyOS +================== + +VyOS supports development infrastructure via Terraform and provisioning via Ansible. +Terraform allows you to automate the process of deploying instances on many cloud and virtual platforms. +In this article, we will look at using terraforms to deploy vyos on platforms - AWS, AZURE, and vSphere. +More detailed about what is Terraform you can write using the link_. + +Need to install_ Terraform + +Structure of files in the standard Terraform project: + +.. code-block:: none + + . + ├── main.tf # The main script + ├── version.tf # File for the changing version of Terraform. + ├── variables.tf # The file of all variables in "main.tf" + └── terraform.tfvars # The value of all variables (passwords, login, ip adresses and so on) + + +General commands that we will use for running Terraform scripts + + +.. code-block:: none + + #cd /<your folder> # go to the Terrafom project + #terraform init # install all addons and provider (aws az and so on) + #terraform plan # show wtah is changing + #terraform apply # run script + #yes # apply running + + +Deploying vyos in the AWS cloud +------------------------------- +With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the AWS cloud. If necessary, the infrastructure can be removed using terraform. +Also we will make provisioning using Ansible. + + +.. image:: /_static/images/aws.png + :width: 50% + :align: center + :alt: Network Topology Diagram + +In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible. + + +Preparation steps for deploying VyOS on AWS +------------------------------------------- + +How to create a single instance and install your configuration using Terraform+Ansible+AWS +Step by step: + +AWS + + +1.1 Create an account with AWS and get your "access_key", "secret key" + +1.2 Create a key pair_ and download your .pem key + +.. image:: /_static/images/keypairs.png + :width: 50% + :align: center + :alt: Network Topology Diagram + +1.3 Create a security group_ for the new VyOS instance and open all traffic + +.. image:: /_static/images/sg.png + :width: 50% + :align: center + :alt: Network Topology Diagram + + +.. image:: /_static/images/traffic.png + :width: 50% + :align: center + :alt: Network Topology Diagram + +Terraform + + +2.1 Create a0 UNIX or Windows instance + +2.2 Download and install Terraform + +2.3 Create the folder for example /root/awsterraform + +.. code-block:: none + + mkdir /root/awsterraform + +2.4 Copy all files into your Terraform project "/root/awsterraform" (vyos.tf, var.tf, terraform.tfvars,version.tf), more detailed see `Structure of files Terrafom for AWS`_ + +2.5 Type the commands : + +.. code-block:: none + + #cd /<your folder> + #terraform init + + +Ansible + + +3.1 Create a UNIX instance whenever you want (local, cloud, and so on) + +3.2 Download and install Ansible + +3.3 Create the folder for example /root/aws/ + +3.4 Copy all files into your Ansible project "/root/aws/" (ansible.cfg, instance.yml, mykey.pem and "all"), more detailed see `Structure of files Ansible for AWS`_ + +mykey.pem you have to get using step 1.2 + + +Start + + +4.1 Type the commands on your Terrafom instance: + +.. code-block:: none + + #cd /<your folder> + #terraform plan + #terraform apply + #yes + + +Start creating an AWS instance and check the result +--------------------------------------------------- + +.. code-block:: none + + root@localhost:~/awsterraform# terraform apply + + Terraform used the selected providers to generate the following execution plan. + Resource actions are indicated with the following symbols: + + create + + Terraform will perform the following actions: + + # aws_instance.myVyOSec2 will be created + + resource "aws_instance" "myVyOSec2" { + + ami = "ami-************62c2d" + + arn = (known after apply) + + associate_public_ip_address = (known after apply) + + availability_zone = (known after apply) + + cpu_core_count = (known after apply) + + cpu_threads_per_core = (known after apply) + + disable_api_stop = (known after apply) + + disable_api_termination = (known after apply) + + ebs_optimized = (known after apply) + + get_password_data = false + + host_id = (known after apply) + + host_resource_group_arn = (known after apply) + + iam_instance_profile = (known after apply) + + id = (known after apply) + + instance_initiated_shutdown_behavior = (known after apply) + + instance_lifecycle = (known after apply) + + instance_state = (known after apply) + + instance_type = "t2.micro" + + ipv6_address_count = (known after apply) + + ipv6_addresses = (known after apply) + + key_name = "awsterraform" + + monitoring = (known after apply) + + outpost_arn = (known after apply) + + password_data = (known after apply) + + placement_group = (known after apply) + + placement_partition_number = (known after apply) + + primary_network_interface_id = (known after apply) + + private_dns = (known after apply) + + private_ip = (known after apply) + + public_dns = (known after apply) + + public_ip = (known after apply) + + secondary_private_ips = (known after apply) + + security_groups = [ + + "awsterraformsg", + ] + + source_dest_check = true + + spot_instance_request_id = (known after apply) + + subnet_id = (known after apply) + + tags = { + + "name" = "VyOS System" + } + + tags_all = { + + "name" = "VyOS System" + } + + tenancy = (known after apply) + + user_data = (known after apply) + + user_data_base64 = (known after apply) + + user_data_replace_on_change = false + + vpc_security_group_ids = (known after apply) + } + + # local_file.ip will be created + + resource "local_file" "ip" { + + content = (known after apply) + + content_base64sha256 = (known after apply) + + content_base64sha512 = (known after apply) + + content_md5 = (known after apply) + + content_sha1 = (known after apply) + + content_sha256 = (known after apply) + + content_sha512 = (known after apply) + + directory_permission = "0777" + + file_permission = "0777" + + filename = "ip.txt" + + id = (known after apply) + } + + # null_resource.SSHconnection1 will be created + + resource "null_resource" "SSHconnection1" { + + id = (known after apply) + } + + # null_resource.SSHconnection2 will be created + + resource "null_resource" "SSHconnection2" { + + id = (known after apply) + } + + Plan: 4 to add, 0 to change, 0 to destroy. + + Changes to Outputs: + + my_IP = (known after apply) + + Do you want to perform these actions? + Terraform will perform the actions described above. + Only 'yes' will be accepted to approve. + + Enter a value: yes + + aws_instance.myVyOSec2: Creating... + aws_instance.myVyOSec2: Still creating... [10s elapsed] + aws_instance.myVyOSec2: Still creating... [20s elapsed] + aws_instance.myVyOSec2: Still creating... [30s elapsed] + aws_instance.myVyOSec2: Still creating... [40s elapsed] + aws_instance.myVyOSec2: Creation complete after 44s [id=i-09edfca15aac2fe0a] + null_resource.SSHconnection1: Creating... + null_resource.SSHconnection2: Creating... + null_resource.SSHconnection1: Provisioning with 'file'... + null_resource.SSHconnection2: Provisioning with 'remote-exec'... + null_resource.SSHconnection2 (remote-exec): Connecting to remote host via SSH... + null_resource.SSHconnection2 (remote-exec): Host: 10.217.80.104 + null_resource.SSHconnection2 (remote-exec): User: root + null_resource.SSHconnection2 (remote-exec): Password: true + null_resource.SSHconnection2 (remote-exec): Private key: false + null_resource.SSHconnection2 (remote-exec): Certificate: false + null_resource.SSHconnection2 (remote-exec): SSH Agent: false + null_resource.SSHconnection2 (remote-exec): Checking Host Key: false + null_resource.SSHconnection2 (remote-exec): Target Platform: unix + local_file.ip: Creating... + local_file.ip: Creation complete after 0s [id=e8e91f2e24579cd28b92e2d152c0c24c3bf4b52c] + null_resource.SSHconnection2 (remote-exec): Connected! + null_resource.SSHconnection1: Creation complete after 0s [id=7070868940858935600] + + null_resource.SSHconnection2 (remote-exec): PLAY [integration of terraform and ansible] ************************************ + + null_resource.SSHconnection2 (remote-exec): TASK [Wait 300 seconds, but only start checking after 60 seconds] ************** + null_resource.SSHconnection2: Still creating... [10s elapsed] + null_resource.SSHconnection2: Still creating... [20s elapsed] + null_resource.SSHconnection2: Still creating... [30s elapsed] + null_resource.SSHconnection2: Still creating... [40s elapsed] + null_resource.SSHconnection2: Still creating... [50s elapsed] + null_resource.SSHconnection2: Still creating... [1m0s elapsed] + null_resource.SSHconnection2 (remote-exec): ok: [54.144.84.120] + + null_resource.SSHconnection2 (remote-exec): TASK [Configure general settings for the vyos hosts group] ********************* + null_resource.SSHconnection2: Still creating... [1m10s elapsed] + null_resource.SSHconnection2 (remote-exec): changed: [54.144.84.120] + + null_resource.SSHconnection2 (remote-exec): PLAY RECAP ********************************************************************* + null_resource.SSHconnection2 (remote-exec): 54.144.84.120 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 + + null_resource.SSHconnection2: Creation complete after 1m16s [id=4902256962410024771] + + Apply complete! Resources: 4 added, 0 changed, 0 destroyed. + + Outputs: + + my_IP = "54.144.84.120" + + + +After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition. +If you need to delete the instance please type the command: + +.. code-block:: none + + #terraform destroy + + +Troubleshooting +--------------- + +1. Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/. +Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). +Make sure that you have opened access to the instance in the security group. + +2. Terraform doesn't connect via SSH to your Ansible instance: you have to check the correct login and password in the part of the file vyos. tf + +.. code-block:: none + + connection { + type = "ssh" + user = "root" # open root access using login and password on your Ansible + password = var.password # check password in the file terraform.tfvars isn't empty + host = var.host # check the correct IP address of your Ansible host + } + + +Make sure that Ansible is pinging from Terrafom. + +Structure of files Terrafom for AWS +----------------------------------- + +.. code-block:: none + + . + ├── vyos.tf # The main script + ├── var.tf # File for the changing version of Terraform. + ├── versions.tf # The file of all variables in "vyos.tf" + └── terraform.tfvars # The value of all variables (passwords, login, ip adresses and so on) + + + +File contents of Terrafom for AWS +--------------------------------- + +vyos.tf + +.. code-block:: none + + + ############################################################################## + # Build an VyOS VM from the Marketplace + # To finde nessesery AMI image_ in AWS + # + # In the script vyos.tf we'll use default values (you can chang it as you need) + # AWS Region = "us-east-1" + # AMI = "standard AMI of VyOS from AWS Marketplace" + # Size of VM = "t2.micro" + # AWS Region = "us-east-1" + # After deploying the AWS instance and getting an IP address, the IP address is copied into the file + #"ip.txt" and copied to the Ansible node for provisioning. + ############################################################################## + + provider "aws" { + access_key = var.access + secret_key = var.secret + region = var.region + } + + variable "region" { + default = "us-east-1" + description = "AWS Region" + } + + variable "ami" { + default = "ami-**************3b3" # ami image please enter your details + description = "Amazon Machine Image ID for VyOS" + } + + variable "type" { + default = "t2.micro" + description = "Size of VM" + } + + # my resource for VyOS + + resource "aws_instance" "myVyOSec2" { + ami = var.ami + key_name = "awsterraform" # Please enter your details from 1.2 of Preparation steps for deploying VyOS on AWS + security_groups = ["awsterraformsg"] # Please enter your details from 1.3 of Preparation steps for deploying VyOS on AWS + instance_type = var.type + tags = { + name = "VyOS System" + } + } + + ############################################################################## + # specific variable (to getting type "terraform plan"): + # aws_instance.myVyOSec2.public_ip - the information about public IP address + # of our instance, needs for provisioning and ssh connection from Ansible + ############################################################################## + + output "my_IP"{ + value = aws_instance.myVyOSec2.public_ip + } + + ############################################################################## + # + # IP of aws instance copied to a file ip.txt in local system Terraform + # ip.txt looks like: + # cat ./ip.txt + # ххх.ххх.ххх.ххх + ############################################################################## + + resource "local_file" "ip" { + content = aws_instance.myVyOSec2.public_ip + filename = "ip.txt" + } + + #connecting to the Ansible control node using SSH connection + + ############################################################################## + # Steps "SSHconnection1" and "SSHconnection2" need to get file ip.txt from the terraform node and start remotely the playbook of Ansible. + ############################################################################## + + resource "null_resource" "SSHconnection1" { + depends_on = [aws_instance.myVyOSec2] + connection { + type = "ssh" + user = "root" + password = var.password + host = var.host + } + + #copying the ip.txt file to the Ansible control node from local system + + provisioner "file" { + source = "ip.txt" + destination = "/root/aws/ip.txt" # The folder of your Ansible project + } + } + + resource "null_resource" "SSHconnection2" { + depends_on = [aws_instance.myVyOSec2] + connection { + type = "ssh" + user = "root" + password = var.password + host = var.host + } + #command to run Ansible playbook on remote Linux OS + provisioner "remote-exec" { + inline = [ + "cd /root/aws/", + "ansible-playbook instance.yml" # more detailed in "File contents of Ansible for AWS" + ] + } + } + + +var.tf + +.. code-block:: none + + variable "password" { + description = "pass for Ansible" + type = string + sensitive = true + } + variable "host"{ + description = "The IP of my Ansible" + type = string + } + variable "access" { + description = "my access_key for AWS" + type = string + sensitive = true + } + variable "secret" { + description = "my secret_key for AWS" + type = string + sensitive = true + } + +versions.tf + +.. code-block:: none + + terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + } + } + +terraform.tfvars + +.. code-block:: none + + password = "" # password for Ansible SSH + host = "" # IP of my Ansible + access = "" # access_key for AWS + secret = "" # secret_key for AWS + + +Structure of files Ansible for AWS +---------------------------------- + +.. code-block:: none + + . + ├── group_vars + └── all + ├── ansible.cfg + ├── mykey.pem + └── instance.yml + + +File contents of Ansible for AWS +-------------------------------- + +ansible.cfg + +.. code-block:: none + + [defaults] + inventory = /root/aws/ip.txt + host_key_checking= False + private_key_file = /root/aws/awsterraform.pem # check the name + remote_user=vyos + +mykey.pem + +.. code-block:: none + + Copy your key.pem from AWS + + +instance.yml + + + +.. code-block:: none + + ############################################################################## + # About tasks: + # "Wait 300 seconds, but only start checking after 60 seconds" - try to make ssh connection every 60 seconds until 300 seconds + # "Configure general settings for the vyos hosts group" - make provisioning into AWS VyOS node + # You have to add all necessary cammans of VyOS under the block "lines:" + ############################################################################## + + + - name: integration of terraform and ansible + hosts: all + gather_facts: 'no' + + tasks: + + - name: "Wait 300 seconds, but only start checking after 60 seconds" + wait_for_connection: + delay: 60 + timeout: 300 + + - name: "Configure general settings for the vyos hosts group" + vyos_config: + lines: + - set system name-server 8.8.8.8 + save: + true + + +all + +.. code-block:: none + + ansible_connection: ansible.netcommon.network_cli + ansible_network_os: vyos.vyos.vyos + ansible_user: vyos + +Sourse files for AWS from GIT +----------------------------- + +All files about the article can be found here_ + + +.. _link: https://developer.hashicorp.com/terraform/intro +.. _install: https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli +.. _pair: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-key-pairs.html +.. _group: https://docs.aws.amazon.com/cli/latest/userguide/cli-services-ec2-sg.html +.. _image: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html +.. _here: https://github.com/vyos/vyos-automation/tree/main/TerraformCloud/AWS_terraform_ansible_single_vyos_instance-main
\ No newline at end of file diff --git a/docs/automation/vyos-terraform.rst b/docs/automation/vyos-terraform.rst deleted file mode 100644 index 75967202..00000000 --- a/docs/automation/vyos-terraform.rst +++ /dev/null @@ -1,1036 +0,0 @@ -:lastproofread: 2024-01-11 - -.. _vyos-terraform: - -Terraform -========= - -VyOS supports develop infrastructia via Terraform and provisioning via ansible. -Need to install ``Terraform`` - -Structure of files - -.. code-block:: none - - . - ├── main.tf - ├── version.tf - ├── variables.tf - └── terraform.tfvars - -Run Terraform -------------- - -.. code-block:: none - - #cd /your folder - #terraform init - #terraform plan - #terraform apply - #yes - - -Deploying vyos in the AWS cloud -------------------------------- -With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the AWS cloud. If necessary, the infrastructure can be removed using terraform. -Also we will make provisioning using Ansible. - -Structure of files Terrafom - -.. code-block:: none - - . - ├── vyos.tf - └── var.tf - -File contents -------------- - -vyos.tf - -.. code-block:: none - - terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.0" - } - } - } - - provider "aws" { - access_key = var.access - secret_key = var.secret - region = var.region - } - - variable "region" { - default = "us-east-1" - description = "AWS Region" - } - - variable "ami" { - default = "ami-**************" # ami image please enter your details - description = "Amazon Machine Image ID for VyOS" - } - - variable "type" { - default = "t2.micro" - description = "Size of VM" - } - - # my resource for VyOS - - resource "aws_instance" "myVyOSec2" { - ami = var.ami - key_name = "mykeyname" # Please enter your details - security_groups = ["my_sg"] # Please enter your details - instance_type = var.type - tags = { - name = "VyOS System" - } - } - - output "my_IP"{ - value = aws_instance.myVyOSec2.public_ip - } - - - #IP of aws instance copied to a file ip.txt in local system Terraform - - resource "local_file" "ip" { - content = aws_instance.myVyOSec2.public_ip - filename = "ip.txt" - } - - #connecting to the Ansible control node using SSH connection - - resource "null_resource" "SSHconnection1" { - depends_on = [aws_instance.myVyOSec2] - connection { - type = "ssh" - user = "root" - password = var.password - host = var.host - } - #copying the ip.txt file to the Ansible control node from local system - provisioner "file" { - source = "ip.txt" - destination = "/root/aws/ip.txt" # The folder of your Ansible project - } - } - - resource "null_resource" "SSHconnection2" { - depends_on = [aws_instance.myVyOSec2] - connection { - type = "ssh" - user = "root" - password = var.password - host = var.host - } - #command to run Ansible playbook on remote Linux OS - provisioner "remote-exec" { - inline = [ - "cd /root/aws/", - "ansible-playbook instance.yml" - ] - } - } - - -var.tf - -.. code-block:: none - - variable "password" { - description = "pass for Ansible" - type = string - sensitive = true - } - variable "host"{ - description = "The IP of my Ansible" - } - variable "access" { - description = "my access_key for AWS" - type = string - sensitive = true - } - variable "secret" { - description = "my secret_key for AWS" - type = string - sensitive = true - } - - -Structure of files Ansible - -.. code-block:: none - - . - ├── group_vars - └── all - ├── ansible.cfg - ├── mykey.pem - └── instance.yml - - -File contents -------------- - -ansible.cfg - -.. code-block:: none - - [defaults] - inventory = /root/aws/ip.txt - host_key_checking= False - private_key_file = /root/aws/mykey.pem - remote_user=vyos - -mykey.pem - -.. code-block:: none - - -----BEGIN OPENSSH PRIVATE KEY----- - - Copy your key.pem from AWS - - -----END OPENSSH PRIVATE KEY----- - -instance.yml - -.. code-block:: none - - - name: integration of terraform and ansible - hosts: all - gather_facts: 'no' - - tasks: - - - name: "Wait 300 seconds, but only start checking after 60 seconds" - wait_for_connection: - delay: 60 - timeout: 300 - - - name: "Configure general settings for the vyos hosts group" - vyos_config: - lines: - - set system name-server 8.8.8.8 - save: - true - - -all - -.. code-block:: none - - ansible_connection: ansible.netcommon.network_cli - ansible_network_os: vyos.vyos.vyos - ansible_user: vyos - -AWS_terraform_ansible_single_vyos_instance ------------------------------------------- - -How to create a single instance and install your configuration using Terraform+Ansible+AWS -Step by step: - -AWS ---- - -1.1 Create an account with AWS and get your "access_key", "secret key" - -1.2 Create a key pair and download your .pem key - -1.3 Create a security group for the new VyOS instance - -Terraform ---------- - -2.1 Create a UNIX or Windows instance - -2.2 Download and install Terraform - -2.3 Create the folder for example ../awsvyos/ - -2.4 Copy all files into your Terraform project (vyos.tf, var.tf) -2.4.1 Please type the information into the strings 22, 35, 36 of file "vyos.tf" - -2.5 Type the commands : - - #cd /your folder - - #terraform init - -Ansible -------- - -3.1 Create a UNIX instance - -3.2 Download and install Ansible - -3.3 Create the folder for example /root/aws/ - -3.4 Copy all files from my folder /Ansible into your Ansible project (ansible.cfg, instance.yml, mykey.pem) - -mykey.pem you have to get using step 1.2 - -Start ------ - -4.1 Type the commands on your Terrafom instance: - - #cd /your folder - - #terraform plan - - #terraform apply - - #yes - -.. image:: /_static/images/aws.png - :width: 80% - :align: center - :alt: Network Topology Diagram - - - -Deploying vyos in the Azure cloud ---------------------------------- -With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the Azure cloud. If necessary, the infrastructure can be removed using terraform. - -Structure of files Terrafom - -.. code-block:: none - - . - ├── main.tf - └── variables.tf - -File contents -------------- - -main.tf - -.. code-block:: none - - ############################################################################## - # HashiCorp Guide to Using Terraform on Azure - # This Terraform configuration will create the following: - # Resource group with a virtual network and subnet - # An VyOS server without ssh key (only login+password) - ############################################################################## - - # Chouse a provider - - provider "azurerm" { - features {} - } - - # Create a resource group. In Azure every resource belongs to a - # resource group. - - resource "azurerm_resource_group" "azure_vyos" { - name = "${var.resource_group}" - location = "${var.location}" - } - - # The next resource is a Virtual Network. - - resource "azurerm_virtual_network" "vnet" { - name = "${var.virtual_network_name}" - location = "${var.location}" - address_space = ["${var.address_space}"] - resource_group_name = "${var.resource_group}" - } - - # Build a subnet to run our VMs in. - - resource "azurerm_subnet" "subnet" { - name = "${var.prefix}subnet" - virtual_network_name = "${azurerm_virtual_network.vnet.name}" - resource_group_name = "${var.resource_group}" - address_prefixes = ["${var.subnet_prefix}"] - } - - ############################################################################## - # Build an VyOS VM from the Marketplace - # To finde nessesery image use the command: - # - # az vm image list --offer vyos --all - # - # Now that we have a network, we'll deploy an VyOS server. - # An Azure Virtual Machine has several components. In this example we'll build - # a security group, a network interface, a public ip address, a storage - # account and finally the VM itself. Terraform handles all the dependencies - # automatically, and each resource is named with user-defined variables. - ############################################################################## - - - # Security group to allow inbound access on port 22 (ssh) - - resource "azurerm_network_security_group" "vyos-sg" { - name = "${var.prefix}-sg" - location = "${var.location}" - resource_group_name = "${var.resource_group}" - - security_rule { - name = "SSH" - priority = 100 - direction = "Inbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_range = "22" - source_address_prefix = "${var.source_network}" - destination_address_prefix = "*" - } - } - - # A network interface. - - resource "azurerm_network_interface" "vyos-nic" { - name = "${var.prefix}vyos-nic" - location = "${var.location}" - resource_group_name = "${var.resource_group}" - - ip_configuration { - name = "${var.prefix}ipconfig" - subnet_id = "${azurerm_subnet.subnet.id}" - private_ip_address_allocation = "Dynamic" - public_ip_address_id = "${azurerm_public_ip.vyos-pip.id}" - } - } - - # Add a public IP address. - - resource "azurerm_public_ip" "vyos-pip" { - name = "${var.prefix}-ip" - location = "${var.location}" - resource_group_name = "${var.resource_group}" - allocation_method = "Dynamic" - } - - # Build a virtual machine. This is a standard VyOS instance from Marketplace. - - resource "azurerm_virtual_machine" "vyos" { - name = "${var.hostname}-vyos" - location = "${var.location}" - resource_group_name = "${var.resource_group}" - vm_size = "${var.vm_size}" - - network_interface_ids = ["${azurerm_network_interface.vyos-nic.id}"] - delete_os_disk_on_termination = "true" - - # To finde an information about the plan use the command: - # az vm image list --offer vyos --all - - plan { - publisher = "sentriumsl" - name = "vyos-1-3" - product = "vyos-1-2-lts-on-azure" - } - - storage_image_reference { - publisher = "${var.image_publisher}" - offer = "${var.image_offer}" - sku = "${var.image_sku}" - version = "${var.image_version}" - } - - storage_os_disk { - name = "${var.hostname}-osdisk" - managed_disk_type = "Standard_LRS" - caching = "ReadWrite" - create_option = "FromImage" - } - - os_profile { - computer_name = "${var.hostname}" - admin_username = "${var.admin_username}" - admin_password = "${var.admin_password}" - } - - os_profile_linux_config { - disable_password_authentication = false - } - } - - data "azurerm_public_ip" "example" { - depends_on = ["azurerm_virtual_machine.vyos"] - name = "vyos-ip" - resource_group_name = "${var.resource_group}" - } - output "public_ip_address" { - value = data.azurerm_public_ip.example.ip_address - } - - # IP of AZ instance copied to a file ip.txt in local system - - resource "local_file" "ip" { - content = data.azurerm_public_ip.example.ip_address - filename = "ip.txt" - } - - #Connecting to the Ansible control node using SSH connection - - resource "null_resource" "nullremote1" { - depends_on = ["azurerm_virtual_machine.vyos"] - connection { - type = "ssh" - user = "root" - password = var.password - host = var.host - } - - # Copying the ip.txt file to the Ansible control node from local system - - provisioner "file" { - source = "ip.txt" - destination = "/root/az/ip.txt" - } - } - - resource "null_resource" "nullremote2" { - depends_on = ["azurerm_virtual_machine.vyos"] - connection { - type = "ssh" - user = "root" - password = var.password - host = var.host - } - - # Command to run ansible playbook on remote Linux OS - - provisioner "remote-exec" { - - inline = [ - "cd /root/az/", - "ansible-playbook instance.yml" - ] - } - } - - - -variables.tf - -.. code-block:: none - - ############################################################################## - # Variables File - # - # Here is where we store the default values for all the variables used in our - # Terraform code. - ############################################################################## - - variable "resource_group" { - description = "The name of your Azure Resource Group." - default = "my_resource_group" - } - - variable "prefix" { - description = "This prefix will be included in the name of some resources." - default = "vyos" - } - - variable "hostname" { - description = "Virtual machine hostname. Used for local hostname, DNS, and storage-related names." - default = "vyos_terraform" - } - - variable "location" { - description = "The region where the virtual network is created." - default = "centralus" - } - - variable "virtual_network_name" { - description = "The name for your virtual network." - default = "vnet" - } - - variable "address_space" { - description = "The address space that is used by the virtual network. You can supply more than one address space. Changing this forces a new resource to be created." - default = "10.0.0.0/16" - } - - variable "subnet_prefix" { - description = "The address prefix to use for the subnet." - default = "10.0.10.0/24" - } - - variable "storage_account_tier" { - description = "Defines the storage tier. Valid options are Standard and Premium." - default = "Standard" - } - - variable "storage_replication_type" { - description = "Defines the replication type to use for this storage account. Valid options include LRS, GRS etc." - default = "LRS" - } - - # The most chippers size - - variable "vm_size" { - description = "Specifies the size of the virtual machine." - default = "Standard_B1s" - } - - variable "image_publisher" { - description = "Name of the publisher of the image (az vm image list)" - default = "sentriumsl" - } - - variable "image_offer" { - description = "Name of the offer (az vm image list)" - default = "vyos-1-2-lts-on-azure" - } - - variable "image_sku" { - description = "Image SKU to apply (az vm image list)" - default = "vyos-1-3" - } - - variable "image_version" { - description = "Version of the image to apply (az vm image list)" - default = "1.3.3" - } - - variable "admin_username" { - description = "Administrator user name" - default = "vyos" - } - - variable "admin_password" { - description = "Administrator password" - default = "Vyos0!" - } - - variable "source_network" { - description = "Allow access from this network prefix. Defaults to '*'." - default = "*" - } - - variable "password" { - description = "pass for Ansible" - type = string - sensitive = true - } - variable "host"{ - description = "IP of my Ansible" - } - - -Structure of files Ansible - -.. code-block:: none - - . - ├── group_vars - └── all - ├── ansible.cfg - └── instance.yml - - -File contents -------------- - -ansible.cfg - -.. code-block:: none - - [defaults] - inventory = /root/az/ip.txt - host_key_checking= False - remote_user=vyos - - -instance.yml - -.. code-block:: none - - - name: integration of terraform and ansible - hosts: all - gather_facts: 'no' - - tasks: - - - name: "Wait 300 seconds, but only start checking after 60 seconds" - wait_for_connection: - delay: 60 - timeout: 300 - - - name: "Configure general settings for the vyos hosts group" - vyos_config: - lines: - - set system name-server 8.8.8.8 - save: - true - - -all - -.. code-block:: none - - ansible_connection: ansible.netcommon.network_cli - ansible_network_os: vyos.vyos.vyos - - # user and password gets from terraform variables "admin_username" and "admin_password" - ansible_user: vyos - ansible_ssh_pass: Vyos0! - - -Azure_terraform_ansible_single_vyos_instance --------------------------------------------- - -How to create a single instance and install your configuration using Terraform+Ansible+Azure -Step by step: - -Azure ------ - -1.1 Create an account with Azure - -Terraform ---------- - -2.1 Create a UNIX or Windows instance - -2.2 Download and install Terraform - -2.3 Create the folder for example ../azvyos/ - -2.4 Copy all files from my folder /Terraform into your Terraform project (main.tf, variables.tf) - -2.5 Login with Azure using the command - - #az login - -2.6 Type the commands : - - #cd /your folder - - #terraform init - -Ansible -------- - -3.1 Create a UNIX instance - -3.2 Download and install Ansible - -3.3 Create the folder for example /root/az/ - -3.4 Copy all files from my folder /Ansible into your Ansible project (ansible.cfg, instance.yml and /group_vars) - -Start ------ - -4.1 Type the commands on your Terrafom instance: - - #cd /your folder - - #terraform plan - - #terraform apply - - #yes - - - -Deploying vyos in the Vsphere infrastructia -------------------------------------------- -With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the vSphere. - -Structure of files Terrafom - -.. code-block:: none - - . - ├── main.tf - ├── versions.tf - ├── variables.tf - └── terraform.tfvars - -File contents -------------- - -main.tf - -.. code-block:: none - - provider "vsphere" { - user = var.vsphere_user - password = var.vsphere_password - vsphere_server = var.vsphere_server - allow_unverified_ssl = true - } - - data "vsphere_datacenter" "datacenter" { - name = var.datacenter - } - - data "vsphere_datastore" "datastore" { - name = var.datastore - datacenter_id = data.vsphere_datacenter.datacenter.id - } - - data "vsphere_compute_cluster" "cluster" { - name = var.cluster - datacenter_id = data.vsphere_datacenter.datacenter.id - } - - data "vsphere_resource_pool" "default" { - name = format("%s%s", data.vsphere_compute_cluster.cluster.name, "/Resources/terraform") # set as you need - datacenter_id = data.vsphere_datacenter.datacenter.id - } - - data "vsphere_host" "host" { - name = var.host - datacenter_id = data.vsphere_datacenter.datacenter.id - } - - data "vsphere_network" "network" { - name = var.network_name - datacenter_id = data.vsphere_datacenter.datacenter.id - } - - ## Deployment of VM from Remote OVF - resource "vsphere_virtual_machine" "vmFromRemoteOvf" { - name = var.remotename - datacenter_id = data.vsphere_datacenter.datacenter.id - datastore_id = data.vsphere_datastore.datastore.id - host_system_id = data.vsphere_host.host.id - resource_pool_id = data.vsphere_resource_pool.default.id - network_interface { - network_id = data.vsphere_network.network.id - } - wait_for_guest_net_timeout = 2 - wait_for_guest_ip_timeout = 2 - - ovf_deploy { - allow_unverified_ssl_cert = true - remote_ovf_url = var.url_ova - disk_provisioning = "thin" - ip_protocol = "IPv4" - ip_allocation_policy = "dhcpPolicy" - ovf_network_map = { - "Network 1" = data.vsphere_network.network.id - "Network 2" = data.vsphere_network.network.id - } - } - vapp { - properties = { - "password" = "12345678", - "local-hostname" = "terraform_vyos" - } - } - } - - output "ip" { - description = "default ip address of the deployed VM" - value = vsphere_virtual_machine.vmFromRemoteOvf.default_ip_address - } - - # IP of AZ instance copied to a file ip.txt in local system - - resource "local_file" "ip" { - content = vsphere_virtual_machine.vmFromRemoteOvf.default_ip_address - filename = "ip.txt" - } - - #Connecting to the Ansible control node using SSH connection - - resource "null_resource" "nullremote1" { - depends_on = ["vsphere_virtual_machine.vmFromRemoteOvf"] - connection { - type = "ssh" - user = "root" - password = var.ansiblepassword - host = var.ansiblehost - - } - - # Copying the ip.txt file to the Ansible control node from local system - - provisioner "file" { - source = "ip.txt" - destination = "/root/vsphere/ip.txt" - } - } - - resource "null_resource" "nullremote2" { - depends_on = ["vsphere_virtual_machine.vmFromRemoteOvf"] - connection { - type = "ssh" - user = "root" - password = var.ansiblepassword - host = var.ansiblehost - } - - # Command to run ansible playbook on remote Linux OS - - provisioner "remote-exec" { - - inline = [ - "cd /root/vsphere/", - "ansible-playbook instance.yml" - ] - } - } - - -versions.tf - -.. code-block:: none - - # Copyright (c) HashiCorp, Inc. - # SPDX-License-Identifier: MPL-2.0 - - terraform { - required_providers { - vsphere = { - source = "hashicorp/vsphere" - version = "2.4.0" - } - } - } - -variables.tf - -.. code-block:: none - - # Copyright (c) HashiCorp, Inc. - # SPDX-License-Identifier: MPL-2.0 - - variable "vsphere_server" { - description = "vSphere server" - type = string - } - - variable "vsphere_user" { - description = "vSphere username" - type = string - } - - variable "vsphere_password" { - description = "vSphere password" - type = string - sensitive = true - } - - variable "datacenter" { - description = "vSphere data center" - type = string - } - - variable "cluster" { - description = "vSphere cluster" - type = string - } - - variable "datastore" { - description = "vSphere datastore" - type = string - } - - variable "network_name" { - description = "vSphere network name" - type = string - } - - variable "host" { - description = "name if yor host" - type = string - } - - variable "remotename" { - description = "the name of you VM" - type = string - } - - variable "url_ova" { - description = "the URL to .OVA file or cloude store" - type = string - } - - variable "ansiblepassword" { - description = "Ansible password" - type = string - } - - variable "ansiblehost" { - description = "Ansible host name or IP" - type = string - } - -terraform.tfvars - -.. code-block:: none - - vsphere_user = "" - vsphere_password = "" - vsphere_server = "" - datacenter = "" - datastore = "" - cluster = "" - network_name = "" - host = "" - url_ova = "" - ansiblepassword = "" - ansiblehost = "" - remotename = "" - -Azure_terraform_ansible_single_vyos_instance --------------------------------------------- - -How to create a single instance and install your configuration using Terraform+Ansible+Vsphere -Step by step: - -Vsphere -------- - -1.1 Collect all data in to file "terraform.tfvars" and create resources fo example "terraform" - -Terraform ---------- - -2.1 Create a UNIX or Windows instance - -2.2 Download and install Terraform - -2.3 Create the folder for example ../vsphere/ - -2.4 Copy all files from my folder /Terraform into your Terraform project - -2.5 Type the commands : - - #cd /your folder - - #terraform init - - -Ansible -------- - -3.1 Create a UNIX instance - -3.2 Download and install Ansible - -3.3 Create the folder for example /root/vsphere/ - -3.4 Copy all files from my folder /Ansible into your Ansible project (ansible.cfg, instance.yml and /group_vars) - -Start ------ - -4.1 Type the commands on your Terrafom instance: - - #cd /your folder - - #terraform plan - - #terraform apply - - #yes - |